this post was submitted on 14 May 2021

22 points (95.8% liked)

Privacy

33192 readers

592 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Signal's Terrible MobileCoin Betrayal (yewtu.be)

submitted 3 years ago by [email protected] to c/[email protected]

25 comments fedilink hide all child comments

top 25 comments

sorted by: hot top controversial new old

[–] [email protected] 14 points 3 years ago (1 children)

I largely disagree with this video.

Given the license, it wouldn't even be legal for Signal to make the server closed source. AGPL prevents that.

After the huge migration in January, a lot of people asked for a payment feature, WhatsApp has that in some country and it is used a lot, mainly in India I think. And I think the criticism is way overblown, remember, this is just a feature that was introduced in beta in one country!

The goal of MobileCoin is not to provide decentralised currency without the need for central banks and all like other cryptocurrencies. The goal of MobileCoin is to provide an experience that is very similar to what WhatsApp and a few other apps already have, the crypto part is only here to make it private. The fact that there are transaction fees and that it is centralised doesn't make it any different from any other payment app like Paypal.

Anyway crypto currencies have completely failed at providing actual decentralisation. Transaction fees are way too high for them to be used for everyday payment, and they waste way too much energy. The instability is also a barrier (though I'm not exactly sure how will MobileCoin deal with it).

Most critics are also not neutral. They are often invested in other cryptocurrencies and would have greatly benefited economically from the increased demand if Signal had chosen to go with one of their cryptocurrencies.

[–] [email protected] 10 points 3 years ago (1 children)

Given the license, it wouldn’t even be legal for Signal to make the server closed source. AGPL prevents that.

This is not true. If you are the sole copyright holder to the code which the Signal Foundation AFAIK is, then you can close the source-code any time you want.

[–] [email protected] 4 points 3 years ago (1 children)

I'm pretty sure that there have been external contributions for the implementation of websocket notifications for phones without google's services, but I might be wrong.

[–] [email protected] 8 points 3 years ago* (last edited 3 years ago)

Hmm, maybe... not sure. I would guess they have a CLA in place though, which allows them to take over the copyright.

[–] [email protected] 13 points 3 years ago

This is why Moxie always seemed so dodgy to me. Wants to centralize no matter what, is or at least was hostile to Signal forks, federation seems to be a dirty word for him and now this not-Monero nonsense.

[–] [email protected] 3 points 3 years ago

Signal does have google firebase trackers

[–] [email protected] 2 points 3 years ago

[–] [email protected] 0 points 3 years ago

Free Spin Coin Links

[–] [email protected] -1 points 3 years ago* (last edited 3 years ago) (3 children)

Recommends Matrix until he realizes that it is run by a for-profit company also with dodgy crypto-currency funding ;)

XMPP is the real alternative!

[–] [email protected] 10 points 3 years ago (1 children)

it is run by a for-profit company also with dodgy crypto-currency funding ;)

I mean, that is just not true. Matrix is "ran" by the Matrix.org foundation, which is a non-profit. The main developers are payed by Element Matrix Services which is indeed a for-profit company, but every spec change still has to be approved by the matrix.org foundation (which has multiple non-EMS members) and the main 2 server implementations (Synapse and Dendrite) fall under this organization rather than EMS.

[+] [email protected] -6 points 3 years ago (1 children)

yeah they try hard to make it look like it isn't run primarily by a for profit company ;)

[–] [email protected] 6 points 3 years ago* (last edited 3 years ago) (2 children)

Oooh. You're pointing out something important: Matrix is now somewhat dependent on the success of its flagship client Element. So that relationship is something that merits scrutiny.

At the same time, when I go over to Matrix's foundation website, I see clearly what the governance principles and distribution of responsibilities are. This makes it clear that the Matrix foundation operates as an open-governance and principled organization.

Similarly, if you go over at Element's website, you'll see that they are indeed a for-profit company.

Both seem compatible. And so far, the diversity of clients and the way that updates are delivered regarding Matrix's development, make it seem as if the foundation is working well.

It isn't immediately clear to me that Matrix is primarily run by a for-profit company. And yet I do see your point that the Matrix-Element relationship merits scrutiny. Apart from the relationship I described, what makes you say Matrix is run by Element's company, instead of the governance that's described in the Matrix foundation website?

[–] [email protected] 2 points 3 years ago

Good points, I think the matrix/element relationship does deserve scrutiny but people blow this out of proportion when they say matrix itself is for profit or bought out.

