...

Do you mean that it is incredibly misleading to advertise cryptographic safety when there is obviously an increasing degree of unpublished research that counters it?

I'm not sure what you're saying here. Wouldn't it be fine to just add a note that those are cryptographic terms, and do not technically guarantee perfect privacy in the face of time travel?

DUDE! Two hours ago you stated

Caps help reduce my caps! (Woah. Two hours.)

"4. perfect forward secrecy. addresses the issue with pgp where future advancements decrypt all your messages"

FUTURE ADVANCEMENTS can decrypt all your signal messages as well. Fact.

Man, here you quoted some slight hand-waving with focused argument ;P I'm not up on the detailed meaning of perfect forward secrecy, but it sure looks like a _lot_ more advancement is needed to decrypt it from network data, because there is no single private key associated with every message to simply recover from the flash media of a discarded device. I want my messages preserved, so I don't worry about forward secrecy =S

So what the hell are you saying about 'time travel' now? YOU first alluded to the fact that IN THE FUTURE p-gpg could be broken. I just added, broken JUST LIKE SIGNAL. And so you are FALSELY ADVERTISING signal.

Second half of above paragraph. I'll try to read your caps: you're saying that signal is similar to pgp, and dangerous, and we need to cut the bullshit and get to stuff that's real, being honest about the problems of all the solutions we have?

Feel free to admit you were wrong about 'foward secrecy' - or keep up with the bullshit.

I think you're drawing more similarities than the meanings of the words warrant, something I do a ton myself.

...

...

yeah well. I think I explained the basic problem twice. You don't need to 'trust' me but do your own research.

Yeesh you removed the quote and stated you had explained it already.

yes I explained it a few times now.

...

I don't remember what we were talking about,

so go read what you wrote 2 hours ago. You don't even need to do that. I quoted what you said above. And I'll quote you once more

"4. perfect forward secrecy. addresses the issue with pgp where future advancements decrypt all your messages"

So what are you saying the "basic problem" is, now.

...

...

...

does signal use diffie-helman key exchange?

yes it does. You're the one pimping it, you shoud know.

Blargh, links help here.

nah. Read what I previously wrote or don't bother replying.

ummmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm you often send insulting things, I'll treat the reply as my form of sending insulting things. [personal experience description inhibited. meanwhile, maybe you've been mind controlled to argue on this list.]

...

https://weakdh.org/ is only about SSL and specifically chosen prime numbers.

It's about DH in various protocols not just in SSL. So you're wrong again.

my words after the comma include those other protocols. i said ssl not tls, i don't know the difference at this time.

...

These are implementation errors, not compromises of the protocol or the primtiive.

that was an example of DH failing even without any 'future advancement'. And yes, it's an implementation error...of sorts. They used weak keys. The point that I was illustrating is how so called FORWARD SECRECY FAILS.

everything "fails" eventually.

If thanks to 'future advancements' keys are broken then there's no 'foward secrecy'.

well, maybe i'll go look up forward secrecy so as to try to be more rational here, but i'm also remembering you asked me not to reply unless i was able to give you the respect of reviewing message content you snipped away, to reply.

...

I vaguely recall there is something more serious regarding dh exchange, dunno. What's relevant is that signal is far better than the plain text email we are communicating over right now.

what's relevant is that you're falsely advertising signal.

"4. perfect forward secrecy. addresses the issue with pgp where future advancements decrypt all your messages" - false.

you quoted this a lot of times. I know I'm wrong there about something. Do you know what it is, specifically and clearly in language somebody experienced on this list would agree to? What does forward secrecy address, if not this?

Also, we're using plain text here because this is a public forum.

that's not how I feel, the comparison seems like gossiping instead of sending a letter to a mailing list. in signal, messages are signed by the sender and misbehavior of the isp and server are defended against a little more. it's notable that speaking in a forum transparent to those who dislike the topic gets you hurt. anarchists everywhere learn to organise in small private groups.

...

...

...

does it do it in a way that website describes as known to be vulnerable?

...see your first unfounded claim about 'perfect' secrecy. DH is 'vulnerable' to 'advances in solving the discrete log problem' bla bla.

Not only that, once you research personal teleportation devices door locks become very vulnerable, too.

"4. perfect forward secrecy. addresses the issue with pgp where future advancements decrypt all your messages"

wait, that's the argument you were using against pgp eh? In the future pgp will be broken because of 'teleportation devices'.

pgp is broken by factorization. teleportation would not be an efficient way to research this. not sure if https://primecoin.io/ is that relevant but we can make an economy focused around compromising any cryptographic primitive, now.

...

...

...

...

What I think is important to understand is that signal is a centralized service and the owners are not to be trusted, at all. Moxie morlonpoke

That's the whole point of end-to-end encryption.

Not sure what you mean. So called end to end encryption only encrypts messages. It doesn't magically solve 'traffic analysis' problems.

Neither does decentralisation. I was responding to your mention of centralisation.

at least decentralization doesn't allow the NSA to get all the data at once, directly from morlonpoke.

where are you from? it's so funny to see the 'z'. it's the united states spelling. i guess we'd better find this mr morlonpoke and defend them =/ dunno how to do that. we can call it freeing them from the shackles of technology and forcing them to work on what actually makes sense to work on. the nsa already has agreements with isps, whereas a morlonpoke-agreement would be a new negotiation. you have a point here but i don't think it's as big an issue as you seem to be saying it is. maybe cause i'm from the states so i already have their isps. we could invest time and energy in making a contribution to signal to make it decentralised. this is phyiscally possible.

