Pup Biru

i thought this too, and i just started actually working with it and DAMN is it fast… i agree that it’s kinda a technical “what the fuck are you doing?!?” but… yeah… i can’t even really explain why

that’s the incredibly clever part

https://signal.org/blog/sealed-sender

susceptible to backdoors and other USA shenanigans.

that’s pretty much the major difference here: Signal is provably not back-doored:

• it’s frequently independently audited
• all their code is open, so there are plenty of eyes on it to catch shenanigans
• they have reproducible builds which means you can prove that the code that you can read is exactly the same code that produced the binary running on your device
  • if you don’t know what this means, basically every time you compile the code it produces the exact same binary result
  • there are people that do this automatically so that if there were different source code that created a binary - with a secret backdoor or something - it would be very obvious, and public
  • given that, it’s reasonable to assume that the binary running on your device was produced using the same open code everyone can read: you don’t need to do it yourself
• whilst you can’t prove their server is the exact same as what’s in their open repos, it doesn’t really matter… the point of their architecture is that it doesn’t matter what the server is running: it could be announcing all data publicly and it’d still be secure because the encryption, security, and privacy feature are all ensured by the client

they receive whatever Google/Apple give them which may be quite different from what’s in the source code.

i don’t disagree: it’d be better if we all had the time, skill, and energy to invest into auditing our own systems… but realistically nobody does, let alone people that don’t really care about privacy

with that in mind, it’s all about getting as close as possible… given signals reputation, you can be pretty sure the source code has a lot of eyes on it, and that if there were back doors found it would be news

and given reproducible builds, as i said earlier, you can (or rather, i certainly do) assume that if there were a mismatch between the binaries and the source you’d also hear about it

of course, that doesn’t stop targeted attacks by nation states, but that’s never what we talk about in personal security and privacy situations… it’s just not the threat model that most (i’d wager any) of us should be thinking about because that is not just a full time job: that is an entire teams full time job… we just aren’t being directly targeted like that, and if we are then tbh it’s all over. we protect against general surveillance… we can’t protect against zero days, physical device access, etc

If they can then Signal can as well, right?

kinda… again, reproducible builds: either of them could technically put code in their app that sends private keys to their servers somehow, but if you break it down it’s far more likely to be caught in signal than in whatsapp

more likely Google and Apple will

i’m not sure what you mean by this… sure, apple or google could send you an update to ios/android to extract data from apps, but again that seems much more likely a very large-scale attack… you can protect against this by running graphene etc which does similar reproducible builds, but in that case we aren’t talking about the app: signal is absolutely the app you would rely on if you’re going that far… you just wouldn’t ensure your hardware and OS integrity and then just skip the app integrity lol

or perhaps you mean that google or apple could send you specifically a binary of signal that’s been modified? but that’s actually not really likely because apps are signed by developers: apple and google can’t actually send you something that the developer hasn’t “approved”… sure, they control the OS so they can circumvent all the restrictions, but again that’s a massive attack, and really far beyond what’s reasonable to consider for most people (and again, that applies to both whatsapp and signal so it’s not really a point in favour of whatsapp)

But as I understand it any US company will have to store and provide metadata, logs, etc when the government agencies tell them to

absolutely correct… the point of privacy like signal does is that they hand everything over and it’s useless: the information signal themselves can extract, even by modifying their code is completely worthless. they have your IP address, phone number, some timestamps, and encrypted blobs (AFAIK they don’t store a lot of that, but that’s not provable so we should assume that it’s stored either accidentally or because of coercion)… they can see when you messaged, but not even things like who you messaged

if signals infra and private keys etc were literally handed over to the US government right now and they specifically wanted to target you personally, it’s highly unlikely they would be able to do anything particularly useful with any of that before it’s noticed, and then you can stop using signal before they actually intercept new communications (and old communications are protected, assuming you wipe the app and all its stored info before they can send you a poisoned update)

and with all of this, it doesn’t really matter where signal is based: US, China, Russia, Guam, Switzerland, Iran: doesn’t matter… the structure is built in such a way that if Signal the organisation is coerced, it’s either:

