We do know that signal is lying:
- About it's code being open source
- About it's protocol being open
- About it's funding
- About it's massive white washing campaigns in forums
- About smear campaigns against and harassment of journalists who dare to look into them
We do know that signal is probably insecure if(!)
- It is actually based on the original white paper
- It is actually using any of the code they released ages ago
There have been major security incidents with apps using the signal protocol,
e.g. WhatsApp.
Who is the one doing the astroturfing?
You might not like the facts, but that doesn't change them.
I don't have anything against Telegram personally, but that sentence is by all intents and purposes equivalent to "Telegram is not secure".
Meanwhile, every person I have met at my past affiliations who did research in security was using Signal as their main IM app. Blind trust is always bad, but I don't think that crowd was using it just for cargo-culting.
And none of that code can be converted to something that is even close to the published app.
They might as well just release the source code for the firmware of a fridge.
Last time I checked, everything but the secret chats was not E2EE. So for the most part, it's effectively not secure. For the secret chats you're right, we don't know.
> signal is lying: - About it's code being open source
I compile and run Signal from the sources...
> About it's protocol being open
Are you talking about the Signal protocol here?
> We do know that signal is probably insecure if(!) - It is actually based on the original white paper
The point was:
This is a discussion about Signal, not Telegram.
But by now we have gotten pretty used to deflecting every discussion about "is Signal secure" to "look behind you, a three headed monkey" or rather to "but telegram is not secure, because all Russians are stupid".
"I compile and run Signal from the sources..."
Yes, so you get a messaging app that might be secure, while 99.999% of users use the one from the store which very likely comes from a completely different source.
"The original whitepaper"
Just use you favourite search engine, we have been over this dozens of times by now.
If you understand security I would start here: https://cs.nyu.edu/~afb383/publication/uc_signal/uc_signal.p...
If not -- it probably takes 15-25 years to teach you.
Very rough, and simplified:
"Double Ratchet has some very strong preconditions which have never been addressed by signal, and probably never been implemented by anybody." (Please, don't quote me on that, it's very dumbed down.)
> Yes, so you get a messaging app that might be secure
I was answering to... well to what I quoted: "signal is lying: - About it's code being open source". So it is obviously open source enough that I can compile it from sources.
> "The original whitepaper"
I did not write this either, were you answering to me? I am a little confused.
That is a pretty damming accusation. Can you provide more details? This should be the sort of thing you should be hearing from a disclosure or ideally a vendor advisory - not an HN comment thread on a vaguely related article. Failures of randomness are almost always fatal to a cryptosystem.
Why would I need to spend two decades? You already did it. Congratulations on probably one of the biggest exposés of this decade. Ignore the haters with their "delusions of grandeur" insults. You will soon have global fame. So, when are you publishing your bombastic exposé? Or do you plan to sell it for it's minimum $1 billion value? Either way, great job!
I know this is totally unrelated and probably won't see it, but I read your comment about German solar farms sometime ago and I was wondering if you could throw light on that. I can't find any email to contact you by except the one you shared like a year ago (hnr@webhome.de) which I figured belongs to your friend. Please, what's a good email where I can reach you? Mine's in my profile. Thanks and hoping to hear back.
Funny how "journalists" who spend their day in a text editor, or at least should,
keep saying that 8GB is not enough,
while award winning AAA game developers are fully ok with 8GB.
Yes, 16GB (or currently 18GB) is nice,
but it only means I can leave chrome & slack open forever;
And has no impact on my actual work whatsoever.
I know this is totally unrelated and probably won't see it, but I read your comment about German solar farms sometime ago and I was wondering if you could throw light on that. I can't find any email to contact you by except the one you shared like a year ago (hnr@webhome.de) which I figured belongs to your friend. Please, what's a good email where I can reach you? Mine's in my profile. Thanks and hoping to hear back.
ML is quite ok at answering questions,
but it is very bad at asking the right questions.
Engineering is about asking questions.
Looks like we are at least 50 years out from "AI" replacing entry level engineers.
I'll let me grand children worry about that,
and use this glorified auto completion until then.
Hence my question was about programming rather than engineering. Composition could, for a long time, be a task humans do whereas the components are generated by AI.
Assuming a senior SWE there probably makes around $500T I guess your GF would need to sell one woven item for $2,000 every week day for the whole year to come close to that? That seems like an amazing amount of work, is she a spider perhaps? ;)
We do know that signal is lying: - About it's code being open source - About it's protocol being open - About it's funding - About it's massive white washing campaigns in forums - About smear campaigns against and harassment of journalists who dare to look into them
We do know that signal is probably insecure if(!) - It is actually based on the original white paper - It is actually using any of the code they released ages ago
There have been major security incidents with apps using the signal protocol, e.g. WhatsApp.
Who is the one doing the astroturfing?
You might not like the facts, but that doesn't change them.