@gsuberland @projectgus @voltagex
So kind of like purism then? I don't know if that's a fair comparison.
The fediverse offers way more freedom then the big tech ecosystems, but even with most fediverse platforms you don't completely own your digital identity or truly have the keys. We can still aim to do better by introducing features like nomadic identity for an even brighter future for the fediverse!
@wildebest @semnosao @nicholasr @jakeyounglol @stux
Yes from the hosting perspective onion services can help to be less domain reliant, and from the user perspective it would help if Mastodon and other #Fediverse platforms include features like nomadic identity, so user identity is also less domain reliant. This would let you migrate without needing workarounds even if your instance is blocked or shut down.
"It is always morally correct to steal and/or fork competant open source code without regard to its liscence."
That doesn't sound quite right, that would imply its okay for companies like AVM and Vizio to violate copyleft. But I agree forking SimpleX could be a good thing
"sovereign—but somehow still compliant with regulations"
If your not a corp you can have sovereignty, which is impossible with Signal.
"decentralized—but the server owns your identity".
I agree that there is room for improvement, but isn't it the same with most of the Fediverse, which we also describe as decentralized?
"if your encryption is secure then why do you need to inspect network traffic?"
That's a good question, and it sounds like Element wants to branch out into a security vendor role, maybe they should just focus on the messaging platform, but I wouldn't argue against the concept of "layered defense" in general
If I understood your point about auditing, you say that businesses should use unencrypted communications. But if a business has a data breach and we find out they haven't encrypted they're databases, I'd call that irresponsible. It seems to me the best way is to use encrypted platforms while making sure that the necessary people have the encryption keys to do auditing.
"i have an extension of libsignal that avoids a central server dependency"
I think that's great, but unfortunately Signal won't let us use it to talk to our friends who use Signal.
""bridges" (your messages aren't encrypted)"
Yes, its a choice and I don't see this as a negative point. Matrix isn't a walled garden platform and it gives you that flexibility. You can choose to stick with encrypted messages if you prefer.
"when keys are rotated that they have precise instructions for what to do ... bc signal understands that PEOPLE WILL FUCKING DIE IF YOU DON'T PROTECT THEM!"
However Signal unfortunately doesn't have any instructions for checking safety numbers the first time you contact someone, so if they understand that people will die they are neglecting responsibility.
d@nny mc² @hipsterelectron
Yes, as I was reading that there was some conflation, I did get the impression you attributed Element's words to Matrix, which I found confusing.
Anyway I agree with you that Element does some deceptive marketing here by hyping Rust and stupidly suggesting data breaches result from loss of availability.
Replay attacks should be considered, but don't timestamps limit the potential for abuse?