So what's going on with Signal's new architecture that retains all user data? It seems like a total reversal of their previous stance and one that dramatically changes their threat model. Their new security properties rely entirely on SGX, which is barely secure against motivated home users, much less nation state adversaries.
@th ... that's weird. Why would they do that?
@polychrome @th I've been feeling iffy about Signal since they killed federation (and, by extension, CyanogenMod, kinda).
@pettter @polychrome @th If only we could leverage this to get more folks using XMPP+OMEMO...
@polychrome @pettter @th Yuck.
@polychrome @drwho @pettter @th Yikes! And Apple the control freak would likely ban those apps if they ever got into the App Store.
@drwho I mean, go nuts, if you know a good server you can point them towards.. Also what
@polychrome said...
I'm partial towards spreading the Briar gospel, myself. It's really getting towards a usability threshold.
@pettter @polychrome @th There's no shortage of public XMPP servers, to be sure.
@th What architecture? BTW I've been suspecting for a while now that Signal does not care about user privacy... There are a bunch of red flags. Also, I suspect they keep all messages (even if encrypted) kind of like Matrix does. You can fetch messages that are ages old on any linked client even if all other devices are turned off. 🤔
@th That's interesting. Where can I read more details about it?
@setthemfree @th It is also a question for me. The photo appears to be from 34th CCC (2018).
@th Do you have a source on this change?
@th
The UI patterns around this worry me as well. Previously, making an encrypted backup got you a key and 'please write down somewhere safe'.
This they have made pop up insistently above the interface, impossible to dismiss. Numeric by default. Then egging you for it afterwards to 'help you memorise it'.
@th
The intention is clearly not to encourage a paper key or password utility. While some of their previous decisions could be seen as 'hiding the footguns from the end users', this is clearly the opposite…
@th As much as I hate to admit it, @sir could be right on this one: They're into cryptography LARPing and we haven't noticed until it was too late.