Billionaire seem to have a… unscientific view of a sci fi future.

That’s cause due to network effects people who are making such projects are equivalent to grocers in qualification. Just were in the right place at the right time. They are not engineers, not philosophers. But since they’ve read and seen in sci-fi that they have to show something engineer-philosopher-like, they are doing all this bullshit.

Our world’s problem is in these monopolies which should be busted. After they are busted, we’ll see a lot of goodness through the usual normal competition.

And also I don’t think the sequence of events that led to the current state of things should be treated as some proof of “capitalism not working” or “computer-driven futurism being a dead end” or even “space travel not ever happening” or anything as radical. Every time is different. It’s like living all your life alone after one bad relationship.

We should dream, and we should make, and we should try, and we should tell those who think it’s their “vision” or none to go kick rocks.

It would, eh, take some time to soak up all the sun with whatever they can put there.

Also to handle that your opponent, when proven wrong, doubles down IRL and not says “sorry daddy, let’s return to the anime stepsis line”.

Signal being easy to rely on is its biggest benefit. No one will adopt something that’s more complex, but I don’t think extra complexity would offer better security for the average person. More complexity just means more things to go wrong.

My concerns on this are more that acceptable share in something in the internetworked world seems to be in percentages far smaller than the usual common sense percentages. Like - there are political systems with quotas, and there are anti-monopoly regulations, but with computers and the Internet every system is a meta-system. Allowing endless supply of monopolies and monocultures.

Signal is so easy to rely, that if you ask which applications with zero-knowledge cryptography and reliable groupchat encryption and so on people use, that are available without p2p (draining battery and connectivity requirements), with voice calls and file transfers, it’ll be mostly Signal.

Doesn’t matter it’s only one IM application. In its dimension it’s almost a monoculture. One group of developers, one company, one update channel. An update comes with a backdoor and it’s done.

It’s not specifically about Signal, rather about the amount of effort and publicity that goes into year 2002 schoolgirl’s webpage is as much as any separate IM application should get, if we want to avoid dangers with the Internet which don’t exist in other spheres. And they usually get more. The threshold where something becomes too big with computers is much smaller than with, I don’t know, garden owner associations.

Even if there are already backdoors put by their developers in a few very “open”, ideologically nice and friendly and “honorable” things like Signal, then such backdoors can exist and be used for many years before being found.

I mean, there are precedents IRL, and with computers you are hiding the needle in a much bigger hay stack.

Obviously I’m no smarter than this person

I’m bloody certain you are smarter than this person in everything not concerning things they were directly proficient in. And while being an idiot, they would stuck their nose into everything not their concern in very dangerous (for others, not for them) ways.

but without cryptography how is any “secure” project actually “secure”.

There are security schemes, security protocols, security models, and then there is cryptography as one kind of building blocks, with, just like in construction materials, its own traits and behavior.

In the end, I personally think having an easy to use platform that is secure gives everyone amazing power to recoup their free speech wherever is it eroded.

And I think the moment anything specific and controlled by one party becomes popular enough to be a platform, we’re screwed and we’re not secure.

Reminds of SG-1 and the Goauld (not good guys, I know) adjusting their spawn genome for different races.

Perhaps something like that should be made, a common DSL for describing application protocols and maybe even transport protocols, where we’d have many different services and applications, announcing themselves by a message in that DSL describing how to interact with them. (Also inspired by what Telegram creators have done with their MTProto thing, but even more general ; Telegram sometimes seems something that grew out of an attempt to do a very cool thing, I dunno if I was fair saying bad things about Durov on the Internet.)

A bit like in Star Wars Han Solo and Chewbacca speak to each other.

And a common data model, fundamentally extensible, say, posts as data blobs with any amount of tags of any length, it’s up to any particular application to decide on limits. Even which tag is the ID and how it’s connected to the data blob contents and others tags is up to any particular application. What matters is that posts can be indexed by tags and then replicated\shared\transferred\posted by various application protocols.

It should be a data-oriented system, so that one would, except for latency, use it as well by sharing post archives as they would by searching and fetching posts from online services, or even subscribing to posts of specific kind to be notified immediately. One can imagine many kinds of network services for this, relay services (like, say, IRC), notification services (like, say, SIP), FTP-like services, email-like services. The important thing would be that these are all transports, all variable and replaceable, and the data model is constant.

There can also be a DSL that describes some basics on how a certain way of interpreting posts and their tags works and which buttons, levers and text fields it presents, kinda similar to how we use the Web. It should be a layer above the DSL that would describe verification of checksums, identities, connections, trust, who has which privileges and so on.

