Two Mozilla employees were involved in starting Let's Encrypt, and the Mozilla foundation is one of the sponsors, but as far as I can tell the foundation was not directly involved in creating it.
One of the more productive uses of all those millions of dollars that Mozilla received. These days, Let's Encrypt is more important than Mozilla... and would have no difficulty receiving donations to keep the service running. It also shows what a well run technical non-profit looks like!
I've found The Tangle (https://www.readtangle.com/ - no affiliation) to be a pretty balanced daily politics newsletter. They mentioned the Newsom veto today, and may address it later this week, though I don't know for sure.
This is the first thing I looked for on the website, FYI - any indication of what the long term plan for Yaak is. It might be worthwhile to put a note of "cloud sync coming soon" or something, or maybe I'm an outlier and it doesn't matter.
I've been using Bruno for a couple weeks on a project, and one thing that I've been enjoying is that I can save all the request configuration in files right next to the source, so they are part of the repository. I tried looking to see if you could do that with Yaak but just looking through the documentation, I didn't see any mention of it.
Oh wow, that's a name I've not heard in a long time.
Looks like the author of that released the larger editor (semware editor) for free https://www.semware.com/ some time ago. That was always the more expensive editor the kid version of me couldn't afford.
Stealing someone's phone number wouldn't give you any Signal data, as all the messages have perfect forward secrecy, though, right? And all contacts would see an alert that your security number had changed. Not completely foolproof, and I would like Signal to use something other than phone numbers for accounts, but it's pretty good.
Knowing someone's phone number is enough to potentially compromise it. Sophisticated methods can involve zero-click attacks, where just sending you an SMS that you won’t even see can lead to a compromised device. You can check how Tucker got his Signal conversation exposed.
Matrix is far better in terms of security than Signal, but Matrix is far behind compared to Telegram features.
You seem to be living on this weird balance of having no threat model. This is what your post implies
1. Signal is bad and insecure because registering user account requires giving a phone number.
2. Matrix is better, it fixes this by registering with emails (although emails also have zero click vulnerabilities)
3. Telegram is better than Matrix, it's more usable (even though it also requires a phone number like Signal)
So pick a lane, is requiring a phone-number a litmus-test for you or not. Is zero-click vulnerability something that needs to be addressed? How do you deal with malicious contacts or people in public groups sending zero-click links?
It isn’t about me picking a lane; I’m just stating things as they are. If you want a feature-rich chat and social app that has a user base too, but you don’t care much about security, go for Telegram. Although some might argue that chats aren’t encrypted, no one known has gotten in trouble because Telegram handed over their data. However, you should never rely on that and don’t trust any cloud-based service in general. Knowing that in advance makes it better so you treat it as you would any social media.
If you want security on the other hand but with fewer features and a smaller user base, go with Matrix. You don’t need an email, by the way; it’s optional (1).
Signal is just in the middle, lacking Telegram's features and Matrix's security, resulting in a weird abomination that I would never recommend to anyone. For a normal non-techie person, I would say go with Telegram, and if you care about security, use Matrix. Recommending Signal might give a false sense of security.
>no one known has gotten in trouble because Telegram handed over their data
The correct solution to sleeping with an axe struck on the roof above your bed isn't to not worry about it because axes coming loose on their own aren't a common occurrence. Telegram has no business in peoples' personal lives and it shouldn't be collecting that data.
Plus the risk of massive data breach is insane. I'm not sure if you know about the Finnish Vastaamo Psychotherapy hack, when thousands of patients' personal lives were published in the dark web https://en.wikipedia.org/wiki/Vastaamo_data_breach These victims are under constant extortion about that data getting spread even further. Now imagine that with close to one billion users. There is a LOT that people share on these platforms, how they unload to their close ones. Durov has no right to keep this amount of data sitting on some random server, especially given the authors' poor track record of security design.
>you should never rely on that and don’t trust any cloud-based service in general
This should be the take-away before the breach happens. But surely you agree Telegram is doing horrible job being transparent about its security, it's implying it's heavily encrypted, which laypeople assume means what end-to-end encrypted messaging provides.
>Recommending Signal might give a false sense of security.
Again, pick a lane. If you think zero click attacks of Signal are an issue but they magically disappear from Matrix clients, say so. They don't.
Decentralized system doesn't help with metadata. It's just spreading it to even more systems, every server people indiscriminately choose get a copy of groups' communication metadata, yay.
Your buddy self-hosts for you and your peers, now you have an individual with personal interest to take a peek at their peers' metadata. Not good.
There's very little a decentralized messaging platform offers other than baked-in resilience in case the company goes down. You can self-host the service.
But Signal is backed by Signal Foundation and really rich people like Brian Acton have helped it get the organization on a solid foundation. There's nothing that implies its going down.
From my PoV, I bin Element together with Signal, both provide content privacy, but no strong metadata privacy. For that you go with Cwtch, Briar, OnionShare, Ricochet Next.
Telegram is in the don't use for anything that isn't comparable to public Twitter, and since Telegram inevitably leads to misusing it, it's dangerous and bad tool. It was built to aggregate user data, and it will inevitably do that, because the masses generally don't prioritize privacy. Telegram monetizing user data is constantly one business decision away. And people using it are on borrowed time. We're not in disagreement about how it should be used, but people don't take that warning seriously, and when (not if, but when) shit hits the fan, it'll be like nothing anyone has ever seen before.
That's a good point. I looked into using Matrix before I switched to Signal, but the user experience just in creating an account was pretty abysmal, at least at the time. As I was recommending it to non-tech people, I ended up going with Signal.
One does not need to keep the SIM card with the phone number required for registration in the phone.
Also telegram has an additional password option if you want to login which avoids phone number hijack.
Also if you hijack an account the secret chats don’t appear. They are bounded to the device.
There's also an option in the settings that translates into taking over a phone number on a separate device isn't enough, you also need to enter the pin. (Not on by default though.)
