top | item 46646627

(no title)

kfreds | 1 month ago

It’s exciting to hear that Moxie and colleagues are working on something like this. They definitely have the skills to pull it off.

Few in this world have done as much for privacy as the people who built Signal. Yes, it’s not perfect, but building security systems with good UX is hard. There are all sorts of tradeoffs and sacrifices one needs to make.

For those interested in the underlying technology, they’re basically combining reproducible builds, remote attestation, and transparency logs. They’re doing the same thing that Apple Private Cloud Compute is doing, and a few others. I call it system transparency, or runtime transparency. Here’s a lighting talk I did last year: https://youtu.be/Lo0gxBWwwQE

discuss

unknown|1 month ago

[deleted]

stavros|1 month ago

I don't know, I'd say Signal is perfect, as it maximizes "privacy times spread". A solution that's more private wouldn't be as widespread, and thus wouldn't benefit as many people.

Signal's achievement is that it's very private while being extremely usable (it just works). Under that lens, I don't think it could be improved much.

maqp|1 month ago

>Signal's achievement is that it's very private while being extremely usable (it just works).

Exactly. Plus it basically pioneered the multi-device E2EE. E.g., Telegram claimed defaulting to E2EE would kill multi-client support:

"Unlike WhatsApp, we can allow our users to access their Telegram message history from several devices at once thanks to our built-in instant cloud sync"

https://web.archive.org/web/20200226124508/https://tgraph.io...

Signal just did it, and in a fantastic way given that there's no cross device key verification hassle or anything. And Telegram never caught up.

attendant3446|1 month ago

It's not perfect simply because it's a mobile-first app. That's Signal's main problem.