bantering with punk was Re: What advantage does Signal protocol have over basic public key encryption?

Punk-BatSoup-Stasi 2.0 punks at tfwno.gf
Thu Jan 28 16:19:52 PST 2021


On Wed, 27 Jan 2021 06:43:24 -0500
Karl <gmkarl at gmail.com> wrote:

> >>
> >> I want my messages preserved, so I don't worry about forward secrecy =S
> >
> > 	In that case it seems that signal has little to offer to you apart from
> > their surveillance services tied to your phone number.
> 
> =(  obviously i like it because it cryptographically preserves the
> integrity of threads

	ok.


> 
> this conversation ended up being unpleasant to me.  i am changing my replies.
> 
> I LOVE YOU PUNK!  I HATE ARGUING!
> 
> I LOVE FASCISTS AND FAKE LIBERTARIANS AND GOVERNMENT AGENTS AND
> SOCIALISTS AND TERRORISTS!

	funnily enough, there are more than a few people who belong to all those categories at once. And fscism, socialism and terrorism are of course closely related. 


> >
> > 	In some ways signal is worse than pgp. For example, you don't need to
> > register with morlonpoke using a phone number to use pgp. You just compile
> > it and run it.

> 
> WHO CARES.  However: You don't need to register with morlonpoke to use
> signal _either_.  You can _also_ just compile and run it, and numerous
> forks have _done_ that.


	Maybe you can run your own signal server - how many people do that though?

	On the other hand you cannot use the 'signal service' at signal.org without registering. As a side note of sorts :  "Signal is a registered trademark in the United States and other countries.". Plus :

	"You agree to use our Services only for legal, authorized, and acceptable purposes. " 
	('acceptable'? 'authorized'? 'legal'? LMAO)

	"Signal’s Rights. We own all copyrights, trademarks, domains, logos, trade dress, trade secrets, patents, and other intellectual property rights associated with our Services." 

	https://signal.org/legal/

	etc. 



 
> I LOVE YOU PUNK!  I HATE ARGUING!
> 
> I LOVE FASCISTS AND FAKE LIBERTARIANS AND GOVERNMENT AGENTS AND
> SOCIALISTS AND TERRORISTS!  I LOVE ANYBODY WHO HATES ME!
	

	For the record, I don't hate you. As to your comment, are you suggesting I may be any of the above? 


 
> >
> >> and dangerous, and we need to cut the bullshit and get to stuff
> >> that's real, being honest about the problems of all the solutions we
> >> have?
> >
> >
> > 	Pretty much. I don't see signal solving any fundamental problem, contrary
> > to what advertisers seem to believe.
> 
> Nah it's incremental steps.  


	I see. So while govcorp takes 50 steps in the direction of total tyranny, signal takes one step in the opposite direction. That doesn't look like a good situation or dynamic...for victims of tyranny. 



> Here's some relevant bullshit calling:
> 
> Signal is run by a nonprofit.  Talking about their behaviors in terms
> of marketing and advertising is poisonous to the global community, 


	Signal is a company. 'Nonprofit' is a state-law category. In reality, Morlonpoke got 3 millions from the pentagon. That's 3 millions in profit for morlonpoke, coming from the US military. 

	Plus, do you think signal's employees work for free? Do you think amazon-NSA 'hosts' signal servers for 'free'? Well admitedly, more than likely signal does get a discount from amazon-NSA since they are putting all their users 'metadata' in the NSA 'cloud'.


> in  comparison to some of the marketing atrocities still going on in front
> of our faces.
 
> You talk this way about people all the time.  

	
	Yes. I call bullshit out all the time. 


> You are turning people
> who could help the things you say you are supporting, against each
> other.


	That's you view. From my 'point of view', something like signal is basically controlled opposition. Maybe you should start thinking what people outside the US think about the US. I mean, the people who are not 'foreign' US agents or  sellouts. 



