Wanted to share this article/research paper. I haven't had a chance to read it, but interested to hear people's thoughts. Will have to catch up after work.
Great search engine, don't forget to try the 'random' link[0] . It's how I've been using it to discover the interesting and less-visited corners of the internet.
Also, apparently the developer is going to be working on this project full-time for the next two years[1]. Hoping for the best and interested to see where he takes the project.
Today, most messaging apps have true end-to-end-encryption (Telegram's must be activated per contact for Secret Chat), but what really differs now is how many can tie your communications back to you through metadata. Obviously those which require a phone number or an e-mail address, do have your activity tied to you potentially....
If you want to advocate in the easiest way possible, I'd advise you install it even if you don't use it. That way if others join it, they'll find people vs seeing nobody is on it and then uninstalling it immediately. I went this route and went from not really using it to now being almost 99% of my communications. Everyone at work has started using it as its easier between iOS/Android especially if you have people in your groups that refuse to install meta/facebook products.
The problem I had was I was basically paying so my parents could use it - and they are mostly using my other sibling's HBO account. I barely watch TV and would only really put it on to have something to fall asleep to, so at least in my case, they've lost minimal my account's minimal usage + whatever I was paying them.
alternatively, to view a remote community from your lemmy instance you just append the domain to the end of the URL to indicate its on that specific remote instance: e.g. if your home instance is lemmy.ml, visit https://lemmy.ml/c/futurama@lemmy.world to see the remote "futurama" community from your instance. If you remove "@lemmy.world" you'll see your local futurama community, which isn't very active.
So I created midwest.social/c/projectzomboid and in trying to view it on lemmy.one/c/projectzomboid@midwest.social for the past two hours but it isn't showing up. My other community lemmy.one/c/lotrmemes@midwest.social shows up just fine. How long until the project Zomboid one is viewable?
From my understanding of how ActivityPub works in general - correct me if I'm wrong - someone would need to follow your instance on a remote one for it to start showing up to anyone on the other instances. That said, I've joined, and hi!
Is Apple going to make a Mastodon server? I think that'd be pretty cool. In Apple fashion, it would require an app only available on iPhone and Mac, and this app wouldn't be able to connect to third party instances....
WebKit is only open source because its a fork of KHTML, originally developed by the KDE project ^[0]^ for the Konqueror browser ^[1]^. KHTLM was developed under the GNU Lesser General Public License (LGPL) ^[2]^, which limits companies from taking the hard work of open source projects and claiming them as their own without giving back to the community.
If Apple's surprising you with the "open code" released under the WebKit project, it's because they're legally requried to. We can thank the Free Software Foundation's LGPL for that.
I have an account on there and it seems to be nothing but crypto hype, reminiscent of various "get in now or lose out" kinda scams. Not a good look, and not a lot of good content - at least from what I can tell.
I've read from SME's that Signal is the gold standard for encrypted private messaging. I haven't seen that claim of any other messenger. What are the alternatives?
I've tried Briar and that seems like it may be good in 5+ years, but not something I'd ask non-techy people to use in its current form. Sessions dropped Perfect Forward Secrecy because it was too hard to make it work. I don't want security features dropped just because they're "hard" so that's an immediate no from me. What are viable alternatives that don't leak metadata?
“Popular,” and even “ease of use,” are not relevant for the label of Gold Standard when we’re talking about security
First, ease of use is absolutely relevant when it comes to security. If it's too technical, difficult, or confusing, nobody will use it. Just look at how prevalent PGP is in emails - it's basically doesn't exist outside of niche nerd circles. What percentage of Linux admins ever deal with SELinux before getting told to just us AppArmor because it's easier? So yes, ease of use is a factor.
Second, 'security' is too broad a topic. I don't see a point in debating what is "the best" if a threat model isn't outlined first.
I originally stated "Signal is the gold standard for encrypted private messaging", which stands true regardless of other security features because it defaults to end-to-end encryption for everything by default and works out of the box. At the end of the day your messages are guaranteed to be encrypted and private - anonymity is not in the equation.
That said, I did bring up the point about leaking metadata, but looking at SimpleX I see that even they claim [0]:
The protocol does not protect against attacks targeted at particular users with known identities - e.g., if the attacker wants to prove that two known users are communicating, they can achieve it. At the same time, it substantially complicates large-scale traffic correlation, making determining the real user identities much less effective.
So, without digging much into it, it seems there's some limitations to your claims about SimpleX's superiority to Signal in terms of even anonymity.
Jami
I tried it when it was called Ring, tried it again sometime after the name change. It's a P2P messenger that provides E2EE. The architecture means all metadata leaks to ISPs and the internet. So you should be using it with Tor (or some other layer), and because your contacts also need to do that, and one of them is bound to fuck up, it's better to use either something that's metadata-resistant by default (like Briar) or to stick to Signal. Also, because its P2P, it requires both parties to be online to even work - at least last I tried it. This doesn't work in the modern world.
Tox
Without getting into the various security issues over the years (here are two recent ones [3] [4], one which allowed remote code execution!), the Android client is spartan to say the least, and there's no iOS client [1], making this unusable with half the people I'd like to communicate with in the US. Your regional mileage may vary [2].
Confide
Isn't even open source so completely out of the question - security through obscurity, as the story post about the Converso apps proves, cannot be trusted.
I'll skip the rest as I've already spent too much time on this, but I will say I do believe Threema might be as good if not better than Signal, but it's a paid app and it's hard enough to convince friends/family to get onboard with a free app, never mind something that requires payment.