...

It is weird that signal uses centralised servers. [if you could quote this line it would help me remember this topic. i can forget things when what i see, changes.]

I don't think 'weird' is the right word.

how about "painful as if you were getting beaten up by a fake holding a surveillance camera so many times that you can't feel anymore" what word would you use? note to self: if punk removed the line where i said 'weird', it is your responsibility to go and look.

...

Maybe to reduce development load. It's always sketchy the compromises made by communities struggling to effect change. It's possible it's just communication issues.

The point is that we need an ANONYMOUS BLOCKCHAIN-BASED MESSENGER TO REPLACE SIGNAL in these times of disruption, and signal would pay anybody to contribute the backend in a way they accept ;P

I don't see why we need a blockchain based messenger. A blockchain may solve part of the 'key distribution problem' but in turn key distribution is just one part of the whole communication problem. So a blockchain is not a silver bullet.

blockchains break filters and firewalls like a tsunami, if they are cryptographically sound and functioning. if there is some protocol quirk that makes for a censorship worry, that code can be designed to not have that quirk. it's getting late for making a blockchain messenger as people slowly start noticing that money is just a fake thing to move them around, but that hasn't actually happened yet. the strength of a cryptocurrency blockchain comes from the belief in money (because it gives it to people as its steps of functioning).

...

...

...

...

perfectly fits the profile of 'progressive' pentagon agent. So maybe the

The only people who believe these people are real agents, and not just people secretly drugged and abused by agents, are acting more as the agents than they are.

bullshit.

Yeah? Which is more productive, arguing on a list where nobody replies to what you say or making software that increases privacy?

a software endorsed by a CEO of the NSA like dorsey? A software directly marketed to people whom the state wants to survey closely? Anyway, use signal if you want, just don't make this sort of wrong and misleading claim

"4. perfect forward secrecy. addresses the issue with pgp where future advancements decrypt all your messages"

I'm noticing you posted this _again_. At this point my laptop ran out of battery. The place I'm staying, the fuse is broken so there's no electricity in the room I use the laptop in. I'm recharging it now in the morning off a lead-acid battery I use. I've been spending a lot of time messaging online in ways I'm not sure of. I'm going to turn off my internet for a bit. But yeah. Signal gave me great relief with its open, shielded-room-supporting, protocol. I didn't like how the people running it engaged in a chest-beating competition with another cryptographic organisation, but they were probably doing the best they could, just like you are. I also don't like that they have a centralised server, require a phone number to register, and mostly support web-enabled technologies run by corporations that have huge opportunity to put backdoors in. But it's pretty clear they gave a _lot_ of avenues for people to help address those situations.

...

...

...

...

'end to end encryption' works, but signal remains a US metadata spying operation, 'endorsed' by the likes of the 'ceo' of twatter. Hard to get a bigger red flag than that by the way.

Nah it's more like a bunch of people subjected to international spying operations figuring out the charades work that lets them escape a little bit. Also, free technology for others!

more bullshit.

Yeesh! Signal can poison our souls with technology, and dangerously reveal everything we do to the people who want to hurt us (BECAUSE IT RUNS ON A PHONE, NOT BECAUSE OF ITS PROTOCOL), without being some intentional attempt by cryptographers to harm the universe.

Before signal people were using NOTHING. NO ENCRYPTION AT ALL.

That's ridiculous. The more you sound like a signal fanatic, the weaker your position becomes.

...

Some of them were using encryption where a corporation and government could freely decryption EVERYTHING, and was lying about it. SOME of them.

Caps intended with love and care and embarrassment. I don't deserve to write in caps.

...

...

...

...

When they say "metadata that the signal servers have access to" or "does not prevent a company from retaining information" they are talking about much smaller bits of data than people usually talk about.

.....I think it's rather clear what 'metadata' we're talking about. Signal knows who talks to who and when.

It doesn't sound like it's clear to you. Metadata lives in bytes that travel over network protocols and are analysed by algorithms.

Anyway, yeah, PGP doesn't encrypt the message subjects and recipients. I don't recall the protocol well, but the way the ratchet protocol works there was a lot more possibility for encrypting per-message metadata.

...

...

Somebody has probably upgraded the concept now that deepfakes and such are normal.

what are you talking about

Well, I don't know the cryptographic terms, but you're possibly talking about information that can be extracted from messaging by algorithms, like traffic analysis, as comparable to metadata, like the subject on an email or the location tagged on a jpeg photo.

why don't you read what I wrote? I'm stating the obvious fact that in order to route messages the signal servers need to know who talks to who. Nothing to do with 'deep fakes' images, or fancy 'algorithms'.

...

Nowadays machine learning is _way_ better at profiling stuff than just traffic analysis.

this isn't about so called 'machine learning'.

...

I want my messages preserved, so I don't worry about forward secrecy =S

In that case it seems that signal has little to offer to you apart from their surveillance services tied to your phone number.

=( obviously i like it because it cryptographically preserves the integrity of threads this conversation ended up being unpleasant to me. i am changing my replies. I LOVE YOU PUNK! I HATE ARGUING! I LOVE FASCISTS AND FAKE LIBERTARIANS AND GOVERNMENT AGENTS AND SOCIALISTS AND TERRORISTS!

