this post was submitted on 05 Aug 2023
5 points (100.0% liked)

Technology

59534 readers
3197 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

It will be open source, end to end encrypted using Signal’s double ratchet encryption protocol, and he plans to make it easy for fediverse platforms to integrate it. The beta will release later this month.

He’s also the creator of https://fedidb.org btw

top 25 comments
sorted by: hot top controversial new old
[–] ren@lemmy.world 2 points 1 year ago (4 children)

While I doubt I could get my friends and family on yet ANOTHER messaging app in the year of our lord 2023.

Sup. Is a fucking brilliant name.

[–] Annoyed_Crabby@monyet.cc 2 points 1 year ago (1 children)

Could be a fantastic way to replace dm, that's my first thought.

[–] Magiwarriorx@lemmy.world 1 points 1 year ago (1 children)

I remember idly wondering how DMs worked in Lemmy, and I was kinda shocked when I realized they aren't secure.

[–] aloso@programming.dev 1 points 1 year ago

"secure" is relative. They may not be e2e encrypted, but they are still encrypted via TLS, like any HTTPS traffic. It's the same encryption used for online banking. If you care about your instance admin being able to read your messages, you should use Signal or a Matrix client though.

But remember that only a few years ago, almost nobody used e2e encryption, and it wasn't much of an issue.

[–] garretble@lemmy.world 2 points 1 year ago (4 children)

I personally hate the name, but only because I had a roommate in college who would start every conversation with “sup.”

On text messages, IMs, in person, you name it. It really started to get under my skin.

But I hope the software is good.

[–] HughJanus@lemmy.ml 2 points 1 year ago (1 children)
[–] garretble@lemmy.world 1 points 1 year ago (1 children)

Yep. That’s what he’d do. So basically he’d always want you to start the conversation.

[–] HughJanus@lemmy.ml 2 points 1 year ago

No man, you're just supposed to say "Sup." back to them and then repeat ad nauseum.

[–] Rodeo@lemmy.ca 1 points 1 year ago

I might know that guy lol

[–] TheGreenGolem@lemm.ee 1 points 1 year ago

So, you're playing a little Playstation, huh? That's whack. Playstation is whack. 'Sup with the whack Playstation, 'sup?

[–] shevek@lemm.ee 1 points 1 year ago

(what')SUP 🤪

[–] weedazz@lemmy.world 1 points 1 year ago

Double rachet encryption protocol is also rather dope

[–] jungekatz@lemmy.world 1 points 1 year ago

I think it will integrate with the existing fediverse

[–] Jackthelad@lemmy.world 2 points 1 year ago

I just saw this on Mastodon and was about to post it here. 😄

Pretty cool idea. Though I'm not looking forward to trying to convince my friends to switch to yet another new platform. 😂

[–] PineapplePartisan@lemmy.world 1 points 1 year ago (1 children)

I’m not leaving Signal until someone implements keeping data at rest encrypted on both ends and requires multi factor unlock (bio+pin is my choice).

So sick of E2E clients that leave the data in plaintext on the devices and then back it up in plaintext to the cloud.

[–] outdated_belated@lemmy.sdf.org 0 points 1 year ago* (last edited 1 year ago) (1 children)

Does Signal back up in plaintext in the cloud? (If so that doesn't sound like E2E encryption… unless the 'ends' are uh… also constituted as the cloud itself which is… defeating the purpose).

Where do the pub/ private keys live, exactly, tbh. (Assuming it is asymmetric encryption that they use?)

Edit: ah, misread. I thought you said that you were not joining it due to it storing plain text in the cloud.

[–] dinckelman@lemmy.world 1 points 1 year ago (1 children)

Signal doesn't store any of your chats at all. They're all on-device by design

[–] XaeroDegreaz@lemmy.world 1 points 1 year ago* (last edited 1 year ago) (2 children)

Hm... If they're not being stored on the cloud, that means offline users would never receive messages, unless Signal is purely P2P. I haven't looked at the project, or the source, but I find it hard to believe -- you can't really do user lookups without some sort of middleware in the cloud.

[–] dinckelman@lemmy.world 1 points 1 year ago (1 children)

All the data they have on any specific user is the account creation date, and the last online timestamp. They've already done loops around this topic in the DOJ.

And I thought it should be obvious that an online service doesn't work if you're offline

[–] XaeroDegreaz@lemmy.world 1 points 1 year ago

Yeah, but messengers, such as WhatsApp for instance, will send you missed messages once you're back online. That's what I was referring to.

[–] KLISHDFSDF@lemmy.ml 1 points 1 year ago (1 children)

You're right, Signal is not P2P. The way Signals messaging pipeline works is like this - note I'm oversimplifying it for accessibility.


Sending a message to Bob

  1. You press Send.
  2. The message is encrypted on your device with a key that can only be unlocked by Bob.
  3. The message is then "sealed" so that there's only a "deliver to" field visible (not a "from").
  4. The "deliver to" field is addressed with a hashed/salted label for Bob - this means Signal's server can see its a unique user, but not what their name is.
  5. The message is finally sent to Signal's servers.
  6. Your message sits on Signals servers until it can be delivered to the intended recipient.

you can’t really do user lookups without some sort of middleware in the cloud.

See their blog post about Private Contact Discovery, they've spent a long time figuring out how to engineer a method to know as little as possible about you.

[–] InfiniteStruggle@sh.itjust.works 1 points 9 months ago

Thanks for the explanation.

[–] vacuumflower@lemmy.sdf.org 1 points 1 year ago

Desktop fscking client, please. Not electron based would be nice, yes? QT is good.

ICQ-style or old Skype-style user directory would be wonderful too. VoIP is not something I'd care about, file transfers are.

This is cool.

[–] corsicanguppy@lemmy.ca 0 points 1 year ago (1 children)

He’s also the creator of https://fedidb.org btw

I don't get it. It's a blank page. Is there some obsolete tech I need to re-enable?

[–] tate@lemmy.sdf.org -1 points 1 year ago

Not blank for me. I see a bunch of graphs and statistics about the fediverse.