The sender ('s unique device) can with 100% accuracy be appended to the message by the server after it’s received.

How?

If I share an IP with 100 million other Signal users and I send a sealed sender message, how does Signal distinguish between me and the other 100 million users? My sender certificate is encrypted and only able to be decrypted by the recipient.

If I’m the only user with my IP address, then sure, Signal could identify me. I can use a VPN or similar technology if I’m concerned about this, of course. Signal doesn’t consider obscuring IPs to be in scope for their mission - there was a recent Cloudflare vulnerability that impacted Signal where they mentioned this. From https://www.404media.co/cloudflare-issue-can-leak-chat-app-users-broad-location/

404 Media asked daniel to demonstrate the issue by learning the location of multiple Signal users with their consent. In one case, daniel sent a user an image. Soon after, daniel sent a link to a Google Maps page showing the city the user was likely in.

…

404 Media first asked Signal for comment in early December. The organization did not provide a statement in time for publication, but daniel shared their response to his bug report.

“What you’re describing (observing cache hits and misses) is a generic property of how Content Distribution Networks function. Signal’s use of CDNs is neither unique nor alarming, and also doesn’t impact Signal’s end-to-end encryption. CDNs are utilized by every popular application and website on the internet, and they are essential for high-performance and reliability while serving a global audience,” Signal’s security team wrote.

“There is already a large body of existing work that explores this topic in detail, but if someone needs to completely obscure their network location (especially at a level as coarse and imprecise as the example that appears in your video) a VPN is absolutely necessary. That functionality falls outside of Signal’s scope. Signal protects the privacy of your messages and calls, but it has never attempted to fully replicate the set of network-layer anonymity features that projects like Wireguard, Tor, and other open-source VPN software can provide,” it added.

I saw a post about this recently on Lemmy (and Reddit), so there’s probably more discussion there.

since the sender is identified at the start of every conversation.

What do you mean when you say “conversation” here? Do you mean when you first access a user’s profile key, which is required to send a sealed sender message to them if they haven’t enabled “Allow From Anyone” in their settings? If so, then yes, the sender’s identity when requesting the contact would necessarily be exposed. If the recipient has that option enabled, that’s not necessarily true, but I don’t know for sure.

Even if we trust Signal, with Sealed Sender, without any sort of random delay in message delivery, a nation-state level adversary could observe inbound and outbound network activity and derive high confidence information about who’s contacting whom.

All of that said, my understanding is that contact discovery is a bigger vulnerability than Sealed Sender if we don’t trust Signal’s servers. Here’s the blog post from 2017 where Moxie describe their approach. (See also this blog post where they talk about improvements to “Oblivious RAM,” though it doesn’t have more information on SGX.) He basically said “This solution isn’t great if you don’t trust that the servers are running verified code.”

This method of contact discovery isn’t ideal because of these shortcomings, but at the very least the Signal service’s design does not depend on knowledge of a user’s social graph in order to function. This has meant that if you trust the Signal service to be running the published server source code, then the Signal service has no durable knowledge of a user’s social graph if it is hacked or subpoenaed.

He then continued on to describe their use of SGX and remote attestation over a network, which was touched on in the Sealed Sender post. Specifically:

Modern Intel chips support a feature called Software Guard Extensions (SGX). SGX allows applications to provision a “secure enclave” that is isolated from the host operating system and kernel, similar to technologies like ARM’s TrustZone. SGX enclaves also support a feature called remote attestation. Remote attestation provides a cryptographic guarantee of the code that is running in a remote enclave over a network.

Later in that blog post, Moxie says “The enclave code builds reproducibly, so anyone can verify that the published source code corresponds to the MRENCLAVE value of the remote enclave.” But how do we actually perform this remote attestation? And is it as secure and reliable as Signal attests?

