A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 29 users / day
- 105 users / week
- 184 users / month
- 351 users / 6 months
- 14 subscribers
- 2.03K Posts
- 9.17K Comments
Can you elaborate on how this is FUD, please?
Introducing socialist millionaire verification to ease fingerprint verification does not seem a bad idea.
Using phone numbers as identifiers is a well-known Signal flaw.
And while CBC is indeed less robust that GCM regarding certain types of attacks, it is true that “up-to-date” CBC implementation have no known vulnerability. Yet, would you claim that TLS1.3 is FUDing for dropping CBC support as well?
I am not promoting mesibo, which I never heard about before. I am just trying to understand how this criticism of Signal would be invalid, or FUD.
Oh no it’s a pretty good idea, and unfortunately mosibo isn’t the first project to implement it… in an entirely new protocol that nobody will ever adopt. Implementing SMP in a widely-used protocol (email/PGP, IRC/OTR, XMPP/OMEMO) would benefit a lot more users.
Indeed, but once again we have dozens of protocols providing messaging primitives, whether federated or centralized. Why should we even consider Signal or Mesibo? To be honest, i appreciated Mosibo’s criticism of Signal: it’s fair and strongly deserved. I would add to this that Signal dropped on-disk database encryption which is horrible: users set a passphrase expecting some security… only to find out later that the passphrase is purely cosmetic and the local DB is unencrypted.
I don’t think it’s either FUD or invalid. It just looks like yet another corporation making yet another protocol for yet the same usecases we already have a dozen protocols for. If mesibo is only about cryptographic research, OMEMO/MegOLM could use a refresher… but unfortunately they’re promoting an entire ecosystem and it’s really not clear what the technical/business model is (i found the code for libmesibo but i don’t see any server implementation on their github).
I think given the very fragmented ecosystem we already have, the burden is on them to prove that their project is interesting/useful. From my perspective, it looks like some cryptographers wanted to do cool stuff, but need a bullshit business front (like any startup) to operate… like a lot of crypto research, unfortunately…
I agree with all of your points :)