pleroma.debian.social

pleroma.debian.social

jlines | @jlines@pleroma.debian.social

.

A lucid explanation of a complex subject

Tariffs
https://xkcd.com/3073/

@amy certainly agree on your points, and also concerned at the way that SMTP is becoming/has become defederated in practice. I believe an effort to educate the law makers would be more productive than asking Meta to be nice. I wish the tech giants who do not have a stake in the Instant Messaging and Social Media spaces would see that there can be value to them in promoting the open standards. Ideally the foundations would have financial support from more than 1 company.

There are no known security issues with "Siacs OMEMO" / OMEMO v0.3¹ despite of what some very loud Signal fans would like you to believe. It has been audited by a third party² who took a longer look at it than all of the Signal fans combined.

Yes, v0.7+ (or TWOMEMO 😜) is a cleaner spec with more features (most notably Stanza Content Encryption). That’s why we wrote it. I’m a co-author. That doesn’t mean v0.3 is insecure.

¹: https://xmpp.org/extensions/attic/xep-0384-0.3.0.html
²: https://conversations.im/omemo/audit.pdf

@fencepost @GossiTheDog It is a very poor UI decision to hide information from a user for the sake of convenience which would allow them to make security decisions. This is not restricted to Instant Messengers.

@fencepost @GossiTheDog I think the inherent 'flatness' of Signal, and other non-federated IM systems is a weakness in that it fails to make use of the information you get for free from the tree structured nature of the DNS. If the other members of the group had all been on the republican.org, or whitehouse.gov server (or a mixture), then the presence of a jeffrey.goldberg@theatlantic.com would/should have been glaring obvious.

@Viss so if your internet is down you wont be able to, for example "Alexa turn the light on", turn the heating up or down etc.

@ireneista @contrapunctus @grimalkina @Lunaphied Clicking on the ellipsis at the bottom right of Daniel's post and selecting 'Expand this post' show other replies, but the one from @winfriedtilanus is the most useful.

@adamhotep @snopes rather than using Signal, I suggest self hosting an #XMPP server with accounts for key people. Create a group for sharing MFA keys and keep this sensitive information under your control. If your xmpp server was, say chat.snopes.com, then you can leverage DNS security to have confidential discussions with external people too. See [It is good to be a tree}(https://wordpress.debian.social/jlines/2021/01/12/it-is-good-to-be-a-tree/)

@ireneista @contrapunctus @grimalkina @Lunaphied There is an interesting thread here on Federated Metadata privacy

@thevril @contrapunctus @snikket_im @grimalkina I do like that list too, and use Conversations (via #fdroid and donate via @mastadon.xyz@liberapay). My aim is to inform people that alternatives to monolithic Instant Messengers exist, and encourage more mainstream use.

“The fundamental weakness of Western civilization is empathy, the empathy exploit,” Musk said. “There it’s they’re exploiting a bug in Western civilization, which is the empathy response.”
-Elon Musk, March 6, 2025

“In my work with the defendants (at the Nuremberg Trials 1945-1949) I was searching for the nature of evil and I now think I have come close to defining it. A lack of empathy. It’s the one characteristic that connects all the defendants, a genuine incapacity to feel with their fellow men. Evil, I think, is the absence of empathy.”
-Captain G. M. Gilbert, the Army psychologist assigned to watching the defendants at the Nuremberg trials

https://www.cnn.com/2025/03/05/politics/elon-musk-rogan-interview-empathy-doge/index.html

@ireneista @contrapunctus @grimalkina @Lunaphied I am concerned about the risks associated with metadata for some time, specifically in the context of Who pays for WhatsApp, but any centralised system, e.g. Signal, or Telegram - even if well intentioned, will be vulnerable to insiders being bribed of coerced. Federation limits the insider information scope.

@grimalkina @contrapunctus I suggest actually trying XMPP - there are links to Free Clients and servers at https://xmpp.org/getting-started/, but you might find the 14 day trial at https://snikket.org/ (and then about $6 per month for up to about 10 people) worth a go. They are a friendly interface on real XMPP, and I like their transparency, and that they are on the Fediversse @snikket_im

@grimalkina @contrapunctus XMPP has been around for a very long time, but because it is a standard rather than a product there is no central point for a lobby group to promote it. You can find out more at https://xmpp.org/

@ireneista @Lunaphied @contrapunctus @grimalkina the benefit of a widely dispersed, federated XMPP network is that it is very resistant to traffic analysis. Working towards wider availability of systems such at #freedombox help with this, as well as spreading the knowledge that open standards based chat is available, and has been for some time.

@bun @GossiTheDog Bring Your Own Device. An acknowledgement by businesses that many people have, for example a personal mobile phone which is more recent than the one they issue, and that it is very inconvenient to operate with two devices. They benefit from the intermingling of work and personal life, with people taking work home, for example, but this introduces complex security issues.

@bontchev @GossiTheDog I am pretty sure it is from Pink Floyd's The Wall

@thelovebug @liv @beasts this is how a business can benefit from a Fediverse presence without taking out advertising space on a Commercial Social Media platform. Allow customers to reference you when the subject of your business area comes up, and focus on providing a good service.

@liv Mythic-Beasts do DNS registration, are technical and customer focussed, and, unlike many companies, understand the fediverse by being here @beasts

The legality (not wisdom) of putting European private data on US clouds hinges on the availability of the US Privacy and Civil Liberties Oversight Board. Trump neutered this board, and the European parliament has taken notice & asked the European Commission what they think:

Thorn e enma intarnctin diericeinn thic wnnl + tha Drivarc aus Galan in Minmi e e Comnittee on Civil Liberties, Justice and Home Affairs = European Parliament

The Chairman IUST-SEC/LIBE D (2025) 2901 Mr Michael McGrath Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection European Commission Rue de la Loi/Wetstraat 200 D 300788 06.02.2025 1049 Brussels Dear Commissioner McGrath, The Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee) closely follows all matters linked to the European Commission’s adequacy finding for the EU-US Data Privacy Framework mechanism. It was in view of the Commission’s assessment that the European Parliament adopted its resolution of 11 May 2023 on the adequacy of the protection afforded by the EU-US Data Privacy Framework (2023/2501(RSP)). Furthermore, during a LIBE Committee mission to Washington in May 2023, LIBE Members had an opportunity to discuss EU-US data transfers with Members of the US Congress, representatives of the US Departments of Justice and Commerce, as well as the Chair of the Federal Trade Commission. One of the issues considered in the above-mentioned resolution are the competences of the Privacy and Civil Liberties Oversight Board (PCLOB), an independent body responsible for ensuring that privacy and civil liberties are safeguarded. The EU-US Data Privacy Framework established a new review mechanism, allowing individuals in the EU whose personal da

»