• 0 Posts
  • 89 Comments
Joined 1Y ago
cake
Cake day: Jun 28, 2021

help-circle
rss

You’re glad you move away from DDG because they’re fighting spam and misinformation? That doesn’t make sense to me. SearX is great, but ditching DDG because they’re doing a net positive is illogical.


I think the difference is that ultimately China (the government, not it’s people) is an enemy of the “wester alliance” - “the west”, if you will. You can work, and even cooperate, with an enemy to a degree, but you don’t let them into your house. It’s pretty basic at it’s core. TikTok is from a simplistic POV, is at the whims of the Chinese government - much like Facebook/Insta/Snap are to the US government although to a much lesser extent. We don’t worry about FB/Insta/Snap because they operate within the “western” jurisdiction and are “trusted” within their domain.

Being rational also requires you take real-life risks into consideration. This would be like saying “why don’t you treat your friends the same way you treat the local crackhead when he walks through your store? He’s just there to buy essentials” - yes, he may be there to actually buy things, but he’s much more likely to do something nefarious than your known friends.


Not an expert at all in anonymizing audio, but I suspect anything “off the shelf” to mask your voice may be easy, or at least easy for experts, to undo. I would suggest instead to use a TTS engine and mask that instead. Here’s a list of decent - from my now ancient experience - TTS engines you may be able to use: https://linuxhint.com/command-line-text-speech-apps-linux/

Regarding uploading without leaking your IP - you could use Tor, but ensure javascript is disabled and/or you completely trust the server you’re uploading to, lastly some people would advise that Tor has been long compromised, but take that with a grain of salt and wait for others with more recent knowledge/experience chime in.


Only if the raspberry pi has a hardware decoder for AV1, otherwise it’s stuck doing decoding video in CPU, which is not very efficient. It may make sense to keep things in x264/5 which has better general hardware support.


duckduckgo.com - it’s my second attempt at switching over from google and I can finally say it works just as good - if not better than - Google, for me. It may not be there for others yet but I feel like I can start recommending it now.


If someone is so underpaid, overworked, or stressed that they consider injuring themselves to succeed or better themselves, we have failed as a society.

(breaking a body part for a big payout, this could be abused so hard)

I my be wrong but the number of people willing to injure themselves severely for a big payout can’t be statistically significant.


I was going to point out a few myself but saw that someone had already done the work for me - “on the shoulders of giants” as they say ;)


Check out MiroTalk https://mirotalk.herokuapp.com/.

It’s free, browser-based, open-source, you could self-host if you want to. You basically go to a unique link, like this for example: https://mirotalk.herokuapp.com/join/51839BlueDuck. Anyone who visits the link can join the room, you can even lock the room to prevent people from joining after all your members have hopped on.

Some of its features:

  • 100% Free and Open Source
  • No download, plug-in or login required, entirely browser based
  • Unlimited number of conference rooms without call time limitation
  • Possibility to Lock/Unlock the Room
  • Desktop and Mobile compatible
  • Webcam Streaming (Front - Rear for mobile)
  • Audio Streaming crystal clear
  • Screen Sharing to present documents, slides, and more…
  • File Sharing, share any files to your participants in the room
  • Select Audio Input - Output && Video source
  • Ability to set video quality up to 4K and adapt the FPS
  • Recording your Screen, Audio and Video
  • Chat with Emoji Picker & Private messages & Save the conversations
  • Advance collaborative whiteboard for the teachers
  • Share any YouTube video in real time
  • Full Screen Mode on mouse click on the Video element
  • Change UI Themes
  • Right-click on the Video elements for more options
  • Direct peer-to-peer connection ensures the lowest latency thanks to WebRTC

Sorry, didn’t mean to upset you. I think my response was pretty solid, sorry if you’re unable to understand what I’m saying.


Briar is probably more secure and it’s not the only secure app to chat in this world, Signal isn’t the MOST SECURED one xD.

A communication platform is only as good as it’s feature-set, ease-of-use, and accessibility. I’m not going to ask my grandma to install Briar - hell, half my friends and family with iPhones can’t even install it, there’s no app for it. I would consider my PGP signed/encrypted text files delivered via carrier pigeon even more secure than briar, but who would I even talk to? Maybe Briar will be a great alternative in the future, but it has a lot of ground to cover. Also, Signal is fully E2EE - that’s what I want, that’s what I care about right now. I’m keeping an eye on Briar, but I’m not asking anyone to install it yet.

Just block and done.

You’re simplifying a problem in a domain you seem to have zero experience with. I will just leave it at at that, as my previous examples in my previous reply didn’t seem to click.

if FBI asks for a backdoor you are forced to make it BY LAW and you can’t even tell this to anyone BY LAW

This is a lie.

Forced labor in the US is illegal. The FBI cannot force you or an organization to work without compensation. As such, the FBI cannot compel software developers to work (modify their code to make it less secure) without breaking the law.

The All Writs Act forces companies to assist in investigations by providing data they already have, (which Signal gladly does [1] )but it does not grant the ability to force someone to work (which is what software development is and is what would be required to backdoor their own systems).

[0] https://www.beencrypted.com/news/apple-vs-fbi-events-summary/

[1] Reminder that Signal only collects: 1) the date you signed up 2) the last day your client pinged their servers.