> >
> >
> > 	My  point was/is that your claim about 'PFS' and pgp is wrong, that's all.
> 
> I'm not a cryptographer.  I summarised theft of private key,
> compromise of devices, discovery of attacks via side channels, and
> cryptanalytic advances, all together into one inaccurate phrase that
> still produces the same behaviors in end-users if believed ;P


	I'm not a cryptographer either but I can take a half-educated look at what's being discussed. 
	

> 
> >> you often send insulting things, I'll treat the reply as my form of
> >> sending insulting things.
> >
> > 	yeah, people say insulting things all the time, while pretending to be
> > 'polite'. I insult people after they try to take me for an idiot.
> 
> This "pretension of politeness" is a struggle to engage in actual
> rational discourse.


	is it? Are you talking about yourself? My general observation (doesn't necessarily apply to you), is that this 'pretension of politeness' is one of the clearest signs of hypocrisy from 'first world' 'liberal' totalitarians. It has nothing to do with rationality and everything to do with deception. 



> 
> >> [personal experience description inhibited.  meanwhile, maybe you've
> >> been mind controlled to argue on this list.]
> >
> > 	see, that sounds pretty insulting. But Ok.
> 
> The things you say don't seem to logically line up all the time.  


	For instance? Please give some examples. 


> This
> could be because I come from a really different place from you,
> because you are really upset, or because you have been manipulated to
> influence us.  I'm inferring it's the first 2, but could use your
> confirmation.
	

	Well, maybe I'm not being clear enough, or maybe you're misunderstanding what I say. Or maybe both? 	


> you have been manipulated to influence us

	That remark is weird. First, when you say 'us', who are you talking about? What team is this 'us' team you are part of? Then how exactly you think I was 'manipulated'? And by whom? 



> >
> > 	I 'snip away' stuff that I don't think needs to be quoted repeatedly. Or
> > stuff I won't reply to because I don't think it's important. If there's
> > something you think it's important and I should reply to, then let me know.
> 
> Snipping's important.  When bantering on this list, I'm usually in a
> flashback or something and it can be helpful to see reminders of what
> we're referring to.  This is me being stupid, not really your fault,
> but I get frustrated around it.


	ok



> I haven't read the math or anything, but it sounds like it is
> exponentially more difficult to compromise an old message with forward
> secrecy, compared to without, similar to how bitcoin produces breaks
> of the sha256 hash, while also producing incredible security of data
> held by that same hash.


	I don't know about "exponentially more difficult" but yeah the more keys the better. 



> 
> >> > 	Also, we're using plain text here because this is a public forum.
> >>
> >> that's not how I feel, the comparison seems like gossiping instead of
> >> sending a letter to a mailing list.  in signal, messages are signed by
> >> the sender and misbehavior of the isp and server are defended against
> >> a little more.
> >
> > 	well yeah. And yet, misbehavior of isps or list server is not a problem
> > here. You keep talking about it, but there isn't evidence of any tampering.
> > I'm not saying it can't happen, just that it isn't happening here as far as
> > I can tell.
> 
> to speak that language where you pretend everyone has the same
> experiences, "bullshit"!  the list admin posted about messages
> bouncing due to misbehaving network infrastructure just recently.
> https://lists.cpunks.org/pipermail/cypherpunks/2020-December/085620.html
> many other issues have been posted, many with cryptographic signatures on them.


	There have been a few 'technical' problems which are the typical computer problems when something is 'misconfigured'. You said "misbehavior of the isp and server are defended against". "Defense against misbehviour" seems to imply malicious intent, not just some random mistake.

	So again, I don't see much need for better authentication. And better authentication has drawbacks. Namely, your signed messages may be used against you, your signing key may be stolen, etc.


> 
> >> it's notable that speaking in a forum transparent to those who dislike
> >> the topic gets you hurt.  anarchists everywhere learn to organise in
> >> small private groups.
> >
> > 	Yes, I'm certainly not against that tactic, but now we're on the public
> > arpanet, which is a very big public forum, not a 'small private group'.
> 
> i'm talking about the relevance of technologies supporting safe
> communication, not whether we happen to be using them now.  people on
> this list have gotten repeatedly targeted, and it's been repeatedly
> discussed on this very list.


	ok. So use better encryption if you think you need it. Or don't use retarphones and other computers at all. 