Except all these DSLs should be concise and comprehensible, because otherwise they will turn into something like TG’s protocol in complexity and ugliness.

OK, I have temperature and I think I’ve lost my thought.

They feel more at home with it. And they shouldn’t be told how to use anything. Windows NT, were it cleared from all the mess, would be a very fine OS.

Or maybe something like AmigaOS or Haiku.

It’s a demand that Linux doesn’t fulfill, some sort of rebirth of Amiga could.

If the world weren’t networked the way it is now (I’m not against global connectivity as a thing, just how it works now), any kind of old software and hardware could be used. Because security and things breaking without the Internet are the main reasons why people update.

Both. In my surroundings QIP was popular, a Jabber client with an ICQ gateway added from the start or something like that (maybe it just was a client of both). And the whole “roster with buddies and IM windows” thing was definitely more ICQ than IRC inspired.

Unironically yes, communications (information and roads) were historically as important. Lenin’s call to “take post, telegraph, telephone stations, bridges and rail stations” kinda illustrates that.

What I meant is that abstractly having fully private and free communications is just as universally good as everyone having a drone army. In reality both have problems. The problems with weapons are obvious, the problems with communications in my analogy are not symmetric to that, but real still - it’s that people can be deceived and backdoors and traps exist. Signal is one service, application and cryptographic system, it shouldn’t be relied upon this easily.

It’s sometimes hard to to express things based only on someone with good experience telling them to me, making it an appeal to anonymous authority, but a person who participated in a project for a state security service once told me that in those services cryptography is never the basis of a system. It can only be a secondary part.

Also, other than backdoors and traps, imbalance exists. Security systems are tools for specific purposes, none are universal. 20 years ago anonymity and resilience and globalism (all those plethora of Kademlia-based and overlay routing applications, most of which are dead now) were more in fashion, and now privacy and political weight against legal bans (non-technical thing, like, say, the title of the article) are. The balance between these in popular systems determines which sides and powers lose and benefit from those being used by many people. In case of Signal the balance is such that we supposedly have absolute privacy and convenience (many devices, history), but anonymity, resilience and globalism are reduced to proverbial red buttons on Meredith Whittaker’s table.

Getting rid of monoculture via transports and cryptography being pluggable (meaning that the resulting system would be fit for sneakernet as well as for some kind of federated relays as well as something Kademlia-based, the point is that the common standard would describe the data structure, not transports and verification and protection).

It was intended as an ICQ replacement, and its advocates even managed to sell it as that for many normies. It became supported, with federation or not, by many email service providers, social networks, and so on. Then that support mostly vanished. Its users percentages are not inspiring.

In short - something “everyone being able to look upon” is not an argument. The real world analogies are landmines and drug dealers and snake oil.

Even with state-level resources, it’s pretty well understood some mathematical problems underpinning cryptography are computationally beyond the reach of current hardware to solve in any reasonable amount of time.

You are not speaking from your own experience, because which problems are solved and which are not is not solely determined by hardware you have to do it by brute force. Obviously.

And nation states can and do pay researchers whose work is classified. And agencies like NSA do not, for example, provide reasoning for their recommended s-boxes formation process. For example.

Solving problems is sometimes done analytically, you know. Mostly that’s what’s called solving problems. If that yields some power benefits, that can be classified, you know. And kept as a state secret.

Are you in the dark ages? Beyond code review, there are all kinds of automations to catch vulnerabilities early in the development process, and static code analysis is one of the most powerful.

People putting those in are also not in the dark ages.

Stop right there: I don’t need to. It’s wide open for review by anyone in the public including independent security analysts who’ve reviewed the system & published their findings. That suffices.

There are things which were wide open for review by anyone for thousands of years, yet we’ve gotten ICEs less than two centuries ago, and electricity, and so on. And in case of computers, you can make very sophisticated riddles.

So no, that doesn’t suffice.

They don’t.

Oh, denial.

Again, anyone in the public including free agents can & do participate. The scholarly materials & training on this aren’t exactly secret.

There have been plenty of backdoors found in the open in big open source projects. I don’t see how this is different. I don’t see why you have to argue, is it some religion?

Have you been that free agent? Have you participated? How do you think, how many people check things they use? How often and how deeply?

Information security analysts aren’t exceptional people and analyzing that sort of system would be fairly unexceptional to them.

Yes, but you seem to be claiming they have eagle eyes and owl wisdom to see and understand everything. As if all of mathematics were already invented.

