don’t let perfect be the enemy of evil. punching back a behemoth corporation whose policies actively hurt people is significantly better than just letting them steamroll you.

better late than never, cancelled my subscription last week!

- laughs in america -

Musk also said not to use Signal [1] - I wouldn’t put any weight behind anything Elon says, right or wrong.

I should add, Signal and SimpleX are best in class when it comes to private messaging. If anyone says otherwise, please provide evidence.

[1] https://www.forbes.com/sites/zakdoffman/2024/05/08/elon-musk-fact-checked-on-x-after-surprise-messaging-warning/

Signal is better than Session if you value privacy:

The Session developers dropped Perfect Forward Secrecy because it would be hard to work around it.

First things first, let’s talk about what we’re leaving behind: Perfect Forward Secrecy (PFS) and deniability.

Source: https://getsession.org/session-protocol-explained

In plain English, they dropped a security feature for their own convenience to the detriment of their users’ security.

For anyone unsure what PFS provides:

The value of forward secrecy is that it protects past communication.

Source: https://en.wikipedia.org/wiki/Forward_secrecy

The Session devs also claim:

Session provides protections against these types of threats in other ways — through fully anonymous account creation, onion routing, and metadata minimisation, for example.

Reading between the lines, we can interpret that as introducing security through obscurity, which is generally considered bad practice - https://cwe.mitre.org/data/definitions/656.html

Lastly, Session does not provide quantum resistant encryption, the latest and greatest tech in ensuring your messages stay private. Signal, SimpleX (via PQXDH [1] ) and iMessage (via PQ3 [2] ) - as far as I’m aware - are the only messaging platforms that support quantum-resistant encryption.

If you want something like Signal but without phone numbers, give SimpleX a try. It’s basically a fork of Signal with a ton of privacy features, like working without a phone number. I like it but the UX still needs a lot of polish before I try getting family/friends on it.

[1] https://signal.org/blog/pqxdh/

[2] https://security.apple.com/blog/imessage-pq3/

With your first sentence, I can say you’re wrong.

except i’m not wrong. the model they ran is 4 orders of magnitude smaller than even the smallest “mini” models that are generally available, see TinyLlama1.1B [1] or Phi-3 3.8B mini [2] to compare against. Most “mini” models range from 1 to about 10 Billion parameters, which makes running them incredibly inefficient on older devices.

That doesn’t mean it can’t run it. It just means you can’t imagine that.

but I can imagine it. in fact, I could have told you it would have needed a significantly smaller model in order to run at an adequate pace on older hardware. it’s not at all a mystery, its a known factor. i think it’s absolutely cool that they did it, but lets not pretend its more than what it is - a modern version of running Doom on non-standard hardware.

[1] https://huggingface.co/TinyLlama/TinyLlama-1.1B-step-50K-105b

[2] https://ollama.com/library/phi3:3.8b-mini-128k-instruct-q5_0

[3] https://www.thirtythreeforty.net/posts/2019/12/my-business-card-runs-linux/

but the hardware is not capable. it’s running a miniscule custom 260k LLM and the “claim to fame” is that it wasn’t slow. great? we already know tiny models are fast, they’re just not as accurate and perform worse than larger models, all they did was make an even smaller than normal model. this is akin to getting Doom to run on anything with a CPU, while cool and impressive, it doesn’t do much for anyone other than being an exercise in doing something because you can.

you can follow hashtags. I follow #opensource and a few other interests and I’ve found some interesting stuff you don’t generally see in other places. but yes, the format is completely different and I find lemmy allows for better discussion than Mastodon.

Checkout Notesnook. I’ve tried most of the ones you’ve listed and have been really enjoying how well it works compared to the competition considering its end-to-end encrypted.

A few features:

• Clients and server are open source.
• End-to-end encrypted note syncing.
• You can publish public notes.
• You can publish privates notes that require a password to view.
• You can self-host the sync server.
• You can self-host the publishing server.
• Full offline mode.
• At rest encryption.
• Multi-platform clients with feature parity (Android, iOS, Linux, Windows, MacOS, Web).
• Most if not all of the general features you’d expect from a notes taking application.

One thing I really like about the project is how open they are about what they’re doing, why they’re doing it and what the future holds. It’s been great seeing their roadmap (https://notesnook.com/roadmap/) and seeing promised features land with new ones being added, and I’ve only been using it for less than a year now!