> 
> >> pgp is broken by factorization.  teleportation would not be an
> >> efficient way to research this.
> >>
> >> not sure if https://primecoin.io/ is that relevant but we can make an
> >> economy focused around compromising any cryptographic primitive, now.
> >
> > 	heh
> 
> ;p
> 
> i got this smiley from somebody from another country from mine.  it
> means a silly half-smile.  


	I always saw that emoticon as a mix of smile and a tongue sticking out. 


> 
> anyway, cryptographers support researching compromising their stuff.
> it helps people understand what is going on better.  i don't know if
> people understand the dangers of pressuring that this be done
> _privately_, i haven't been keeping up on the talk.
> 
> >> > 	at least decentralization doesn't allow the NSA to get all the data at
> >> > once, directly from morlonpoke.
> >>
> >> where are you from?  it's so funny to see the 'z'.  it's the united
> >> states spelling.
> >
> > 	i'm not a native speaker of english. My english is mostly US-influenced I'd
> > guess, but you shouldn't expect any consistent spelling from me =)
> 
> don't usually see non-native speakers taught the united states
> spellings; usually british.


	actually many people, if not the vast majority, study 'US' english. Plus, if you read US stuff you pick up the US spellings. Also, I told you where I am from, but you forgot it.

	Anyway, you wouldn't think you're doing some kind of 'detective work' to 'unmask' me as some kind of 'agent'? =)



> 
> >> i guess we'd better find this mr morlonpoke and defend them =/  dunno
> >> how to do that.  we can call it freeing them from the shackles of
> >> technology and forcing them to work on what actually makes sense to
> >> work on.
> >>
> >> the nsa already has agreements with isps, whereas a
> >> morlonpoke-agreement would be a new negotiation.
> >
> >
> > 	like I said signal.org website is 'hosted' by amazon-NSA. That's trivial to
> > check. And a quick search seems to suggest that the servers for signal the
> > 'app' are also amazon-NSA
> 
> yeah i summarise all that stuff as kinda 'signal sold out to
> mainstream so that they could have users' 


	I'm not sure why they need to sell out to get users? I mean, they offer a 'free' service so they are pretty likely to get users. They wouldn't get a 3 millions 'grant' from the pentagon if they didn't sell out, but they would get users either way if they offered a usable service. 


> but in reality it probably
> came from academia where there's more trust for business because
> they're financing and hiring from the organisations, so play nicer.


	hm. Not sure what you mean. I don't think morlonpoke is (too?) connected to academia. He plays the part of the (ex)starving anarchist. 


> 
> the nice thing is that because it's open source, everyone is taking
> their work and ripping the govcorp parts out, and reusing it.  and
> because they're trusting, they would accept pull requests that resolve
> the things you describe.


	I don't see how a change in the software would change the location/provider of signal's servers. 

	Other people can run their own servers, but can't even use the 'signal' 'trademark' (lawl they US-trademarked yet another common english word...very anarchistic)


> 
> here, punk will again ignore these points? saying that because people
> related to signal have unpleasant attributes, we should dislike signal
> itself?


	What point am I ignoring? My take on signal is that yes, the protocol is more advanced, but the company is not to be trusted. 




> 
> >> we could invest time and energy in making a contribution to signal to
> >> make it decentralised.  this is phyiscally possible.
> > 	
> >
> > 	doesn't look like something they are interested in.
> 
> they're interested; they're just brainwashed by usa culture, so they
> prioritise other concerns first.  meet those concerns and they'll love
> an improvement.


	which concerns are they prioritizing? 




> > 	the claim that money is a fake thing is pretty bold. And I still don't see
> 
> well, there'd be less money in general if people weren't _using_ it
> that way, with government-managed banking, and political marketing
> campaigns, and such.


	ah if you mean that government money is fake then yes I agree. Sadly we are still forced to use govt-counterfeited money. 

> 
> if you have $10 and somebody has $1 trillion, and you use money as
> your only way to survive, you are that person's effective slave.