...

...

So what the hell are you saying about 'time travel' now? YOU first alluded to the fact that IN THE FUTURE p-gpg could be broken. I just added, broken JUST LIKE SIGNAL. And so you are FALSELY ADVERTISING signal.

Second half of above paragraph.

I'll try to read your caps: you're saying that signal is similar to pgp,

In some ways signal is worse than pgp. For example, you don't need to register with morlonpoke using a phone number to use pgp. You just compile it and run it.

WHO CARES. However: You don't need to register with morlonpoke to use signal _either_. You can _also_ just compile and run it, and numerous forks have _done_ that. I LOVE YOU PUNK! I HATE ARGUING! I LOVE FASCISTS AND FAKE LIBERTARIANS AND GOVERNMENT AGENTS AND SOCIALISTS AND TERRORISTS! I LOVE ANYBODY WHO HATES ME!

on the other hand signal makes it easy for lazy or 'non-technical' people to use encryption. Instead of getting people to be more educated...

...

and dangerous, and we need to cut the bullshit and get to stuff that's real, being honest about the problems of all the solutions we have?

Pretty much. I don't see signal solving any fundamental problem, contrary to what advertisers seem to believe.

Nah it's incremental steps. Here's some relevant bullshit calling: Signal is run by a nonprofit. Talking about their behaviors in terms of marketing and advertising is poisonous to the global community, in comparison to some of the marketing atrocities still going on in front of our faces. You talk this way about people all the time. You are turning people who could help the things you say you are supporting, against each other.

...

...

...

I don't remember what we were talking about,

so go read what you wrote 2 hours ago. You don't even need to do that. I quoted what you said above. And I'll quote you once more

"4. perfect forward secrecy. addresses the issue with pgp where future advancements decrypt all your messages"

So what are you saying the "basic problem" is, now.

My point was/is that your claim about 'PFS' and pgp is wrong, that's all.

I'm not a cryptographer. I summarised theft of private key, compromise of devices, discovery of attacks via side channels, and cryptanalytic advances, all together into one inaccurate phrase that still produces the same behaviors in end-users if believed ;P

...

you often send insulting things, I'll treat the reply as my form of sending insulting things.

yeah, people say insulting things all the time, while pretending to be 'polite'. I insult people after they try to take me for an idiot.

This "pretension of politeness" is a struggle to engage in actual rational discourse.

...

[personal experience description inhibited. meanwhile, maybe you've been mind controlled to argue on this list.]

see, that sounds pretty insulting. But Ok.

The things you say don't seem to logically line up all the time. This could be because I come from a really different place from you, because you are really upset, or because you have been manipulated to influence us. I'm inferring it's the first 2, but could use your confirmation.

...

...

If thanks to 'future advancements' keys are broken then there's no 'foward secrecy'.

well, maybe i'll go look up forward secrecy so as to try to be more rational here, but i'm also remembering you asked me not to reply unless i was able to give you the respect of reviewing message content you snipped away, to reply.

I 'snip away' stuff that I don't think needs to be quoted repeatedly. Or stuff I won't reply to because I don't think it's important. If there's something you think it's important and I should reply to, then let me know.

Snipping's important. When bantering on this list, I'm usually in a flashback or something and it can be helpful to see reminders of what we're referring to. This is me being stupid, not really your fault, but I get frustrated around it.

...

I know I'm wrong there about something. Do you know what it is, specifically and clearly in language somebody experienced on this list would agree to? What does forward secrecy address, if not this?

'forward secrecy' separates long-term identity keys from session keys so that 'compromise' of identity keys doesn't affect session keys. Also compromise of one session key doesn't affect other session keys. Why it is called 'forward secrecy', I don't know. Seems like a stupid name to me.

=) In communities of digital activism, we like it when people learn cryptography and security on a community level. It makes friends with us no matter who you are. I haven't read the math or anything, but it sounds like it is exponentially more difficult to compromise an old message with forward secrecy, compared to without, similar to how bitcoin produces breaks of the sha256 hash, while also producing incredible security of data held by that same hash.

...

...

Also, we're using plain text here because this is a public forum.

that's not how I feel, the comparison seems like gossiping instead of sending a letter to a mailing list. in signal, messages are signed by the sender and misbehavior of the isp and server are defended against a little more.

well yeah. And yet, misbehavior of isps or list server is not a problem here. You keep talking about it, but there isn't evidence of any tampering. I'm not saying it can't happen, just that it isn't happening here as far as I can tell.

to speak that language where you pretend everyone has the same experiences, "bullshit"! the list admin posted about messages bouncing due to misbehaving network infrastructure just recently. https://lists.cpunks.org/pipermail/cypherpunks/2020-December/085620.html many other issues have been posted, many with cryptographic signatures on them.

...

it's notable that speaking in a forum transparent to those who dislike the topic gets you hurt. anarchists everywhere learn to organise in small private groups.

Yes, I'm certainly not against that tactic, but now we're on the public arpanet, which is a very big public forum, not a 'small private group'.

i'm talking about the relevance of technologies supporting safe communication, not whether we happen to be using them now. people on this list have gotten repeatedly targeted, and it's been repeatedly discussed on this very list.

