Hacker News new | ask | show | jobs
by Aachen 1990 days ago
I'd rather go with cryptanalysis and/or audits than big names. Both protocols are old enough now to have had ample opportunity.

And I can't tell if Moxie really means to improve the status quo or works for some three letter agency and builds just enough metadata opportunities into popular messengers and opportunistic encryption into WhatsApp to be helpful without being suspicious. To avoid redundancy, I posted these only yesterday and it includes some of the reasons: https://news.ycombinator.com/item?id=25669531 https://news.ycombinator.com/item?id=25669267

They don't cover everything unfortunately but I'm also getting annoyed with the ephemerality of HN. What's posted last week is forgotten and never looked at again. I can try to find old posts that cover it or type it all out again (and it's a big claim so very few people will even take the time to read a big comment with reasons in the middle of another thread). I'm also not denying he does good stuff, just that there are enough weird opinions (decentralization = evil, anybody but us = evil, bug bounties = evil...) that I carefully look at what he makes and would rather there were better alternatives than their central servers.

Signal is still the only realistic messenger to use for good security and usability, unfortunately. Wire is a good second but Signal is definitely more smooth and I'd still recommend that to the general public, with the asterisk that it's an American company and that they should try Matrix if they're feeling adventurous (Wire falling somewhere in the middle, at that point you might as well try Matrix).
3 comments
UncleMeat 1990 days ago
> And I can't tell if Moxie really means to improve the status quo or works for some three letter agency and builds just enough metadata opportunities into popular messengers and opportunistic encryption into WhatsApp to be helpful without being suspicious.

Moxie is an anarchist (or near to it) and has been so for a long time. Secretly working for the NSA would be a stupendously long con.

link
Aachen 1990 days ago
Might not have been planed from the get go. But let me quote myself from a sibling comment:

> it's more of a hyperbole than something I truly suspect. It's just that their opinions are in line with the hacker community 50% of the time, and in line with surveillance organisations the other 50% of the time. Of course, he always has some reason for having the opinion, it's all covered up just fine, so it could also be perfectly legit. It's just weird to argue both sides at the same time.

His being an alleged anarchist, how does that hold with the prohibition for forks to use Signal's servers? Or the insistence that Google is the only place you should get the apk from? Shouldn't we all build from source, not trust a central distribution point? They argue both sides and I find it hard to tell what they really believe in.

That said, I definitely see your point and, as said, he does plenty things to improve the status quo. It's just his rejection of other things that would be even better.

link
guidingtunnel 1989 days ago
"Or the insistence that Google is the only place you should get the apk from?"

No, you can but are not forced to. There is compiled apk (that autoupdates) which you can get directly from their website.

https://signal.org/android/apk/

link
tpush 1990 days ago
> And I can't tell if Moxie really means to improve the status quo or works for some three letter agency and builds just enough metadata opportunities into popular messengers and opportunistic encryption into WhatsApp to be helpful without being suspicious.

As if Moxie having opinions that you don’t agree with is evidence for some covert NSA operation or some such. What nonesense.

link
Aachen 1990 days ago
Yeah it's more of a hyperbole than something I truly suspect. It's just that their opinions are in line with the hacker community 50% of the time, and in line with surveillance organisations the other 50% of the time. Of course, he always has some reason for having the opinion, it's all covered up just fine, so it could also be perfectly legit. It's just weird to argue both sides at the same time.
link
icy 1990 days ago
> And I can't tell if Moxie really means to [...]

Not a fan of Moxie either but you got a source for that?

link
Aachen 1990 days ago
Sorry, was still editing in a bit of context, please see the current version. If there is anything in particular feel free to ask, but the whole analysis is more of a submission of its own that I'm not sure I'm up to writing today.
link
icy 1990 days ago
No this is fine. I fully agree with your points and that's precisely why I'm not a fan of his. But yeah, Signal is the shiniest turd we have for secure messaging that's normie (as in not someone in tech) friendly.
link