• Soatok DreamseekerOPM
    link
    fedilink
    arrow-up
    6
    ·
    5 months ago

    This is a very technology focused view. In any user system, the users themselves have to be a consideration too.

    As I wrote here: https://furry.engineer/@soatok/112883040405408545

    My whole thing is applied cryptography! When I’m discussing what the bar is to qualify as a real competitor to a private messaging app renowned for its security, I’m ONLY TALKING ABOUT CRYPTOGRAPHIC SECURITY.

    This isn’t a more broad discussion. This isn’t about product or UX decisions, or the Network Effect.

    Those are valid discussions to have, but NOT in reply to this specific post, which was very narrowly scoped to outlining the specific minimum technical requirements other products need to have to even deserve a seat at the table.

    • l_b_i@yiffit.net
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      5 months ago

      I understand, but its all about framing. “What does it Mean to be A Signal Competitor”, well that is chat apps as that is the space signal occupies. That might not be what space it occupies to you, but that is the space it occupies. “What does it take to compete with Signal’s Security” frames the argument to one component, and I would probably have a very different response to that framing. Because of the framing, your argument comes across as “don’t talk about use case, its not worth my time.” I understand this is because your focus is the cryptographic security, but threat modeling and Human factors has to be a consideration of an overall security posture. Congratulations, you have the best cryptography, but if its not usable, the cryptography doesn’t matter, if the users are the weakness, the cryptography doesn’t matter, if nobody is willing to use it because its missing a key user feature, the cryptography doesn’t matter.

      I know enough about cryptography to know to leave it to the experts. I know about hardware power side channels, I know several exploits have been implementation based and not cryptography based, and I know vulnerability does not always mean an exploit

      • Soatok DreamseekerOPM
        link
        fedilink
        arrow-up
        2
        arrow-down
        2
        ·
        5 months ago

        The framing is as follows:

        Matrix, OMEMO, whatever.

        If it doesn’t have all these properties, it’s not a Signal competitor. It’s disqualified and everyone should shut the fuck up about it when I’m talking about Signal.

        That’s the entire point of this post. That’s the entire framing of this post.

        If that’s not personally useful, move on to other things.

        • l_b_i@yiffit.net
          link
          fedilink
          arrow-up
          4
          arrow-down
          2
          ·
          5 months ago

          I understand your point of view, but whether you like it or not, your title will be viewed as the framing. “What Does It Mean To Be A Signal Competitor?” At a surface reading, it seems to me what that means to you is very different from what that means to others.

          I assume you probably wrote it along the lines of “What does it mean for an E2E encrypted protocol to compete with Signal on a technical level”

          Others read it as “what does it mean to compete with the signal app” and there is no additional depth to security.

            • Orion (awooo)
              link
              fedilink
              arrow-up
              2
              arrow-down
              1
              ·
              5 months ago

              I think what they mean is that someone unfamiliar with your line of work might even read the entire post and come away with it with the view of “Okay, and?” since the title told them this was going to be about “What Does It Mean To Be A Signal Competitor?”

              The problem there is that what Signal is is different to different people, someone might for example use it like any other chat application, in which case even something like Telegram (ew) or Discord could be an alternative to them.

              Again, if someone is familiar with your blog, they’ll know what you mean, but the blog post can be viewed by someone in isolation, in which case it won’t be so clear, especially since it’s also in relation to moving off of Telegram, which is not an E2EE platform at all by default

              • Soatok DreamseekerOPM
                link
                fedilink
                arrow-up
                1
                arrow-down
                2
                ·
                5 months ago

                If they actually read the whole thing, including the addendum, there should no longer be any confusion.

                As a rule, I never change titles after pressing Publish.