...

pgp is broken by factorization. teleportation would not be an efficient way to research this.

not sure if https://primecoin.io/ is that relevant but we can make an economy focused around compromising any cryptographic primitive, now.

heh

;p i got this smiley from somebody from another country from mine. it means a silly half-smile. anyway, cryptographers support researching compromising their stuff. it helps people understand what is going on better. i don't know if people understand the dangers of pressuring that this be done _privately_, i haven't been keeping up on the talk.

...

...

at least decentralization doesn't allow the NSA to get all the data at once, directly from morlonpoke.

where are you from? it's so funny to see the 'z'. it's the united states spelling.

i'm not a native speaker of english. My english is mostly US-influenced I'd guess, but you shouldn't expect any consistent spelling from me =)

don't usually see non-native speakers taught the united states spellings; usually british.

...

i guess we'd better find this mr morlonpoke and defend them =/ dunno how to do that. we can call it freeing them from the shackles of technology and forcing them to work on what actually makes sense to work on.

the nsa already has agreements with isps, whereas a morlonpoke-agreement would be a new negotiation.

like I said signal.org website is 'hosted' by amazon-NSA. That's trivial to check. And a quick search seems to suggest that the servers for signal the 'app' are also amazon-NSA

yeah i summarise all that stuff as kinda 'signal sold out to mainstream so that they could have users' but in reality it probably came from academia where there's more trust for business because they're financing and hiring from the organisations, so play nicer. the nice thing is that because it's open source, everyone is taking their work and ripping the govcorp parts out, and reusing it. and because they're trusting, they would accept pull requests that resolve the things you describe. here, punk will again ignore these points? saying that because people related to signal have unpleasant attributes, we should dislike signal itself?

...

we could invest time and energy in making a contribution to signal to make it decentralised. this is phyiscally possible.

doesn't look like something they are interested in.

they're interested; they're just brainwashed by usa culture, so they prioritise other concerns first. meet those concerns and they'll love an improvement.

...

...

...

It is weird that signal uses centralised servers. [if you could quote this line it would help me remember this topic. i can forget things when what i see, changes.]

I don't think 'weird' is the right word.

how about "painful as if you were getting beaten up by a fake holding a surveillance camera so many times that you can't feel anymore"

what word would you use?

painful is a lot a better than 'weird'.

it's indescribably painful, the lack of forthright demonstration of trust in the systems we share ... am i coming from the same place as you here?

And if their server is run on the amazon-M$-NSA 'cloud' then I'd call it 'outrageous'.

...

...

I don't see why we need a blockchain based messenger. A blockchain may solve part of the 'key distribution problem' but in turn key distribution is just one part of the whole communication problem. So a blockchain is not a silver bullet.

blockchains break filters and firewalls like a tsunami, if they are cryptographically sound and functioning. if there is some protocol quirk that makes for a censorship worry, that code can be designed to not have that quirk.

it's getting late for making a blockchain messenger as people slowly start noticing that money is just a fake thing to move them around, but that hasn't actually happened yet. the strength of a cryptocurrency blockchain comes from the belief in money (because it gives it to people as its steps of functioning).

the claim that money is a fake thing is pretty bold. And I still don't see

well, there'd be less money in general if people weren't _using_ it that way, with government-managed banking, and political marketing campaigns, and such. if you have $10 and somebody has $1 trillion, and you use money as your only way to survive, you are that person's effective slave.

what a 'blockchain' bassed messenger would look like. You seem to believe that 'blockchains' can solve many problems? They rather look like nasty surveillance tools to me, except if carefully used.

a blockchain basically pretends that it is paying people to spend incredible degrees of electricity to make certain that messages called "transactions" are spread to everybody on the network with precision, accuracy, and certainty. it pays the people making sure of this in these messages, so it is pretty easy for it to do. you could cast it claiming other good or bad things, too, systems have many properties, not just one. surveillance is not easy on a blockchain, it is just possible. when you say blockchains are about surveillance you sound really weird, and people wonder how you got the idea, and why you are so passionate about it.

...

I didn't like how the people running it engaged in a chest-beating competition with another cryptographic organisation, but they were probably doing the best they could, just like you are. I also don't like that they have a centralised server, require a phone number to register, and mostly support web-enabled technologies run by corporations that have huge opportunity to put backdoors in. But it's pretty clear they gave a _lot_ of avenues for people to help address those situations.

I'm not sure how people who are not part of the company can fix those problems? Apart from using the software to run a different service I guess.

Signal isn't run by a company, but rather a nonprofit. It's an open source project where a huge portion of the development effort is from community work. 2,149 accepted changes from random online contributers: https://github.com/signalapp/Signal-Android/pulls?q=is%3Apr+is%3Aclosed (that number may be a little high because unaccepted contributions are included in that page too, but i keep clicking different pages and i only see acceptance (PR merging) of every suggested change, over and over again.)

taking some time to recognise that during a time of war, the thing to do is to play along with the strongest side until things are safe again; that is the most effective way to influence a war, because you stay alive. i am not doing that by choice.

Could you summarise this for me, please? It is too long and upsetting to read. I don't think an ability to form words that alone sound like a good argument in response to an ignored point, makes those good words have meaning when said. On 1/28/21, Punk-BatSoup-Stasi 2.0 wrote:

On Wed, 27 Jan 2021 06:43:24 -0500 Karl wrote:

...

...

...