In security, you can’t assume that the the server isn’t storing a piece of data just because the operator says it isn’t

100% agree with you about being unable to confirm what the server is doing, but the fact of the matter is anyone you interact with - centralized server-client or decentralized peer-to-peer - can store some metadata.

The FBI could force Moxie to hand it over, and may have already done so without us knowing

Private contact discovery is engineered in a way that you would be unable to retrieve what is being processed even if you had access to Signal’s infrastructure or admin/root rights. If you don’t believe this is true, please point out where the weakness in their code is, it’s open for review and for anyone to point out its flaws.

Lastly, the FBI cannot compel anyone - individuals or companies - to work on anything without compensation. That is considered forced labor, which is highly illegal in the United States where Signal resides. The FBI attempted to force Apple to develop software to compromise the security of iOS, but they dropped the case, likely because they knew they would fail. Although they claim they found the software they needed elsewhere [0].

So the FBI can ask Signal for assistance, but that’s it. Signal must comply with the law so they always provide the info they do have - which is the data I previously pointed out - but they do not have to build any such system that would compromise the security of their service as it would fall under forced labor; i.e. developing software against their will.

[0] https://www.beencrypted.com/news/apple-vs-fbi-events-summary/


I never get any spam on my chats

I’ve never crashed my car, should everyone get rid of their car’s seat belts?

Your experience does not represent the world. I’ve only experienced 2 cases of spam on Signal, but they were all within the last year. I’ve had zero spam in the many years I’ve now been using Signal. So, while my anecdote is just as invalid as your single point of data, there’s definitely a trend for increased spam as a service gains popularity and it makes sense that they’re looking at enhanced methods to block spammers.

I still don’t see why they want a super secure smart system to block with captcha

You don’t understand why Signal, one of the most secure messaging platforms available, wants a super secure smart system to block spammers? I think you answered your own question.

Telegram for example you can add your own bot to kick the bot users. If you get a direct message you can just block and report

Telegram stores all your data and can view everything you do - unless you opt into their inferior E2EE chat solution known as “Secret Chats” - so it’s easier for them to moderate their services. When you report someone, Telegram moderators see your messages for review [0] and can limit an account’s capabilities. Signal can’t view your messages because everything is E2EE, nobody but the intended recipient can view your messages, they can’t review anything.

As you can see, without even digging into it too much, I’ve already found one case where Signal faces challenges not present in Telegram. Thing’s aren’t always as simple as they seem. Especially not for Signal, as they’ve worked their asses off to ensure they have as little data on their users as possible.

[0] https://www.telegram.org/faq_spam#q-what-happened-to-my-account


A simple system like that is easy to implement. I don’t think anyone’s questioning that they can build the worst attempt at an anti-spam system, like the one you’re suggesting. The types of spam you see on modern systems needs a bit more thought than “block if reported more than x times in x times” because you could easily target people and disable them remotely by coordinating attacks.

So yeah, it’s not magic if you want a dumb system that may introduce other problems, but you really have to think about things sometimes if you want it to work well in the long run.


This is incorrect.

They store:

  • Your number
  • The date you first registered.
  • Last day (not time) a client last pinged their servers.

Signal’s access to your contacts lets the client (not them):

determine whether the contacts in their address book are Signal users without revealing the contacts in their address book to the Signal service [0].

They’ve been developing/improving contact discovery since at least 2014 [1], I’d wager they know a thing or two about how to do it in a secure and scalable way. If you disagree or have evidence that proves otherwise, I’d love to be enlightened. The code is open [2], anyone is free to test it and publish their findings.

[0] https://signal.org/blog/private-contact-discovery/

[1] https://signal.org/blog/contact-discovery/

[2] https://github.com/signalapp/ContactDiscoveryService/


It’s a form of evidence. They were compelled by the law to provide everything they have on a user and the only thing they could provide, because they don’t log anything, is the date a user signed up and the last time a client pinged their servers- that’s it!

If you can’t trust the ACLU, the courts, Signal, cryptography experts, etc, who can you trust?

Is the ACLU denying the evidence posted by Signal? Is the Judge denying the records posted by Signal?

I get that Signal has posted this on their website and it could be faked, but do you realize how crazy it sounds that everyone involved would be in on one of the biggest conspiracy theories regarding secure messengers EVER?

I understand scrutinizing Signal to ensure they’re above board, but this is kinda ridiculous.


They’re hiding the function (rules) that will trigger a captcha response in the client if they get enough reports that it’s a spammer, after which the client will be unable to continue to send messages until the captcha is solved. That’s it. The reason you can’t check how they’re doing it is because the spammers would just read it as instructions on how to avoid getting caught.

Communication/messaging, everything, is still E2EE. Nobody is getting anything out of this. If the FBI asks them to get user data, they will be unable to share anything with them. They don’t need to warn users because they don’t keep any data anyways - as can be seen by the multiple subpoenas they’ve fought to make public and continue to not provide any useful info.


If you don’t understand why he’s comparing Discord to Matrix, the comment went over your head. Give it a read again, let me know if it still doesn’t click, I can attempt to explain.


I like Matrix and use it along with Signal, but it leaks significant metadata compared to Signal https://gitlab.com/libremonde-org/papers/research/privacy-matrix.org/-/blob/master/part1/README.md

It’s not a real solution, an alternative, yes, but only has federation/self hosting above Signal. Signal leaks significantly less data.


Can you explain what the other ways are? Because I’ve seen everyone talking bad about this, but nobody offering real alternatives.