bantering with punk was Re: What advantage does Signal protocol have over basic public key encryption?

[Karl]

Could you summarise this for me, please?  It is too long and upsetting to read.

I don't think an ability to form words that alone sound like a good
argument in response to an ignored point, makes those good words have
meaning when said.

On 1/28/21, Punk-BatSoup-Stasi 2.0 <punks at tfwno.gf> wrote:
> On Wed, 27 Jan 2021 06:43:24 -0500
> Karl <gmkarl at gmail.com> wrote:
>
>> >>
>> >> I want my messages preserved, so I don't worry about forward secrecy
>> >> =S
>> >
>> > 	In that case it seems that signal has little to offer to you apart
>> > from
>> > their surveillance services tied to your phone number.
>>
>> =(  obviously i like it because it cryptographically preserves the
>> integrity of threads
>
> 	ok.
>
>
>>
>> this conversation ended up being unpleasant to me.  i am changing my
>> replies.
>>
>> I LOVE YOU PUNK!  I HATE ARGUING!
>>
>> I LOVE FASCISTS AND FAKE LIBERTARIANS AND GOVERNMENT AGENTS AND
>> SOCIALISTS AND TERRORISTS!
>
> 	funnily enough, there are more than a few people who belong to all those
> categories at once. And fscism, socialism and terrorism are of course
> closely related.
>
>
>> >
>> > 	In some ways signal is worse than pgp. For example, you don't need to
>> > register with morlonpoke using a phone number to use pgp. You just
>> > compile
>> > it and run it.
>
>>
>> WHO CARES.  However: You don't need to register with morlonpoke to use
>> signal _either_.  You can _also_ just compile and run it, and numerous
>> forks have _done_ that.
>
>
> 	Maybe you can run your own signal server - how many people do that though?
>
> 	On the other hand you cannot use the 'signal service' at signal.org without
> registering. As a side note of sorts :  "Signal is a registered trademark in
> the United States and other countries.". Plus :
>
> 	"You agree to use our Services only for legal, authorized, and acceptable
> purposes. "
> 	('acceptable'? 'authorized'? 'legal'? LMAO)
>
> 	"Signal’s Rights. We own all copyrights, trademarks, domains, logos, trade
> dress, trade secrets, patents, and other intellectual property rights
> associated with our Services."
>
> 	https://signal.org/legal/
>
> 	etc.
>
>
>
>
>> I LOVE YOU PUNK!  I HATE ARGUING!
>>
>> I LOVE FASCISTS AND FAKE LIBERTARIANS AND GOVERNMENT AGENTS AND
>> SOCIALISTS AND TERRORISTS!  I LOVE ANYBODY WHO HATES ME!
> 	
>
> 	For the record, I don't hate you. As to your comment, are you suggesting I
> may be any of the above?
>
>
>
>> >
>> >> and dangerous, and we need to cut the bullshit and get to stuff
>> >> that's real, being honest about the problems of all the solutions we
>> >> have?
>> >
>> >
>> > 	Pretty much. I don't see signal solving any fundamental problem,
>> > contrary
>> > to what advertisers seem to believe.
>>
>> Nah it's incremental steps.
>
>
> 	I see. So while govcorp takes 50 steps in the direction of total tyranny,
> signal takes one step in the opposite direction. That doesn't look like a
> good situation or dynamic...for victims of tyranny.
>
>
>
>> Here's some relevant bullshit calling:
>>
>> Signal is run by a nonprofit.  Talking about their behaviors in terms
>> of marketing and advertising is poisonous to the global community,
>
>
> 	Signal is a company. 'Nonprofit' is a state-law category. In reality,
> Morlonpoke got 3 millions from the pentagon. That's 3 millions in profit for
> morlonpoke, coming from the US military.
>
> 	Plus, do you think signal's employees work for free? Do you think
> amazon-NSA 'hosts' signal servers for 'free'? Well admitedly, more than
> likely signal does get a discount from amazon-NSA since they are putting all
> their users 'metadata' in the NSA 'cloud'.
>
>
>> in  comparison to some of the marketing atrocities still going on in
>> front
>> of our faces.
>
>> You talk this way about people all the time.
>
> 	
> 	Yes. I call bullshit out all the time.
>
>
>> You are turning people
>> who could help the things you say you are supporting, against each
>> other.
>
>
> 	That's you view. From my 'point of view', something like signal is
> basically controlled opposition. Maybe you should start thinking what people
> outside the US think about the US. I mean, the people who are not 'foreign'
> US agents or  sellouts.