I want my messages preserved, so I don't worry about forward secrecy =S

In that case it seems that signal has little to offer to you apart from their surveillance services tied to your phone number.

=( obviously i like it because it cryptographically preserves the integrity of threads

ok.

...

this conversation ended up being unpleasant to me. i am changing my replies.

I LOVE YOU PUNK! I HATE ARGUING!

I LOVE FASCISTS AND FAKE LIBERTARIANS AND GOVERNMENT AGENTS AND SOCIALISTS AND TERRORISTS!

funnily enough, there are more than a few people who belong to all those categories at once. And fscism, socialism and terrorism are of course closely related.

...

...

In some ways signal is worse than pgp. For example, you don't need to register with morlonpoke using a phone number to use pgp. You just compile it and run it.

...

WHO CARES. However: You don't need to register with morlonpoke to use signal _either_. You can _also_ just compile and run it, and numerous forks have _done_ that.

Maybe you can run your own signal server - how many people do that though?

On the other hand you cannot use the 'signal service' at signal.org without registering. As a side note of sorts : "Signal is a registered trademark in the United States and other countries.". Plus :

"You agree to use our Services only for legal, authorized, and acceptable purposes. " ('acceptable'? 'authorized'? 'legal'? LMAO)

"Signal’s Rights. We own all copyrights, trademarks, domains, logos, trade dress, trade secrets, patents, and other intellectual property rights associated with our Services."

https://signal.org/legal/

etc.

...

I LOVE YOU PUNK! I HATE ARGUING!

I LOVE FASCISTS AND FAKE LIBERTARIANS AND GOVERNMENT AGENTS AND SOCIALISTS AND TERRORISTS! I LOVE ANYBODY WHO HATES ME!

For the record, I don't hate you. As to your comment, are you suggesting I may be any of the above?

...

...

...

and dangerous, and we need to cut the bullshit and get to stuff that's real, being honest about the problems of all the solutions we have?

Pretty much. I don't see signal solving any fundamental problem, contrary to what advertisers seem to believe.

Nah it's incremental steps.

I see. So while govcorp takes 50 steps in the direction of total tyranny, signal takes one step in the opposite direction. That doesn't look like a good situation or dynamic...for victims of tyranny.

...

Here's some relevant bullshit calling:

Signal is run by a nonprofit. Talking about their behaviors in terms of marketing and advertising is poisonous to the global community,

Signal is a company. 'Nonprofit' is a state-law category. In reality, Morlonpoke got 3 millions from the pentagon. That's 3 millions in profit for morlonpoke, coming from the US military.

Plus, do you think signal's employees work for free? Do you think amazon-NSA 'hosts' signal servers for 'free'? Well admitedly, more than likely signal does get a discount from amazon-NSA since they are putting all their users 'metadata' in the NSA 'cloud'.

...

in comparison to some of the marketing atrocities still going on in front of our faces.

...

You talk this way about people all the time.

Yes. I call bullshit out all the time.

...

You are turning people who could help the things you say you are supporting, against each other.

That's you view. From my 'point of view', something like signal is basically controlled opposition. Maybe you should start thinking what people outside the US think about the US. I mean, the people who are not 'foreign' US agents or sellouts.

...

...

My point was/is that your claim about 'PFS' and pgp is wrong, that's all.

I'm not a cryptographer. I summarised theft of private key, compromise of devices, discovery of attacks via side channels, and cryptanalytic advances, all together into one inaccurate phrase that still produces the same behaviors in end-users if believed ;P

I'm not a cryptographer either but I can take a half-educated look at what's being discussed.

...

...

...

you often send insulting things, I'll treat the reply as my form of sending insulting things.

yeah, people say insulting things all the time, while pretending to be 'polite'. I insult people after they try to take me for an idiot.

This "pretension of politeness" is a struggle to engage in actual rational discourse.

is it? Are you talking about yourself? My general observation (doesn't necessarily apply to you), is that this 'pretension of politeness' is one of the clearest signs of hypocrisy from 'first world' 'liberal' totalitarians. It has nothing to do with rationality and everything to do with deception.

...

...

...

[personal experience description inhibited. meanwhile, maybe you've been mind controlled to argue on this list.]

see, that sounds pretty insulting. But Ok.

The things you say don't seem to logically line up all the time.

For instance? Please give some examples.

...

This could be because I come from a really different place from you, because you are really upset, or because you have been manipulated to influence us. I'm inferring it's the first 2, but could use your confirmation.

Well, maybe I'm not being clear enough, or maybe you're misunderstanding what I say. Or maybe both?

...

you have been manipulated to influence us

That remark is weird. First, when you say 'us', who are you talking about? What team is this 'us' team you are part of? Then how exactly you think I was 'manipulated'? And by whom?

...

...

I 'snip away' stuff that I don't think needs to be quoted repeatedly. Or stuff I won't reply to because I don't think it's important. If there's something you think it's important and I should reply to, then let me know.

Snipping's important. When bantering on this list, I'm usually in a flashback or something and it can be helpful to see reminders of what we're referring to. This is me being stupid, not really your fault, but I get frustrated around it.

ok

...

I haven't read the math or anything, but it sounds like it is exponentially more difficult to compromise an old message with forward secrecy, compared to without, similar to how bitcoin produces breaks of the sha256 hash, while also producing incredible security of data held by that same hash.

I don't know about "exponentially more difficult" but yeah the more keys the better.

...

