I want my messages preserved, so I don't worry about forward secrecy =S
In that case it seems that signal has little to offer to you apart from their surveillance services tied to your phone number.
=( obviously i like it because it cryptographically preserves the integrity of threads this conversation ended up being unpleasant to me. i am changing my replies. I LOVE YOU PUNK! I HATE ARGUING! I LOVE FASCISTS AND FAKE LIBERTARIANS AND GOVERNMENT AGENTS AND SOCIALISTS AND TERRORISTS!
So what the hell are you saying about 'time travel' now? YOU first alluded to the fact that IN THE FUTURE p-gpg could be broken. I just added, broken JUST LIKE SIGNAL. And so you are FALSELY ADVERTISING signal.
Second half of above paragraph.
I'll try to read your caps: you're saying that signal is similar to pgp,
In some ways signal is worse than pgp. For example, you don't need to register with morlonpoke using a phone number to use pgp. You just compile it and run it.
WHO CARES. However: You don't need to register with morlonpoke to use signal _either_. You can _also_ just compile and run it, and numerous forks have _done_ that. I LOVE YOU PUNK! I HATE ARGUING! I LOVE FASCISTS AND FAKE LIBERTARIANS AND GOVERNMENT AGENTS AND SOCIALISTS AND TERRORISTS! I LOVE ANYBODY WHO HATES ME!
on the other hand signal makes it easy for lazy or 'non-technical' people to use encryption. Instead of getting people to be more educated...
and dangerous, and we need to cut the bullshit and get to stuff that's real, being honest about the problems of all the solutions we have?
Pretty much. I don't see signal solving any fundamental problem, contrary to what advertisers seem to believe.
Nah it's incremental steps. Here's some relevant bullshit calling: Signal is run by a nonprofit. Talking about their behaviors in terms of marketing and advertising is poisonous to the global community, in comparison to some of the marketing atrocities still going on in front of our faces. You talk this way about people all the time. You are turning people who could help the things you say you are supporting, against each other.
I don't remember what we were talking about,
so go read what you wrote 2 hours ago. You don't even need to do that. I quoted what you said above. And I'll quote you once more
"4. perfect forward secrecy. addresses the issue with pgp where future advancements decrypt all your messages"
So what are you saying the "basic problem" is, now.
My point was/is that your claim about 'PFS' and pgp is wrong, that's all.
I'm not a cryptographer. I summarised theft of private key, compromise of devices, discovery of attacks via side channels, and cryptanalytic advances, all together into one inaccurate phrase that still produces the same behaviors in end-users if believed ;P
you often send insulting things, I'll treat the reply as my form of sending insulting things.
yeah, people say insulting things all the time, while pretending to be 'polite'. I insult people after they try to take me for an idiot.
This "pretension of politeness" is a struggle to engage in actual rational discourse.
[personal experience description inhibited. meanwhile, maybe you've been mind controlled to argue on this list.]
see, that sounds pretty insulting. But Ok.
The things you say don't seem to logically line up all the time. This could be because I come from a really different place from you, because you are really upset, or because you have been manipulated to influence us. I'm inferring it's the first 2, but could use your confirmation.
If thanks to 'future advancements' keys are broken then there's no 'foward secrecy'.
well, maybe i'll go look up forward secrecy so as to try to be more rational here, but i'm also remembering you asked me not to reply unless i was able to give you the respect of reviewing message content you snipped away, to reply.
I 'snip away' stuff that I don't think needs to be quoted repeatedly. Or stuff I won't reply to because I don't think it's important. If there's something you think it's important and I should reply to, then let me know.
Snipping's important. When bantering on this list, I'm usually in a flashback or something and it can be helpful to see reminders of what we're referring to. This is me being stupid, not really your fault, but I get frustrated around it.
I know I'm wrong there about something. Do you know what it is, specifically and clearly in language somebody experienced on this list would agree to? What does forward secrecy address, if not this?
'forward secrecy' separates long-term identity keys from session keys so that 'compromise' of identity keys doesn't affect session keys. Also compromise of one session key doesn't affect other session keys. Why it is called 'forward secrecy', I don't know. Seems like a stupid name to me.
=) In communities of digital activism, we like it when people learn cryptography and security on a community level. It makes friends with us no matter who you are. I haven't read the math or anything, but it sounds like it is exponentially more difficult to compromise an old message with forward secrecy, compared to without, similar to how bitcoin produces breaks of the sha256 hash, while also producing incredible security of data held by that same hash.
Also, we're using plain text here because this is a public forum.
that's not how I feel, the comparison seems like gossiping instead of sending a letter to a mailing list. in signal, messages are signed by the sender and misbehavior of the isp and server are defended against a little more.
well yeah. And yet, misbehavior of isps or list server is not a problem here. You keep talking about it, but there isn't evidence of any tampering. I'm not saying it can't happen, just that it isn't happening here as far as I can tell.
to speak that language where you pretend everyone has the same experiences, "bullshit"! the list admin posted about messages bouncing due to misbehaving network infrastructure just recently. https://lists.cpunks.org/pipermail/cypherpunks/2020-December/085620.html many other issues have been posted, many with cryptographic signatures on them.
it's notable that speaking in a forum transparent to those who dislike the topic gets you hurt. anarchists everywhere learn to organise in small private groups.
