• 3 Posts
  • 13 Comments
Joined 5M ago
cake
Cake day: Mar 06, 2021

help-circle
rss

That would be for “yes” I suppose? Okay, okay - sorry, I don’t actually want to attack you anyhow or LMAO around - I just want to point out that it’s nice to imagine that “to be secure/to feel secure” is really not under control of someone’s privileged point of view. All what we’re talking about - just a reminder - that the question was about the MOST secure app. You’re accusing me of “trying to get people to use less secure systems” or “dissuading people away from Signal”. What can I say about it? I feel so deconspired that getting out is really the only option for me!

But maybe you could consider to really get in, huh?


Okay, I see that you’re very unhappy because of my thoughts and you’re showing it in every response. I’m totally ok with that, but if you could tell me one thing: are you white cis hetero male from usa/europe/australia? Just need to know if it’s worth to engage.


Does someone can say something about Status App?


And here you have some words from one of Berlin’s collective on why they stopped using Signal. Take a note that it’s from 2017. https://resist.berlin/goodbye_signal.txt


To fill the list it’s good to notice the Berty project, but it’s still in development though: https://berty.tech/


Okay, so I here’s what I think for the main question. (Sorry for my English, I’m not the native speaker - if something is hard to understand let me know, please)

On the internet we have a lot of discussion about this topic. And we have a lot of different views on it. And a lot of apps. We need to be sure what we’re talking about and how precise we are. These are my main thoughts, listed. There is no such thing as “most secure chat app”, especially if we’re not asking precisely what we mean by that term.

I think of three main factors of the case. And I want to put it clear: I don’t want to go on full-geeky or start a discussion about “normal user will not understand”. Every user is different. The “most secure app” should be “most secure” both for an undercover agents and our grandmothers.

  1. Software and it’s environment. So, the app - but this is just the surface. But mainly it’s something that everyone can agree - the app and it’s environment should be open-source, and actively maintained. Also there should be a quite interest around it - because there should be some people who actually can really say that they looked up to the source and “approve” it’s reliability. The communication with the company/foundation/creator should be good and smooth. The community around the app should be treated well and should feel listened. Should be well documented. Should think about “typical users”, so to obtain that - app should be easy to manage and have well designed UX (not for geeks only). The app and information in it should be encrypted out-of-the-box. The communication should be decentralised and not depending on the main server (because that’s the future of the internet, damn). E2EE have one big problem - it’s hard to have control of messages you’ve already sent. App should have some ideas inside for solve this problem. The app should have possibility to register the account without giving your credentials. No e-mail address, no phone number.
  2. User and it’s environment. Every secure app can be used in unsecure way. You cannot jump over it. If you cannot think creatively about your tools, security model, things you want to achieve - none of apps from the toplist will help you. You don’t need to be a specialist, really. It’s about few articles and some hours of research. Educate yourself, think. If you’re using secure app on unsecure system - huh, nothing will help you then. Encrypt the phone. Use password manager. Don’t give away your contact information easily. Take control of what you want to share before you will share it. Educate yourself.
  3. Geopolitics and awareness It’s easy to forget about it. When I see discussions about different apps - people are talking from their perspective - what means - perspective of the country they live in. “Most secure” app should be “most secure” in USA and in Iran. In Poland you need to register every phone number on your credentials. In Czech Republic you don’t need to. There are places where government can easily gain access to data of your internet provider without even asking the court. Think global, try to gain knowledge about specifics of your country. I can use Signal - but I need to register it on Czech SIM card with phone that I bought second hand, on which I never used my own, private SIM card. Then I can really feel safe - not only for government (that’s not the deal for many of users though) but also from stalking/doxing by private users/trolls. Remember that nobody of us is “typical user”. If your country is fucking up the abortion law and you cannot legally use the “day after” pill - which could be an issue for 50% of human beings - you need to be sure that your credentials are safe. We had these situations in Poland when - hear me out - right wing “catholic” foundation ran a fake “safe number” for woman with this problem, and afterwards they doxxed their private information. The same with human rights activists or LGBTQ+ people, especially young people. They are not special agents - they need just to feel safe. This is ALL OF US. There is NO SHUCH THING AS “TYPICAL/NORMAL USER”.

So, when it comes to this I need to say that I cannot tell which app is really “most secure”. I’m not an tech expert, so I cannot pentest the app by myself. But I can tell you which app looks the most reliable to me.

For me it’s Session app. It has some cons, like everything. But I will tell you why I believe in it. Yeah, “believe” it’s a good word for it. Because it’s always about trust. If the devs are sincere with us and everything is working as they say - that’s the way it should work for every secure app. First - let’s look at the main concerns. First one is Australia, which the app is from. It has very fucked up law - court can easily access the data of users (please correct me if I’m wrong). But the app is designed in a way that even if the government would get this access - they will find nothing or almost nothing, just scraps of metadata which would be hard to use against you.