Legally obligating backdoors only limits true information security to criminals while compromising the security of everyone else.

It’s not about obligating someone. It’s about people not working for free, and those people working on free (for you) stuff might have put in backdoors which it’s very hard to find. Backdoors usually don’t have the “backdoor” writing on them.

I do agree, though: the surveillance state has so many resources to surveil that it doesn’t need another one.

Perhaps the reason they have so many resources is that they don’t miss opportunities, and they don’t miss opportunities because they have the resources.

Using mono ulture as a word doesn’t change the meaning here. If anything, its a pathway for the foal you ascribe.

Of course it does. Federation can be a monoculture too (as it is with plants). A bunch of centralized (technically federated in IRC’s case, but united) services, like with IRC, can be not a monoculture.

Monoculture is important because one virus (of conspiratorial nature, like backdoors and architectures with planned life cycle, like what I suspect of the Internet, or of natural one, like Skype’s downfall due to its P2P model not functioning in the world of mobile devices, or of political and organizational one, like with XMPP’s standards chaos and sabotage by Google) can kill it. In the real world different organisms have sexual procreation, as one variant, recombining their genome parts into new combinations. That existed with e-mail when it worked over a few different networks and situations and protocols, and with Fidonet and Usenet, with gateways between these. That wasn’t a monoculture.

Old Skype unfortunately was a monoculture. Its clients for Linux (QT) and Windows and mobile things were different implementations technically, but with the same creators and one network and set of protocols in practice.

I still think the existence of crypto is a massive boon to many

That’s the problem, it’s not. You should factor psychology in. People write things over encrypted channels that they wouldn’t over plaintext channels. That means it’s not just comparison of encrypted versus plain, other things equal.

even in a “flawed” implementation with the “control” being on the side of corporations - tho if they are smart, they’d never store the keys themselves, not even hashes.

And that’s another problem, no. Crooks only steal your money, and they have adjusted for encryption anyway. They are also warning you of the danger, for that financial incentive. Like wolves killing sick animals. The state and the corporation - they don’t steal your money, they are fine with just collecting everything there is and predicting your every step, and there will be only one moment with no warning then you will regret. That moment will be one and the same for many people.

Unless you’re part of the signal project, I doubt you know the exact implementation and storage of data they do.

What matters is that the core of their system is a complex thing that is magic for most people. You don’t need to look any further.

Still, thanks for summarising your lengthy post, even if I had to bait you into it. Sometimes, brevity is key.

EDIT:

Still, thanks for summarising your lengthy post, even if I had to bait you into it. Sometimes, brevity is key.

Yeah, I just woke up with sore throat and really bad mood (dog bites, especially when the dog was very good, old and dying, hurt immunity and morale).

that’s a lot of words to say you generally accuse any programm that isn’t federated of having an agenda targeted at its userbase

No, that’s not what I’m saying. I used the word monoculture, it’s pretty good.

And lots of social woo-woo that doesn’t extend much further than “people don’t understand cryptography and think it’s therefore scary”.

Not that. Rather “people don’t understand cryptography, but still rely upon it when they shouldn’t”.

A pretty weird post, and one which I don’t support any statement from because I think you’re wrong.

I mean, you’ve misread those two you thought you understood.

Perhaps you need to get some sleep if you don’t understand what I’m talking about.

I don’t think you understand anything you wrote about. Signal is open source,

I don’t think you should comment on security if “open source” means anything to you in that regard. For finding backdoors binary disassembly is almost as easy or hard as looking in that “open source”. It’s very different for bugs introduced unintentionally, of course.

Also why the hell are you even saying this, have you looked at that source for long enough? If not, then what good it is for you? Magic?

I suppose you are an illustration to the joke about Raymond’s “enough eyeballs” quote, the joke is that people talking about “enough eyeballs” are not using their eyeballs for finding bugs\backdoors, they are using them and their hands for typing the “enough eyeballs” bullshit.

“Given enough good people with guns, all streets in a town are safe”. That’s how this reads for a sane person who has at least tried to question that idiotic narrative about “open source” being the magic pill.

Stallman’s ideology was completely different, sort of digital anarchism, and it has some good parts. But the “open source” thing - nah.

is publicly audited by security researchers,

Exactly, and it’s not audited by you, because you for the life of you won’t understand WTF happens there.

Yes, it’s being audited by some security researchers out there, mostly American. If you don’t see the problem you are blind.

and publishes its protocol, which has multiple implementations in other applications.