>
>
>
>> >
>> >
>> > 	My  point was/is that your claim about 'PFS' and pgp is wrong, that's
>> > all.
>>
>> I'm not a cryptographer.  I summarised theft of private key,
>> compromise of devices, discovery of attacks via side channels, and
>> cryptanalytic advances, all together into one inaccurate phrase that
>> still produces the same behaviors in end-users if believed ;P
>
>
> 	I'm not a cryptographer either but I can take a half-educated look at
> what's being discussed.
> 	
>
>>
>> >> you often send insulting things, I'll treat the reply as my form of
>> >> sending insulting things.
>> >
>> > 	yeah, people say insulting things all the time, while pretending to be
>> > 'polite'. I insult people after they try to take me for an idiot.
>>
>> This "pretension of politeness" is a struggle to engage in actual
>> rational discourse.
>
>
> 	is it? Are you talking about yourself? My general observation (doesn't
> necessarily apply to you), is that this 'pretension of politeness' is one of
> the clearest signs of hypocrisy from 'first world' 'liberal' totalitarians.
> It has nothing to do with rationality and everything to do with deception.
>
>
>
>>
>> >> [personal experience description inhibited.  meanwhile, maybe you've
>> >> been mind controlled to argue on this list.]
>> >
>> > 	see, that sounds pretty insulting. But Ok.
>>
>> The things you say don't seem to logically line up all the time.
>
>
> 	For instance? Please give some examples.
>
>
>> This
>> could be because I come from a really different place from you,
>> because you are really upset, or because you have been manipulated to
>> influence us.  I'm inferring it's the first 2, but could use your
>> confirmation.
> 	
>
> 	Well, maybe I'm not being clear enough, or maybe you're misunderstanding
> what I say. Or maybe both? 	
>
>
>> you have been manipulated to influence us
>
> 	That remark is weird. First, when you say 'us', who are you talking about?
> What team is this 'us' team you are part of? Then how exactly you think I
> was 'manipulated'? And by whom?
>
>
>
>> >
>> > 	I 'snip away' stuff that I don't think needs to be quoted repeatedly.
>> > Or
>> > stuff I won't reply to because I don't think it's important. If there's
>> > something you think it's important and I should reply to, then let me
>> > know.
>>
>> Snipping's important.  When bantering on this list, I'm usually in a
>> flashback or something and it can be helpful to see reminders of what
>> we're referring to.  This is me being stupid, not really your fault,
>> but I get frustrated around it.
>
>
> 	ok
>
>
>
>> I haven't read the math or anything, but it sounds like it is
>> exponentially more difficult to compromise an old message with forward
>> secrecy, compared to without, similar to how bitcoin produces breaks
>> of the sha256 hash, while also producing incredible security of data
>> held by that same hash.
>
>
> 	I don't know about "exponentially more difficult" but yeah the more keys
> the better.
>
>
>
>>
>> >> > 	Also, we're using plain text here because this is a public forum.
>> >>
>> >> that's not how I feel, the comparison seems like gossiping instead of
>> >> sending a letter to a mailing list.  in signal, messages are signed by
>> >> the sender and misbehavior of the isp and server are defended against
>> >> a little more.
>> >
>> > 	well yeah. And yet, misbehavior of isps or list server is not a
>> > problem
>> > here. You keep talking about it, but there isn't evidence of any
>> > tampering.
>> > I'm not saying it can't happen, just that it isn't happening here as far
>> > as
>> > I can tell.
>>
>> to speak that language where you pretend everyone has the same
>> experiences, "bullshit"!  the list admin posted about messages
>> bouncing due to misbehaving network infrastructure just recently.
>> https://lists.cpunks.org/pipermail/cypherpunks/2020-December/085620.html
>> many other issues have been posted, many with cryptographic signatures on
>> them.
>
>
> 	There have been a few 'technical' problems which are the typical computer
> problems when something is 'misconfigured'. You said "misbehavior of the isp
> and server are defended against". "Defense against misbehviour" seems to
> imply malicious intent, not just some random mistake.
>
> 	So again, I don't see much need for better authentication. And better
> authentication has drawbacks. Namely, your signed messages may be used
> against you, your signing key may be stolen, etc.
>
>
>>
>> >> it's notable that speaking in a forum transparent to those who dislike
>> >> the topic gets you hurt.  anarchists everywhere learn to organise in
>> >> small private groups.
>> >
>> > 	Yes, I'm certainly not against that tactic, but now we're on the
>> > public
>> > arpanet, which is a very big public forum, not a 'small private group'.