...

...

...

Also, we're using plain text here because this is a public forum.

that's not how I feel, the comparison seems like gossiping instead of sending a letter to a mailing list. in signal, messages are signed by the sender and misbehavior of the isp and server are defended against a little more.

well yeah. And yet, misbehavior of isps or list server is not a problem here. You keep talking about it, but there isn't evidence of any tampering. I'm not saying it can't happen, just that it isn't happening here as far as I can tell.

to speak that language where you pretend everyone has the same experiences, "bullshit"! the list admin posted about messages bouncing due to misbehaving network infrastructure just recently. https://lists.cpunks.org/pipermail/cypherpunks/2020-December/085620.html many other issues have been posted, many with cryptographic signatures on them.

There have been a few 'technical' problems which are the typical computer problems when something is 'misconfigured'. You said "misbehavior of the isp and server are defended against". "Defense against misbehviour" seems to imply malicious intent, not just some random mistake.

So again, I don't see much need for better authentication. And better authentication has drawbacks. Namely, your signed messages may be used against you, your signing key may be stolen, etc.

...

...

...

it's notable that speaking in a forum transparent to those who dislike the topic gets you hurt. anarchists everywhere learn to organise in small private groups.

Yes, I'm certainly not against that tactic, but now we're on the public arpanet, which is a very big public forum, not a 'small private group'.

i'm talking about the relevance of technologies supporting safe communication, not whether we happen to be using them now. people on this list have gotten repeatedly targeted, and it's been repeatedly discussed on this very list.

ok. So use better encryption if you think you need it. Or don't use retarphones and other computers at all.

...

...

...

pgp is broken by factorization. teleportation would not be an efficient way to research this.

not sure if https://primecoin.io/ is that relevant but we can make an economy focused around compromising any cryptographic primitive, now.

heh

;p

i got this smiley from somebody from another country from mine. it means a silly half-smile.

I always saw that emoticon as a mix of smile and a tongue sticking out.

...

anyway, cryptographers support researching compromising their stuff. it helps people understand what is going on better. i don't know if people understand the dangers of pressuring that this be done _privately_, i haven't been keeping up on the talk.

...

...

...

at least decentralization doesn't allow the NSA to get all the data at once, directly from morlonpoke.

where are you from? it's so funny to see the 'z'. it's the united states spelling.

i'm not a native speaker of english. My english is mostly US-influenced I'd guess, but you shouldn't expect any consistent spelling from me =)

don't usually see non-native speakers taught the united states spellings; usually british.

actually many people, if not the vast majority, study 'US' english. Plus, if you read US stuff you pick up the US spellings. Also, I told you where I am from, but you forgot it.

Anyway, you wouldn't think you're doing some kind of 'detective work' to 'unmask' me as some kind of 'agent'? =)

...

...

...

i guess we'd better find this mr morlonpoke and defend them =/ dunno how to do that. we can call it freeing them from the shackles of technology and forcing them to work on what actually makes sense to work on.

the nsa already has agreements with isps, whereas a morlonpoke-agreement would be a new negotiation.

like I said signal.org website is 'hosted' by amazon-NSA. That's trivial to check. And a quick search seems to suggest that the servers for signal the 'app' are also amazon-NSA

yeah i summarise all that stuff as kinda 'signal sold out to mainstream so that they could have users'

I'm not sure why they need to sell out to get users? I mean, they offer a 'free' service so they are pretty likely to get users. They wouldn't get a 3 millions 'grant' from the pentagon if they didn't sell out, but they would get users either way if they offered a usable service.

...

but in reality it probably came from academia where there's more trust for business because they're financing and hiring from the organisations, so play nicer.

hm. Not sure what you mean. I don't think morlonpoke is (too?) connected to academia. He plays the part of the (ex)starving anarchist.

...

the nice thing is that because it's open source, everyone is taking their work and ripping the govcorp parts out, and reusing it. and because they're trusting, they would accept pull requests that resolve the things you describe.

I don't see how a change in the software would change the location/provider of signal's servers.

Other people can run their own servers, but can't even use the 'signal' 'trademark' (lawl they US-trademarked yet another common english word...very anarchistic)

...

here, punk will again ignore these points? saying that because people related to signal have unpleasant attributes, we should dislike signal itself?

What point am I ignoring? My take on signal is that yes, the protocol is more advanced, but the company is not to be trusted.

...

...

...

we could invest time and energy in making a contribution to signal to make it decentralised. this is phyiscally possible.

doesn't look like something they are interested in.

they're interested; they're just brainwashed by usa culture, so they prioritise other concerns first. meet those concerns and they'll love an improvement.

which concerns are they prioritizing?

...

...

the claim that money is a fake thing is pretty bold. And I still don't see

well, there'd be less money in general if people weren't _using_ it that way, with government-managed banking, and political marketing campaigns, and such.

ah if you mean that government money is fake then yes I agree. Sadly we are still forced to use govt-counterfeited money.

...

if you have $10 and somebody has $1 trillion, and you use money as your only way to survive, you are that person's effective slave.

Probably, yes. But the problem isn't money itself, but distribution of property. The guy who has $1 trillion must have stolen 99.9999% of it.

If you're using the word money to refer to the abuses of the current system then yes money sucks. But in economic terms money is something else.

...

