Matthew GarrettThe presumption that free software is sufficient or necessary to ensure all software you depend on is trustworthy is simultaneously naive and ignorant of what software is capable of. The only realistic way to develop trust in software is to trust the people who write it, and development processes associated with free software make that trust easier.
But merely being free software isn't sufficient - software developed in a way that prevents arbitrary observers from witnessing design conversations may still be free software, but doesn't give us a strong reason to trust the developers. We all know how easy it is to hide dubious code in the open. The libxz backdoor was discovered by examining the binary and tracking that back to the source, not through source examination.
Frankly: binaries are the thing that executes on your system and embody the truth of software behaviour, and with modern technology it's often *easier* to determine that truth through the binary than through the source code (throw the "login" app from Reflections on Trusting Trust into Ghidra and you'd learn the truth even if the source code wouldn't tell you that)
I believe that free software is vital. People should have control over everything that executes on their system. But let's not kid ourselves - even someone running linux-libre on a machine with open firmware on a custom fabbed RISC-V with no microcode hasn't verified every line of code they execute, and nor has the community as a whole
At some point we have to trust that other humans won't just lie to us - and that's true whether the software is free or proprietary. Debian could modify mirrors to push a backdoored package to a specific IP address, but the people wit the ability to do that are well known to the community and we trust that they wouldn't. That's not a function of Debian being free software - that's a function of an open community
Build communities. Find people you trust and place more faith in their recommendations. Don't trust anyone who says there's a magical solution here.
(And for the love of God ignore anyone who's telling you not to use Signal right now, every alternative is meaningfully worse for the vast majority of people)
Nick_Lange@mjg59 "better is always good"
Ben Curthoys@Nick_Lange @mjg59 "don't let the best be the enemy of the good."
Tom Stoneham@mjg59 Indeed. Good enough is good enough.
Though it is worth telling people they can create a Signal account with an unregistered SIM card (it just needs to receive one SMS) so even that minimal metadata doesn't trace back to you.
mathew@tomstoneham @mjg59 All that phone number does is potentially let the government know you’ve downloaded and set up Signal. Signal can’t match your phone number to conversations.
https://theintercept.com/2024/03/04/signal-app-username-phone-number-privacy/
@mathew @mjg59 My thought was *Signal* can't but Signal *users* can. If someone has your number on their phone, that shows up in the Signal app, thereby matching you to your Signal identity.
One seized phone like that and all your Signal conversations on other seized phones are deanonymised.
In general, protestor threat models have to include police accessing information about you on other people's phones.
lil5@mjg59 let me know when signal supports more than just android and iOS (the support desktop apps don’t help with a dumb phone/or Linux phone).
Simplex, xmpp, deltachat all function on just a pc and/or smartphone.
Simplex, xmpp, deltachat all function on just a pc and/or smartphone.
Wolf480pl
Khleedril
Magnus Ahltorp@mjg59 Don’t mistake criticism of Signal for being advise not to use it.
Carlos SolísEven then - in case you somehow don't trust Signal's default servers to be uncompromised, projects to make Signal self-hostable are in progress. github.com/mollyim/flatline-pl…
lj·rk
bmaxv...but they could be publishing reproducible builds and we could globally share whatever checksum verifies the correct reproduction, so I would say that that particular thing could be improved that way.
But overall you are absolutely correct and I stand behind your message.
@bmaxv We'd need a mechanism for those checksums to be verified on first install and that's still a hard problem but yes I agree that this would be a better world than where we are now and we should be working on that
Noisytoot@noisytoot Makes it easy to backdoor the kind of person who uses Tor
jbaggs