>>
>> i'm talking about the relevance of technologies supporting safe
>> communication, not whether we happen to be using them now.  people on
>> this list have gotten repeatedly targeted, and it's been repeatedly
>> discussed on this very list.
>
>
> 	ok. So use better encryption if you think you need it. Or don't use
> retarphones and other computers at all.
>
>
>>
>> >> pgp is broken by factorization.  teleportation would not be an
>> >> efficient way to research this.
>> >>
>> >> not sure if https://primecoin.io/ is that relevant but we can make an
>> >> economy focused around compromising any cryptographic primitive, now.
>> >
>> > 	heh
>>
>> ;p
>>
>> i got this smiley from somebody from another country from mine.  it
>> means a silly half-smile.
>
>
> 	I always saw that emoticon as a mix of smile and a tongue sticking out.
>
>
>>
>> anyway, cryptographers support researching compromising their stuff.
>> it helps people understand what is going on better.  i don't know if
>> people understand the dangers of pressuring that this be done
>> _privately_, i haven't been keeping up on the talk.
>>
>> >> > 	at least decentralization doesn't allow the NSA to get all the data
>> >> > at
>> >> > once, directly from morlonpoke.
>> >>
>> >> where are you from?  it's so funny to see the 'z'.  it's the united
>> >> states spelling.
>> >
>> > 	i'm not a native speaker of english. My english is mostly US-influenced
>> > I'd
>> > guess, but you shouldn't expect any consistent spelling from me =)
>>
>> don't usually see non-native speakers taught the united states
>> spellings; usually british.
>
>
> 	actually many people, if not the vast majority, study 'US' english. Plus,
> if you read US stuff you pick up the US spellings. Also, I told you where I
> am from, but you forgot it.
>
> 	Anyway, you wouldn't think you're doing some kind of 'detective work' to
> 'unmask' me as some kind of 'agent'? =)
>
>
>
>>
>> >> i guess we'd better find this mr morlonpoke and defend them =/  dunno
>> >> how to do that.  we can call it freeing them from the shackles of
>> >> technology and forcing them to work on what actually makes sense to
>> >> work on.
>> >>
>> >> the nsa already has agreements with isps, whereas a
>> >> morlonpoke-agreement would be a new negotiation.
>> >
>> >
>> > 	like I said signal.org website is 'hosted' by amazon-NSA. That's
>> > trivial to
>> > check. And a quick search seems to suggest that the servers for signal
>> > the
>> > 'app' are also amazon-NSA
>>
>> yeah i summarise all that stuff as kinda 'signal sold out to
>> mainstream so that they could have users'
>
>
> 	I'm not sure why they need to sell out to get users? I mean, they offer a
> 'free' service so they are pretty likely to get users. They wouldn't get a 3
> millions 'grant' from the pentagon if they didn't sell out, but they would
> get users either way if they offered a usable service.
>
>
>> but in reality it probably
>> came from academia where there's more trust for business because
>> they're financing and hiring from the organisations, so play nicer.
>
>
> 	hm. Not sure what you mean. I don't think morlonpoke is (too?) connected to
> academia. He plays the part of the (ex)starving anarchist.
>
>
>>
>> the nice thing is that because it's open source, everyone is taking
>> their work and ripping the govcorp parts out, and reusing it.  and
>> because they're trusting, they would accept pull requests that resolve
>> the things you describe.
>
>
> 	I don't see how a change in the software would change the location/provider
> of signal's servers.
>
> 	Other people can run their own servers, but can't even use the 'signal'
> 'trademark' (lawl they US-trademarked yet another common english word...very
> anarchistic)
>
>
>>
>> here, punk will again ignore these points? saying that because people
>> related to signal have unpleasant attributes, we should dislike signal
>> itself?
>
>
> 	What point am I ignoring? My take on signal is that yes, the protocol is
> more advanced, but the company is not to be trusted.
>
>
>
>
>>
>> >> we could invest time and energy in making a contribution to signal to
>> >> make it decentralised.  this is phyiscally possible.
>> > 	
>> >
>> > 	doesn't look like something they are interested in.
>>
>> they're interested; they're just brainwashed by usa culture, so they
>> prioritise other concerns first.  meet those concerns and they'll love
>> an improvement.
>
>
> 	which concerns are they prioritizing?
>
>
>
>
>> > 	the claim that money is a fake thing is pretty bold. And I still don't
>> > see
>>
>> well, there'd be less money in general if people weren't _using_ it
>> that way, with government-managed banking, and political marketing
>> campaigns, and such.
>
>
> 	ah if you mean that government money is fake then yes I agree. Sadly we are
> still forced to use govt-counterfeited money.