In the docs for the “auditee” application, the Examples page provides some additional information and describes how to use their tool to verify the MRENCLAVE value. Note that they also say that the tool is a work in progress and shouldn’t be trusted. The Intel SGX documentation likely has information as well, but most of the links that I found were dead, so I didn’t investigate further.

A blog post titled Enhancing trust for SGX enclaves raised some concerns with SGX’s current implementation, specifically mentioning Signal’s usage, and suggested (and implemented) some improvements.

I haven’t personally verified the MRENCLAVE values for any of Signal’s services and I’m not aware of anyone who has (successfully, at least), but I also haven’t seen any security experts stating that the technology is unsound or doesn’t actually do what’s claimed.

Finally, I recommend you check out https://community.signalusers.org/t/overview-of-third-party-security-audits/13243 - some of the issues noted there involve the social graph and at least one involves Sealed Sender specifically (though the link is dead; I didn’t check to see if the Internet Archive has a backup).

Message history won’t be fully fixed. It can’t be without storing message backups in some cloud somewhere (whether it’s to iCloud, Google Drive, Dropbox, or Signal’s servers) and Signal omits its message history from system backups on iOS and Android.

iOS users are completely incapable of backing up their message history in the event of their phone being lost, stolen, or broken. This omission isn’t justified in any way, as far as I’m aware; I don’t know of any technical reason why following the exact same process as on Android wouldn’t work.

Android users are able to back up locally via Signal, but that isn’t on by default, can’t be automated, needs to be backed up separately, requires you to record a 30 digit code to decrypt it, and has limitations on when it can be used for a restore (can’t restore on iOS, for example). See https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages for more details.

Message history on linked devices - meaning iPads and desktop computers - is being improved, but it still won’t mean that a user who loses or trades in their phone as they get a new phone will be able to simply restore their phone from a system backup and restore their Signal message history. And even that isn’t anywhere near as easy as on Telegram, where a user can just log in with their password and restore their message history, no backup needed.

It’s great that they’re improving the experience for linked devices, but right now that doesn’t actually help if you lose, break, or trade in your phone. Maybe they’ll later allow users to restore to a phone from a linked device or support backups on iPhones, but right now the situation with message history isn’t just an unfriendly UX, but one that is explicitly and intentionally unreliable for a huge portion of Signal’s user-base.

Also read that the keys are stored locally but also somehow stored in the cloud (??),

Which keys? Are they always stored or are they only stored under certain conditions? Are they encrypted as well? End to end encrypted?

which makes it all completely worthless if it is true.

It doesn’t, because what you described above could be fine or could have huge security ramifications. As it is, my guess is that you’re talking about how Signal supports secure value recovery. In that case:

1. The key is used to encrypt your contacts, profile name, group avatars, social graph, etc., but not your messages.
2. Your key is only uploaded to the cloud if you have a recovery PIN or passphrase
3. Your key is encrypted using your PIN or passphrase using techniques (key-stretching, storing in server secure enclaves) that make it more difficult to brute force

The main criticism of this is that you can’t opt out of it without opting out of the Registration Lock, that it necessarily uses the same PIN or passphrase, and that, particularly because it isn’t clear that your PIN/passphrase is used for encryption, users are less likely to use more secure pass phrases here.

But even without the extra steps that we can’t 100% confirm, like the use of the Secure Enclave on servers and so on, this is e2ee, able to be opted out by the user, not able to be used to recover past messages, and not able to be used to decrypt future messages.

The concern is valid, and it has caused a lot of distrust in many companies due to the Snowden leaks, but that distrust is founded in the leaks.

Snowden explicitly endorsed Signal, too - and as far as I know he’s never walked that endorsement back.

https://signal.org/blog/sealed-sender/ explains the feature.

https://github.com/signalapp/Signal-Android/issues/13842 has some links into the code base showing where sealed sender is implemented.

That’s worth considering, but it also needs to be weighed against possibly impacting their friendship if she’s not interested. I also wouldn’t recommend saying he “really likes her” if he doesn’t already like her a lot that way, but even just “I like you” would work just as well.