[–] [email protected] 2 points 3 years ago* (last edited 3 years ago) (1 children)

Because the for-profit company existed first and the people behind both are largely the same. Also nearly all of the active core developers are on payroll of the the same single for-profit company AFAIK.

This is clearly not an "lets spin-off a company to provide additional services and fund developers for this open-source community project" kind of situation but rather a "lets try to make this look more like a broad community project" kind of afterthought.

Another clear sign who is in charge of the project and makes sure they stay so: are there any other companies significantly involved in Matrix? AFAIK no, so all that open-standard talk is at least for now just that: talk only.

[–] [email protected] 1 points 3 years ago* (last edited 3 years ago)

Thanks for clarifying.

I largely agree with you: the links between New Vector and Matrix are strong.

For example, I looked into the Core Spec Team (which is different to other core teams in Matrix), and most of them on GitHub develop for both Element/Riot and Matrix/Synapse/Dendrite. There was only one case in which I saw activity in Matrix and no activity in Element.

We could conclude that they're all New Vector employees, but I also think about myself: if I had the chops and the time, I'd not only invest my time and effort into improving the spec, but also the client that I use. If it so happens that the client is Element, I'd spend time working on it. But regardless, the links that you point out are tight.

But I don't worry that much. Here's why:

Despite that, there are two reasons why I don't worry too much about this link. One is that there are already multiple organizations that depend on Matrix/Element. I'm referring to Mozilla, the French and German government, among others. These entities chose Matrix/Element not only because of the technical capacities that is has, but the values it reflects. It's a protocol that will develop along a path that these organizations like enough to adopt. The could've chosen Slack, or Teams, or some other proprietary and centralized communication solution. But they didn't because they preferred an open standard with open-sourced clients and a federated approach for servers.

So here's the critical part: given that those organizations —as do I and many other people I've found online— like and use Matrix/Element because of both its technical capabilities and the vision that establishes the path the spec and the clients will follow, if New Vector is to act like, for example, Signal does (against the values we hold), people would criticize it, modify it*, and —as last resort— ditch it.

Luckily, if New Vector were to act against our values, it wouldn't only be a matter of public outcry, but of already-set institutional counterweights. This is the other reason I don't worry too much about the tight link you pointed out and I confirmed: the organization's highest ranks (the 'Guardians') are set up in such a way that New Vector is a minority. This is not just talk. This is a deliberate crafting of incentives that guide behavior.

However, it is both your and my hope that other organizations will make it to those decision-making positions. For now, I'm satisfied with New Vector being a minority, and the other guardians being respectable people.

*And it only helps that the standard is an open standard, licensed in such a way that other people could modify it —other people being someone who isn't New Vector.

A related worry: Matrix server's efficiency. It'll improve.

Another related worry I saw (from you!) in another community/thread was the inefficiency of the servers. This is serious. Not only environmentally, but for federation to be viable. I want to be able to run my personal server on my measly Raspberry Pi.

Here's where the magic of institutional incentives work. One works through the market. The other through good ol' state-funded research.

The market-incentive is to maximize profits. This implies minimizing costs. New Vector, as a company, has to be aware of this. Otherwise their business wouldn't be viable. For example, I read a post by the founder saying that this inefficiency was mainly due to users who join many rooms, and that they're working to fix this (I hope I can find the link). So, if they are to scale their services, they are either going to pay a growing bill or they're going to find a way of solving their efficiency problem.

This reflects the reality that what's at stake is the costs and the profits of a service offered in a market. Markets, whether we like them or not, are excellent at reducing costs. That is part of the reason why I am confident that this technical hurdle will be surpassed.

But that's half of the story. The other half is that the open standard doesn't imply a monolithic server technology. Tellingly, there's whole ecosystem of technologies that can use the Matrix protocol. One of the most promising projects to use low resources while using the protocol is Conduit. It's an implementation based on Rust, and its benchmarks are amazing. It's still lacking in functionalities, but there's a small detail that I want to point out:

Its development is being funded by the German government. This reflects a different sort of incentives: profits and costs are not immediately affecting the German government, unlike New Vector. Rather, this is the sort of research that is solution-oriented. The German government recognized that investing in this particular project was worthwhile. We could reasonably speculate that this is mainly because of the current inefficiencies in other Matrix server technologies.

