Thanks, this would be helpful. I will follow on by recommending that you always make it a point to note how user freedom will be preserved, without using obfuscating corpo-speak or assuming that users don’t know what they want, when planning or releasing products. If you can maintain this approach then you should be able to maintain a good working relationship with the community. If you fight the community you will burn a lot of goodwill and will have to spend resources on PR. And there is only so much that PR can do!

Better security is good in theory, as long as the user maintains control and the security is on the user end. The last thing we need is required ID linked attestation for accessing websites or something similar.

I have seen anti-Signal FUD all over the place since it was discovered that protesters have been coordinating on Signal.

Here’s the facts:

- Protesters have been coordinating using Signal

- Breaches of private Signal groups by journalists and counter protesters were due to poor opsec and vetting

- If the feds have an eye into those groups, it’s likely that they gained access in the same way as well as through informants (which are common)

- Signal is still known to be secure

- In terms of potential compromise, it’s much more likely for feds to use spyware like Pegasus to compromise the endpoint than for them to be able to break Signal. If NSA has a Signal vulnerability they will probably use it very sparingly and on high profile foreign targets.

- The fact that even casual third parties can break into these groups because of opsec issues shows that encryption is not a panacea. People will always make mistakes, so the fact that secure platforms exist is not a threat in itself, and legal backdoors are not needed.

The downside of opsec is that it breeds paranoia and fear about legal, civic participation. In a way, bullshit investigations like this are an intimidation tactic. What are they going to find - a bunch of Minnesotans that were mad about state-backed killings?

Also the current US government think it’s secure enough for their war planning!

They actually used a hackish third party client (interesting since Signal forbids those) which stores message logs centrally, assuming it’s for required USG record keeping. Turns out that it’s possible to invite unwanted guests into your chat whether you’re a protestor or a government official. (It also appears that government contractors still write shitty software.)

Feds and ICE are using Palantir ELITE.

That’s only for targeting. From what I understand ELITE does not include device compromise or eavesdropping. If feds want to compromise a device that has Signal, they would use something like Pegasus that uses exploits to deliver a spyware package, likely through SMS, Whatsapp, or spear phishing URL. (I don’t actually know which software is currently in use but it would be similar to Pegasus.)

As mentioned by someone else, they just need to take the phone of a demonstrator to access their signal groups.

https://freedom.press/digisec/blog/new-leaks-on-police-phone...

True, physical interception is probably the easiest method, at least for short term access. Once the captured user is identified and removed from the group they will lose access though.

It will just go underground. Maybe that will make it fun again.

I once rented a place where you needed either a decent credit rating or three months of full bank statements to prove income. (Paycheck stubs were not deemed sufficient.) Very invasive, fortunately I passed the requirements and didn’t need to provide that info.

No, we “hackers” will mock it and develop workarounds for it, leak ID databases to undercut support, etc. Worst case we move to sneakernets and meshes and teach kids about old school floppynets. (When I was a kid all the best stuff came by floppy, sometimes by rogue BBS.) More likely we’ll just distribute guides on using Tor and build a better ecosystem around it.

I mean.. Tor isn't gonna help you if there's no computers. We already got smartphones banned from schools. Work in progress.

Listen to yourself. You are a fanatic.

What are you going to ban after that?

Taking away "social media" didn't work? We'll take away VPNs!

Taking away VPNs didn't work? We'll take away ALL THE COMPUTERS!

This is the path of the fanatic.

He’s a troll, see other comments. Downvote and move on. (I wish I had.)

These are not the same people. I doubt that most of the people pushing for mandatory restrictions on child access care about privacy at all.

You will be surprised by the number of people (even among self proclaimed libertarians) who think children have no rights and are essentially their parents' properties.

Granted, but that's different than thinking they're the states property.

Thanks for mentioning NNCP, it doesn’t get enough attention.

I am hoping more tools will be built on top of it, with good tolerance for asynchronous/offline networks, particularly for communication and social. We may need it soon elsewhere.

Mail over NNCP works well as you mentioned because mail is already asynchronous. Maybe Delta Chat over NNCP is worth a try.

Yes, the “value” being centralizing identity and access so OFCOM and GHCQ can finger dissenters more easily.

the UK already forces ISPs to hold a database of the hosts you have visited in the last three years. By implementing the laws in the way they currently are doing undermines their own legislation by pushing UK users into having a tangible reason to hide their their browsing patterns from UK networks by funneling their traffic through VPNs or other proxies to avoid age gates.

Tin foil aside, my issue is that they're not even good at what they're trying to do. Their policy is inconsistent with their aims and lacks technical strategy. You think they're worried about dissenters when in practice they're more worried about elections in 2029 and whatever pearl clutching users post on mumsnet.

> the UK already forces ISPs to hold a database of the hosts you have visited in the last three years. By implementing the laws in the way they currently are doing undermines their own legislation by pushing UK users into having a tangible reason to hide their their browsing patterns from UK networks by funneling their traffic through VPNs or other proxies to avoid age gates.

People had tangible reasons before having to avoid age-gates. You should not have people spying on your online activity.

> Tin foil aside, my issue is that they're not even good at what they're trying to do. Their policy is inconsistent with their aims and lacks technical strategy.

Good, I don't want them to be good at what they are doing.

> You think they're worried about dissenters when in practice they're more worried about elections in 2029 and whatever pearl clutching users post on mumsnet.

They can be be worried about both. They are capable of being concerned about two different things at the same time.

Many of these governments are directly funded and directed by said corporate fascists. The opposition is hardly much better. There’s no good guys at the state level here.