@0xmrtn But only if you don't want to sleep yourself of course. 😜
For reference: that's a major antivirus vendor. And there is a very obvious correct way to do this. In fact, I think it's the first time I see somebody mess this up.
@leip4Ier Sure, these experiments suffer from human assumptions. All the more reason to doubt a video which shows these very human assumptions validated. 😜
@leip4Ier I'm only half believing what I see there. Supposedly, cats cannot recognize themselves in a mirror, much less try to find their ears. So I wouldn't be surprised if the whole thing was staged somehow. But it's really fun to watch.
@leip4Ier That doesn't apply to all cats it seems, at least not to this one: https://twitter.com/Pandamoanimum/status/1283753313134149633
@jiefk Yes, so far Riot still shows most potential despite the shortcomings. And I'm explicitly not saying "Matrix" because as of now there is no real selection of usable and secure clients.
Will continue looking but I have little hope to still find a good Signal replacement.
@jr Mind you, I'm not blaming the devs. I've been there myself, I know exactly how this happens. Doesn't mean that I have a simple answer. There is a reason why mature projects don't let developers design user interfaces.
@jr It's not really an isolated incident. It's a general symptom of a UI which wasn't designed with less knowledgeable users in mind. And opening issues only gets you so far...
@jr Yes, that for example. When registering I had to enter a user name and select a server, yet it expected me to compose a Jabber ID myself when logging in. And it genuinely confused me when I tried to join a channel, I didn't realize that channel IDs were composed in the same way.
I started looking into #XMPP clients with end-to-end-encryption support. First one was #Gajim, with its "charming" 90s messenger style. Encryption isn't the default here however, no progress on the corresponding issue. https://dev.gajim.org/gajim/gajim-plugins/-/issues/319
A lengthy and very detailed blog post by Matthew Green on why #Signal PINs are problematic: https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-about-signals-secure-value-recovery/
Note that with a central server instance one has many of the same concerns - but compromising a server is a bigger hurdle than running a bunch of OpenDHT nodes, and there is also a higher chance that some irregularities will be noticed.
That's the issue I see here: end-to-end encryption is great, but a setup where any party can start collecting metadata fairly easily probably isn't too privacy-friendly. And the issue is known of course, so devs recommend using VPN or Tor.
Software developer and security researcher, browser extensions expert. He/him
Other Mastodon account for non-technical topics: https://social.tchncs.de/@WPalant
A Mastodon instance for info/cyber security-minded people.