“Let Chaos storm, let cloud shapes swarm; I wait for form”

  • 8 Posts
  • 150 Comments
Joined 2 years ago
cake
Cake day: August 14th, 2023

help-circle

  • I think the story of Whatsapp should’ve taught people that capitalist fuckery and living long enough to become the villain are bigger threats than people give credit for, and Signal is just as vulnerable to this as WhatsApp was. They’ve also fought against any ways that it could be mitigated, they fought and are still fighting unofficial clients (moxie himself went around harassing people to stop), they fought any form of decentralization or interoperability with other servers and self-hosting.

    All things that could make signal a bit more resistant towards something like what happened with WhatsApp, yet they’ve all been rejected in favor of exclusive control on the app (and for a long time it was GMS tied on the PlayStore) and exclusive control of the the network. Two things that don’t exactly bode well for the future.


  • Remember kids, if someone makes a centralized app or messaging claiming to be a savior of privacy and security, you should be skeptical of them and their integrity. Really you should be skeptical of anyone making grand promises of privacy and security, especially boastful ones. Though decentralized services are less risky than centralized ones, and that’s why I recommend people use Matrix instead of Signal.

    Matrix still has problems but it being decentralized eliminates many of the corruption issues by simply using a server not affiliated with the creators.


  • I agree with what other people are saying, the whole phone number requirement of Signal isn’t great since, for the most part phone numbers are intended to link to your real world identity. That means they are a very big weak link.

    Also let us not forget that Signal is a centralized service run by one company. They have been very resistant in the past to the idea of decentralization and interoperability. I’m already very skeptical of people who claim to be a savior or hero of Privacy and security lie this, even more so when it’s a centralized service. You do know that WhatsApp started out like Signal did right? Look where they are now. You cannot trust a centralized service like Signal, especially one that forces you to provide real world identification. Signal can just as easily be sold and backdoored like WhatsApp was, decentralized services are much more resilient to that kind of thing.









  • There are solutions and ultimately it’s up to you to ensure that you have access to your account not because services are mean and want to hurt you, but because you’re a big boy. They give you security tools and how you use them is up to you.

    Are you really sitting here trying to argue that big tech companies like Google and Microsoft somehow has our best interests at heart on a dbzer0 community about privacy where it’s abundantly clear to us that they don’t? Especially in cases of forced 2FA/MFA adoption with texting.

    You know the only worthwhile thing you said was about software based 2FA which @[email protected] already mentioned in a far more civilized manner that made me more willing to listen to him, while also not kissing up to big tech companies who really actually mandate it to make their lives easier and who couldn’t care less if you lose access to your account.

    The irony is that “to ensure that you have access to your account” isn’t really accurate when it comes to the hardware solutions, it would be more accurate to say “to ensure if access is lost, it’s lost forever”, and I’m never going going to agree or be okay with that because ultimately the person gets screwed over with no loss to the company trying to mandate that. Which is what I was expressing and why I lack any desire or drive to use them, and also my knowledge of how big tech companies operate is ultimately one of the reasons I’m not willing to delude myself into thinking they have my back when they actually don’t.


  • I strongly dislike 2FA and MFA solutions and really they seem to be to be a way for services to protect themselves than to protect me, since if I lose the device they’re connected to then I get locked out myself. If they function poorly like Lemmy’s early implementation of them, they can lock you out even if you have everything in order.

    So when companies try and force 2FA or MFA solutions as mandatory in online applications where there’s no additional recovery methods I’m not going to delude myself or go along with the notion they’re doing it to protect me, and not themselves. Since those solutions make it likely to lose my account at no loss or harm to them.

    Maybe this seems harsh but I’ve seen how big tech companies handle this aspect and talk about it and I know none of the other things they do come out of legitimate care for their users and I know this isn’t ultimately any different.






  • I’m not saying it isn’t important all, I just think that it’s equally important to work to defeat systems and encourage people to take said action, as opposed to just trying to spread fear and despair. Which is what a lot of films about privacy and surveillance end up doing. There’s a name for that, it’s called fearmongering. Obviously we can’t stop the media from doing that but we should at least not do it ourselves.

    And for any useful idiots who try and whine about how breaking those technological measures violates Terms of Service, terms of service in software that was handed to you is as worthless as the agreement at the bottom of my other comment. You need technological or practical enforcement of it for it to make sense. Like on this site the Terms of service are enforced with a ban if you don’t follow them. On the other hand software terms of use have no such enforcement, as anyone who participates in [email protected] would understand.


  • One thing you’ll find about self-hosting is that you find yourself on the other side of the spam shield very often, and getting your server to a point where other servers won’t block or filter you can be a challenge, especially if your IP or domain is on more aggressive lists like Spamhaus.

    Besides that it’s not really that much different from hosting another Federated service, which you seem to have experience with.