Recent moves by Eugen Rochko (known as Gargron on fedi), the CEO of Mastodon-the-non-profit and lead developer of Mastodon-the-software, got some people worried about the outsized influence Mastodon (the software project and the non-profit) has on the rest of the Fediverse....
people on Mastodon don’t do enough to advertise other Fediverse platforms
is the equivalent of saying, "people on reddit don't do enough to advertise lemmy." It's an illogical jump. People on mastodon aren't there to talk about mastodon or the fediverse (although some do). It would be best to say other fediverse platforms need to work on their marketing and spreading awareness. Every chance I get I'm posting on reddit about lemmy, without trying to look like shill/spammer, because I want this platform to grow.
I wouldn't blame redditors for not mentioning lemmy in an attempt to spread awareness.
I personally don’t really care for this change, but it would have been nice - although I understand it would have taken significant time/effort to develop that could be used in other areas with the limited resources - if there was some criteria to create a selection of instances that would be randomly selected based on something like:
instance age - Your instance must be active for N months/(years?) to qualify to ensure rando spawns that may die a week later don’t impact users, as well as being able to track the next rule:
instance reliability - If there is a way to track this, only include instances that meet a specific number and maintained it for the last N months. It would suck to throw users into an unreliable instance, or one that started off great but started going south in the last 3 months.
same server rules and privacy policy - To ensure a “family friendly” set of default instances that people could easily join without having to overthink it.
Not sure what else they could track, but those three would be a good start, though admittedly a lot of additional work.
So we're trusting Tor but not Mullvad who collaborated with the Tor Project [0] to create this browser?
... developed in a collaboration between Mullvad VPN and the Tor Project
Who's behind Librewolf and Ungoogled Chromium that we should trust them over Mullvad?
Even Librewolf recommends you use Tor [1].
Can I use LibreWolf with Tor?
Please don't.
The Tor network is designed to give you complete anonymity, but it can be compromised if you use it with any browser other than the Tor Browser. If you want anonymity, download the Tor Browser.
They're all open source projects, how do you define who should/shouldn't be trusted? Seems rather reactionary to discredit Mullvad without any evidence when the alternatives provided suffer the same issue - who's behind the project and how do you establish trust?
Lastly, Ungoogled Chromium provides almost no privacy enhancing features by default [2], so how could this be a recommended as a privacy preserving browser?
ungoogled-chromium features tweaks to enhance privacy, control, and transparency. However, almost all of these features must be manually activated or enabled.
Lets discuss real alternatives and real issues, not jump to conclusions and throw everything out because it's not "perfect"
"Don't let perfect be the enemy of good" and all that.
Telegram has never been a secure option as you’re granting the keys to your data to third party to the intended recipients. Your data is basically leaked by default to Telegram’s admins.
I would recommend Signal to replace SMS/MMS and Matrix for IRC/Discord/Telegram.
What is Secure? An Analysis of Popular Messaging Apps (techpolicy.press)
Wanted to share this article/research paper. I haven't had a chance to read it, but interested to hear people's thoughts. Will have to catch up after work.
Excited for the updated Jellyfin admin dashboard (fosstodon.org)
An attempt to make Lemmy look better (github.com)
Reddit refugee here....
Marginalia, a search engine for non-commercial websites you might not have seen before (search.marginalia.nu)
[Sticker Pack] King of the Hill (signalstickers.com)
Just wanted to share a sticker pack I made for any KOTH fans.
What is Signal? The basics of the most secure messaging app: Modern phones can easily have multiple messenger apps on them (mashable.com)
Today, most messaging apps have true end-to-end-encryption (Telegram's must be activated per contact for Secret Chat), but what really differs now is how many can tie your communications back to you through metadata. Obviously those which require a phone number or an e-mail address, do have your activity tied to you potentially....
Netflix sees jump in subs as it begins to curb password sharing in US, says report (techcrunch.com)
As a new lemmy user I've got some question?
When I use the https://join-lemmy.org/instances do I need to register a new account for example beehaw.org, sopuli.xyz and other server?...
Kīlauea volcano is erupting (www.usgs.gov)
From USGS:...
how long on average until a community created on one instance is viewable on others?
So I created midwest.social/c/projectzomboid and in trying to view it on lemmy.one/c/projectzomboid@midwest.social for the past two hours but it isn't showing up. My other community lemmy.one/c/lotrmemes@midwest.social shows up just fine. How long until the project Zomboid one is viewable?
Apple made Mastodon guide (apps.apple.com)
Is Apple going to make a Mastodon server? I think that'd be pretty cool. In Apple fashion, it would require an app only available on iPhone and Mac, and this app wouldn't be able to connect to third party instances....
What are your opinions on nostr? (nostr.com)
It seems like an actually good alternative to activitypub. What are your thoughts?
deleted_by_author
Mastodon monoculture problem (rys.io)
Recent moves by Eugen Rochko (known as Gargron on fedi), the CEO of Mastodon-the-non-profit and lead developer of Mastodon-the-software, got some people worried about the outsized influence Mastodon (the software project and the non-profit) has on the rest of the Fediverse....
A new onboarding experience on Mastodon (blog.joinmastodon.org)
Tor Project and Mullvad release Mullvad Browser, "Tor Browser without the Tor Network" a privacy browser for VPN users (blog.torproject.org)
Just when I thought Telegram might be an option (torrentfreak.com) en-us
torrentfreak.com/telegram-pira…