>
>>
>> if you have $10 and somebody has $1 trillion, and you use money as
>> your only way to survive, you are that person's effective slave.
>
>
> 	Probably, yes. But the problem isn't money itself, but distribution of
> property. The guy who has $1 trillion must have stolen 99.9999% of it.
>
> 	If you're using the word money to refer to the abuses of the current system
> then yes money sucks. But in economic terms money is something else.
>
>
>
>>
>> > what a 'blockchain' bassed messenger would look like. You seem to
>> > believe
>> > that 'blockchains' can solve many problems? They rather look like nasty
>> > surveillance tools to me, except if carefully used.
>>
>> a blockchain basically pretends that it is paying people to spend
>> incredible degrees of electricity to make certain that messages called
>> "transactions" are spread to everybody on the network with precision,
>> accuracy, and certainty.  it pays the people making sure of this in
>> these messages, so it is pretty easy for it to do.
>
> 	yeah you can think of bitcoin as a messaging system, but bitcoin messages
> are a particular kind of message. If bitcoin wasn't an accounting system
> then miners wouldn't get paid. Or conversely if you wanted something like
> bitcoin to send 'ordinary' messages you'd have to pay a ton of money. Also,
> posting private messages on a public blockchain looks like a bad idea. So
> you need an encrypted blockchain, which is even more expensive.
>
> 	on the other hand, if you want uncensorable distributed storage there is
> this :
>
> 	https://freenetproject.org/
>
> 	(which has been around for a long time)
>
>
>>
>> you could cast it claiming other good or bad things, too, systems have
>> many properties, not just one.  surveillance is not easy on a
>> blockchain, it is just possible.  when you say blockchains are about
>> surveillance you sound really weird, and people wonder how you got the
>> idea, and why you are so passionate about it.
>
>
> 	there are only 3 or 4 blockchains that are NOT a surveillance tool. All the
> rest of 'blockchains' including the biggest of them all are horrible,
> privacy-wise.
>
> 	If anything here is weird, is the fact that you seem unware of the privacy
> problems that things like bitcoin or so called 'bitcoin sv' have. You've
> been using bsv that's doubly or triply weird. I mean, you know that criminal
> wright no?
>
>
> 	"you sound really weird, and people wonder" - when you say 'people' you
> mean only you, I take it.
>
>
> 	"why you are so passionate about it." - well this is the cpunks list so I'd
> assume privacy is important? So why would it be strange that I'm
> 'passionate' about blockchains being bad, privacy-wise?
>
> 	You seem to be constantly 'hinting' that my negative* comments are an
> attempt at 'disrupting' the 'heroic work' of 'some people', and constantly
> 'hinting' that *I* must have some 'hidden agenda'. And that's doubly funny
> since you don't say the same thing about clear govt agents like 'professor
> rat'.
>
>
> *course, my 'negative' comments are just realistic comments, but people
> prefer to cover their ears and post technofascist spam.
>
>
>
>>
>> >> I didn't like how the people running it engaged in a chest-beating
>> >> competition with another cryptographic organisation, but they were
>> >> probably doing the best they could, just like you are.  I also don't
>> >> like that they have a centralised server, require a phone number to
>> >> register, and mostly support web-enabled technologies run by
>> >> corporations that have huge opportunity to put backdoors in.  But it's
>> >> pretty clear they gave a _lot_ of avenues for people to help address
>> >> those situations.
>> >
>> > 	I'm not sure how people who are not part of the company can fix those
>> > problems? Apart from using the software to run a different service I
>> > guess.
>>
>> Signal isn't run by a company, but rather a nonprofit.
>
>
> 	Signal IS a company. It says so right here https://signal.org
>
>
>> It's an open
>> source project where a huge portion of the development effort is from
>> community work.
>
>
> 	That's "signal the software". "Signal the company" is a different thing.
>
>
>> 2,149 accepted changes from random online
>> contributers:
>> https://github.com/signalapp/Signal-Android/pulls?q=is%3Apr+is%3Aclosed
>>  (that number may be a little high because unaccepted contributions
>> are included in that page too, but i keep clicking different pages and
>> i only see acceptance (PR merging) of every suggested change, over and
>> over again.)
>
>
>> Uhh ... I'm now seeing a lot of pull requests that are not marked as
>> accepted and merged, but have comments indicating they were, like
>> https://github.com/signalapp/Signal-Android/pull/9090 which says
>> "thanks for merging" but github does not report it as merged.
>
>
> 	well, I don't think any project would merge every single pr. But anyway
> what % of pull requests they merge only tells you part of the story.
>