The #1 response to my every criticism of Signal:
"But Signal is Open Source!"
Is this even true?
Last updated April of last year.
Google takes yet another step in crippling Open Source Chromium builds. Their message is switch to proprietary Google Chrome binaries or GFY.
Meanwhile I am on track to delete the last of my Google accounts in favor of self hosted services this year.
Such power may be used largely for good today with minimal false positives, but "the greater good" thinking is what drives most villains in fiction.
Signal is down. I can't stop laughing.
Hey Moxie! Tell us again why centralization is the best way to deploy internet messaging for the masses.
The billboards say: "Privacy. That's iPhone"
Meanwhile Apple ensures three letter agencies have access to iCloud backups.
They already did this in China. No surprise.
There's a word for privacy and security claims that lack accountability. Marketing.
People constantly ask why I refuse to use Signal.
I have been meaning to do a detailed write-up for this, however in researching for it I discovered this post which covers several of my biggest issues well.
For years people have looked at me like I am crazy for discouraging use of Ubiquiti products.
My rule on not trusting proprietary software no one can audit with important digital jobs in my life is universal.
I use pfSense and OpenWRT for my networks.
Any single entity that thinks they can protect a huge pile of valuable data forever is as naive as I once was.
We must stop taking the easy road or picking things based only on their UX.
Learn to use decentralized systems and teach others or the free internet won't survive.
I ran infrastructure, and security at Pebble and was unquestionably the loudest voice for privacy.
But then we got acquired by Fitbit. I realized I could not protect user data anymore. I quit.
Now that data is owned by Google.
I once thought I too could protect the data of a lot of users.
I ran a machine learning company that analyzed social media data.
Unlike competitors I made this a free public search engine.
Investors demanded I turn it into a political propaganda machine.
I ultimately quit.
Building huge networks with decentralized control means you get new features slower, and sometimes rollouts are messier, but to adopt anything else is to abandon the very freedom that allowed the internet to become what it is today, instead of all being owned by someone like AOL.
We have a choice.
HTTP is standard and controlled by no single party. You can choose whatever web browser or ISP you want and people who made different choices can all communicate and cooperate.
Same story with SMTP, ActivityPub, or Matrix.
The masses are now flocking move their data and social graphs to Signal, yet another closed network run by a well meaning benevolent dictator.
I am sure if will be different this time.
The founders of WhatsApp sought to provide easy secure communication for the masses, but scaling is hard and expensive.
Facebook offered to buy them and help them scale their vision for privacy, and keep them independent.
Spoiler: they lied.
The Oculus VR team intended to protect users on their network from excessive surveillance and abuse.
They sold to Facebook, who told them they would carry that vision forward and never require Facebook accounts.
Facebook changed their mind when they saw value in the data.
Many trusted all the Apple marketing on privacy.
In China, Taiwan, and Hong Kong we saw apps and emoji used for dissent were banned, rooms on private networks like Telegram were pressured to be banned, and encryption keys for iMessage/iCloud were handed over to the CCP.
Many trusted their data and social graph to VK in Russia under a benevolent dictator that fought for their rights.
The Russian government saw him replaced with someone more ethically flexible and now they control those systems.
While Slack is down, again, I'll take this moment to point out that Matrix exists, is open source, federated, end to end encrypted, and you can host it yourself.
If you need an easy button you can pay them to run a dedicated server for you: https://element.io/plans-and-pricing/pro
* Security Engineer
* OSS Advocate
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!