Well done for taking a stand. The problem, as ever, is that most people prefer to comply obediently even if it feels wrong. And then next thing we know, it becomes standard practice.

BTW I have been in your situation and responded similarly. Usually it ends in the clerk inputting dummy info, sometimes after I irritably tell them to do so.

Yes, I’ve had similar experiences recently and similar thoughts. Crossing land borders in Asia is more stressful than it was a few years ago. Lots of redundant security theater and biometrics everywhere. Of course, China is on another level to everyone else. At the immigration booth, your conversation with the official is now translated and subtitled in real time on both sides. And face ID is now so universal in China that I suspect the fingerprinting has become an afterthought. Everyone is being filmed and tracked pretty much everywhere. Not just cash but even ticket numbers are now redundant. Everything is attached to your personal ID and cameras decide whether you enter public buildings, train stations and so on. The day their government decides to really abuse all that power, they’re in deep trouble.

In my experience the border thing is clearly worst in Asia, but with the exception of China it’s mostly just tiresome theater.

By contrast I crossed into the Schengen zone from Turkey this summer and was surprised by how little security there was. But then I noticed the police all but dismantling a bunch of heavy goods vehicles in their search for illicit migrants. That was absolutely not security theater.

PS. This subject got me thinking. I’ve seen a ton of borders because I like to travel by land. Different regions of the world definitely have different priorities at borders. In Asia it’s drugs and contraband. They care what’s in your bag. In Europe and North America, it’s you they care about: why you’re here and when you’re going to leave. In police states like China, borders are a golden opportunity to harvest a ton of data on suspect individuals. In much of the rest of the world, Latin America for example, borders are mainly just an employment scheme, bureaucracy for its own sake.

In an ideal world, creators would accept that only 10% of their viewers would contribute to them monetarily

Agreed.

(through patreon or donations)

and then you lapse into using “patreon” as if it’s a generic noun!

Not your intention I know, but this kind of corporate capture of minds has to end somehow.

This whole subject is such a chestnut here. No messaging option is perfect, you will need to compromise. If a perfect option existed you would have heard of it already. And if you haven’t heard of it, then by definition it must be small with few users and even fewer maintainers to keep an eye on its codebase and security, which is risky in itself.

Cynicism is a self-fulfilling prophesy.

This doesn’t really compute. Society would collapse if nobody trusted “third parties”, and your second phrase is just hyperbole.

It’s more complex than that. The issue is money, and incentives, and how power is structured. A third party that you are paying or whose income is uncoupled to the profit motive, and preferably one that has both private and institutional stakeholders - well, if we choose not to trust them, then basically we can’t trust anyone for anything. That would be a dark place to be.

That’s why I emphasized the word “server”

E2EE with a server web interface is a technical impossibility. The ends are the clients. By definition the server is only there to pass encrypted data from client to client. Presumably you can make this work with a web client using the browser’s local storage, but at that point you’re not actually looking at a web site and you might as well just use the official app. This is one reason why Telegram doesn’t do encryption by default: group chats are particularly hard to do with EE2E.

Possibly unsolvable given its distributed nature. Seems like there will be at least some small cost to pay for that benefit.

Decent counter-example. In turn I’d say that’s an edge case where we could still survive just fine without knowing the relevant fact for sure. And certainly not worth the cost in privacy terms of recording and storing everything.

Completely agree! The ephemerality of Signal is a feature, not a bug.

I didn’t always see it this way, but then a thought occurred to me. None of the conversations we have in person are recorded. Those communications are just as meaningful if not more so than text conversations, and yet somehow we get by just fine without them being stored indefinitely on some personal device, let alone in someone else’s datacenter.

This is a case of technology controlling us when we should be controlling it.

Who do you talk to on it?

All completely irrelevant to most people. Nobody they know is on those platforms.

There are only two alternatives to the Big Tech messengers that are anywhere near critical mass: Signal and the shady one we’re talking about here.

Though I would love Matrix to go mainstream.

Disappointing that the top comment is this dismissive take (whether or not it’s factually true).

If the best response we can muster is cynicism, we’ll get what we deserve.

Yes it looks a bit like the Twitter-Mastodon paradigm. Nobody uses it because nobody uses it. And also because changing is hard. And also because the installation and UX is bad. Which is partly because not enough people are using it.

