is this not domestic terrorism?

do we actually know that no US citizen has been sent? Without due process, there’s no way to confirm. Or am I missing something?

the web page needs to have “open graph meta tags”. if the website doesn’t have them, Signal won’t generate previews.

I’d be interested to hear what you think a made up job is

So I upgraded and tested not adding a trusted proxy (using Traefik in front of Jellyfin) and nothing broke. Was it supposed to break or is it just that its insecure? Am I less secure by not adding it as a trusted proxy?

it’s only gotten better. now you can run it in your browser and play local files

https://webamp.org/

to add even more to what’s already been said, even if Signal’s infrastructure was compromised and they could see messages traveling through their servers, each one is encrypted, the keys are rotated with every message (cracking one, which is nearly impossible, doesn’t give you access to previous or future messages), and thanks to Sealed Sender, only the recipient knows who a message came from. There are many other layers that they’ve engineered to ensure they can’t know anything about you, like private contact discovery, using secure enclaves, remote attestation, etc.

MLS only deals with encryption and key management, which is great but that’s been a “solved” problem since TextSecure (now Signal) introduced the TextSecure Protocol (now the Signal Protocol) in 2013.

What I’m aware is missing with RCS / MLS compared to Signal (someone with more recent knowledge please correct me):

• Sealed sender so only the recipient knows who sent the message.
• Not storing metadata or logs.
• No built in crash reports.
• Private contact discovery.
• Published government requests providing evidence that they don’t have any data.
• Open source client.
• Looking at the Google Play store, Google’s Messenger shares precise location data with third parties, Signal doesn’t.
• Also on the Google Play store, Google’s Messenger app list a lot of data collected. Signal only lists phone number.

RCS still leaks metadata like a sieve. Encryption, considering the platforms that exist today (Signal and SimpleX), should not be the minimum requirement. Plain-text messaging should not even be possible in modern secure messaging platforms. The platform should be open source and be engineered to mitigate the collection of metadata - like Signal and SimpleX.

Signal is a publicly available app that provides encrypted communications, but it can be hacked.

This is misleading statement that will only confuse people who want to use a secure messenger.

To clear things up with anyone who’s not technically inclined: Anything can be theoretically hacked. Signal has not been hacked and has no history of being compromised.

The Signal “hacks” that linked people’s Signal client to devices that aren’t theirs were sophisticated phishing/spoofing attacks. The equivalent of getting someone to click a malicious link via email because it looked like the real thing.

A reminder that you still need to do your due diligence even when using a secure service. Technology alone cannot completely protect you.

asked this somewhere else, but does anyone know how it compares to Cryptpad which is also developed in France, open source, self hostable, collaborative, and end-to-end encrypted?

It’s not a Signal feature so its likely an app that has the permission to “display over other apps”. Search your Android settings for “display over other apps” and see what apps have this permission. On my phone only Phone, Google, and Google Play Protect Services are allowed. Disable anything else and test. If its not any other app, its probably the keyboard, since keyboards have permission to overlay input fields (I think).

There’s at least two of us who use stories! I use it the same way, its a quick way to share what’s going on without directly pinging people who may not be interested.

H.265 is patent encumbered. Blame the 2 or 3(?) patent pool holders (for-profit corporations, unlike non-profit -and-slowly-losing-market-share Mozilla) for not making it free to use for everyone.

This is why AV1 is preferred, it saves bandwidth and there’s no threat of being sued into oblivion.

But then you’re indirectly giving the enemy (Google) power by increasing their browser market share, which in turn lets them dictate the future of the web.

Tesla facilities face wave of attacks as Elon Musk delves into politics

I love good news!

I’ve been giving them the benefit of the doubt, but I’m kinda done with them. Anyone have any suggestions for a mail provider? I’m not yet willing to self-host that.

just tell people to join mastodon.social. problem solved

Which is a great workaround but then all your private notes are on Google’s servers, accessible to anyone with enough admin rights on their end. All apps should be end-to-end encrypted going into 2025. There’s no reason security AND privacy shouldn’t be included.

I’ve never seen constant login reminders, but I’ve only used it in a browser, and the Android/Window/Linux apps are you seeing it on iOS? Maybe its a bug? If you go to settings in the app and then click “Help and support” > “Report an issue” you can open a github issue. I’ve had really good success in getting issues resolved.