Appreciate the added context. Definitely a lot of history and quite a few red flags.

EDIT:

Oof. Just saw the Louis Rossmann video and yeah, Daniel Micay ruined the projects reputation for me.

Yep, I’ve seen this ~exact post a several times, same general structure and points, none of it acknowledging that the attacks on other people in the community started long before the alleged swat.

Just re-iterating what I’ve seen online - would love some sources or evidence to what you posted as those are 100% valid criticisms if true.

I don’t really follow the drama but have seen others comment on it before. It’s the reason I try to reply to posts with sources as I hate rumors being spread and the only way to combat misinformation is to provide evidence. What you claimed is pretty damning, if you’re able to provide a soruce I would love to read and educate myself in adding more context to the situation. Thanks!

For anyone who may have missed it, cloud backups are coming https://signalupdateinfo.com/news/cloud-backups.html

They’re already testing the backup functionality with the “desktop history sync” feature - https://community.signalusers.org/t/help-us-test-desktop-history-syncing/65452 so I think its very likely we’ll see Android/iOS cloud backups live by mid-next year at the latest (just a guess, not taking any bets).

the main graphene guy has unaddressed mental health issues and refuses to seek treatment (he appears to believe the problem is everyone else)

Daniel Micay stepped down last year [1]. Also, he was allegedly being swatted which would put anyone on edge, considering someone has already been killed over it [2] and police aren’t exactly known for treating people humanely.

I genuinely don’t feel comfortable with that one man show controlling my phone

Looks like there’s 16 people involved in the project [3] - excluding any external contributors, that’s definitely more than one. Granted, its probably the previous lead and the new one who have the most commits, I haven’t looked, but its still not just a single developer. That said, your concern is valid. Smaller projects are more likely to die as soon as their main contributors lose interest or stop working on it for any reason - see the end of DivestOS as a prime example [4].

[1] https://androguru.com/2023/05/lead-developer-of-grapheneos-steps-down-amid-escalating-harassment-and-swatting-attacks/

[2] https://www.cnn.com/2019/09/14/us/swatting-sentence-casey-viner/index.html

[3] https://github.com/orgs/GrapheneOS/people

[4] https://www.divestos.org/pages/news#end

did they comment (maybe I missed it) on why they’re ending development?

as usual, devs are lost in implementing ludicrously complex scenarios for threat models that touch but a percentile of users, instead of implementing functionality that’s normal everywhere else.

as usual, users are lost in complaining about a privacy-centered application prioritizing on privacy-centered solutions, instead of using the hundreds of other already insecure applications that are normal everywhere else.

people really will complain about anything. It’s like progress means nothing, unless a fully working solution is available day 1, it’s completely worthless. bff

What is the use case for it?

The same use case as any crypto - to use as currency and pay debts.

Seems kind of pointless and a lot more tedious than just a bank transfer.

The same can be said of every crypto which doesn’t hit any kind of adoption.

Why does signal include crypto nonsense in their app (I like crypto, but just can’t see any reason why it should be integrated in the app)

It aligns with Signal’s mission statement to “Protect free expression and enable secure global communication through open source privacy technology.” [1]. The reason it was integrated into the app was to support crypto that was “easy to use”. The same way cash provides privacy by not allowing third parties to see what you’re doing, they believe(d) that enabling a privacy preserving crypto wallet would further “protect free expression”.

I’m sad that signal does not have support for 3rd party open source clients that could remove such features.

It’s not not enabled by default and makes up for (based on github commits and pulling a random number out of my ass based on my continue following of Signal’s development) less than 1% of development work since it was introduced.

Why not add support for monero instead?

Monero did not meet the technical requirements that the Signal developers were looking for at the time. Signal has commented that they would consider adding other crypto, as long as it meets the technical requirements - which I don’t have so can’t source unfortunately.

[1] https://signalfoundation.org/en/

Actually yes. They want to privatize it so that they can make money on it. Failure is the goal.

Actually yes. They want to privatize it so that they can make money on it further exploit the working class. Failure is the goal.

Although you’re right, I like to call out what it will do to everyone so it’s more explicit and will hopefully click in people’s minds.

Trump’s is Putin’s puppet. He’s set to destroy whatever he can.

I’ve found sh.itjust.works to be pretty decent so far.