Liking multiple people at once is super common. The love triangle is a trope for a reason.

If you don’t like her then don’t worry about it (other than to maybe pay attention to how you’re acting around her and avoid flirting unintentionally) but if you’re interested in her, maybe try pursuing that? Flirt with her a bit and see if she reciprocates. If she likes you, there’s a good chance she’s been flirting with you and you’ve just been oblivious.

If you’re too shy to intentionally flirt, you could ask her outright, but it’d probably be better to ask her something that hints at your interest, like “I like this girl but I can’t tell if she’s into me - what sorts of signs should I be looking for?” Should be pretty obvious what you’re both saying and asking.

Good catch, I didn’t realize that with AnyType. That makes my first recommendation to OP just SilverBullet, then. Source available is better than nothing, like with Obsidian, but OP specifically asked for FOSS repos. It looks like their peer to peer sync server is MIT licensed, but their client (and client library) code is licensed under the “Any Source Available License 1.0,” which restricts use other than for “personal, academic, scientific, or research and development use, or evaluating the Software, but does not include uses where the Software facilitates any transaction of economic value.”

I ruled out Logseq’s sync service due to it being both paid ($60/year minimum) and not FOSS, both things OP asked for. For my purposes, since it’s not FOSS and not able to be self hosted, it’s not a good option. But it makes sense to use the same file syncing solution that’s already in use, whether that’s FolderSync (or some equivalent tool) set up to sync to my server, Syncthing (though I just realized its Android client is no longer being developed as of December 2024), or even Cryptomator + some cloud storage service.

Since you’re already using Standard Notes - have you checked out Awesome Standard Notes? You can use the community extensions - editors, themes, etc. - even with the free plan.

It’s my main note-taking app, but I also got the 5 year paid plan for $150 (IIRC) a few years ago, and prices have increased substantially since then. If I weren’t locked into a lower rate, I’m not sure I’d subscribe at the current rates (though I would look into the self-hosted Pro discount before ruling it out). That said, if you don’t need note linking, queries, and those sorts of things, then I think the free plan of Standard Notes + community extensions is a great option. If I self-hosted the server, the main thing I’d be missing over the paid plan is nested tags.

Logseq (repo) might meet your needs if you’re okay setting up a sync service like Syncthing on every client you use. Of course, you could use Dropbox, Google Drive, etc., but I recommend against it without a layer like Cryptomator in between, since your data is store in the clear. IMO it doesn’t really make sense to self-host Logseq - just use the native app that’s available on basically every platform. I find Logseq kinda confusing, honestly, but it has a lot of compelling features.

SilverBullet may be what you’re looking for. It must be self-hosted and has a PWA instead of native apps, but the PWA on mobile at least is quite good. Since it uses Markdown files for its notes, you could use it with some other tool on the machine hosting those files, if you wanted. I have it self hosted myself and it’s the best alternative I’ve found to Notion and Obsidian when it comes to querying my own notes and so on.

Someone else posted about Outline and I think it’s a fantastic, polished option. I know that you said this is for solo use, so you probably don’t care about its collaboration features, but you also mentioned managing personal projects, and its integrations (e.g., Airtable) could be useful for that. I have it self-hosted and it is a bit more complicated than other options, but I don’t think I ran into any particular issues. I’m using it with Authelia as an OIDC provider and can share my docker-compose file and other config if that would be helpful. They also have a paid, hosted option, which you can try out for 30 days if you want to see if it’s right for you before you put the time and effort into self-hosting it. One of my most-used editors in Standard Notes is the Rich Markdown Editor, which is based off the editor used in Outline. However, unlike SilverBullet and Standard Notes,

Hedgedoc is another option that may be worth looking into. It’s my go-to collaborative editor / gist replacement. Personally, I prefer it over Outline. Its main shortcomings are that:

• it must be self-hosted (though you could use HackMD aka CodiMD, which it was forked from, as that does have a hosted version)
• it doesn’t have an app (on any platform - not even a PWA)
• it doesn’t have any sort of querying capabilities, and
• it doesn’t have any sort of Kanban-like tool.

