Login

Recent searches

No recent searches

Search options

Not available on social.wildeboer.net.
social.wildeboer.net is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon instance for people with Wildeboer as their last name

Administered by:

Server stats:

2
active users

social.wildeboer.net: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

Jan Wildeboer 😷:krulorange:

"if you need a tool to communicate privately with your friends and family–even if your chats are boring, mundane, and totally legal– is the best damn choice I can recommend."

is the conclusion after 6 parts of detailed and well explained code review that starts at soatok.blog/2025/02/18/reviewi by @soatok

(Yes, I read all 6 parts. No, I don't claim to understand more than the basics of cryptography, which is why yes, I have to and do trust the author on their conclusions)

Our Review Roadmap Given what we’ve covered above, the targets of interest are as follows: 1. The Rust implementations of cryptography in libsignal. - Libsignal uses curve25519-dalek under-the-hood. - For actual encryption, they use a lot of RustCrypto. - Key transparency is relatively new, and of particular interest to me. - The actual Signal protocol, which now uses post-quantum cryptography. - The zkgroup and zkcredential features, which involve zero-knowledge proofs and are paramount to Signal’s server software not being able to know who is in which group. - The account keys and usernames features, since the privacy surrounding phone numbers is important to most Signal users. - Secure Value Recovery v3. If we can find a vulnerability in a recovery system, that will definitely be high-impact. 2. The bridge code, which enables libsignal to be used in other programming languages. 3. Cryptography implemented in Signal for Android, where it doesn’t just punt to libsignal. 4. Cryptography implemented in Signal Desktop, ditto. 5. Cryptography implemented in Signal for iOS, as with the previous two.
Feb 19, 2025, 10:08 AM·Public
18boosts·27favorites
Public
Kevin Karhan :verified:

@soatok @jwildeboer I still disagree because it completely ignores @signalapp being #centralized, #SingleVendor & #SinglePrivider, demanding #PII in the form of a #PhoneNumber, being able and willing to restrict functionality based off that and being subject to #CloudAct.

  • And with #Trump's regime going apeshit, the #USA are more and more a #risk factor!
#trump#usa#risk
Public *
Kevin Karhan :verified:

@FerdiMagellan @jwildeboer @soatok I use #XMPP+#OMEMO, more specifically, @monocles / #monclesChat & @gajim / #gajim!

docs.monocles.eu/apps/chat.app/

  • Another option that may be interesting if you are a business/org & need archival support (and have existing #eMail infrastructure) is @delta / #deltaChat, which is easy to bring into #compliance with #GoBD / #HGD and similar #Archival mandates for professional/business comms.
docs.monocles.eumonocles chat - monocles Documentation
#deltachat#compliance#gobd
Public *
Nicoco

European #antifascist recommending to use a service running in a fascist-turning country on servers owned by a fascist-friendly billionaire? This is weird.

Focusing solely on the E2EE misses a lot of points, one of those being that with #signal the ends have to be Android or iOS ~spyphones~ smartphones, which is not really something you can have 100% trust into IMHO.

ExploreLive feeds
About