![]() ![]() The day to day reality of developing apps like these is a lot of work. Many of these points are things that we would like to address, and we could use the help. To my knowledge the author of this blog post has never submitted a PR, issue, or discussion post to any of our repositories or forums. I invite those who have opinions about Signal to start by getting involved in the project. It could be that the author imagines me sitting in a glass skyscraper all day, drinking out of champagne flutes, watching over an enormous engineering team as they add support for animated GIF search as an explicit fuck you to people with serious needs. I think these types of posts are also the inevitable result of people overestimating our organizational capacity based on whatever limited success Signal and Signal Protocol have had. I don't think Signal has sockpuppets (it's just not their style), but I know several other "secure" messaging applications do. ![]() Messaging is a network-effect market, so all the different vendors are fighting for users. #Qtox connection problems software#For whatever reason - I think because (a) basic chat software is pretty easy to write, with a near- hello- world payoff similar to, say, blog software for Ruby on Rails and (b) because there have been multi-billion-dollar acquisitions of messaging tools - there are a lot of different messaging products. When reading critiques of messaging software, keep in mind that messaging is a fucking midnight back-alley knife fight of a market. ![]() The 10th wants you to use something else because they're working on an attack for that "something else", and want their paper to be splashier when it's released. The author isn't a cryptographer, and if you asked a panel of 10 cryptographic engineers what messaging system they'd recommend, 9 of them would say "Signal". I agree overwhelmingly with what you wrote, except that I want to point out that this isn't "crypto-puritanism". Crypto-warriors have a long history of producing secure software that nobody uses and then blaming the general public for not getting it this sort of blog post is just a continuation of this decades long trend. Signal is unusual because it combines cutting edge cryptography with consumer friendliness and is actually successful. It reads like a collection of talking points rather than a coherent argument. He says it should "respect people's choices" as if Signal is built by people who are disrespectful, he says it should not have dependencies on "corporate infrastructure" as if volunteer run datacenters actually exist, and then says his motivation is avoided paywalls, ignoring that both Signal and WhatsApp are free. this tool should not have dependencies on corporate infrastructure"īut like a lot of armchair moralising, he isn't willing to debate the hard choices that go into building successful software. He finishes with a call to action: "We as a community need to come up with a viable solution and alternative to Signal that is easy to use and that does in fact respect people’s choices. He says he thinks the protocol is secure, then says he doesn't want it to use GCM because it routes messages via Google who he doesn't trust (fixing that is the point of the encryption) and then talks about an attack that'd apply to any app regardless of whether it used GCM or not. He says he recommended Signal because it was easy to use (more consumer friendly I guess) and secure, then says he wouldn't have gone in the direction of making it easier to use and criticises the things that make it user friendly, like using phone numbers instead of usernames. Like a lot of crypto-puritanism it is rather mixed up. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |