Follow

"This was a mistake. We had imagined that the textual representation would be used for remote comparisons and the QR code for local (in person) comparisons, but some users found it easier to send a screenshot of both formats via a public forum like Twitter, unknowingly publishing the phone numbers embedded in the QR code."
signal.org/blog/safety-number-

So, Signal apologists, remind me how forcing users to associate their phone number with their account isn't a privacy risk?

Also, this:

"Steve Thomas pointed out that one caveat remains: if you have previously published an old-style Signal fingerprint or QR code and you now publish a new-style Signal safety number or QR code for the same identity key (i.e. without having reinstalled Signal), your phone number could still be discovered by a brute-force search. "

Show thread

@strypey Riot/Matrix would be a much more preferable alternative to Signal once it matures a bit. Phone numbers are terrible as identifiers, can't believe Signal did the lazy thing and copied WhatsApp there.

@michel_slm can you give me an example of what you think makes Riot less mature than Signal? Now that device cross-signing has shipped and E2EE is on by default for private chats, I would already recommend Riot.

@strypey the transition to device cross-signing is a bit rough (some people with existing logins get stuck trying to enable it - nothing that can't be worked around if you're tech savvy).

There's performance issues too - matrix.org is slow, upgrading to a modular.im plan would fix this but the migration scripts are not nature yet.

The new RiotX mobile app is shaping up nicely though, the old Riot app was so slow.

@michel_slm
> the transition to device cross-signing is a bit rough

I agree with all this. But transitional issues don't really affect new users.

> matrix.org is slow

Centralization is hard to scale, which is why Matrix is federated. New users can get better server performance by self-hosting, joining an organisation that does (eg join @feneas !), or at least picking a less popular public server.

> migration scripts are not nature yet.

I just manually migrated to :feneas.org

@strypey @feneas huh Feneas has *both* Friendica *and* Matrix? I'm almost sold. Does it bridge to IRC as well? (especially Freenode, but GIMPnet will be a nice bonus)

Agreed that transition does not affect new users. A friend of mine is really fussy about UX, I should get him to try out the new version.

Also, they just announced something really cool -- alpha of a #P2P architecture!

matrix.org/blog/2020/06/02/int

@michel_slm
> Does it bridge to IRC

I'm in a bunch of IRC rooms via Matrix, including the Feneas room on Freenode which is bridged to:
:feneas.org

Just to be clear, Feneas.org is an organisation, not a single software instance. But financial members get full use of accounts on all the services they run, including Friendica (OStatus, Diaspora, ActivityPub protocols), Synapse (Matrix), and GitLab (Git).

> alpha of a architecture!

Hybrid federated/ distributed networks. Exciting :)

@strypey thanks for confirming! I'll probably join then. Matrix admins can choose what integrations to enable, and I've tried another instance that doesn't have IRC set up.

Will probably move my mostly unused Friendica account too and consolidate in one place.

@strypey I just got invoiced yesterday so hopefully I'll be there sometime this/next week!

@strypey how did you pay your Feneas invoice, out of curiosity? Looks like Holvi only works in Europe and don't accept international wire transfers

support.holvi.com/hc/en-gb/art

@strypey one of the main reasons I still don't have a #Telegram or #Signal account...

@FiXato same. Signal boosters love to go on about metadata, totally ignoring that a cell phone # potentially allows adversaries to associate a huge amount of metadata with an account holder. If your threat model includes targeted surveillance (eg activists, dissidents, journalists), Signal is worse than useless. Especially given that it operates in the primary 5 Eyes jurisdiction.

@strypey it's a calculated risk. It seems like an unnecessary risk to include it in the QR code though. So you know of better secure messengers that are easy enough for the general public to use?

@elplatt Great question :) The answer is, as with any security advice, it depends on your threat model. Jane Average wanting to reclaim privacy from surveillance capitalists, faces different threats than
activists planning a banner drop at a corporate headquarters. An anti-corporate political party planning campaign strategy need defence against a set of threats that are different again. Different apps solve different problems and there's no silver bullet.

@elplatt I also think it's worth reminding readers to take any security advice you read online with a grain of salt, including mine. But having laid out all those caveats ...

Now that device cross-signing has been rolled out, I'd say Riot is already a better encrypted chat app than Signal for most purposes. IMHO the Matrix community continue to prove Moxie wrong. Yes, the ecosystem is moving, but away from centralized silos like Signal, and towards federation (eg wire.com/en/blog/mls-future-of ).

@strypey Ironically that's one of the reasons why they introduced the PIN that everyone has been complaining about — so they can have identifiers other than phone numbers.

@mathew havent seen those complaints yet. Got any links to notable examples?

Sign in to participate in the conversation
Mastodon - NZOSS

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!