• obvious, and therefore noticed by the community at large and thus you’d hear about it
• not useful: ie all information that Signal has is provably garbage
• such a large scale that we globally have huge problems (and we do, but that’s not something you can solve)
• targeted, in which case you have big problems and whilst this may be part of it, you need to have a lot more resources to detect and solve it. this just isn’t the reality for most people

it’s about your threat model: you can’t worry about massive scale, and you can’t worry about being individually targeted… unless that is part of your threat model, in which case signal is still part of your solution (along with auditing and validating every part of the chain from hardware to OS to the apps which all require reproducibility or building from your audited source) and whatsapp fundamentally is not

Signal punished their spec and WhatsApp re-implemented it, yes but critically only the messaging parts rather than all the other privacy parts

the reasons to switch basically start with WhatsApp is owned by Meta, and given that these things become more important:

• WhatsApp is closed source so it’s difficult to confirm if their implement is “correct”
• they may have the ability to extract your keys from your device somehow
• i’m not sure who is the ultimate key-holder for whatsapp: if it’s like apple, they hold your private keys and thus can decrypt anything they like (different to signal where devices transfer your keys between each other via qr codes etc)
• on that last point, i can confirm that to login with whatsapp on the browser just now my process was: enter phone number, type an 8-digit code from my phone… this could be an temporary key of some kind used to e2ee between the devices to transfer my master key or something, but i’m very suspect on this being anything more than plain text verification that meta could man in the middle
• whatsapp stores your contacts, and message metadata… that’s all i personally need to avoid it: meta doesn’t need to know who and how often i message people to add to their profile on me

meta says whatsapp is secure exactly for this reason: people think “why switch?” when it’s really about the metadata for them… they are experts and building a profile with scraps of metadata

writing a secure application is about more than technically rock-solid encryption and protocol

It’s the fediverse, signal is sacred and will not be questioned nor criticiced

you can question signal just as much as you want, but you’d better come with actual arguments rather than just conspiracy, because signal has counters to pretty much every claim that non-experts try to make

signal was built and is run by one of the worlds foremost security researchers and privacy activists

it uses standard encryption that is used in huge numbers of things. if there were a problem with any part of that, the world would have a much bigger problem than individual communications. the US government does not behave in a way that suggests these algorithms are compromised

it has been repeatedly audited by 3rd parties

the fact that it’s US-based is barely worth mentioning… why is that a problem? are you sure it’s not solely a knee-jerk reaction?

it’s free (so you’re not supporting the US economy), the client - and server, though that’s not important because E2EE - is FOSS (so it’s auditable and extendable by anyone: AFAIK they also ensure repeatable builds), the encryption is basically as good as it gets (they even have various protections for quantum computing), their architecture means they can’t even see metadata like senders… so, again, in this case what are you giving up by having it US-based? perhaps a little bit of soft power, perhaps an acknowledgment that in this 1 case the US produced a good product counter to their governments interests

the other guy who dared to like Telegram

because telegram is not for security or privacy conscious people, despite their marketing: they actively muddy the waters and make people less safe

their encryption is custom, written by mathematicians not cryptographers so doesn’t include features like perfect forward secrecy, replay protection, etc

and their default chat mode isn’t even e2ee - only secret chats use their custom encryption, and nobody actually uses them!

there are numerous sources documenting these problems, and plenty more

it’s okay to like telegram: i like it as a chat app, and i use it for the features it provides… but it’s not okay to say in a privacy and security context that they’re even remotely comparable

absolutely! similar is true of node in v8 (though python imo is far more mature in this regard) and probably most other languages

exactly why things like numpy are so popular: yeah python is slow, but python is just the orchestrator

further to that, “demonstrably worse for the planet” i’d like to debate: considering a huge amount of climate science is done with python-based tools because they’re far easier for researchers to pick up and run with - ie just get shit done rather than write good/clean code - i’d argue the benefit of python to the planet is in the outputs it enables for significantly reduced (or in many cases, perhaps outright enabled) input costs

yeah we have a “supply charge” that’s ~$1/day on top of that base rate too, so roughly the same situation :(

we’ve got this crap because of privatisation so it’s not likely to change any time soon.