...

what a 'blockchain' bassed messenger would look like. You seem to believe that 'blockchains' can solve many problems? They rather look like nasty surveillance tools to me, except if carefully used.

a blockchain basically pretends that it is paying people to spend incredible degrees of electricity to make certain that messages called "transactions" are spread to everybody on the network with precision, accuracy, and certainty. it pays the people making sure of this in these messages, so it is pretty easy for it to do.

yeah you can think of bitcoin as a messaging system, but bitcoin messages are a particular kind of message. If bitcoin wasn't an accounting system then miners wouldn't get paid. Or conversely if you wanted something like bitcoin to send 'ordinary' messages you'd have to pay a ton of money. Also, posting private messages on a public blockchain looks like a bad idea. So you need an encrypted blockchain, which is even more expensive.

on the other hand, if you want uncensorable distributed storage there is this :

https://freenetproject.org/

(which has been around for a long time)

...

you could cast it claiming other good or bad things, too, systems have many properties, not just one. surveillance is not easy on a blockchain, it is just possible. when you say blockchains are about surveillance you sound really weird, and people wonder how you got the idea, and why you are so passionate about it.

there are only 3 or 4 blockchains that are NOT a surveillance tool. All the rest of 'blockchains' including the biggest of them all are horrible, privacy-wise.

If anything here is weird, is the fact that you seem unware of the privacy problems that things like bitcoin or so called 'bitcoin sv' have. You've been using bsv that's doubly or triply weird. I mean, you know that criminal wright no?

"you sound really weird, and people wonder" - when you say 'people' you mean only you, I take it.

"why you are so passionate about it." - well this is the cpunks list so I'd assume privacy is important? So why would it be strange that I'm 'passionate' about blockchains being bad, privacy-wise?

You seem to be constantly 'hinting' that my negative* comments are an attempt at 'disrupting' the 'heroic work' of 'some people', and constantly 'hinting' that *I* must have some 'hidden agenda'. And that's doubly funny since you don't say the same thing about clear govt agents like 'professor rat'.

*course, my 'negative' comments are just realistic comments, but people prefer to cover their ears and post technofascist spam.

...

...

...

I didn't like how the people running it engaged in a chest-beating competition with another cryptographic organisation, but they were probably doing the best they could, just like you are. I also don't like that they have a centralised server, require a phone number to register, and mostly support web-enabled technologies run by corporations that have huge opportunity to put backdoors in. But it's pretty clear they gave a _lot_ of avenues for people to help address those situations.

I'm not sure how people who are not part of the company can fix those problems? Apart from using the software to run a different service I guess.

Signal isn't run by a company, but rather a nonprofit.

Signal IS a company. It says so right here https://signal.org

...

It's an open source project where a huge portion of the development effort is from community work.

That's "signal the software". "Signal the company" is a different thing.

...

2,149 accepted changes from random online contributers: https://github.com/signalapp/Signal-Android/pulls?q=is%3Apr+is%3Aclosed (that number may be a little high because unaccepted contributions are included in that page too, but i keep clicking different pages and i only see acceptance (PR merging) of every suggested change, over and over again.)

...

Uhh ... I'm now seeing a lot of pull requests that are not marked as accepted and merged, but have comments indicating they were, like https://github.com/signalapp/Signal-Android/pull/9090 which says "thanks for merging" but github does not report it as merged.

well, I don't think any project would merge every single pr. But anyway what % of pull requests they merge only tells you part of the story.

...

Could you summarise this for me, please? It is too long and upsetting to read.

https://www.youtube.com/watch?v=Rr8ljRgcJNM

I watched this. I do not know german. What does the video mean to you?

...

I don't think an ability to form words that alone sound like a good argument in response to an ignored point, makes those good words have meaning when said.

Here are a couple things you said:

...

this conversation ended up being unpleasant to me. i am changing my replies.

I LOVE YOU PUNK! I HATE ARGUING!

I LOVE FASCISTS AND FAKE LIBERTARIANS AND GOVERNMENT AGENTS AND SOCIALISTS AND TERRORISTS!

funnily enough, there are more than a few people who belong to all those categories at once. And fscism, socialism and terrorism are of course closely related.

Yeah, but everybody disagrees on how, so it's easy to get mad at it. Some think each different one of the first two things either is the third thing or is the target of the third thing, for example.

Maybe you can run your own signal server - how many people do that though?

The signal ratchet protocol is used in a wide variety of spin-off applications, both community and corporate: https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm#Applications Here is some information on running your own server, with a link to a fork of signal that connects independently run servers: https://www.reddit.com/r/signal/comments/7poh3f/is_it_possible_to_create_a_p... It's really a lot of work to look up information to back up every single point I make. Can we just assume that if something is clearly not hard to do, that many people have done it, in general?

On the other hand you cannot use the 'signal service' at signal.org without registering. As a side note of sorts : "Signal is a registered trademark in the United States and other countries.". Plus :

"You agree to use our Services only for legal, authorized, and acceptable purposes. " ('acceptable'? 'authorized'? 'legal'? LMAO)

"Signal’s Rights. We own all copyrights, trademarks, domains, logos, trade dress, trade secrets, patents, and other intellectual property rights associated with our Services."

Trademark law doesn't seem to be a good point against anything here, to me. It is normal in the USA to register trademarks for words. This makes it harder for other people to co-opt them and pretend to be you. They are only legally protecting their name and logo. Yes, their mainstream client centralises registration, probably for reliable identity management, a choice that has been discussed extensively.

