pleroma.debian.social

pleroma.debian.social

jlines | @jlines@pleroma.debian.social

.

A lucid explanation of a complex subject

Tariffs
https://xkcd.com/3073/

@amy certainly agree on your points, and also concerned at the way that SMTP is becoming/has become defederated in practice. I believe an effort to educate the law makers would be more productive than asking Meta to be nice. I wish the tech giants who do not have a stake in the Instant Messaging and Social Media spaces would see that there can be value to them in promoting the open standards. Ideally the foundations would have financial support from more than 1 company.

There are no known security issues with "Siacs OMEMO" / OMEMO v0.3¹ despite of what some very loud Signal fans would like you to believe. It has been audited by a third party² who took a longer look at it than all of the Signal fans combined.

Yes, v0.7+ (or TWOMEMO 😜) is a cleaner spec with more features (most notably Stanza Content Encryption). That’s why we wrote it. I’m a co-author. That doesn’t mean v0.3 is insecure.

¹: https://xmpp.org/extensions/attic/xep-0384-0.3.0.html
²: https://conversations.im/omemo/audit.pdf

@fencepost @GossiTheDog It is a very poor UI decision to hide information from a user for the sake of convenience which would allow them to make security decisions. This is not restricted to Instant Messengers.

@fencepost @GossiTheDog I think the inherent 'flatness' of Signal, and other non-federated IM systems is a weakness in that it fails to make use of the information you get for free from the tree structured nature of the DNS. If the other members of the group had all been on the republican.org, or whitehouse.gov server (or a mixture), then the presence of a jeffrey.goldberg@theatlantic.com would/should have been glaring obvious.

@Viss so if your internet is down you wont be able to, for example "Alexa turn the light on", turn the heating up or down etc.

@ireneista @contrapunctus @grimalkina @Lunaphied Clicking on the ellipsis at the bottom right of Daniel's post and selecting 'Expand this post' show other replies, but the one from @winfriedtilanus is the most useful.

@adamhotep @snopes rather than using Signal, I suggest self hosting an #XMPP server with accounts for key people. Create a group for sharing MFA keys and keep this sensitive information under your control. If your xmpp server was, say chat.snopes.com, then you can leverage DNS security to have confidential discussions with external people too. See [It is good to be a tree}(https://wordpress.debian.social/jlines/2021/01/12/it-is-good-to-be-a-tree/)

@ireneista @contrapunctus @grimalkina @Lunaphied There is an interesting thread here on Federated Metadata privacy

@thevril @contrapunctus @snikket_im @grimalkina I do like that list too, and use Conversations (via #fdroid and donate via @mastadon.xyz@liberapay). My aim is to inform people that alternatives to monolithic Instant Messengers exist, and encourage more mainstream use.

“The fundamental weakness of Western civilization is empathy, the empathy exploit,” Musk said. “There it’s they’re exploiting a bug in Western civilization, which is the empathy response.”
-Elon Musk, March 6, 2025

“In my work with the defendants (at the Nuremberg Trials 1945-1949) I was searching for the nature of evil and I now think I have come close to defining it. A lack of empathy. It’s the one characteristic that connects all the defendants, a genuine incapacity to feel with their fellow men. Evil, I think, is the absence of empathy.”
-Captain G. M. Gilbert, the Army psychologist assigned to watching the defendants at the Nuremberg trials

https://www.cnn.com/2025/03/05/politics/elon-musk-rogan-interview-empathy-doge/index.html

@ireneista @contrapunctus @grimalkina @Lunaphied I am concerned about the risks associated with metadata for some time, specifically in the context of Who pays for WhatsApp, but any centralised system, e.g. Signal, or Telegram - even if well intentioned, will be vulnerable to insiders being bribed of coerced. Federation limits the insider information scope.

@grimalkina @contrapunctus I suggest actually trying XMPP - there are links to Free Clients and servers at https://xmpp.org/getting-started/, but you might find the 14 day trial at https://snikket.org/ (and then about $6 per month for up to about 10 people) worth a go. They are a friendly interface on real XMPP, and I like their transparency, and that they are on the Fediversse @snikket_im

@grimalkina @contrapunctus XMPP has been around for a very long time, but because it is a standard rather than a product there is no central point for a lobby group to promote it. You can find out more at https://xmpp.org/

@ireneista @Lunaphied @contrapunctus @grimalkina the benefit of a widely dispersed, federated XMPP network is that it is very resistant to traffic analysis. Working towards wider availability of systems such at #freedombox help with this, as well as spreading the knowledge that open standards based chat is available, and has been for some time.

@bun @GossiTheDog Bring Your Own Device. An acknowledgement by businesses that many people have, for example a personal mobile phone which is more recent than the one they issue, and that it is very inconvenient to operate with two devices. They benefit from the intermingling of work and personal life, with people taking work home, for example, but this introduces complex security issues.

@bontchev @GossiTheDog I am pretty sure it is from Pink Floyd's The Wall

@thelovebug @liv @beasts this is how a business can benefit from a Fediverse presence without taking out advertising space on a Commercial Social Media platform. Allow customers to reference you when the subject of your business area comes up, and focus on providing a good service.

@liv Mythic-Beasts do DNS registration, are technical and customer focussed, and, unlike many companies, understand the fediverse by being here @beasts

@fmarier I have come across this too, and find it a worrying sign. I am not sure I want to deal with an organisation which is so ignorant of the internet that they think they are helping their users by having a box to enter your username and a dropdown for whether you are (gmail.com, outlook.com, live.com ... - I think there were less than 10).
Almost as alarming to find the number of Universities - who should know better - running their email on MS Exchange.

»