Cat and Tech enthusiast from Germany. Account by @cyrus@wetdry.world
SimpleX is quite a promising project, uses Double Ratchet End-to-End-Encryption (from Signal), and has a very interesting protocol and model to provide quite strong metadata protection, especially in regards to whom you talk to and groups you’re in.
If your threat model requires exceptionally strong Metadata protection, SimpleX is probably going to be your go-to
Though, for a more lenient threat model, where still good, but less laser-focused metadata protection is enough, Signal will probably do just fine.
Personally I use Signal, but I also have a SimpleX Profile, an XMPP Account and Matrix. (preferred in that order)
This is a deliberate decision to force people to turn off tracking protection.
No this is a hilarious fuckup where they forgot to move twitter.com, pbs.twimg.com and more off of the Twitter domains, so Firefox started blocking it because to Firefox it looks like Social Media trackers.
Mozilla already pushed a fix.
If all that you wanna do is download stuff, maybe try https://cobalt.tools
It pretty much just grabs the raw URL to the content for you, without the UI and fluff (in the case of Instagram) so you can just do a little “save as…” and it’s worked quite reliably for me to view content my friends sent me.
The algorithm was neither proposed nor designed by the US government, it was made by (what is now known as) Signal, a 501c nonprofit.
The claims of signal being “state-sponsored” come from assuming how money flows through the OTF - Open Tech Fund - which has gotten grants from government programs before. (IIRC)
It wouldn’t make sense for the US Gov. to make such a grant to make a flawed protocol, as any backdoor they introduce for themselves would work for any outside attacker too - it’s mathematics. It works for everyone or for no one. Would they really wanna make tools that they themselves use, just to have it backdoored by other state actors?
And again, Durov’s claims are entirely assumptions, and that coming from someone that has had [various](https://mtpsym.github.io// different vulnerabilities and weird bugs on their platform
there are additional cookies with duration as high as 1825 days, not 180… So which is it?
Whatever the browser reports is what they are actually doing.
In Firefox, enter the developer tools, navigate to the “Storage” tab and open the “Cookies” dropdown. For any given domain you can now look at the “Max Age” or Expiry date.
the metadata still isn’t.
That doesn’t quite work in the case of Signal
The only data that they have, based on transparency reports and dissections of their source code, is the time you created your account and last connected to the servers.
Messages themselves are essentially only relayed, with sealed sender, and anything that would be actually useful to identify who was at a protest and who wasn’t encrypted.
Things like, e.g when messages arrive at the server would have to be monitored live on compromised servers, which reasonably unless you assume* it is wiretapped already prior to a protest, isn’t realistic.
*: of course, I am saying this because making an assumption and portraying it as truth (e.g assuming something is already wiretapped based on no evidence at all) is not the smartest of moves when it comes to threat modeling…especially if you wanna stay sane whilst having a threat model
the Voice Server Backend is basically done, currently there’s ongoing re-works of the desktop client (limited demo at https://revolt.chat/app IIRC), as well as closed betas for iOS and Android native apps.
There’s also a slew of Third-Party Clients and an open Client-Server API.
Just remember that this project is built by people in their free time, not a VC-Backed company.
Arkenfox is simply a set of configuration you can (and should) apply yourself onto a clean Firefox installation.
A fork means taking the source code and modifying it directly, not providing an alternative configuration file.