← Back to context

Comment by Jerry2

6 years ago

I saw Moxie Marlinspike's talk when it was posted on CCC's official channel [1] and was disgusted by it. The talk has been now censored and video was made private. It was one of the most defeatist talks I've ever come across when it comes to messaging and privacy. His message was basically that anything you do is pointless and that his and WhatsApp/Facebook's way is the right one.

I've used Signal on few occasions in the past but his talk made me uninstall it. I simply do not trust him after hearing his opinions. I do not support centralization and other ideals he's now pushing (including the use of a phone number as Signal's primary ID).

The talk was mirrored on few channels on YT [2] and you can still see it.

[1] https://www.youtube.com/watch?v=DdM-XTRyC9c (it's a private video now)

[2] https://www.youtube.com/watch?v=Nj3YFprqAr8 (working link, who knows for how long so mirror it).

23 comments

Jerry2

Reply
slipheen  6 years ago

I don't particularly like a centralized model either. Federation is much more difficult, but can create ecosystems which can survive longer/better than a single company can.

But on the specific issue of phone numbers as ID, they have been making some substantial progress on a technological solution to address this, specifically without running central servers.

https://signal.org/blog/secure-value-recovery/

tptacek  6 years ago

You were "disgusted" by the talk? The controversial parts were spelled out in a post Moxie wrote 3.5 years ago, with the same title. The only deviations are new privacy-preserving features Signal is building, one of which is intended to address the most common objection to Signal (the use of phone numbers as identifiers).

The talk wasn't "censored"; the conference made a mistake by recording and posting it in the first place.

ATsch  6 years ago

I think if Moxie had framed this from a perspective of "centralization has some advantages, so how can we make a centralized service as safe as possible" the outcry would be much less. Because signal is genuinely doing some very great stuff in that area. But the framing as a dismissal of decentralized solutions as unworthwhile is very frustrating, especially when it so transparently overlaps with his business interests.

alerighi  6 years ago

Yea, how can we talk about privacy of a service that I need to register with a phone number (and in my country to register a phone number is obligatory to give your ID and signature, you can't activate a SIM card anonymously)

Centralized services should be avoided for a multitude of reason, the primary one is being dependent on some company that offers you the service and can and probably will shut down one day, with the result of loosing all the things you had on that service.

Look at the past, how many centralized services closed down and we lost all our data? Instead decentralized services are still up and running: email, usenet, IRC, even if unfortunately a bit forgotten these day (with the exception of email, even if most of people uses GMail anyway so it's in fact centralized...)

giancarlostoro  6 years ago

Wire seemed like a decent alternative where you're not required a number, I think only an email. Also you can delete your account.

  • tptacek  6 years ago

    It's fine, but you should know that pretty much everything Moxie and Signal talk about contrast sharply with Wire. For instance: last I checked, Wire stores your entire social graph on their servers in a database --- effectively forever, Wire stores a plaintext log of everyone you've communicated with.

    • xorcist  6 years ago

      To be fair, since there is no remote attestation possible for the Signal servers, and you realistically can't run one yourself, you only have their word that they don't store any of that information.

      This is similar guarantees that a lot of other chat and VPN companies offer. Personally I would consider any information given out to a company non-secret, especially to those operating outside my jurisdiction.

      10 replies →

  • cren  6 years ago

    I read on a privacy-oriented website that Wire was purchased by an American company not trusted for its record on privacy (or perhaps it was that since the company is American, their data can be read by the US govt.). I can't find it now though. There isn't anything mentioning it on the website of `www.privacytools.io`: https://www.privacytools.io/software/real-time-communication...

    • giancarlostoro  6 years ago

      I never continued with Wire cause... nobody uses it, even less people use it than Signal. I think Keybase is the next best thing to some extent.