cypherpunks

joined 3 years ago
MODERATOR OF
[–] cypherpunks@lemmy.ml 13 points 1 month ago (1 children)

i wondered, who is this person who is so out of touch that she thinks that is a reasonable price, and... she is a former member of congress from orange county who is currently campaigning to be governor of california 🤡

[–] cypherpunks@lemmy.ml 3 points 1 month ago

it's giving Zoë Roth

[–] cypherpunks@lemmy.ml 4 points 1 month ago (1 children)

OP, did you find this article due to the likely-originated-from-soda-jerk-lingo term 86 being in the news today or is that just a coincidence? 😂

[–] cypherpunks@lemmy.ml 1 points 1 month ago

this guy knuths how units work

[–] cypherpunks@lemmy.ml 3 points 2 months ago* (last edited 2 months ago) (1 children)

When it’s libre software, we’re not banned from fixing it.

Signal is a company and a network service and a protocol and some libre software.

Anyone can modify the client software (though you can't actually distribute modified versions via Apple's iOS App Store, for reasons explained below) but if a 3rd party actually "fixed" the problems I've been talking about here then it really wouldn't make any sense to call that Signal anymore because it would be a different (and incompatible) protocol.

Only Signal (the company) can approve of changes to Signal (the protocol and service).

Here is why forks of Signal for iOS, like most seemingly-GPLv3 software for iOS, cannot be distributed via the App StoreApple does not distribute GPLv3-licensed binaries of iOS software. When they distribute binaries compiled from GPLv3-licensed source code, it is because they have received another license to distribute those binaries from the copyright holder(s).

The reason Apple does not distribute GPLv3-licensed binaries for iOS is because they cannot, because the way that iOS works inherently violates the "installation information" (aka anti-tivozation) clause of GPLv3: Apple requires users to agree to additional terms before they can run a modified version of a program, which is precisely what this clause of GPLv3 prohibits.

This is why, unlike the Android version of Signal, there are no forks of Signal for iOS.

The way to have the source code for an iOS program be GPLv3 licensed and actually be meaningfully forkable is to have a license exception like nextcloud/ios/COPYING.iOS. So far, at least, this allows Apple to distribute (non-GPLv3!) binaries of any future modified versions of the software which anyone might make. (Legal interpretations could change though, so, it is probably safer to pick a non-GPLv3 license if you're starting a new iOS project and have a choice of licenses.)

Anyway, the reason Signal for iOS is GPLv3 and they do not do what NextCloud does here is because they only want to appear to be free/libre software - they do not actually want people to fork their software.

Only Signal (the company) is allowed to give Apple permission to distribute binaries to users. The rest of us have a GPLv3 license for the source code, but that does not let us distribute binaries to users via the distribution channel where nearly all iOS users get their software.

[–] cypherpunks@lemmy.ml 6 points 2 months ago* (last edited 2 months ago) (5 children)

Downvoted as you let them bait you. Escaping WhatsApp and Discord, anti-libre software, is more important.

I don't know what you mean by "bait" here, but...

Escaping to a phone-number-requiring, centralized-on-Amazon, closed-source-server-having, marketed-to-activists, built-with-funding-from-Radio-Free-Asia (for the specific purpose of being used by people opposing governments which the US considers adversaries) service which makes downright dishonest claims of having a cryptographically-ensured inability to collect metadata? No thanks.

(fuck whatsapp and discord too, of course.)

[–] cypherpunks@lemmy.ml 7 points 2 months ago* (last edited 2 months ago)

it’s being answered in the github thread you linked

The answers there are only about the fact that it can be turned off and that by default clients will silently fall back to "unsealed sender".

That does not say anything about the question of what attacks it is actually meant to prevent (assuming a user does "enable sealed sender indicators").

This can be separated into two different questions:

  1. For an adversary who does not control the server, does sealed sender prevent any attacks? (which?)
  2. For an adversary who does control the server, how does sealed sender prevent that adversary from identifying the sender (via the fact that they must identify themselves to receive messages, and do so from the same IP address)?

The strongest possibly-true statement i can imagine about sealed sender's utility is something like this:

For users who enable sealed sender indicators AND who are connecting to the internet from the same IP address as some other Signal users, from the perspective of an an adversary who controls the server, sealed sender increases the size of the set of possible senders for a given message from one to the number of other Signal users who were online from behind the same NAT gateway at the time the message was sent.

This is a vastly weaker claim than saying that "by design" Signal has no possibility of collecting any information at all besides the famous "date of registration and last time user was seen online" which Signal proponents often tout.

 

cross-posted from: https://lemmy.world/post/27423396

American Dr Mark Perlmutter, who has volunteered in Gaza, says one of his Palestinian colleagues was taken by Israeli occupation forces, had his fingers shattered and was told to confess to being a member of Hamas or have his wife gang raped in front of him.

Soldiers 'crushed' his fingers, Perlmutter explains, adding that they also threatened to 'send a drone to your bedroom window and incinerate your children.' The doctor did not confess and spent 11 months being tortured in Israeli detention.

 

GitHub has gone - long live Forgejo (@forgejo).

Fully migrated out of Microsoft’s walled garden after they blocked us:

  • 54k commits
  • 9.5k issues
  • 4.3k pull requests
  • 100k comments

Everything moved. Nothing left behind.

🥂 to the United States' sanctions regime for helping get people to migrate off of GitHub!

view more: ‹ prev next ›