Removed by mod

Removed by mod

From what I understand, sealed sender is implemented on the client side. And that’s what’s in the github repo.

It’s unfortunate that you react like this. I don’t claim to be an expert, never have. I’ve only been asking for evidence, but all we get to are assumptions and they all seem to stem from the fact that allegedly the CIA has indirectly funded Signal (I’m not disputing nor validating it).

The concern is valid, and it has caused a lot of distrust in many companies due to the Snowden leaks, but that distrust is founded in the leaks. But so far there is no evidence that Signal is part of any of it. And given the continued endorsement by security experts, I’m inclined in trusting them.

Are you implying that Signal is withholding information from the Californian Government? And only providing the full extent of their data to the government?

This comes back to the earlier point that there is no proof Signal even has more data than they have shared.

They have to know who the message needs to go to, granted. But they don’t have to know who the message comes from, hence why the sealed sender technique works. The recipient verifies the message via the keys that are exchanged if they have been communicating with that correspondent before or else it is a new message request.

So I don’t see how they can build social graphs if they don’t know who the sender if all messages are, they can only plot recipients which is not enough.

If you open the latest instance, from August 2024, you will find a California government request, for a number of phone numbers.

The second paragraph of that very page says:

Once again, Signal doesn’t have access to your messages; your calls; your chat list; your files and attachments; your stories; your groups; your contacts; your stickers; your profile name or avatar; your reactions; or even the animated GIFs you search for – and it’s impossible to turn over any data that we never had access to in the first place.

They respond to the request with the following information:

6. The responsive information that Signal possessed was:

a. REDACTED: Most Recent Registration: 2023-01-31 T19:42:10 UTC; Most Recent Login: 2023-01-31 T00:00:00 UTC.

b. REDACTED: Most Recent Registration: 2022-06-01 T16:30:01UTC; Most Recent Login: 2022-12-12 T00:00:00 UTC.

c. REDACTED: Most Recent Registration 2021-12-02T03:42:09 UTC; Most Recent Login: 2022-12-28 T00:00:00 UTC.

The redacted values are the phone numbers.

That is the full extent of their reply. No other information is provided, to the government request.

Signal absolutely can does provide social graphs, message frequency, message times, message size.

Do you have anything to back this up?

and requires phone numbers (meaning your real identity in the US).

This gets shared a lot as a major concern for all services requiring a phone number. It is definitely true that by definition, a phone number is linked to a person’s identity, but in the case of signal, no other information can be derived from it. When the US government requests data for that phone number from Signal, like they occasionally do, the only information Signal provides them with is whether they do have a signal account and when they registered it last and when they last signed in. How is that truly problematic? For all other services which require a phone number, you would have much more information which is where it is truly problematic, say social graph, text messages, media, locations, devices etc. But none of that is accessible by Signal. So literally the only thing signal can say is whether the person has an account, that’s about it. What’s the big deal about it? Clearly the US government already has your phone number because they need it to make the request for Signal, but they gain absolutely no other information.

Get what you are trying to say but both are still encrypted. They simply aren’t end to end encrypted. So the messages are private.

You explain exactly why messages are not private: if they are not end-to-end encrypted, by definition Telegram can read all the messages. That’s exactly what end-to-end is meant to protect against. So in that aspect, Signal truly is private and Telegram maybe, if you activate their private chats but I’ve not seen security experts praise their algorithm, compared to their regular endorsement for Signal.

Ahead of Legion Go S shipping, we will be shipping a beta of SteamOS which should improve the experience on other handhelds, and users can download and test this themselves. And of course we’ll continue adding support and improving the experience with future releases.

I haven’t read the article so I can’t comment on it, but thinking that the solution is simply avoiding the services in question is not enough. It assumes that people know what the consequences to sign up are (most people probably don’t understand DRM) and it also assumes that there are better alternatives. Unfortunately, for the latter, I feel like there are fewer and fewer alternatives and the ones remaining are becoming increasingly niche. One may not be able to get a car which is self-repair friendly, independent on internet connectivity. So what does one do if one needs a car? Build one?

Marvelous :) Good on you for taking this leap. The Linux community on Lemmy can help if you need any advice or guidance. I have been rocking fedora for the last few years and I’ve been very pleased, also with an Nvidia GPU.

I’m curious if you have any resources to get setup with the Nvidia drivers, different from mine? My reference has always been: https://rpmfusion.org/Howto/NVIDIA

And it’s always worked like a charm, both for legacy hardware and new hardware.

So cloudflare admits they are bulk processing the reports and the article just goes saying yeah too bad, it happens. But this is just for me a solid argument that scaling companies to that level is not beneficial, neither for themselves (as they get this kind of coverage about not doing the job properly), then for the websites being unjustly blocked and for visitors being misguided. I wish we could have a more competitive market instead of cloudflare, google and possibly some few others…

Thanks for sharing your experience. Was XCP-ng considered as a migration target? Would you have some feedback to share on what made it unsuitable for you? Thank you!

They have a special migration tool from VMWare: https://docs.xcp-ng.org/installation/migrate-to-xcp-ng/#-from-vmware

I’m not sure I see the issue to be honest. The development is made in the open, the architecture is pretty flexible and is designed to be rather robust to rug pulls specifically such that less trust is required in the model.

Also, whenever these discussions happen, I can’t stop feeling that it is somehow also meant to imply that mastodon is somehow better. And I am not a fan of that, as if there could only be one good social network. The internet is better with multiple services, multiple of many things. That’s how there is cooperation, compatibility and development for the better.

I wouldn’t assume this is done with malice in mind, but maybe this is someone unaware of the importance of a formal license.

Indeed. They only have I. Their github page:

Terms of Use

Feel free to use these components in personal and commercial projects. However, while the tutorials and demos are available for your use as-is, they cannot be redistributed or resold. Let’s keep things fair and respect each other’s work.

The whole talk is available here: https://www.youtube.com/watch?v=ZNK4aSv-krI

This specific one is at 39min.

They don’t have to have a backdoor. They are most likely in possession of a master key to decrypt your data:

https://arstechnica.com/gadgets/2012/04/apple-holds-the-master-key-when-it-comes-to-icloud-security-privacy/