But it does have several built-in integrations, like Mermaid and multiple other diagramming tools, inline images (just drag and drop), syntax highlighting for code, Gist embeds, Youtube embeds, optional Vim/Emacs keybindings, a slide deck presentation mode, inline CSV tables, etc., and that’s all without needing to mess with plugins or switch between editors.

I hadn’t used AnyType before today, but it’s been on my radar since late 2020, and it’s pretty powerful. It’s not perfect, but it seems to check off everything you’re looking for. It does have a bit of a learning curve, but it’s been easy to jump in and take notes.

It’s hard to know which to recommend you try, though, because your list of criteria don’t all map neatly to features. For example, what do you want from planning vs managing personal projects? What do you mean by “journaling?” Is having a “journal” section where notes get dates sufficient? Do you like the way Standard Notes or Logseq handle journaling, or are you looking for features like what jtxBoard has?

I’m assuming the following for my table below:

• Quick Notes - easy to create a new note and just write some stuff. Needing to fill out any required fields (even “title”) make this a ❌
• To-do lists - checkbox lists. You have to be able to add a new item by pressing enter and mark an item off just by checking the box.
• Managing and planning projects:
  • Kanban / Trello style board - without needing to integrate with a non-FOSS third party service (this is why Outline gets a ❌)
  • Linking to another note in the body of a note (Standard Notes lets you create a link in the tag bar - this doesn’t count)
  • Embedded querying of your other notes, treating notes like objects - really the thing that makes Notion so powerful
  • Easy table editor
  • Diagrams - Mermaid, Excalidraw, or a similar plugin that works natively
• Easy to use - auto-saving of notes, automatic synchronization that “just works,” rich text copy-paste, etc…
• Offline mode - You didn’t mention this, but I’m calling it out since it’s otherwise easy to take for granted.
• Publishing - you mentioned not caring about collaboration, but being able to publish a note is still useful in solo-only workflows, as it gives you a way to reference it directly from a bookmark, some other tool, etc., potentially from a device where you aren’t authenticated.

[1]: For Standard Notes, I’m not assuming that you’re self-hosting the server, but I am assuming that you’re installing community extensions, particularly Rich Markdown Editor or something similar.
[2]: For Silver Bullet, I’m assuming that you’re installing community plugins.

I recommend you try AnyType and/or SilverBullet first, depending on which one looks more appealing to you.

https://www.acsh.org/news/2022/09/15/ultra-processed-food-nutrition-myth-wont-die-16559

Unless something has changed, it did. The page linked reads:

And, obviously, this POC is open source, the code is publish here on our forge.

The link takes you to their repos. The server repo has instructions on self-hosting directly on your server or with Docker. The app repo has code for both the iOS and Android apps. That’s good, because the iOS app at least doesn’t have a built-in way to select a different backend server.

Whisper is by OpenAI and as far as I know they have not shared the training code, much less the data sets, so the best you can do is fine-tune the models they’ve provided.

If use of Whisper is a problem, but the project is otherwise interesting to you, you could ask them to consider using a different STT solution (or allowing the user to choose between different options). I’m not aware of any fully open STT applications that are considered to be as capable as Whisper, but if you do, that would be great info to share with them.

What else have you tried?

Depends on your perspective. Would it be fine for Meta Threads to replace it? Threads supports ActivityPub, so in some ways it likely interacts better with the fediverse.

If we agree that Threads isn’t a suitable replacement, then clearly there’s some criteria a replacement should meet. A lot of the things that make Threads unpalatable are also true of Bluesky, particularly if your concern relates to the platform being under the control of a corporation.

On the other hand, from the perspective of “Twitter 2.0 is now a toxic, alt-right cesspool where productive conversations can’t be had,” then both Threads and Bluesky are huge improvements.