Yes, I'm certainly not against that tactic, but now we're on the public arpanet, which is a very big public forum, not a 'small private group'.
i'm talking about the relevance of technologies supporting safe communication, not whether we happen to be using them now. people on this list have gotten repeatedly targeted, and it's been repeatedly discussed on this very list.
pgp is broken by factorization. teleportation would not be an efficient way to research this.
not sure if https://primecoin.io/ is that relevant but we can make an economy focused around compromising any cryptographic primitive, now.
heh
;p i got this smiley from somebody from another country from mine. it means a silly half-smile. anyway, cryptographers support researching compromising their stuff. it helps people understand what is going on better. i don't know if people understand the dangers of pressuring that this be done _privately_, i haven't been keeping up on the talk.
at least decentralization doesn't allow the NSA to get all the data at once, directly from morlonpoke.
where are you from? it's so funny to see the 'z'. it's the united states spelling.
i'm not a native speaker of english. My english is mostly US-influenced I'd guess, but you shouldn't expect any consistent spelling from me =)
don't usually see non-native speakers taught the united states spellings; usually british.
i guess we'd better find this mr morlonpoke and defend them =/ dunno how to do that. we can call it freeing them from the shackles of technology and forcing them to work on what actually makes sense to work on.
the nsa already has agreements with isps, whereas a morlonpoke-agreement would be a new negotiation.
like I said signal.org website is 'hosted' by amazon-NSA. That's trivial to check. And a quick search seems to suggest that the servers for signal the 'app' are also amazon-NSA
yeah i summarise all that stuff as kinda 'signal sold out to mainstream so that they could have users' but in reality it probably came from academia where there's more trust for business because they're financing and hiring from the organisations, so play nicer. the nice thing is that because it's open source, everyone is taking their work and ripping the govcorp parts out, and reusing it. and because they're trusting, they would accept pull requests that resolve the things you describe. here, punk will again ignore these points? saying that because people related to signal have unpleasant attributes, we should dislike signal itself?
we could invest time and energy in making a contribution to signal to make it decentralised. this is phyiscally possible.
doesn't look like something they are interested in.
they're interested; they're just brainwashed by usa culture, so they prioritise other concerns first. meet those concerns and they'll love an improvement.
It is weird that signal uses centralised servers. [if you could quote this line it would help me remember this topic. i can forget things when what i see, changes.]
I don't think 'weird' is the right word.
how about "painful as if you were getting beaten up by a fake holding a surveillance camera so many times that you can't feel anymore"
what word would you use?
painful is a lot a better than 'weird'.
it's indescribably painful, the lack of forthright demonstration of trust in the systems we share ... am i coming from the same place as you here?
And if their server is run on the amazon-M$-NSA 'cloud' then I'd call it 'outrageous'.
I don't see why we need a blockchain based messenger. A blockchain may solve part of the 'key distribution problem' but in turn key distribution is just one part of the whole communication problem. So a blockchain is not a silver bullet.
blockchains break filters and firewalls like a tsunami, if they are cryptographically sound and functioning. if there is some protocol quirk that makes for a censorship worry, that code can be designed to not have that quirk.
it's getting late for making a blockchain messenger as people slowly start noticing that money is just a fake thing to move them around, but that hasn't actually happened yet. the strength of a cryptocurrency blockchain comes from the belief in money (because it gives it to people as its steps of functioning).
the claim that money is a fake thing is pretty bold. And I still don't see
well, there'd be less money in general if people weren't _using_ it that way, with government-managed banking, and political marketing campaigns, and such. if you have $10 and somebody has $1 trillion, and you use money as your only way to survive, you are that person's effective slave.
what a 'blockchain' bassed messenger would look like. You seem to believe that 'blockchains' can solve many problems? They rather look like nasty surveillance tools to me, except if carefully used.
a blockchain basically pretends that it is paying people to spend incredible degrees of electricity to make certain that messages called "transactions" are spread to everybody on the network with precision, accuracy, and certainty. it pays the people making sure of this in these messages, so it is pretty easy for it to do. you could cast it claiming other good or bad things, too, systems have many properties, not just one. surveillance is not easy on a blockchain, it is just possible. when you say blockchains are about surveillance you sound really weird, and people wonder how you got the idea, and why you are so passionate about it.
I didn't like how the people running it engaged in a chest-beating competition with another cryptographic organisation, but they were probably doing the best they could, just like you are. I also don't like that they have a centralised server, require a phone number to register, and mostly support web-enabled technologies run by corporations that have huge opportunity to put backdoors in. But it's pretty clear they gave a _lot_ of avenues for people to help address those situations.
I'm not sure how people who are not part of the company can fix those problems? Apart from using the software to run a different service I guess.
Signal isn't run by a company, but rather a nonprofit. It's an open source project where a huge portion of the development effort is from community work. 2,149 accepted changes from random online contributers: https://github.com/signalapp/Signal-Android/pulls?q=is%3Apr+is%3Aclosed (that number may be a little high because unaccepted contributions are included in that page too, but i keep clicking different pages and i only see acceptance (PR merging) of every suggested change, over and over again.)