Uspol, Signal 

The fact that these asshats charged with sedition were charged based in part based on Signal messages raises some questions. Although I bet it was likely just a fed lurking, or physical phone access.

But the recent resignation makes my primate brain want to play connect the dots.

Uspol, Signal 

@thegibson
I've long considered Signal to be almost toy security. It's good enough for government employees not wanting their boss knowing about their lesbian relationships, in my opinion it's not good enough for activists and journalists.

Between server centralization, single client app (so incompatible additions are not detected), the new non-foss server component ('for security'), complete absence of metadata protection, ... It's Slightly Worse XMPP.

Uspol, Signal 

@feonixrift @TheGibson what instead, then? XMPP is simply *not usable* for most people (and I say this as someone who had set up 4 separate XMPP servers back in the day), Briar is not yet there (no iOS app, no store-and-forward), Tox is old news, and then there's a bunch of crypto scams like (checks notes) Session.

This is not hypothetical, this is a tool that is needed. So, what is *viable* out there?

Uspol, Signal 

@feonixrift @TheGibson there is also Snikket, might be solution at some point in the future, and there is DeltaChat, which has nothing in terms of metadata protection.

I am ignoring everything that is not FLOSS and decentralized, obviously. So Threema, Wire, *shudders* Telegram are all out.

What am I missing?

Uspol, Signal 

@rysiek Thanks. The article confuses me, because it talks about both OpenDHT/Kademlia and Ethereum smart contracts.

Just so I understand you; do we agree that the Kademlia / OpenDHT part is not the problem here, but the piggy backing on Ethereum smart contracts would be?

If so, I'd like to understand better how Ethereum smart contracts are a scam. Are there any writings/analyses you recommend on the topic?

@feonixrift @thegibson

Follow

Uspol, Signal 

@mplammers @feonixrift @TheGibson yes, Ethereum is the problem.

For ample evidence that a metric crap-ton of stuff built on Ethereum and similar blockchains should be approached with utmost suspicion, might I suggest scrolling through this:
web3isgoinggreat.com/web1

It's informative *and* hilarious.

· · Web · 3 · 5 · 10

Uspol, Signal 

@rysiek That was an interesting scroll indeed!

Nonetheless, I have not found enough information about how these scams (many of which involving social engineering and Discord) prove how Jami's implementation may be a scam.

Shouldn't we make the distinction here that actual scams that abuse some tech do not necessarily make that technology itself a scam?

Perhaps you mean that the smart contracts may allow an attacker to impersonate another Jami user name?

@feonixrift @thegibson

Uspol, Signal 

@mplammers @feonixrift @TheGibson I mean that blockchain tech space is filled to the brim with scams, and I will not spend time nor effort on considering any blockchain-using project as serious and not-scammy at this stage. Especially that I have not yet seen a single such project where blockchain was actually necessary to achieve its goals.

You are welcome to come to your own conclusions, of course. 👍

Uspol, Signal 

@rysiek @mplammers @feonixrift @thegibson immutable distributed databases are required to achieve these goals, or else you have counterparty risk.

Do you trust your bank to not manipulate their ledger? The stock exchanges? They do it and we don't have the manpower or tools to audit it

Uspol, Signal 

@feld @mplammers @feonixrift @thegibson @rysiek These are social problems that, ultimately, require social solutions, such as funding the government agencies that are *supposed* to be auditing the banks and stock exchanges, to a level where they can actually do their jobs.

Attempts to solve social problems with code *don’t work* and usually make the situation worse.

(recommended reading: “code and other laws of cyberspace”, “liars and outliers”)

Uspol, Signal 

@zwol Thanks! I found the first book here, also available for free:
lessig.org/product/code

@feonixrift @thegibson @rysiek

Uspol, Signal 

@rysiek @mplammers @feonixrift @thegibson

Yeah my IPFS node is going offline, honestly it just doesn't work in any meaningful sense of the word. Or maybe it does, but isn't so useful to me, Idk.

Ethereum was /supposed/ to move to proof of stake vs proof of work, did that ever actually happen as planned/announced? I don't think it has.

Uspol, Signal 

@dangoljames @mplammers @feonixrift @TheGibson honestly I have more trust in IPFS than I have in Ethereum and all the related crap.

Uspol, Signal 

@rysiek @mplammers @feonixrift @thegibson

I've been evaluating IPFS as a potential 'value added' hosting business, over at Digital Ocean. I ran it a few weeks on my residential network before DO.

What I find is, it is rough, it is slower than DNS to propagate changes, and anything but performant unless you have high demand content that will be 'communally shouldered' by it's consumers.

It's a pretty narrow application space, and a hard sell for me. I think I'm gonna pass.

Uspol, Signal 

@dangoljames @mplammers @feonixrift @TheGibson makes perfect sense. It's hard to sell a service based on IPFS, *because* IPFS is supposed to be decentralized.

Uspol, Signal 

@rysiek @dangoljames @mplammers @feonixrift @TheGibson I don't know if this is entirely accurate but I heard some whisperings that a lot of the purported robustness of IPFS is a result of Protocol Labs funding aggressive hosting on their ipfs.io infra out of pocket, indirectly to get people into their Filecoin ecosystem

Uspol, Signal 

@rysiek only the hashing distribution is decentralized; actual storage must be provided by the content provider, by way of an IPFS node. Either yours or someone else’s.

You /can/ find some pinning (read cohosting) services for free as in beer, but those are promo efforts and will eventually go away, as storage and bandwidth costs money, bottom line.

Expert configuration and proactive infrastructure management would be the value-add in such a business proposition.

Uspol, Signal 

@dangoljames yes, but in my particular case, hashing distribution is all that I need to be decentralized.

Uspol, Signal 

@rysiek as it is for me, and most potential IPFS users. That’s why it would underpin a good hosting business ; )

It’s the speed that kills it; I sometimes waited a full 24 hours before seeing updates; and it isn’t just slow - it throws ugliness into the browser until such time as all the resolutions in a given request succeed.

sorry for the edit, me culpa…

Uspol, Signal 

@dangoljames the merge is happening probably around april, there's a lot of moving parts but there's testnets happening

Uspol, Signal 

@dangoljames that being said it's fucking stupid jami needs to rely on that entire stack to make it work for ???some reason???

Uspol, Signal 

@rysiek @mplammers @feonixrift @TheGibson

at least the criminals, grifters and scammers seem to be doing well. Good for them 😁

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!