Security is extremely important, but it is not the only concern one should have when considering the design of a global communications infrastructure.
I worry a lot more about not having one single actor responsible in dealing for the communication of millions of people than about "quantum-resistant encryption".
> I worry a lot more about not having one single actor responsible in dealing for the communication of millions of people than about "quantum-resistant encryption
I'm glad you worry about this. Me and other people have other priorities.
You're putting an awful lot of effort into projecting your values onto other people, which is a bit weird.
Did you watch "The Big Short"? You are sounding like one of those jocks-turned-real-estate agents that are bragging about how easy it is to make money and thinking the analysts were idiots.
> You're putting an awful lot of effort into projecting your values onto other people.
We live in a world where people are bullied for not using iPhones and showing up with different bubble colors on the chat apps and family members will refuse to call you on the phone and only accept you if you use WhatsApp.
All I am saying is "please let's not collectively put ourselves in the hands of any single entity". Are you sure I'm the one projecting values, here?
Genuine question: Does Tor fall under the definition of federation? Either way, a Tor-like model would have security benefits over a centralized system like Signal, right?
Tor is distributed, not federated. And it has drawbacks, like high latency and a lack of a centralized system for human-friendly names (because that would mean a system like DNS, which is centralized). As far as security goes, there's probably little benefit. E2EE doesn't get more secure because there's more encryption.
The most comparable system to Tor that has practical properties I can think of is maybe ipfs, but nobody will store your encrypted chat blobs for you out of the goodness of their hearts. Ipfs also tends to have high latency. A slow system of uncooperative nodes isn't what you want your messaging app built on.
A federated messaging system looks a lot more like Matrix. The obvious problems are that splitting users up over multiple nodes mean encrypted data doesn't live on your instance, it lives everywhere the people are you chat with. Another problem is what you see with bsky, where identifiers come with a domain name (like an email).
IRC is also federated (sort of), and there's a long list of tired, age-old problems. The most common one is simple: different servers have different features, so you can't reliably "just use it" like you can with Signal.
Because code is law, centralized systems that grow bigger than the polity they started in are inherently problematic. See Facebook in Burma/Myanmar as one recent infamous example.
Security is extremely important, but it is not the only concern one should have when considering the design of a global communications infrastructure.
I worry a lot more about not having one single actor responsible in dealing for the communication of millions of people than about "quantum-resistant encryption".
> I worry a lot more about not having one single actor responsible in dealing for the communication of millions of people than about "quantum-resistant encryption
I'm glad you worry about this. Me and other people have other priorities.
You're putting an awful lot of effort into projecting your values onto other people, which is a bit weird.
> Me and other people have other priorities.
Did you watch "The Big Short"? You are sounding like one of those jocks-turned-real-estate agents that are bragging about how easy it is to make money and thinking the analysts were idiots.
> You're putting an awful lot of effort into projecting your values onto other people.
We live in a world where people are bullied for not using iPhones and showing up with different bubble colors on the chat apps and family members will refuse to call you on the phone and only accept you if you use WhatsApp.
All I am saying is "please let's not collectively put ourselves in the hands of any single entity". Are you sure I'm the one projecting values, here?
1 reply →
Genuine question: Does Tor fall under the definition of federation? Either way, a Tor-like model would have security benefits over a centralized system like Signal, right?
Tor is distributed, not federated. And it has drawbacks, like high latency and a lack of a centralized system for human-friendly names (because that would mean a system like DNS, which is centralized). As far as security goes, there's probably little benefit. E2EE doesn't get more secure because there's more encryption.
The most comparable system to Tor that has practical properties I can think of is maybe ipfs, but nobody will store your encrypted chat blobs for you out of the goodness of their hearts. Ipfs also tends to have high latency. A slow system of uncooperative nodes isn't what you want your messaging app built on.
A federated messaging system looks a lot more like Matrix. The obvious problems are that splitting users up over multiple nodes mean encrypted data doesn't live on your instance, it lives everywhere the people are you chat with. Another problem is what you see with bsky, where identifiers come with a domain name (like an email).
IRC is also federated (sort of), and there's a long list of tired, age-old problems. The most common one is simple: different servers have different features, so you can't reliably "just use it" like you can with Signal.
Because code is law, centralized systems that grow bigger than the polity they started in are inherently problematic. See Facebook in Burma/Myanmar as one recent infamous example.
2 replies →