• 0 Posts
Joined 1Y ago
Cake day: Jun 28, 2021


there’s a browser-based wormehole protocol “app” available at wormhole.app. You go there from your phone upload a file, open the link on any other device that has internet and you can download it directly from the other user End to End encrypted. There’s also standalone clients available, but for cases where you don’t/can’t setup SMB file sharing, it’s pretty handy.

This is great news, but I’m still waiting on an AMD CPU option for my purchase.

Anyone have any insight on Revolt - https://app.revolt.chat ? Seems to be a decent Discord alternative, but wondering what other’s thoughts are on it.

What viable user-friendly (i.e. no account creation required) options are there? I just want my messages between friends and family to not be mined by greedy corporations.

look up ‘dislocker’ [0]. Comes pre-installed in grml [1], along with various other tools that come in handy. I’ve used it various times for various things.

[0] http://tuxdiary.com/2015/03/20/dislocker/

[1] https://grml.org/

Another thing to point out is that he states how the Linux kernel has hundreds of vulnerabilities found compared to other OS’s. Well yeah, Linux is open source and literally any researcher/security expert can read the code to find bugs. Good luck trying to do the same with Windows or MacOS.

Lastly, most Linux distros are “complete” in the sense that you generally (or at least for the majority) don’t have to install much software outside of whats already in your distribution’s repos; you’re not having to google/download sketchy apps, so this threat model of rogue apps trying to hack/steal your data is minimal, if not non-existent.

The real problem is those systems (Windows, MacOS, iOS, Android) all have an app store where a ton of developers are trying to make money off of you in any way possible by stealing your data/invading your privacy, so they had to build a permission system because you can’t trust those random people. You can generally trust your Linux distro to not package malware and can safely install any app that’s available.

Edit: I should add, its still a good writeup. I think he makes some good points and it would be great to see Linux improve in some areas, even if the problem doesn’t really exist as much as it does for the more commercially backed operating systems.

A quick rebuttal of some points you made. Not going too in depth as I just want to provide my perspective:

  • CIA Funding:
    • This is a non-issue. The OTF also funds: Briar, Tor, Wireguard, Delta Chat, Bind9, CGIProxy, CertBot, K-9 Mail, Tails, NoScript, QubesOS, The Guardian Project, and a host of other essential privacy tools/software. You’re telling me they’re all compromised just because they’re getting funded? I don’t buy it.
  • A Single, Centralized, US-based service
    • The Code is open source and Android has reproducible builds, iOS would have them too, but it’s impossible based on the way Apple’s build process works. Lastly, Signal’s devs/infra exist in the US, they have to exist somewhere, why not the country of origin? With the code being open/reproducible, you don’t have to trust them.
  • Phone # Identifiers
    • This is to make onboarding easier and minimize spam - I got my grandma to install it and find the rest of the family on Signal VERY easily. Trying to get her onboard with Matrix/Element or even Briar would have been a struggle. I like Briar, but its not ready for mainstream yet. I also like Element, but I don’t believe it’s quite a text/sms replacement like Signal is - in addition to leaking metadata.
  • Social network graphs
    • Here you mention metadata, so I’ll ask which other provider goes to the lengths that Signal does to minimize the collection of metadata? And please read over how Sealed sender works before you claim its easy to circumvent. You deride their implementation and claim how easy this is to collect without understanding what’s going on under the hood.
  • Abandonment of Open source
    • This is a stretch. Signal is a non-profit. They don’t have the same funding or staffing as their competitors and all their code is current. Yeah, they let it get out of sync for a while, they’re human, not robots. Don’t let perfect be the enemy of good.
  • Bundling a Cryptocurrency
    • What does a messaging platform have to do with crypto/payments? I don’t know, you should ask every other big player who is also trying to get in on the game hoping to siphon even more data from everyone’s purchases.

I do want to close by saying that Signal is definitely not the end-all-be-all of secure messaging platforms, but it is currently the best for mass adoption. I’m keeping my eyes on Matrix, Sessions, and Briar, but can’t say they’re ready to “go mainstream” yet.