Then let us know when they are solved. Until then, I have a lot more hope in matrix than XMPP. They at least seems to be making progress in the right direction, although they are not there yet either.
Signal remains the best option for now.
So much cope you didn’t even notice no one mentioned matrix. We are comparing XMPP with Signal.
Your reasoning would hold up if 80% of xmpp wasn’t running on Conversations or forks of it
Also, you really think saying only 20% of your chats are insecure is somehow making it better?
The encryption being crap really does not depend on the threat model. Sure, in some threat models you may not need e2ee at all but in that case, what’s wrong with WhatsApp?
The issue with XMPP is that security really was an afterthought. Not only is e2ee an optional extension, but there are actually 2 incompatible extensions, each with multiple versions. Then you have some clients not implementing either, some clients implementing the older, less secure one. Some implement the newer one but older version of the spec with known issues. And of course, the few clients that implement it well become incompatible with other clients that don’t if you enable e2ee, so it is disabled by default.
That is all before you start looking into security audits or metadata harvesting.
Tell me you don’t know anything about security without telling me you don’t know anything about security.
There are: https://nimbusdata.com/products/exadrive/specifications/
They are just not listed in shops for poor people. (joking)
Not really. Sure, China is able to make unpopular decisions better then democracies, but that makes them inefficient in different directions. E.g. high speed rail in areas where it is not needed but greatly lacking freight trains. Or their housing bubble.
No offense, but I seriously doubt you’ve done any of such analysis.
Well, if you don’t believe me, go do the analysis for yourself then. Unless you would rather live in a fairytale than look at your beliefs critically.
Part of the reason you know USSR sucked is because they had to do it publicly.
Yeah, why not show complete ignorance of history. Not as if USSR literally left people in Chernobyl to be irradiated in order to avoid admitting what they caused until western media exposed them. But it is capitalism that keeps things secret, that is why you know about those things from news and internet.
You wrote you’re supporting of the kind of socialism a lot of socialists would consider capitalism
No I didn’t. I wrote that until someone shows me a version of socialism that works, I will support capitalism.
So instead we should support a system where political motives are commodified and corporations sell the power to influence the political landscape…
You ever heard of the concept of lesser evil? That is what I consider capitalistic social democracy. If you find an even less evil system that does not just run on hopes and dreams, I will switch my support to that one. But right now, every system I have heard of or thought of would end up being even worse in practice.
Once you come up with an economic model that both works economically and does not hand power to elected officials or some other such group,
I literally wrote that I would support some form of socialism. That is not sarcasm. I am not talking about one example, I am talking about economic and game theory principles.
If you analyse the common forms of socialism using those, it is obvious it will always devolve into authoritarianism. The incentives between leaders and the population are too misaligned and the power is too concentrated.
Comparing all capitalism to the US is the same as comparing all socialism to the Soviet Union.
There are plenty social democracies in Europe. I advocate for spreading those and making incremental improvements to them where appropriate.
“We don’t accept ideologically motivated changes” = White supremacist language… Yeah, sounds about like what I expected…
Yeah, blame the Russians. As if the Russian revolutionaries were not fighting for the same ideals you believe in. Just by not realizing that eliminating capitalists concentrated all the power in the government and handed power to Stalin on a silver platter.
Once you come up with an economic model that both works economically and does not hand power to elected officials or some other such group, you have my support. Until then, I will keep the safe assumption that socialists have zero idea what they are talking about and would lead us to doom if we gave them the chance.
Yeah, we should just ditch email for sensitive communications.
Anyway, my point was that I lost trust in Proton back then over this and went to Tuta that has native clients. It makes no difference to my security since I don’t think I ever sent or received a single mail that was actually e2e encrypted. But Tuta’s more serious approach to e2ee made me slightly more confident in it as a company.
Now it kinda looks like it was the right choice.
doesn’t impact the security sufficiently to make a difference for the average user.
I think it is borderline. I am not advocating for PGP, I like the Signal model where you trust signal for introductions but have the ability to verify, even in retrospect. Trust but verify. Even a few advanced users verifying Signal keys forces Signal to remain honest or risk getting caught.
I think the lack of meaningful verification for proton is a significant security weakness, though average user probably has bigger things to worry about.
I don’t own much capital, but I live in a post communist country and I sure as hell don’t want to experience the shit our country already went through once.
Bridge did not exist back then.
As for it being sophisticated attack, I think it is relative.
Regardless, if Proton said it did not matter to most people, I would respectfully disagree and move on. They did not. They claimed it is not at all less secure than a native app, which is BS.
Then go ahead and start one :D Good luck finding a bank that gives you an unsecured loan to start a business.
Then it is not equally owned as the title says.
It is nuanced, but having the ability to selectively serve malicious javascript stealing keys to specific people only on one access is considerable issue in practice, compared to distributing binary where you would generally have the same binary for everyone and you are able to archive and analyse it. Especially if you use third party distributions, like github releases or flatpaks.
Was it ever? I ditched them years ago when they tried to gaslight people that e2ee in javascript in browser is secure.
It’s not about being pixel specific. They built high security OS that uses HW components to deliver that high security. It can’t be delivered without them. These components are not google patented nor does GrapheneOS demands they use the exact pixel ones. GrapheneOS just refuses to lower security to support phones that lack these components, because manufacturers wanted to save maybe a $1 per phone by not including them at the expense of user security.