That means nothing when the servers stop taking EU traffic

I don’t use any of these apps, so I’m not quite sure how they work. But couldn’t you just make an app that keeps a local private and public key pair. Then when you send a message (say via regular sms) it includes under the hood your public key. Then the receiver when they reply uses your public key to encrypt the message before sending to you?

Unless the sms infrastructure is going to attempt to detect and reject encrypted content, this seems like it can be achieved without relying on a server backend.

putting a bullet (double tap) in Chat Control,

Yes, please.

once and for all.

LOL, no. They'll come back again with some other bullshit to Save the Children!™, it's a never-ending whack-a-mole.

There are groups to support:

• eff.org/issues/eff-europe
• fsfe.org/
• edri.org/

And in the UK:

• openrightsgroup.org/

Some political groups are better than others, but most politicians are clueless.

The key is to get muggles to understand we are living in Technofeudalism and why being digital serfs is bad. The problem is ineffective competition law and that monopolies are bad. That monopolies and standards are not the same thing. I have no idea how. Most people are just naturally compliant and unquestioning of something seemingly so abstract.

European Union

EFF has hundreds of donors and thousands of active supporters throughout Europe. We work with the many digital rights organizations across the continent and are members of EDRi, the international digital rights advocacy organization based in Brussels…

^{Electronic Frontier Foundation}

In the 80's (I'm that old), many home computers came with the programming manual, and the impetus was to learn to code and run your programs on your own device. Even with Android it's not especially hard (with LLM's even less so than it used to be) to download Android Studio, throw some shit onto the screen, hit build, and run your own helper app or whatever ~~sideloaded~~ installed via usb cable (or wirelessly) on your own device.

In certain cases (cars, health related hw etc.) I get why it's probably for the best if the user is not supposed to mod their device outside preinstalled sw's preferences/settings. But when it comes to computers (i.e. smartphones, laptops, tablets, tv boxes etc.) I fully agree with Cory here. Such a shame everything must go to shit.

I get it messenger = gun wow i didnt know!

Holstering my phone now thanks

Unironically yes, communications (information and roads) were historically as important. Lenin's call to "take post, telegraph, telephone stations, bridges and rail stations" kinda illustrates that.

What I meant is that abstractly having fully private and free communications is just as universally good as everyone having a drone army. In reality both have problems. The problems with weapons are obvious, the problems with communications in my analogy are not symmetric to that, but real still - it's that people can be deceived and backdoors and traps exist. Signal is one service, application and cryptographic system, it shouldn't be relied upon this easily.

It's sometimes hard to to express things based only on someone with good experience telling them to me, making it an appeal to anonymous authority, but a person who participated in a project for a state security service once told me that in those services cryptography is never the basis of a system. It can only be a secondary part.

Also, other than backdoors and traps, imbalance exists. Security systems are tools for specific purposes, none are universal. 20 years ago anonymity and resilience and globalism (all those plethora of Kademlia-based and overlay routing applications, most of which are dead now) were more in fashion, and now privacy and political weight against legal bans (non-technical thing, like, say, the title of the article) are. The balance between these in popular systems determines which sides and powers lose and benefit from those being used by many people. In case of Signal the balance is such that we supposedly have absolute privacy and convenience (many devices, history), but anonymity, resilience and globalism are reduced to proverbial red buttons on Meredith Whittaker's table.

Unfortunately, I don't get most of your refetences, but sure you can find similarities in wildy different things.

Signal being easy to rely on is its biggest benefit. No one will adopt something that's more complex, but I don't think extra complexity would offer better security for the average person. More complexity just means more things to go wrong.

People can be deceieved anywhere in their life, this isn't synonymous to an end to end encrypted chat.

Backdoors do exist and they are obviously bad, but Signal choosing to leave the market before implementing one sounds best to me.

state security service once told me that in those services cryptography is never the basis of a system. It can only be a secondary part.

Obviously I'm no smarter than this person, but without cryptography how is any "secure" project actually "secure". The only thing more important that I can imagine would be the physical location of a server (for example) being highly protected from bad actors.

In the end, I personally think having an easy to use platform that is secure gives everyone amazing power to recoup their free speech wherever is it eroded.

Signal being easy to rely on is its biggest benefit. No one will adopt something that’s more complex, but I don’t think extra complexity would offer better security for the average person. More complexity just means more things to go wrong.

My concerns on this are more that acceptable share in something in the internetworked world seems to be in percentages far smaller than the usual common sense percentages. Like - there are political systems with quotas, and there are anti-monopoly regulations, but with computers and the Internet every system is a meta-system. Allowing endless supply of monopolies and monocultures.

Signal is so easy to rely, that if you ask which applications with zero-knowledge cryptography and reliable groupchat encryption and so on people use, that are available without p2p (draining battery and connectivity requirements), with voice calls and file transfers, it'll be mostly Signal.

Doesn't matter it's only one IM application. In its dimension it's almost a monoculture. One group of developers, one company, one update channel. An update comes with a backdoor and it's done.

It's not specifically about Signal, rather about the amount of effort and publicity that goes into year 2002 schoolgirl's webpage is as much as any separate IM application should get, if we want to avoid dangers with the Internet which don't exist in other spheres. And they usually get more. The threshold where something becomes too big with computers is much smaller than with, I don't know, garden owner associations.