	Probably, yes. But the problem isn't money itself, but distribution of property. The guy who has $1 trillion must have stolen 99.9999% of it. 

	If you're using the word money to refer to the abuses of the current system then yes money sucks. But in economic terms money is something else. 



> 
> > what a 'blockchain' bassed messenger would look like. You seem to believe
> > that 'blockchains' can solve many problems? They rather look like nasty
> > surveillance tools to me, except if carefully used.
> 
> a blockchain basically pretends that it is paying people to spend
> incredible degrees of electricity to make certain that messages called
> "transactions" are spread to everybody on the network with precision,
> accuracy, and certainty.  it pays the people making sure of this in
> these messages, so it is pretty easy for it to do.

	yeah you can think of bitcoin as a messaging system, but bitcoin messages are a particular kind of message. If bitcoin wasn't an accounting system then miners wouldn't get paid. Or conversely if you wanted something like bitcoin to send 'ordinary' messages you'd have to pay a ton of money. Also, posting private messages on a public blockchain looks like a bad idea. So you need an encrypted blockchain, which is even more expensive.

	on the other hand, if you want uncensorable distributed storage there is this : 

	https://freenetproject.org/

	(which has been around for a long time)


> 
> you could cast it claiming other good or bad things, too, systems have
> many properties, not just one.  surveillance is not easy on a
> blockchain, it is just possible.  when you say blockchains are about
> surveillance you sound really weird, and people wonder how you got the
> idea, and why you are so passionate about it.


	there are only 3 or 4 blockchains that are NOT a surveillance tool. All the rest of 'blockchains' including the biggest of them all are horrible, privacy-wise.

	If anything here is weird, is the fact that you seem unware of the privacy problems that things like bitcoin or so called 'bitcoin sv' have. You've been using bsv that's doubly or triply weird. I mean, you know that criminal wright no? 


	"you sound really weird, and people wonder" - when you say 'people' you mean only you, I take it. 


	"why you are so passionate about it." - well this is the cpunks list so I'd assume privacy is important? So why would it be strange that I'm 'passionate' about blockchains being bad, privacy-wise? 

	You seem to be constantly 'hinting' that my negative* comments are an attempt at 'disrupting' the 'heroic work' of 'some people', and constantly 'hinting' that *I* must have some 'hidden agenda'. And that's doubly funny since you don't say the same thing about clear govt agents like 'professor rat'. 


*course, my 'negative' comments are just realistic comments, but people prefer to cover their ears and post technofascist spam. 



> 
> >> I didn't like how the people running it engaged in a chest-beating
> >> competition with another cryptographic organisation, but they were
> >> probably doing the best they could, just like you are.  I also don't
> >> like that they have a centralised server, require a phone number to
> >> register, and mostly support web-enabled technologies run by
> >> corporations that have huge opportunity to put backdoors in.  But it's
> >> pretty clear they gave a _lot_ of avenues for people to help address
> >> those situations.
> >
> > 	I'm not sure how people who are not part of the company can fix those
> > problems? Apart from using the software to run a different service I guess.
> 
> Signal isn't run by a company, but rather a nonprofit.  


	Signal IS a company. It says so right here https://signal.org


> It's an open
> source project where a huge portion of the development effort is from
> community work.  


	That's "signal the software". "Signal the company" is a different thing. 


> 2,149 accepted changes from random online
> contributers: https://github.com/signalapp/Signal-Android/pulls?q=is%3Apr+is%3Aclosed
>  (that number may be a little high because unaccepted contributions
> are included in that page too, but i keep clicking different pages and
> i only see acceptance (PR merging) of every suggested change, over and
> over again.)


> Uhh ... I'm now seeing a lot of pull requests that are not marked as
> accepted and merged, but have comments indicating they were, like
> https://github.com/signalapp/Signal-Android/pull/9090 which says
> "thanks for merging" but github does not report it as merged.


	well, I don't think any project would merge every single pr. But anyway what % of pull requests they merge only tells you part of the story. 


More information about the cypherpunks mailing list