• Melody Fwygon@lemmy.one
    link
    fedilink
    arrow-up
    7
    ·
    3 months ago

    Wow.

    Even more shocking was the absolutely toxic reaction you got from sycophants.

    I love seeing your blogposts about cybersecurity; and I absolutely do appreciate that your blog isn’t just about cybersecurity.

  • SavvyWolf
    link
    fedilink
    arrow-up
    4
    ·
    3 months ago

    meanwhile, it is very unclear that any sidechannel attack on a libolm based client is practical over the network (which is why we didn’t fix this years ago).

    Wow… Uh, that’s certainly a thing for a developer to let slip out, huh?

    One thing I don’t get about Signal/Telegram/etc is that they claim to be secure and private… Yet also require you to prove your identity via a phone number? I don’t really get it.

    That would be a massive deal breaker to some people I want to push off Discord and is one of the reasons I haven’t tried Signal yet, but have tried Matrix.

    • Bunny
      link
      fedilink
      arrow-up
      2
      ·
      3 months ago

      signal no longer requires phone numbers as they have implemented a username system

      • SavvyWolf
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        I figured, but my question is: Why did it take them so long, especially for something that prides itself on privacy?

  • Ananace@lemmy.ananace.dev
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    3 months ago

    Well, this has certainly caused quite a bit of drama from all sides.

    I’m curious about the earlier audit of libolm which happened many years back (and by a reputable company), it feels like it should’ve found any potentially exploitable issues after all - including timing attacks.