Amazon threatens to suspend Signal's AWS account over censorship circumvention https://signal.org/blog/looking-back-on-the-front/
Amazon and Google are both coming out opposed to people using their services for domain fronting, to circumvent censorship.
Note that Signal is actively blocked in Egypt, Oman, UAE, and Iran. So, that sucks.
@Tlacaelel no it isn't. Your argument doesn't make any sense either.
Microsoft integrated the HTTPS protocol into Skype, too. Does this mean that CIA and NSA have backdoored Mastodon, since it also uses HTTPS?
Wow, where does that conclusion come from?!?!?
Microsoft, Whatsapp, (think) Facebook Messanger, and some google service, integrated the encription protocol created by openwhispers.(which is used by signal).
As did the xmpp world with it's version of it (OMEMO) and the Matrix world (olm)
It's an ecryption protocol, it can be adopted by different groups.
I have no ideia how they (the corporations) tweaked it or not, but in no way is the signal app, and it's development linked to them.
But as far as i am aware they dont contribute with code to signal.
And their networks are not federated with signal. Signal does not federate, it's one of the topics of this conversation
To say signal has a backdoor because it's encription protocol is also used by the company's mentioned above is absurd.
@marsxyz I don't see how a federated Signal would have changed this situation at all. They'd just block the whole network, and Signal would still need censorship circumvention.
The fact that much of the web is centralized under cloud services like AWS and Google sucks, but at least it makes domain fronting possible -- assuming the companies are ok with it, which apparently they're not.
With federated servers, register in diferent servers, diferent domains, copies of the messages and room in every server that has a user participating in it (with the possibility of e2e).
There are many ways to do federation, and sure probabely the matrix model wouldn't server signal.
Android users can probably use Signal over Tor without much trouble, but Tor doesn't have the best iOS support yet (for iOS API reasons), but they're working on that.
Their usability story is: 1) install the app, 2) send encrypted messages to any Signal users in your phone.
With federation that story would change to: 1) install the app, 2) choose a server, 3) create an account/manage creds, 4) ask for your contacts' usernames out-of-band to add them, 5) send messages to people on your contact list.
How would you add federation without sacrificing usability?
I don't think federated Signal could just use phone numbers as identifiers anymore (which would be nice, though maybe less usable). They need to include the server as well.
Like, if your phone number is +12223334444, how does my client know which server to send a message to? Your id would have to be +firstname.lastname@example.org or whatever instead.
Unless you have a "trusted" dispatcher server, but then it could do MITM attacks by redirecting to the wrong server
Like if you knew your friend's phone number and had a few servers to talk to you could query to see where they are. But that would be subject to MITM, as you said.
federation stuff Show more
@lx @maryjane @marsxyz
Use the identity servers like they are supposed to be used. Put a phone number or email in there and discovery will work similarly. I don't know I'd that feature is in place or just planned right now.
Choosing an instance is kind of an inherent part of federation unless you want to start having software pick default instances for people.
@Nixfreak @lx @maryjane @marsxyz OnionBrowser is great, but there isn't a way to have a system Tor in the background like Orbot, or even a Tor client library you can link into your app. If you want Tor in an app, you need to bundle a copy of the full Tor server/client with your app, and do some hacky stuff to run it as a separate thread, because each app only gets one process. So Tor disconnects when you switch apps. They're working on improving this
@micahflee @marsxyz Right. Centralization was actually a feature here―to block signal meant blocking Google and Amazon―behemoths of capitalism. It's a big deal that they're preventing this use of their system (especially by Signal) because it creates and directly causes undeniable ill in the world. Also, Moxie has some clear thoughts (can't find now) about the downsides of decentralization. He's not wrong about them. Most things are tradeoffs.
@K_REY_C It wouldn't be that bad if the protocols are designed properly. Mastodon for example is wasting so much bandwidth by sending the author's bio with every toot.
privacy, techpol Show more
moxie made a bad call when he claimed centralization was the only feasible way forward
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!