Even if there are already backdoors put by their developers in a few very "open", ideologically nice and friendly and "honorable" things like Signal, then such backdoors can exist and be used for many years before being found.

I mean, there are precedents IRL, and with computers you are hiding the needle in a much bigger hay stack.

Obviously I’m no smarter than this person

I'm bloody certain you are smarter than this person in everything not concerning things they were directly proficient in. And while being an idiot, they would stuck their nose into everything not their concern in very dangerous (for others, not for them) ways.

but without cryptography how is any “secure” project actually “secure”.

There are security schemes, security protocols, security models, and then there is cryptography as one kind of building blocks, with, just like in construction materials, its own traits and behavior.

In the end, I personally think having an easy to use platform that is secure gives everyone amazing power to recoup their free speech wherever is it eroded.

And I think the moment anything specific and controlled by one party becomes popular enough to be a platform, we're screwed and we're not secure.

Reminds of SG-1 and the Goauld (not good guys, I know) adjusting their spawn genome for different races.

Perhaps something like that should be made, a common DSL for describing application protocols and maybe even transport protocols, where we'd have many different services and applications, announcing themselves by a message in that DSL describing how to interact with them. (Also inspired by what Telegram creators have done with their MTProto thing, but even more general ; Telegram sometimes seems something that grew out of an attempt to do a very cool thing, I dunno if I was fair saying bad things about Durov on the Internet.)

A bit like in Star Wars Han Solo and Chewbacca speak to each other.

And a common data model, fundamentally extensible, say, posts as data blobs with any amount of tags of any length, it's up to any particular application to decide on limits. Even which tag is the ID and how it's connected to the data blob contents and others tags is up to any particular application. What matters is that posts can be indexed by tags and then replicated\shared\transferred\posted by various application protocols.

It should be a data-oriented system, so that one would, except for latency, use it as well by sharing post archives as they would by searching and fetching posts from online services, or even subscribing to posts of specific kind to be notified immediately. One can imagine many kinds of network services for this, relay services (like, say, IRC), notification services (like, say, SIP), FTP-like services, email-like services. The important thing would be that these are all transports, all variable and replaceable, and the data model is constant.

There can also be a DSL that describes some basics on how a certain way of interpreting posts and their tags works and which buttons, levers and text fields it presents, kinda similar to how we use the Web. It should be a layer above the DSL that would describe verification of checksums, identities, connections, trust, who has which privileges and so on.

Except all these DSLs should be concise and comprehensible, because otherwise they will turn into something like TG's protocol in complexity and ugliness.

OK, I have temperature and I think I've lost my thought.

I am starting to agree with the new point. I still think everyone should move to Signal for now because it works and works well, but I see your point that one authority can become dangerous if any one malicious party in power tried anything.

There are probably solutions that could exist because it's open source (eg a different trusted entity like f-droid managed builds from source for example so Signal themselves can't add extra code in their builds or just a way to verify that no extra code is present in signals build vs any build from source).

In the future, I would prefer we moved to something more decentralised like what the Matrix protocol is trying to achieve. This could come with further issues, but while those are fixed, Signal is my main go to.

With Matrix I believe we would end up with pretty much the common data models as you were mentioning. Anyone can build their own server and or client and interact with others, knowing at least their software is safe.

plans in the EU to allow messengers to have backdoors to enable automatic searches for criminal content

Head of the Signal app threatens to withdraw from Europe

Obviously not. Think about supply and demand. Because a toxic product is being hailed as secure there isn't enough demand for an actually anonymous and private messenger. So calling signal "secure" is just helping state security.

If you actually want to message about revolutionary (illegal, "terrorist") activity and don't want to be traced immediately by an agent of state security or an informant, Signal offers nothing (unless you use criminal activity like identity theft). In such a case a warrant will obviously be granted and they can immediately find and arrest you.

Can you see the logic how Signal isn't secure at all for an actual dissident?

Supply and demand: There are seemingly new messenging services that pop up every day, so I'm not sure why you think Signal existing is stopping progress. It isn't.

Security: For 99.9% of people, the security and privacy granted through using Signal is amazing and it is worthy of being called secure. I mean it's secure enough for government officials to trust using. With how Signal is currently, an official data request from the government for Signal data returns pretty much nothing except the phone number used (and that they have signed up for signal ofc), which is great.

I think 'revolutionaries' (protestors) are already using Signal. I haven't heard of any cases where something has gone wrong for them, but again, there's no way for your messages to be read unless they get access to your phone (if you are smart you will make sure your messages auto delete and that you lockdown or shutdown your phone incase of arrest).

I can't see how Signal isn't safe for anyone.

Doesn't make any sense but ok (I would write an expanation, but somehow i feel like you still wouldn't get it based on your response).

If you really want me to, feel free to ask.

They're not mutually exclusive.

Because you're not anonymous, you lose out on privacy.

Of course, you're just trying to fit in with other idiots on the internet so you are incapable of understanding this basic fact.

If there are any smart people reading this, Signal is a business and they have plenty of morons going to bat for them because of it.

If you want privacy and anonymity, use Matrix.

That's actually a smart idea!

Not more legal or something (if that stupid laws becomes reality) I guess but who cares ☺️.

Simplex, xmpp, deltachat, briar, matrix, even session.

Anything is better than signal that relies on a centralised proprietary server and requires a phone number.