Yes, compromising the key exchange would be one attack. But that’s not technically breaking the encryption, that’s just stealing the key. To do that, you need control of the client - which is a thousand times easier when it’s impossible to check the source code of the software it’s running. Otherwise, your only option is to break the encryption (i.e. discover the key) and that is gonna be very hard indeed because, unlike logins that humans use, the “password” is always completely random and very strong.

Telegram has open source client software, but it uses its own in-house encryption algorithm, which is not an industry standard. Some people think it might therefore be easier to compromise. But in any case, as you say, Telegram doesn’t even have encryption enabled by default.

The better reason not to use Telegram is because it’s a shady company with no obvious business model and therefore has an incentive to do bad things.

The message is encrypted using a key. The key exchange was done over a direct secure channel to the other client, in much the same way as you connect to your bank’s website using HTTPS. The server therefore does not have the key and can only see encrypted text.

Assuming the client software has not been compromised at either end, then the server will never see anything other than garbled ciphertext.

BTW, this is also the case with Whatsapp, for example. But the problem with Whatsapp is that the client software is closed source. So you have to trust them not to, for example, surreptitiously phone home with a separate copy of your message. Very unlikely but you have no way to check when the client software is a black box.

But what’s running on the server is not the issue in either case.

If the E2EE is enabled and the client software source is available and reproducible, then, indeed, it could be called Telegram or anything else, it doesn’t matter.

The particular issue with Telegram is, as you say, the default setting. And also that its encryption algo is not universally trusted.

This is exactly my take. It basically holds for Signal too.

The question of self-censorship is too often overlooked IMO. The knowledge that nobody is reading your messages except their intended recipients is empowering and liberating. No one is filling a database with information about you and your friends, because they can’t. You can say exactly what you would say at the dinner table and not think twice about it.

In a police state with mass surveillance (we all know the big examples) you don’t have this privilege. Whether or not you think about it consciously, you are constantly monitoring and policing what you say - and therefore ultimately, to some extent, what you think.

I’ve been in a couple of those places recently. I can tell you that just the banal act of using Signal there (sometimes over VPN) felt almost exhilarating, like jumping the prison walls.

In historical terms, free speech is a vanishing rare thing. It absolutely is not the norm and it bothers me that so many people in the West don’t seem to know this. We should not take it for granted.

If the client software is open source with reproducible build, then you don’t need to care about what’s running on the server. You will never have any means to confirm what’s running on the server, because you don’t control the server. That is why EE2E was invented.

This is the ideal scenario as I see it, in order of importance:

1. industry-standard E2E encryption using open-source software on the client (privacy)
2. distributed server network controlled by many entities (resilience)
3. open-source, open-standards, interoperable software on both client and server (user autonomy)

As I understand it, the goldilocks solution is therefore the Matrix stack. BUT! It’s hard to set up and nobody uses it!

The best real-world option, with feasible UX and an existing critical mass of users, is therefore Signal. It only fully meets the first criterion, yes. But personally I give it a bit of credit for the second too, in that it belongs to a non-profit foundation with multiple stakeholders, somewhat like Wikimedia. Signal will do while we’re waiting for a proper email-like open standard for secure messaging.

Cynicism is a self-fulfilling prophesy. If everything’s bad then there’s no reason to care, and if nobody cares then everything will be bad.

For things to get better, or not get worse, cynics depend on others to care about those things. To me that feels terribly like freeloading.

This is a good question. Phone numbers are increasingly used as de-facto ID numbers, everywhere in the world. That’s because, unlike email, they cost money, and in most jurisdictions you can’t even get one anymore without presenting real ID. So: if you have a second phone number, you can effectively have a second persona for any site or app that requires phone-number ID. Seriously, at this rate, it’s going to be all of them.

IMO the best use-case for this is to quarantine your contact list. That is, keep a separate number for social networks and messaging. The number you give to your in-person contacts will be instantly shared with all their cloud services, whether you like it or not. This is what allows Big Tech to triangulate and discover exactly who you know and therefore who you are. If the cloud services cannot trace a number back to any phone ID in their own books, then they can’t do much with it and you will remain at least something of a mystery to them.

