Recent searches
Search options
Administered by:
@kkarhan xmpp has almost no good clients and yet the ux is still better with it compared to element or any other matrix client
@hexaheximal @kkarhan i already use cinny
@hexaheximal @esm Why would anyone want that anyway?
There are native #XMPP+#OMEMO client for literally any relevant platform!
https://mstdn.social/@kkarhan/111404942780525408
Any #E2EE #Messenger with #SelfCustody of all Keys should be considered security-sensitive and thus should not he used as a #WebApp.
Also #ChromeOS supports #Android-Apps and if you don't have administrative privilegues on a machine then consider it insecure and nit trustworthy for yourself as a user!
@kkarhan @esm Not all chromeos devices do. (e.g. ones where apps are restricted by management), and there are still other scenarios where a web app is the best/only way to do it. #ArgumentValid
Back in the 90s, Bill Gates infamously decided to kill Netscape. He did it because he knew that web apps would make the operating system irrelevant.
While his solution was wrong, he correctly predicted that web apps were going to take over.
Look at all of the desktop apps which are just Electron wrappers now too. It's very common. (and before you say that electron is bad and discard it, which is likely, https://github.com/nukeop/nuclear/blob/master/docs/electron.md)
> Any #E2EE #Messenger with #SelfCustody of all Keys should be considered security-sensitive and thus should not he used as a #WebApp.
This is irrelevant too. Browsers have really good sandboxing nowadays, and on chromium you can even create multiple profiles within the UI. The reality is that, as long as the client-side code can be trusted (reminder that you can self-host element and/or cinny if you don't trust it - I've done that before) as well as the browser itself, it's about the same in terms of security.
You are fighting against reality.
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world
You may call me a #minimalism evangelist but
everytime something that could've been barely Megabytes as an #AppImage, #FlatPak, #Snap or Kilobytes as a #CLI tool instead shoves yet another entire half gig copy of the #Bloatware-#Browser that is #Chromium onto the Desktop despite using not even 0,1% of it's featureset
I call this a systemic failure in Software Architecture.
Browsers are the most attacked applications on #Linux beyond CMSes and Webservers...
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world ...and even if we think local #WebApps are a legitimate way to handle sensitive comms - they ain't but let's just assume they are for the sake of argument - WHY would you do anything beyond a .desktop file that includes startup parameters for #Firefox (or even #Chrome if you're that kind of Cyber-Masochist!) that specify the browser, and the file to load.
Because any good #WebApp should be reduceable as #HTML5 + #JS6 + #CSS3 and measured in kB or maybe a few MB.
@kkarhan@mstdn.social@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world Shit like #Discord is an abomination and #Microsoft only won because regulators are systematically dysfunctional, corrupt and staffed with #TechIlliterates, otherwise all the #GAFAMs, #Adobe and #Autodesk among others would've been forcibly disbanded the same way #StandardOil was.
Microsoft feared #Linux but nowadays they basically gave up on #Desktop and #Server OSes since #Xbox, #Office365 & #Azure make the real profits & margins!
https://blob.cat/objects/29e2ce65-026f-4fb6-aa2a-2de2c1ebe4c5
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world Like #Atlassian & #Adobe & #Autofesk before them, #Microsoft is working hard to forcibly #Subscription-ize & #Cloud-ify (aka. #Enshittify) their products and subsequently cancel any #OneTimePurcase, #OnPremise / #SelfHosting and #LocalInstall options until there's only #Microsoft365 / #Office365 as a #WebApp with no control over anything whatsoever...
And OFC that'll be weaponized against anyone and everyone!
https://twitter.com/frank_rieger/status/999319383917957121
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world
So yeah, don't trust any #WebApp where it's trivial to siphon away credentials.
And don't trust any #Service, because they WILL LIE TO YOU just like the #Honeypots of #ANØM and @protonmail did/still do.
Keep your keys in self-custody and encryption as well as decryption locally or don't even bother at all!
And I'd certainly not do critical comms from an insecure device where I don't have full control!
http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/547af5650b3853a3b24e
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world @protonmail I do work on getting that part fixed...
https://github.com/KBtechnologies/PocketCrypto
In the meantime, learn #OpenPGP / #GnuPG (#PGP/MIME) and/or #XMPP+#OMEMO...
Tools like #enc make it even easier to do so...
https://github.com/life4/enc
Just like #gpa and #Kleopatra on #GUI Desktops or #OpenKeychain on #Android...
@kkarhan Wait, what did ProtonMail do wrong?
1. ProtonMail is not a honeypot. No idea where you got that from.
2. Dead onion link. I actually went out of my way to try it but it lead to nowhere.
3. I already told you that you can simply self-host Element and Cinny.
4. Now, consider, what if a native app does something malicious that's not possible in a browser sandbox. ;)
@hexaheximal@blob.cat @protonmail @esm @hexaheximal@wetdry.world
1. People said the same about #CryptoAG...
And sadly my gut feeling and the Intel I get is way more reliable than marketing lies.
Let's just say if I was wrong I'd already be dead a dozen times...
2. It's not dead, because I can just open it, even on Mobile.
@hexaheximal@blob.cat @protonmail @esm @hexaheximal@wetdry.world
YOU LITERALLY EDITEC THAT POST AFTER I REPLIED TO YOU!
Now fuck off asshole!
https://blob.cat/objects/571db7e3-9625-431c-bdd1-22c3d71a7726
@hexaheximal@blob.cat @protonmail @esm @hexaheximal
3. Why would I want to self-host #Matrix when it doesn't provide me with any convincing benefits compared to #Zulip, #XMPP+#OMEMO or even #IRC.
4. It's easier to audit a small, native app and even sandbox it into a single user that has literally 0 privilegues because a higher layer that doesn't allow said user to interact with it constricts it.
[Thats's literally done with #Webservers and #Databases where they're run as dedicaded users which have no privilegues excpet their own use-cases
Ok, the Gaslighting seems to be a issue of the federation...
On our server it looks like the order is: Posted, Edited, Answered.
But that doesnt mean that its the same Order for mstdn.social or even in both of your clients.
I know you both wont agree and you dont need to agree, thats fine. I rather suggest to both of you that you keep in mind that Federation has latency, Edits could easily missed and also certain Clients dont display Threads in a intuitive way.
And just to mention, even if it is Gaslighting, it needs more than just once in a heated discussion so that i take actions.
This could mean one of two things:
- On the backend, it updated, but it didn't live-refresh on the frontend.
- Somehow, it managed to have the post come in afterwards but the timestamp does not reflect that.
@kkarhan @hexaheximal@blob.cat @esm @hexaheximal@wetdry.world
There is no comparison between Crypto AG and us. Our encryption occurs client-side, our cryptographic code is open source ( https://proton.me/community/open-source ), and our tech can and has been independently verified. More about this here: https://proton.me/blog/is-protonmail-trustworthy.
I've even looked at the network requests while using protonmail, and the messages are indeed encrypted. However, the subject and other metadata is not. Unfortunate, but understandable considering it's PGP, which does not encrypt metadata afaik.
@hexaheximal Yes, PGP has its limitations. However, PGP allows for interoperability and, being open source, it has security advantages. We are working on improving it too: https://proton.me/blog/openpgp-crypto-refresh