No, there are no multiple implementations of the same Signal thing. There are implementations of some mechanisms from Signal. Also have you considered that this is all fucking circus and having a steel gate in a flimsy wooden fence? Or fashion, if that’s easier to swallow.

Can you confidently describe what zero-knowledge means there, how is it achieved, why any specific part in the articles they’ve published matters? If you can’t, what’s the purpose of it being published, it’s like a schoolboy saying “but Linux is open, I can read the code and change it for my needs”, yeah lol.

Security researchers generally agree that backdoors introduce vulnerabilities that render security protocols unsound.

Do security researches have to say anything on DARPA that funds many of them? That being an American military agency.

And on how that affects what they say and what they don’t say, what they highlight and what they pretend not to notice.

In particular, with a swarm of drones in the sky at some point, do you need to read someone’s messages, or is it enough to know that said someone connected to Signal servers 3 minutes ago from a very specific location and send one of those drones. Hypothetically.

Other than create opportunities for cybercriminals to exploit, they only serve to amplify the powers of the surveillance state to invade the privacy of individuals.

Oh, the surveillance state will be fine in any case!

And cybercriminals we should all praise for showing us what the surveillance state would want to have hidden, to create the false notion of security and privacy. When cybercriminals didn’t yet lose the war to said surveillance state, every computer user knew not to store things too personal in digital form on a thing connected to the Internet. Now they expose everything, because they think if cybercriminals can no longer abuse them, neither can the surveillance state.

Do you use Facebook, with TLS till its services and nothing at all beyond that? Or Google - the same?

Now Signal gives you a feeling that at least what you say is hidden from the service. But can you verify that, maybe there’s a scientific work classified yet, possibly independently made in a few countries. This is a common thing with cryptography, scientific works on that are often state secret.

You are also using AES with NSA-provided s-boxes all the time.

I suggest you do some playing with cryptography in practice. Too few people do, while it’s very interesting and enlightening.

About freedom, not freedom and various other things - might want to extend the common logic of gun laws to the remaining part of the human societies’ dynamics.

Signal is scary in the sense that it’s a system based on cryptography. Cryptography is a reinforcement, not a basis, if we are not discussing a file encryption tool. And it’s centralized as a service and as a project. It’s not a standard, it’s an application.

It can be compared to a gun - being able to own one is more free, but in the real world that freedom affects different people differently, and makes some freer than the other.

Again, Signal is a system based on cryptography most people don’t understand. Why would there not be a backdoor? Those things that its developers call a threat to rapid reaction to new vulnerabilities and practical threats - these things are to the same extent a threat against monoculture of implementations and algorithms, which allows backdoors in both.

It is a good tool for people whom its owners will never be interested to hurt - by using that backdoor in the open most people are not qualified to find, or by pushing a personalized update with a simpler backdoor, or by blocking their user account at the right moment in time.

It’s a bad tool even for them, if we account for false sense of security of people, who run Signal on their iOS and Android phones, or PCs under popular OSes, and also I distinctly remember how Signal was one of the applications that motivated me to get an Android device. Among weird people who didn’t have one then (around 2014) I might be even weirder, but if not, this seems to be a tool of soft pressure to turn to compromised suppliers.

Signal discourages alternative implementations, Signal doesn’t have a modular standard, and Signal doesn’t want federation. In my personal humble opinion this means that Signal has their own agenda which can only work in monoculture. Fuck that.

It made very different people millionaires and billionaires. Some local businessmen (a very American type in stereotypes, something between a conman and a normal mom and pop business owner), some professors with good understanding of mathematics involved, some translators for big people, some red directors who converted their Soviet power into new power.

And in my childhood I thought they are all thieves, my worldview is more nuanced now. Life is complex.

People talk of KGB as of the main important target of all potential lustrations in the future, but Eugene Kaspersky is KGB, and of people meaningful in Russia he’s honestly very fine. Some people talk of Yeltsin as someone good, but he was a Politburo member. People who remember general Lebed sometimes think he was killed because he was an honest patriotic politician, and he surely made the impression with that simple Soviet flat with a rug on the wall, that Siberian manner of speech, those pacifist and humanist things he would say in interviews (he managed to say without accusations and conflict that people who are mafia or terrorists or both for one government are friends for another and this is business as usual ; he also managed to say without losing any dignity or surrendering any important point that Russians can’t fight more wars after the XX century and that people fight to live in peace, these seem pretty obvious, but some obvious things don’t sound good on TV), except when he was made governor of his part of the world, he quickly became, eh, a normal governor - with new realty and a lover in Moscow, with very expensive idiotic PR actions (like that campaign with Alain Delon in the middle of a depressive Soviet junkyard with a Lenin statue endorsing Lebed), and so on, somehow the memory of him omits those few last years of his life, before the helicopter crash.