Sure, but I do think he would be pleasantly surprised by how things turned out. Aldous Huxley saw the future better. This is not a particularly original analysis.

IMO Orwell’s real insight was about the importance of clarity and truth in language, as a protection against political manipulation. That really was revolutionary.

Thanks. Keep up the good work.

It was a good line but his general prediction was, thankfully, wrong. With caveats, we’re not at all where 1984 forecast we would end up. Humans turn out to be more allergic to oppression than he imagined.

Literally “always”, like every single time you open a website or app? No password manager can make SMS 2FA not a PITA. As for your second point, I addressed that. What if you literally don’t care about keeping data in question private? Individuals have different threat models, different priorities and all of this is a trade-off. It’s not absolute. That’s all I was saying. Anyway, I’m done here.

Yes this clarifies things. In summary, without 2FA:

• use a strong password unique to that site (i.e., via a credentials manager) - safe except on that site if absolute morons are running it
• use a weak password unique to that site - safe elsewhere
• use weak passwords and recycle them - you are in trouble

So it’s a trade-off. If everyone was in the first category, then the obvious inconvenience of 2FA would just not be worth the benefit.

If the password is unique, there’s no risk!

Incidentally: not re-using passwords should be the only responsibility of the user. It’s impossible to brute-force a password through a login form, you need full access to the disk. So when sites complain about poor password strength, effectively they are saying “We don’t trust ourselves to keep our server safe”. Pretty insulting to blame the user for that.

It doesn’t help everyone equally. It assumes you (a) re-use passwords, (b) don’t protect them properly. That’s the case for most people but not all.

And I’m not tied to Firefox if, for some reason, I want to stop using it.

Not gonna happen.

It’s that same mistake textbooks often make of burying the lead in an otherwise obscure reference the reader may or may not pickup on.

Exactly. Thanks for clarifying.

Which begs the question, “What is FIDO?”. To which the About FIDO page replies, literally, “FIDO authentication uses standard public key cryptography techniques to provide phishing-resistant authentication”.

Arrghghgh! Orwell was right about people’s incredibly capacity to write with zero clarity.

More generally, IMO what we have here is a classic case of ELI5 vs “ELI know something already”. I use SSH and manage the keys myself but I still can’t find an answer to this question: is a “passkey” just another word for “the private key in a public-private keypair?”

Whenever I look into this, the explainer always either jumps straight into super-dense technical details, or describes it all in term of metaphors as if talking to a small child. Oh well.

A question, since you sound like you know what you’re talking about. Is this analagous to password-free SSH? I.e., private key used to log in on the basis of a pre-agreed public key?

Hardly matters what you tell Meta if all your contacts are telling Meta the opposite. The phone number ID is the weakest link.

Still needs a phone number. If you use anything other than a burner number, this is the crucial data point which allows Meta to plug you into their monster social graph of the whole world and find out who you know and therefore who you are.

I hope the EU fines them for hampering interoperability.

This depends on there being enough greens and liberals in the European Parliament.

PSA: EU citizens, you may still have an hour or so to go out and VOTE. It matters.

Same. Did it in a Waydroid container on desktop. IIRC I created a WA business account using a rented landline number, which is the recommended way to get round the SIM requirement. But the account still quickly got banned. Not gonna waste any more time on it, for me Whatsapp is out.

Sure. I personally find cynicism intensely irritating. It’s infectious so it inevitably ends up poisoning everything. Nobody ever solved any problem with cynicism. In fact I’d go further: all the world’s backward societies (i.e. most of them) are characterized by all-pervasive cynicism (“they’re in it for themselves”, “they’re all crooks”, “nothing will ever change”), whereas the successful countries (few in number) are the ones where people have a more optimistic view of others’ motives. Cynicism is so obviously a self-fulfilling prophesy that I struggle to understand why so many choose to indulge it. I’ve heard a theory that it makes people feel better about their own helplessness. Perhaps I’m too logical but I wish people would choose not to wallow in pessimism - after all, nobody can prove anything one way or the other when it comes to the motivations of others. And oddly, most humans tend to trust others that they know personally. Personally don’t see why strangers would somehow be a different variety of human. Rant over.

Cynicism like this is completely unfalsifiable not to mention unproductive.