So we see both a company, an ecosystem, and a government all seeking Matrix to be more efficient.

It's not trivial that these entities didn't choose close-sourced and centralized solutions. They chose a project that aligned with their values. Put aside the institutional arrangements in the Matrix foundation that incentivize good behavior (which to me are well structured); the very same criticisms that are swarming Signal today will be directed in the future towards New Vector if they act like assholes. But so far, making an open-source, federated protocol with open-governance and institutional counterbalances— all of that— assuages my worries.

It's my hope that markets work like they've always worked: reducing costs. It's also my hope that basic research works as it's always worked: finding novel solutions. Finally, I hope that you and I, and everyone who values open-source, decentralization, open protocols, and open governance, hold decision-makers accountable. This is the only way to assure that our visions are realized technically and socially.

[–] twopi 4 points 3 years ago (1 children)

He refuses to be anti-capitalist. Even though that's the only logical conclusion he can't say that capitalism is the problem because he "can't be political". Instead, he says they have a poor business model and rely on donations. The real problem is requireing a business model. He can't question the fact of having a business model and making money in the first place because you need that to survive under capitalism and that is an accepted as a "default axiom". That's "the trashcan of ideology".

It's the same for matrix and signal. They're both conpanies, but people say "that's ok" or "there's no problem". But they don't realize that is the problem.

I didn't like matrix because of the company behind it and crypto connections. I was battered before and slowly started to accept it. Thankfully, I see more people who share my view and I'll continue continue to try to push for XMPP.

[–] [email protected] 1 points 3 years ago* (last edited 3 years ago)

see my question about Jami and other Matrix hosts...

[–] [email protected] 3 points 3 years ago* (last edited 3 years ago) (2 children)

how about jami? it's distributed, no need to self host, and encryption is native. Also, wouldn't other Matrix hosts, other than Matrix itself, make it less for-profit?

[–] [email protected] 1 points 3 years ago (1 children)

Jami (and Briar) are cool, but at least in their current state of development the p2p only system is technically too limiting.

As for Matrix: sure, but development of the core system would be still in the hands of NewVector, and Matrix is far from a stable code base. Furthermore hosting Synapse is an hardware expensive effort due to high system load it has. Thus most non-profit orgs I know have disabled or restricted their matrix servers again.

[–] [email protected] 1 points 3 years ago (1 children)

I'm wondering, are there Switzerland (ch) non profit xmmp hosted server supporting omemo encryption? Also, what about psi as a client for gnu+linux? I guess several would self host, but some, including me, can't... That said, I'd prefer Switzerland hosted servers over France hosted servers... In the end, if not self hosted, then it's a centrally hosted mechanism as well, and most probably with even less users, who knows, but worth exploring for sure...

[–] [email protected] 1 points 3 years ago* (last edited 3 years ago) (1 children)

I don't think Switzerland is especially secure, but maybe this one: https://www.systemli.org/en/service/xmpp/ (edit: not 100% sure their servers are in Switzerland, might be Germany instead)

As for Psi... not sure why you would chose that over Gajim or Dino?

[–] [email protected] 1 points 3 years ago (1 children)

Ohh, because of being Qt, I tend to prefer Qt, :) Dino is mentioned not to support video here: https://joinjabber.org/clients/gnulinux. As per omemo supporting clients: https://en.wikipedia.org/wiki/OMEMO#Client_support, well psi and psi+ are mentioned, and are the only 2 Qt ones, :) I can use Gajim, though it's python + GTK, and the "official" omemo (gajim-plugin-omemo) plugin is not in Artix/Arch official repos (though python-axolotl might do, I don't know). Sadly, I don't like depending on qt-webengine (blink based), so if using psi, most probably I'd go for the non-webengine version, though not sure what limitations it would bring...

That server is hosted in Germany, while joinjabber.org is hosted in both France and Germany. Then I wouldn't know... Perhaps the France hosted one... Can't tell... In the end all would be central, since not self-hosting... I can't tell, any preference?

[–] [email protected] 1 points 3 years ago

XMPP is a federated network so even if you don't selfhost it isn't "centralized".

As for qt based clients: yeah there is a bit of a gap there. Kaidan.im looks promising but isn't there yet.

I think Gajim will work fine on your system though. At least on Manjaro (Arch based) it works great incl. OMEMO encryption.

[–] [email protected] 1 points 3 years ago

E-Mail is there too with Delta Chat.