• Assembled: 1200 USD
• Kit: 950 USD

I gather you’re from the US.

Yes, but also the prison abolition movement is US specific. I’m not affiliated with it, to be clear - not that I oppose it or anything, but I certainly don’t speak for any of its activists.

If we “only” reduce the prison population to 5% or 1% of its current count in the process

Then why call it abolish prisons?

Have you ever heard the quote “Shoot for the moon. Even if you miss, you’ll land among the stars?” “Abolition” is a goal, an ideal - and even if it isn’t accomplished fully, working toward that end goal and considering everything necessary to get there along the way is the point.

Along those lines, I posit that if 90% of prisons are torn down or repurposed and the remaining 10% are drastically changed - holding fewer prisoners; not being privately owned and operated; focusing on rehabilitation, like learning new job skills, when possible, and otherwise simply being more humane, then the prison abolition movement would have succeeded.

But if you disagree with the name, what would you call it? “Prison Reform” is already taken and means something drastically different.

And to be clear, for some the goal is to eliminate prisons entirely. The movement isn’t monolithic. Abolishing the “prison institution” as it exists today is a pretty common goal, though, and using “prison” to mean “the prison institution” is a pretty common literary technique called “Synecdoche,” which you likely use every day.

I see now that you’re trying trying to trigger an additional emotional response. Working on association, rather than logic.

It’s a logical association, though. If the name evokes feelings of slavery, that’s a good thing, as the situation is similar enough to slavery to warrant that.

Slavery in the US is still legal (so long as the person is in prison). Black Americans are 5 times as likely to be in prison as white Americans. A black man born in 2001 has a 20% chance of being in prison at some point in his life.

The systemic oppression of black Americans is obviously because of racism, and the parallels between slavery and the prison institution aren’t accidental. For example, here’s a quote from Slavery and the U.S. Prison System:

Gary Webb’s famous investigation revealed that the CIA was operating a gun-running and drug-smuggling operation that brought guns to the Nicaraguan contras that the U.S. was using to destabilize the popular government in that country, while bringing cocaine into the U.S. and funneling it to street-level dealers with access to black inner-city neighborhoods.  The history of black street gangs is part of the afterlife of COINTELPRO, the FBI’s counter-intelligence program that actively sabotaged black social movement throughout the long civil rights era.  Bobby Lavender, one of the founders of the Bloods in Los Angeles, explained that the COINTELPRO assassinations of black leaders, and the terrorizing of rank-and-file civil rights activists, left an organizational vacuum in many communities that youth like him filled with their “own brand of leadership.”  COINTELPRO established a pattern of law enforcement interference and sabotage of black self-determination, including gang truces, from the 1970s through to the present.

Such manipulation, especially, is something I would not want to be a part of. It’s vile.

Personally, I think the systemic sabotage of black people’s livelihood, communities, and families is vile, but you’re welcome to your opinion.

The name is important because of the parallels between slavery and modern day prisons.

At minimum, the movement is about completely rethinking our approach to dealing with crime. If we “only” reduce the prison population to 5% or 1% of its current count in the process, we won’t have abolished all prisons, but we will have succeeded in abolishing many parts of the current criminal justice system.

Feel free to argue it in court

Sadly, there are plenty of instances of drivers who killed pedestrians doing just that and succeeding. Heck, in two cases the pedestrian was on the sidewalk or inside a building.

