Buy European
Overview:
The community to discuss buying European goods and services.
Rules:
-
Be kind to each other, and argue in good faith. No direct insults nor disrespectful and condescending comments.
-
Do not use this community to promote Nationalism/Euronationalism. This community is for discussing European products/services and news related to that. For other topics the following might be of interest:
-
Include a disclaimer at the bottom of the post if you're affiliated with the recommendation.
Feddit.uk's instance rules apply:
- No racism, sexism, homophobia, transphobia or xenophobia
- No incitement of violence or promotion of violent ideologies
- No harassment, dogpiling or doxxing of other users
- Do not share intentionally false or misleading information
- Do not spam or abuse network features.
- Alt accounts are permitted, but all accounts must list each other in their bios.
Benefits of Buying Local:
local investment, job creation, innovation, increased competition, more redundancy.
Related Communities:
Buy Local:
Buying and Selling:
[email protected]
Boycott:
[email protected]
Stop Publisher Kill Switch in Games Practice:
[email protected]
Banner credits: BYTEAlliance
view the rest of the comments
No they don't. Signal does not get any metadata. Matrix servers get everything and more than any other messenger. Not even the profile is encrypt with Matrix.
Yeah no, that's not how it works. The closed source Signal server by definition gets the meta data on your chats. It's simply needed for it to do its job. When receiving the encrypted message contents the Signal server, at the moment of the IP connection, knows the identity of the sending party. It also must know the identity of the receiving party, else it would be very difficult to make sure the message reaches them.
That's the user graph right there. Now Signal says they don't log it, and I'm sure they don't (here's where you look up what a National Security Letter is btw). If I run my own Matrix server for me and my friends, I can prove that it doesn't log.
https://signal.org/blog/sealed-sender/
https://signal.org/blog/signal-profiles-beta/
I'm not aware of any equivalent implementation on Matrix.
Before making an uneducated comment you should at least read the source I shared and read the corresponding whitepaper explaining it. Your comment is a bit embarressing.
If you use a VPN (hiding your IP), Signal cannot build a social tree.
If you have any questions in particular feel free to ask.
I don't need to ask questions, I do this for a living.
I doubt that based on the little technical understanding you show.
But if you do, explain to us how they are able to build a social tree when the users involved use a VPN? (Note that Sealed Sender is enabled by default). If there is any novel security insight that you discovered please share it!
All Signal users use VPN? Amazing. Is that a requirement?
No. But you can. With Matrix you can't. The Matrix servers have a plethora of profile data and metadata in addition to public information like your IP. A VPN won't help you.
No, but running my own server will. Something I cannot with Signal.
No one uses Signal via VPN.
You message only people on your server? Because if not and if you federate your instance, selfhosting doesn't make a difference. Other instances will store your social graph. You're much more private using Signal even if you don't use a VPN. Since on Signal at least profiles are encrypted. And IPs change. You can only bind create a probabilistic social tree, vs on Matrix everything is bound to your account and your domain (which doesn't change).
I don't know why I'm even arguing with you. You clearly don't understand how the underlying technology and software works. You should read up on that before coming back to this thread. I'm only repeating myself here.
If you're allowed to fantasize about Signal users all using VPN then I can fantasize about people who need that level of security all using their own server, yes :)
Feel free to drop out of the discussion at any time.
You just misundestand how it works. If nobody uses a VPN Signal is still more secure and private. It simply encrypts more information that Matrix does. The IP address is marginal compared to what long-term identifiable data Matrix knows of your conversations (literally linked to a domain and username). Since Matrix is federated, selfhosing won't shield you from leaking that information.
Perhaps I simply know more about how it works than you do? :) A domain and a username is more easy to fake compared to never slipping up connecting with an identifiable IP.
Flat put lie anyone reading this thread can easily disprove by searching online.
Well then search and share it. I feel like you're some kind of shill that's payed to say these things. You have no technical understanding of how this works and you also won't share any sources whatsoever.
Sealed sender does depend on some degree on trust, but with the architecture being designed for multi-server cloud and message passing with minimal logging, no single server knows both the sender and receiver when sealed sender is used, which also makes it harder for anybody trying to compromise the servers to collect that kind of metadata because you have to compromise a lot of them to have a good chance of deanonymizing your target. That's likely to be noisy.
Matrix also expects you to trust the server to a degree.
Got to go fully Tor/I2P secured P2P to avoid that.
If you run your own Matrix server that is not an issue. Can you do the same on Signal? Short answer: NO
You're still trusting the other user's server regarding a lot of metadata
Same with Signal. More so as it is centralized. So yeah, bad argument at best.
It's in my household and I use it to interact with family members. I'm sorry... are you attempting a strawman with me?
Most people use it to talk to people outside their household
I highly suggest getting third party reviews instead of competitor reviews which are ALWAYS SLANTED. Not to mention Matrix based like Element and Fluffychat are Open Source. Unlike Signal. Not to mention Signal provided info to US authorities fairly recently.
Signal is open-source. Signal did not provide info to the US. They don't have any info to share anyways. And you can confirm that as their code is open-source. Them sharing data is mathematically impossible.
What are you on about? You seem to have no idea what you're talking about. Stop spreading unreferenced misinformation. If you have something that we don't know about share a source or prove it!
They had no choice due to a warrant. They did provide login information to the court and sat on it for a year before telling everyone.
Did you know that with Matrix based clients you can run your own server and instance for just you and your buddies? And the cops could confiscate your server at your house but can’t get anything, period, due to it being encrypted and yours.
Rmind us all again… is Signal on a centralized server?
Also, why are you pushing Signal from California?
You mean IP address? That's literally all they had. This is no breach. Your IP is public information when you use the internet. What are you saying exactly?
The same goes for Signal. They don't have any of your data and less metadata than Matrix. If the cops raid my Matrix instance they get profile information and social trees of all my users. They don't get that when raiding the Signal servers because of Sealed Sender and other precautions that Matrix doesn't implement. **It does not matter that Signal is centralized. **It changes nothing.
Making a service decentralized does not change anything about security. In fact, because of the constraints of federation, it's even less secure and private in some ways that cannot be avoided.
Also, I'm not pushing Signal. I'm responding to the misinformation being shared here.
Sorry, ignoring as you literally defended authoritarianism in another comment.
False information again. I just pointed out James Hobbes philosophical theories.
There is no need to dig into my profile and take comments out of context. But you defended Hitler in another comment. So there's that.
You choose to not respond to my comments in this thread? I think this proves that you do actually have no idea what you're talking about and you're just here to spread fudd and fake news. Average 5 day old Russian troll account.
You cannot prove that the code they release is the same as the code being run on their server.
What's a National Security Letter?
Yes you can prove the client! And for the server, you don't need to prove it! They can run extremely malicious code and it wouldn't change anything. That's the whole idea behind zero-trust security. You only need to verify that the client is secure and encrypts everything.
You shouldn't talk about things so confidently if you don't know the technical details of how it works.