i hope your energy prices come down when energy things stabilise in europe!

just sayin’ this is still so incredibly cheap… 8c/kwh… australian electricity prices are 24-43c/kwh (obv usd vs aud but the aussie $ isn’t that weak)

enron sold plenty of gas and real things too: it’s the double handling that’s the problem; not the nature of the goods or services

openai has practically no value and that’s well known… nvidia is paying companies to buy their chips and playing bullshit shell games

the difference is openai is a pretty well known unprofitable company, and they aren’t doing quite as much of the bullshit shell games. nvidia is selling to basically everyone, taking stakes in companies, giving weird deals… it’s bloody impossible to track how much of their sales are real and how much those real sales are actually worth, or if those sales are loss leaders for some investment then those investments look a lot like openai

so nvidia not only is invested in a lot of very questionable AI bubble companies, but also their own sales figures are… unreliable

they’re making billions upon billions because they’re using their own money multiple times. it’s kinda like leveraged trading with all the risk and it’s incredible arrogant at the scale that nvidia is doing it

and both positions are wrong. nobody ever said that the ROC wasn’t imperialist in the exact same way

chinas stance towards the south china sea and taiwan is what this exaggeration for the purposes of comedy is based on

perhaps… i guess the single directional execution model would help to prevent memory leaks, and components would help keep things relatively contained… and also javascript in general avoids whole classes of c/c++ bugs… but it’s also incredibly slow. imo it’s just not something you should write core system components in

to be clear, it’s not react that’s the problem here: its execution model is an excellent way of structuring UI… but something as core as the start menu just really isn’t something you should fuck around with slow languages with

and also, that’s not to say that FOSS shouldn’t do it - they’re open, and thus something like react makes it easier for devs to write plugs and extend etc… but that’s not an engineering concern for windows: they don’t get the luxury of using extensibility as an excuse

little measurable difference? the last time they rewrote something they replaced the start menu with fucking react

the difference will be measurable and enormous

that’s absolutely true, and i’m sure that as tooling and workflow gets better these solutions will become standard. for the moment it’s all pretty haphazard, and i just don’t think it’s necessarily malicious intent or lying exactly… i think it could have easily been just miscommunication and/or legitimate mistake

afaik there were 2 issues here: there was a placeholder asset left in the game upon release, and the rules of the award were no AI assets during development either. i think the first can be easily explained by it being accidental (they replaced the texture very quickly) and the second can easily be explained by miscommunication between teams

i can see how this would happen though: marketing team simplistically asks about AI assets, dev team says no because it’s not in the final product that they’re aware of, and that miscommunication is exactly that: neither team is trying to be dishonest, it’s just that some information got lost along the way

their award should have been rescinded for sure

but also that shouldn’t tarnish the reputation of the studio going forward as long as they apologise and it was legitimately internal miscommunication rather than an attempt to deceive

yeah i don’t even think the dishonesty was necessarily dishonesty… i just think perhaps the marketing team wasn’t fully informed. i can absolutely see dev teams saying no to “AI use” not having been told that the question applied to the whole dev process, and marketing not understanding that that information was important

i have no problem with AI placeholders. i think that’s the right way to use AI… and dishonesty is a problem… miscommunication is really not a problem

but i also think that rescinding the award is the right call! but that shouldn’t tarnish the studios reputation in the future if they apologise and explain what happened

yeah they do certainly exist, but bog standard “red light cameras”… ie single purpose cameras are not that kind of problem… imo, as long as they’re deployed to combat actual issues they’re very much a beneficial tool

i think it’s important to differentiate these new kinds of cameras from the single purpose cameras so that arguments against them can be made independently

red light cameras - at least in australia - are stock standard canon DSLRs… they take images, but not video

there are some newer ones that do things like photos of people using their phones stopped at lights etc, but generally speed/red light and “single purpose” cameras will just be doing stills, and wouldn’t be too useful for anything other than a single photo when the sensor triggers it