...

I LOVE YOU PUNK! I HATE ARGUING!

I LOVE FASCISTS AND FAKE LIBERTARIANS AND GOVERNMENT AGENTS AND SOCIALISTS AND TERRORISTS! I LOVE ANYBODY WHO HATES ME!

For the record, I don't hate you. As to your comment, are you suggesting I may be any of the above?

Yay =) I don't hate you either. No, I was trying to respond in advance to any supposition that because I love all these kinds of people, that I might hate or be hated by some other kind of person. If this is true, let these people know I love them too.

<more unaddressed quotes existed>

...

It's really a lot of work to look up information to back up every single point I make.

.... A lot of work? Finding one reddit link? <snip> I would never make such assumption. It's a perfect example of a 'non sequitur'. It doesn't follow that X being easy means X is being done.

Punk, my schizophrenia is really bad. When I look around me, it is effectively like looking through a piece of black paper with pinholes poked into it, because my visual cortex freaks out about everything I see. WhenI try to move my body, it is kind of a guess that involves a lot of flailing. I'm addicted to computers, but it is hard to use them nowadays. More to the point, you argue absolutely everything I say in many areas, so it is not very effective to look everything up for evidence, if it is relatively obviously. Here is a proof for you: There are X billion people on the planet. Each person is exposed to Y different things and has Z different skills. Each person has A% downtime, during which they combine their Z skills with the Y things they are exposed to. Over the course of somebody's life, they will sample the combinations of Z with Y, A% of the time. Not only that, but they probably work a job B% of their remaining time, where they also combine Z with Y in ways that other people choose. Now, their Z skills arrived from experience and practice, in exposure to the Y things around them. So, since they have these skills at all, we can infer that there is a smaller set of skills Z_2, which they used in thorough learning combination with Y_2, the things they were exposed to earlier in life. Ahhhh I don't know enough off-hand probability to make it look like a real proof ;P But the upshot is that if something is everywhere, and obviously doable, people _do_ it. People _try_ things. If you give a set of paints to a group of people without paints, and wait, you will produce new, creative paintings. It is what happens. Every single time. Unless somebody else is exposing them to artistry otherwise or preventing them from engaging in it, which does not happen universally.

...

...

On the other hand you cannot use the 'signal service' at signal.org without registering. As a side note of sorts : "Signal is a registered trademark in the United States and other countries.". Plus :

"You agree to use our Services only for legal, authorized, and acceptable purposes. " ('acceptable'? 'authorized'? 'legal'? LMAO)

"Signal’s Rights. We own all copyrights, trademarks, domains, logos, trade dress, trade secrets, patents, and other intellectual property rights associated with our Services."

Trademark law doesn't seem to be a good point against anything here, to me. It is normal in the USA to register trademarks for words.

Yes, 'normal' means it follows 'norms' or 'laws'. Following insane US laws is 'normal' only in that circular sense. Apart from that, it is insane.

This doesn't seem to be a logical argument point, as registering a trademark is not following a law, and norms are emergent whereas laws are prescriptive. Do you do anything in your free time, punk-stasi? I had a really unpleasant experience today where I lost a lot of memory parts. I cried for these lost memories. Do you code in python? Machine learning algorithms are big in python. They're not hard to use. Part of your name is "batsoup". When I was caving it was so wonderful. Caves are incredibly beautiful inside. It is like a climbing gym, everywhere, often for miles and miles, sometimes thousands of feet under the soil. Some people camp out in caves during long mapping trips. I went into a new cave that had just been discovered once. We had to crawl through these tiny passageways, both sideways and up-and-down! We also had to rapell down cliffs using ropes. Eventually we got to a room 300 ft wide and tall, with a giant waterfall coursing straight down the middle of it. That waterfall had cut the whole room. People climbed up the sides of the room, and their headlamps looked like stars sparkling in the dark underground distance. Around the edges of the cave the water pooled, and flowed further into more unexplored earth. Caves often have crystals in them. Bats hang upside down. There are also other creatures, insects and other things. It would be easy to live deep in a cave using water for electricity. But you'd need to manage your toilet well. I have always loved being alone, silent, and in the darkness. Caves have these things to such an extreme.

...

This makes it harder for other people to co-opt them and pretend to be you. They are only legally protecting their name and logo.

Yes, their mainstream client centralises registration, probably for reliable identity management, a choice that has been discussed extensively.

.... has been discussed by whom?

They used to discuss it in bug reports and feature requests. It's also been discussed on this list extensively. https://en.wikipedia.org/wiki/Zooko%27s_triangle

So anyway, my conclusion again : the signal PROTOCOL is more robust under CERTAIN attacks. The SIGNAL COMPANY is an untrustworthy organization that was 'founded' with 3 millions from the pentagon and 50 millions from some silicon valley oligarch and WHATSAP asshole.

Punk is participating in the incredibly harmful targeting of community work. He makes it obvious he is doing this, so he is an ally who should not be trusted. He has also acted to support this list, I believe. The idea of sharing mistrust of a nonprofit is interesting, as nonprofits are also made to support the ends of profit-motivated organisations. The idea of pointing out behaviors that sound untrustworthy is also interesting. The continued question is how do we know whom to trust. Maybe a much better question, is whom can we trust better than whom else, and in what ways, and for what?