The original server operated by the Mastodon gGmbH non-profit
It will be open source, end to end encrypted using Signal’s double ratchet encryption protocol, and he plans to make it easy for fediverse platforms to integrate it. The beta will release later this month.
personally love the direction Signal is heading but would be happy to not have "all my eggs in one basket", as well as diversifying the open source E2EE communication options.
I felt that removing SMS while still having it tied to your phone number, stories, and that weird cryptocurrency were not what I was looking for in a messanger.
I agree. As soon as the update that disabled SMS was pushed to my phone, signal was effectively dead.
Integrating with SMS was so smart. The person who got me into it said "there is literally no reason not to do it" because it was seamless. And I used the same argument to get other people into it. But basically everyone stopped using it as soon as SMS was removed. I don't have the brain space to remember who is on signal and who is not and go to the appropriate messenger.
I read the whole long thread on their website where the devs were arguing in favor of this and all the reasons were IMHO stupid. I think someone wanted to tank signal. Got tired of funding it probably. It was too good to be true with no obvious business model so always thought the day would come, and it did. Too bad, it was very good at what it did.
Meredith Whittaker? Artificial Intelligence researcher [0], not ex-Google exec, Meredith Whittaker who "led global walkouts" [1] against Google? Meredith Whittaker who "helped lead employee protests at Google over the search giant’s military work, artificial intelligence and policies" [2], Meredith Whittaker?
If that's who you're talking about, they chose the right person to lead a project that goes completely against the silicon valley M.O. of selling your private data to the highest bidder or mining it to sell ads. Her actions have demonstrated she isn't afraid of speaking up or pushing back against "the hand that feeds you", even at risk of being retaliated.
I think someone wanted to tank signal. Got tired of funding it probably.
This take doesn't make any sense. Signal is funded by a non-profit and has tons of money that allows them to not worry about funding in the near feature. There is nobody to "get tired of funding" them.
It's great, I'm migrating all my contacts to it. AGPL, no phone number or identifier, decentralized, official lemmy community, fast development pace, ...
Sessions developers dropped Signal's Perfect Forward Secrecy (PFS) and deniability [0] security features. Personally I would not trust a product that drops an end-user security feature for the sake of making the developer's life easier [1] .
Using existing long-term keypairs in place of the Signal protocol massively simplifies 1-1 messaging.
For those unaware, PFS protects your data/messages from future exploits and breaches. With PFS, each message's encryption is isolated, preventing compromise of current and past interactions [2].
A simple example to illustrate why PFS is beneficial. Lets assume any 3 letter agency is collecting all Signal/Session messages - on top of the tons of data they're already capturing. The great thing is that your messages are encrypted, they can't see anything - YAY - but they're storing them basically forever.
Two ways they may be able to compromise your privacy and view ALL your messages:
A flaw is discovered that allows them to crack/brute force the encryption in weeks instead of years/decades/eternity. If you were using Sessions, because you use the same key for every message, they now have access to everything you've ever said. If you were using Signal, they have access to that one message and need to spend considerable resources trying to crack every other message.
Your phone is compromised and they take your encryption keys. If you were using Sessions, this again gives them access to your entire message history. If you were using Signal, because the keys are always rotating (known as ephemeral) they can only use them to unlock the most recent received messages.
It's important to state that both cases above only really matter if you delete your messages after a certain time. Otherwise, yes, all they have to do is take your phone and get access to your entire message history - which is why ephemeral messaging (i.e. auto deleting messages after a certain time) is crucial if you suspect you may be targeted.