this post was submitted on 03 Aug 2022
51 points (98.1% liked)
Privacy
32003 readers
821 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I would not recommend PGP/GPG for anything. There are a ton of reasons to ditch it and move to something better, for every single usecase.
Why?
There was a really good article about why
pgp
/gpg
is a pice of radioactive waste that should be avoided at all costs. Both the standard and the de facto implementation.Sadly I don't have the link with me rn. Let me search it.
Edit: here's the link https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
Also, use age & signify over pgp.
Great read! Thanks for sharing.
It's not a good look for the blog author when they suggested using Signal and WhatsApp, proprietary but open-source apps.
Is
age
andsignify
battle tested?Signal is not propietary. And in terms of security the Signal protocol is the best with diferenre you can get out there.
https://dessalines.github.io/essays/why_not_signal.html#why-not-signal
SIgnal is just as bad as insecure western social medias.
~~Why do so many crypto bros favor Signal?~~
I'll ask this again: Is
age
andsignify
battle tested?Signal is far from being perfect. And I would love a decentralised (p2p/federated) chat protocol implementing the Signal protocol. At the time being their protocol is best, we may question their main server and some of their practices, but at the time being I couldn't find anything better.
Hmmm… I don't think so.
I'm not a cryptobro. :c
Their as not as old and extended as PGP but their are based on solid cryptography.
Did you read all of this page? It shows the alternatives. (Matrix, XMPP)
Explain.
I would not consider Matrix an alternatdve to Signal. The Matrix protocol is messy and I had a lot of " matrix moments™" (even with that I still use it and prefer it over Discord, or other glowy apps.). XMPP with omemo is great, no need for a phone number and decentralised. I like it.
(I think that I heard somewhere about the signal protocol on XMPP or something like that. Which, in my opinion could be the best of both worlds.)
What I mean is that obviusly is not as battle tested as
PGP/GPG
since is not that old and it's not as spread as it, now. But PGP is extremely complicated, overextended, with terrible defaults and backwards compatability with some stuff from the stone age. The de facto implementation is also quite bad.As I still have to use PGP for some things (sadly) I use a better implementation:
sequoia-pgp
I reccomend it. https://sequoia-pgp.orgHow is the matrix protocol messy? It had extraneous metadata, but it got removed in a version.
Also, what is a "matrix moment"?
Why not just use that then?
That's a problem when choosing security tools. How do you know the reliability of the tool if it hasn't been battle tested enough?
I would need to scan the GPG source code to try to understand your point, but I don't have the time or will to do so.
What terrible defaults though? GPG's defaults seem fine to me. I might be missing stuff tho.
Btw, sorry for my terrible wording and lack of lexic. I'm still learning. :D
Signal is validated over sms and uses a ton of Google APIs. I'll pass.
Okey, I agree on the fact that their server and client may be far from perfect. But the only problem with their protocol is that it's not decentralised.