When I press on some message to forward it, it shows me Random usernames of contacts I don’t know. And it even shows some Mobile Numbers I don’t know. For example, one number starts with +964 that’s Iraq. I’m from Europe tho. These contacts and numbers are from all over the place.

  • anti-idpol action@programming.dev
    link
    fedilink
    arrow-up
    0
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Have you seen signal’s issue tracker? Ik it’s a big project, but it’s literally getting spammed, plus the desktop app that keeps database key in plaintext and won’t work natively under wayland (needs xwayland, making basic stuff like sending attachments hard if you use most tiling compositor, tho that’s partly Wayland’s design flaw of lacking consistent reference implementation). Also I principally don’t trust apps that rely on both proprietary network services and libraries. The very fact that they don’t leverage their funding to reduce their costs by working on support for federation that is not a matrix bridge (which hasn’t been even developed by them btw) or decentralization, especially since XMPP, SimpleX and Matrix (which has currently 3 well developed server implementations: Synapse, Dendrite and Conduit) have been able to do so with much smaller funding. And it’s Signal, not Molly’s maintainers who have been putting more effort into shiny UX improvements over hardening infrastructure code lately. And even if Signal does improve it’s security, the patches get regularly backported into Molly, whereas even such basic shit implemented solely in Molly, such as app passwords that actually encrypt it’s database is pretty useful. Because even PIN scrambling is not fully immune to shoulder surfing. Defense in deph matters.

    tl;dr a longer rant about decentralization vs federation 👇

    Even the argument of network effect achieved thanks to reliance on phone numbers is becoming less relevant these days, with DeltaChat providing a convenient way to have encrypted chats using the existing email infrastructure in much more convenient way than traditional PGP. Pixelfed has already achieved E2EE DMs and it’s being worked on for Mastodon. If the UI of the most popular apps and the official web interface are also redesigned to make messaging more convenient to use it might have the same positive effect on user retention as Facebook Messenger once had. Anyway things are bound to change in favor of federation, but not necessarily decentralization. For instance I got mixed feelings about EU’s DMA. I’m optimistic about the interoperability benefits it could bring, but even the official act doesn’t specify how it’ll be implemented. If it relies on something like WebFinger which does require a domain name it’ll end up just grouping a couple of major walled gardens together, so for example SimpleX, Session or Status users still might not be able to chat with people on centralized platforms

    • Ohh@lemmy.ml
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      Well. I personally am very annoyed that i can’t choose a specific pin for signal. That means my kid can read my messages, because yes… Keeping password from a child is neigh impossible. But my pin for element, fairmail, telegram he don’t know.

      So i get a lot of the criticism. For me personally, it’s still a matter of trust. A future malicious molly version might eavesdrop. Signal will probably not do so.

      Encryption at rest on an unlocked phone is probably a hard problem. But if somebody is targeting me to that extent, i am probably toast anyways.

      I try to create enough usage so that journalists and activists can hide in the mob, and i can hide from fang.

      I use element, but do worry about the local server implementation and leak of metadata.

    • ᗪᗩᗰᑎ@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      have been able to do so with much smaller funding

      It’s easy to “stand on the shoulders of giants” and claim some software is better when you’re adding 1-5% of additional work on top of a fully developed service/app/infrastructure. It’s why generally forks of software tend to have more features than the original source - See the following examples where people polish something and release it as their own improved creation:

      • Chromium/Chrome > Edge/Brave
      • Debian > Ubuntu/Mint/Pop!_OS
      • Android Open Source Project (AOSP) > WhateverSamsung’s_is_called
      • Firefox > LibreWolf

      Now, I’m not trying to say people should stop forking software, I’m all for it as it breeds competition and innovation, but to complain that a software project is not meeting your specific demands and their forks are doing so much more means you’re not understanding the other projects would probably die without all the hard work that goes on in the core product.

      whereas even such basic shit implemented solely in Molly, such as app passwords that actually encrypt it’s database is pretty useful.

      You say this but do you have any evidence to back up the claim that it’s useful and to who? Who’s asking for it? What percentage of Signal users would enable the feature? Is it 1%. Is that worth it? There’s barely a demand for privacy from the general populace otherwise Signal would be a hit and everyone would leave Whatsapp immediately, but it isn’t.

      if you use most tiling compositor

      You’re the 1% of the 1% when it comes to desktop configurations if you’re using a tiling window manager. I used one about 10 years ago and have yet to find one other person in the real world who has ever used one and I work in IT. Whether you like it or not, Signal developers are not going to spend any effort on making your very niche use case any better. I’m not saying that to be rude, but you have to be realistic. Your expectations are high for a free service that generally works for 99% of the population.

      • anti-idpol action@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        It wasn’t my intention to state that an extensions of certain big software is always better or should get all the credit. No. First of all, I consider Molly protestware and second of all, the thing about being able to do federation and whatnot with much smaller funding was not about Molly. It was about simplex, matrix, XMPP, E2EE for Fedi and handful other decentralized/federated projects. Signal already has been downloaded hundreds of millions of times according to App Store/Play Store and received countless endorsements. And they did in fact face outages after receiving one from Elon Muskrat. So, they needed to find ways to scale better. Their server software could in theory be self hosted, but unlike Matrix or XMPP, it won’t federate so in a way it’s even worse than e-mail when it comes to this. One would thus think that it’s implicit that they would finally add the possibility to let people run their own servers or even devolve towards more P2P-oriented design. But instead they’ve decided to partner with a pump and dump shitcoin scheme whose privacy-friendliness was absolute trash, though granted, that was also at a time when every tech company was trying to join the Web3 hype. Now their reach is even bigger, but has grown at a steadier pace. I won’t try to go more tinfoil here with any unsubstantiated suspicions and begging the question but even though decentralized or federated systems are harder to design in a way that makes them secure, centralized ones are more abusable and create a single point of failure that can affect a large share of the user base.