Next thing is reliability. There should be more third-audits done for the app, that’s true. But the foundation behind the app is showing very good attitude for it. They are communicating, they are active and I think it’s just a matter of time that it will be full-acceptable on the paper.

Design - it’s up to date. It has something that Signal doesn’t have if we’re talking about that E2EE problem - the capability of your chat inbox. You can make your inbox delete the messages after specific number (not only after specific time - but that is possible too). You cannot force the person which you are talking to do the same, but app is anonymous so It would be really hard to connect these messages to you. On Signal in other hand - all messages are linked to you because of phone number and you need to depend on security of other people - not cool. The next good thing - it’s using a decentralised network based on nodes (onion routing). That should be a standard, I will not comment on that.

But the biggest thing is that I can see on my own eyes that the developers running this project has really A LOT TO LOSE. Yeah, that’s a thing for me. I can see how they’re communicating, how they’re developing as a foundation/company. They are really into the privacy stuff. If they would make a mistake… oh, shit, that would be a total disaster for them. They just cannot screw it up - they have own coin, they have own node-network, they have the bright future in front of them. When you have a lot to lose - you are more reliable. But that’s my private opinion which cannot be measured scientificaly. I’m just watching closely and I can see that they are growing. If they are capable of doing what they annouced this year - encrypted voip call by the onion network - it would be a really huge step forward. Crossing fingers.

Wickr has that great system for ephemeral messages - ‘burn after read’ option. I really liked it. But Wickr is now part of Amazon. So using it is like you would give your money to ISIS - you’re just funding terrorism. Briar is great, of course. It’s the top for sure. But there is a problem with Briar. It will never be a standard - because is not “cool”. Why that matters? If the app is not used by a lot of people and is not popular - there is a possibility that it will die soon. That’s how it works for now, too bad - but true.

I would say that XMPP is also a good direction to look, I’m not sure about Matrix on not-self-hosted servers. Yup, that’s all I think. If someone will disagree - I’m cool with that and please don’t take my words as something what I will fight for. I’m not here for force-changing someones point of view. Thanks.


There are parts of the world, like 80% of it I guess, where secure=anonymous.


I’m sorry if I sound rude. I just experienced an issue with what I’m talking about, and big part of it was believing that Signal is the most secure messenger, “because this is what internet says”. Just let us all be cautious about that what we believe is not exactly true for everyone.


No, no, no. Signal cannot be placed in the beginning of the MOST secure chat apps. I cannot accept it, this opinion is very dangerous - because people take it for granted. No. In many countries you cannot buy a burner SIM and make anonymous account. Also - you can be added to a group without permission and someone you don’t know can gain the possibility to dox you, stalk you or phish you. I saw it, I’ve been there. Security is not about encryption only. Visible phone number is TOO MUCH INFORMATION - and I’m really pissed off when I see that people are not taking it seriously. Maybe for you, when using disposable number and talking to few people - OK. But please, imagine that there’s a lot of people with a lot of security models and it’s not reasonable to always put Signal on the top of these MOST SECURE chat app lists. No, not for everyone.

If not for everyone - then it’s not MOST secure.


Recently I started to use Erine Email - and it has just everything I need. It’s FOSS and I’m quite surprised that no one listed it here… Maybe you have thoughts about it?


Don’t you think they have too much to loose here? If it would be true - whole Oxen with their coin & lokinet would be down.


Lot of people were waiting for this to be done. What do you think?..


It’s cool when we’re talking about sharing music, but tell me please - it’s also your tactic in sexual relations?


Windows 10
plus-square
image

Yeah, it’s W10, don’t blame me. …

13
image
Windows 10
plus-square

Yup, thanks.

I’m not a specialist on that topic (as I said) but just few things:

  • Did you ever tried LSD? Because if you never had this experience it would be clear why you’re comparing it to weed. I don’t think it should be compared to anything. Ah, and we’re talking about 10 micrograms twice a week for three months.
  • About alcohol - I know what you’re talking about, but also think that it cannot be compared - LSD is not influenting the same parts of brain, it’s completely different architecture. But of course I think that our body can generate tolerance for everything - and maybe microdosing is just about generate the tolerance in some way. But I can imagine that making tolerance for LSD you would need to take it every day - and we’re talking here about ten micrograms just twice a week. And it’s not about to feel effect - it’s about long term process.

“One of the Biggest Dangers of Microdosing is Accidentally Macrodosing”

Check out this article from The Cut


Okay, firstly - hello!..

4