• https://dailyprogress.com/news/local/charlottesville-driver-found-not-guilty-of-ivy-road-pedestrian-death/article_f6620862-b94d-11ed-8e8e-2bdbe8368a37.html
• https://www.cbc.ca/news/canada/new-brunswick/bus-driver-found-not-guilty-in-pedestrian-death-1.1362139
• https://www.kolotv.com/content/news/Reno-police-investigating-pedestrian-injury-accident-on-Plumb-Lane--427602243.html
• https://www.capecodtimes.com/story/news/2019/01/04/driver-found-not-guilty-in/6376784007/
• https://www.indaily.com.au/news/2022/08/18/lamborghini-driver-found-not-guilty-over-pedestrian-death
• https://globalnews.ca/video/3873815/driver-found-not-guilty-of-killing-pedestrian-on-leslieville-sidewalk

I think it happens even more when it comes to cyclists being killed by drivers

Are you thinking of something like Stack Overflow’s reputation system? See https://stackoverflow.com/help/whats-reputation for a basic overview. See https://stackoverflow.com/help/privileges for some examples of privileges unlocked by hitting a particular reputation level.

That system is better optimized for reputation than the threaded discussions that we participate in here, but it has its own problems. However, we could at minimum learn from the things that it does right:

• You need site (or community) staff, who are not constrained by reputation limits, to police the system
• Upvoting is disabled until you have at least a little reputation
• Downvoting is disabled until you have a decent amount of reputation and costs you reputation
• Upvotes grant more reputation than downvotes take away
• Voting fraud is a bannable offense and there are methods in place to detect it
• The system is designed to discourage reuse of content
• Not all activities can be upvoted or downvoted. For example, commenting on SO requires a minimum amount of reputation, but unless they’re reported as spam, offensive, fraudulent, etc. (which also requires a minimum reputation), they don’t impact your reputation, even if upvoted.

If you wanted to have upvoted and downvoted discourse, you could also allow people to comment on a given piece of discourse without their comment itself being part of the discourse. For example, someone might just want to say “I’m lost, can someone explain this to me?” “Nice hat,” “Where did you get that?” or something entirely off topic that they thought about in response to a topic.

You could also limit the total amount of reputation a person can bestow upon another person, and maybe increase that limit as their reputation increases. Alternatively or additionally, you could enable high rep users to grant more reputation with their upvotes (either every time or occasionally) or to transfer a portion of their rep to a user who made a comment they really liked. It makes sense that Joe Schmo endorsing me doesn’t mean much, but King Joe’s endorsement is a much bigger deal.

Reputation also makes sense to be topic specific. I could be an expert on software development but be completely misinformed about hedgehogs, but think that I’m an expert. If I have a high reputation from software development discussions, it would be misleading when I start telling someone about hedgehogs diets.

Yet another thing to consider, especially if you’re federating, is server-specific reputations with overlapping topics. Assuming you allow users to say “Don’t show this / any of my content to <other server> at all,” (e.g., if you know something is against the rules over there or is likely to be downvoted, but in your community it’s generally upvoted) there isn’t much reason to not allow a discussion to appear in two or more servers. Then users could accrue reputation on that topic from users of both servers. The staff, and later, high reputation users of one server could handle moderation of topics differently than the moderators of another, by design. This could solve disagreements about moderation style, voting etiquette, etc., by giving users alternatives to choose from.

Up until a year ago, the README explicitly said they didn’t claim to be an open source project: https://github.com/jgraph/drawio/commit/8906f90ac0cc50a0c6da77c28cf9b2b2339277b1#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L10

For starters, it was never “open source”…

From your link:

Instead, as Winamp CEO Alexandre Saboundjian said, “Winamp will remain the owner of the software and will decide on the innovations made in the official version.” The sort-of open-source version is going by the name FreeLLama.

While Winamp hasn’t said yet what license it will use for this forthcoming version, it cannot be open source with that level of corporate control.

If I upload the source code for my project on Github/Forgejo/Gitlab/Gitea and license it under and open source license, allowing you to fork it and do whatever you want (so long as you follow the terms of my copyleft license), and I diligently ensure that code is uploaded to my repository before being deployed, but I ignore all issues, feature requests, PRs, etc., is my project open source?

Yes.

Likewise, if Winamp had been licensed under an open source license, it would have been open source, regardless of how much control they kept over the official distribution.

Winamp wasn’t open source because its license, the WCL, wasn’t open source.