@ScottMortimer signal is great, but signal is a company, even if it is non-profit, if a government ask them to give access to data, they will have to either cooperate or close their business. This dissapears on federated communications like matrix.org, yes, Riot Client it is not so easy to use even if it's actually easy.
Matrix.org is also a company, but the decentralized nature of it, eludes any responsibility on handing over user data. #JustSomeThoughts

@nitox great points, which i completely agree with. decentralisation seems to be the only option to avoid this. Have you heard of the recent Signal fork, Session? interesting concept

@maniacbolts bad thing about people or companies or organizations owning a product, is, if this gets used by too many people, first they will try to backdoor it, second, they will gracefullt ask them to access of this communication data. In decentralization there is no one point of failure, the data responsibility is on the server owner, which sometimes is even anonymous.

@maniacbolts when i say 'they' i don't mean the owners of the product, which in some point i could understand they want a better world and freely own big servers to support this.
When i say 'they' i mean governments, laws, and big corps. They always want to know what is people up to, they want them all in their bag, to make sure noone behaves in a way they are not owning the freaking economy. Summary: decentralized and federated is the real good.

@maniacbolts also, we should see which servers session use, because i've seen multiple times good looking projects that were using amazon cloud, which is powerful of course, but gets me really dissapointed. Also a good thing about federation, is that it can hold little amount of users in 1 server, and communicate with the rest, so the cost of maintaining a server, relies on the homeserver owner.

@nitox what could change? from my understanding of the new law, they would have to target a specific individual and serve them with an altered version of any software. Loki is private by nature and the company would have no way of identifying a single user, thus any changes to code they make would be considered 'systemic' and go against the law.

if the gov want to put in a backdoor, they can head to the github, pull the code, alter it, and send it to the person they're targeting. right?

@nitox the node operators (who are anon and globally distributed) can choose whichever hosting platform they wish. I suspect theyd be choosing the cheapest but also at the minimum specs. Amazon is unlikely to be an option, given their pricing.

@ScottMortimer I have been a user of Signal for a few years now. But I've never trusted it less.

@ScottMortimer this is interesting. 50 mill is quite a bit of money. I am intereted to see how they use it. Still has a few bugs and features missing for my liking.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.