Now when I think about it, I didn’t think they are all thieves, I knew life is complex and that I don’t personally know all these people.

So - American billionaires don’t want to be trillionaires, I think. They want to be princes. Perhaps patricians. Or maybe mandarins. The issue is that they are blind to how all three things existed, using them as labels for their own dream of power over humans without complications. Princes were subject to God, Pope and their suzerain, multiple such sometimes, like in Brittany or Holsten or … Patricians obeyed the customs of their republic, whose first citizen usually was a plebeian - the man who was first named “first citizen” notably was, and his cognomen is now used to refer to emperors. Mandarins lived in the kingdom where the only unbreakable law was the mandate of heaven, and weren’t considered better people - certainly no more than as far as their emperor had it.

I believe we will endure. I don’t know about the USA, but maybe it’s for the best that this project goes to version 2.0 .

Russia is 1) not that powerful by far, 2) its elites, those very ones spoken about when expressing these conspiracy theories, are pissing hot water from a mere hint of being friends with any US administration.

They have sort of an inferiority complex, there was recently a damned TV report, apparently, about an American diplomat visiting a cafe and ordering a cheburek (Central Asian street food). It’s so much bootlicking that one can confidently say Russia’s elites are much bigger US fans than Russians in average.

They might be unintentionally making the effect you described upon the US, while trying to somehow become part of its processes, but it’s a small nudge compared to the more serious reasons.

I think this is because the people who are now Russia’s elite came to power in the 90s, a lot of ex-Soviet people looked at the situation pretty simply - as in “we were the losing superpower in this cold war thing, now it’s ended and we are friends, so we are going to become like America in those movies with white middle class people all owning cars and houses”, and those of them who were doing politics, apparently, wanted to have their own political system as “cool” (or whatever, some immeasurable feeling) as the American one.

The Iron Curtain was a huge mistake, people who put it in place were thinking in 30s categories when the 30s were long gone. People inside thought that they only put barriers before you to protect something you’d want to have. A generation of Soviet people grew with that feeling, where everything Soviet was boring and bad, and everything Western magical and good. It wasn’t even about freedom or morality. Just about “coolness”. People breaking the USSR in the 80s and 90s knew that the world around it isn’t virtuous and kind, but they thought it’s “cooler”. Everyone thinks they’d do well when put into an adventure, when safe. Nobody thinks they’ll be some guy who gets eaten by a crocodile on the second page, or a coward, or an idiot, or a sucker.

So. When the Russian “wide mass” realized that for the West it consists of suckers and crocodile fodder, it became disillusioned and the wound healed, except for some rare idiots who kept believing into that picture, not being exposed to reality.

When the Russian elites realized that, they just decided to lower the bar, and be content with playing US sometimes, and getting US citizenship for themselves and their children, and being there often, and playing with US politics. I don’t think it’s directed at somehow corrupting and undoing the US, simply not enough power. They are just regularly touching in the shop something they can’t afford to buy.

He bankrupted a casino, he knows what he’s doing.

I suppose that’s why the people paying for his campaign chose him, to bankrupt a nation you need someone this talented.

Why do they need said nation bankrupt I don’t know, maybe to make it fail while the failure will still be not too gigantic to recover from, and maybe for yet another pump-and-dump scheme, except this time with a country and not an industry. Depends on how optimistic you are about their motives.

In ex-USSR that happened as something destructive, but in USA honestly it’s normal, using institutional pressure to help friendly businesses. Trump is unusual only in how grotesque he is in his position, but history saw Talleyrand.

And US sanctioned Japan just because some of its businesses couldn’t compete, which didn’t kill Japanese car industry, but hurt Japanese computer industry, and sent Japan into recession from which it didn’t quite recover.

About driving users off - that doesn’t really happen unless you intentionally break everything. VKontakte be the experiment showing this, except TG was later made based on VK makers’ experience with social stuff, and was very successful, and is now basically the most convenient messaging\social platform. When something FOSS manages to reproduce the experience of TG, then FOSS messaging and social systems stand a chance. So - some of the life moved from VK to TG, but it’s more of VK’s experience stagnating and being too complex and overloading, not of people fleeing it.