Signal has been blocked by Venezuela and Russia
(www.theverge.com)
from gytrash@feddit.uk to privacy@lemmy.ml on 10 Aug 2024 10:05
https://feddit.uk/post/15985088
from gytrash@feddit.uk to privacy@lemmy.ml on 10 Aug 2024 10:05
https://feddit.uk/post/15985088
“Signal is being blocked in Venezuela and Russia. The app is a popular choice for encrypted messaging and people trying to avoid government censorship, and the blocks appear to be part of a crackdown on internal dissent in both countries…”
#privacy
threaded - newest
could matrix.org be as easily blocked, since it’s decentralized I’m wondering?
At least it means that Signal is working as intended if they are blocking it, I guess that they don’t have back doors.
Matrix is in fact decentralized but in reality it is not so much, I don’t know the number exactly but the majority of users use the matrix.org server
Those numbers only include instances that have telemetry enabled
Do you have numbers without?
How would you?
No clue, not familiar with Matrix to that level.
I mean, that’s not specific to Matrix. Telemetry is the tool used to get the numbers, so I don’t see how you would collect numbers on servers that don’t report numbers.
Theoretically they could be reported by federated servers that do have it enabled
But you would miss all the numbers from non-federated instances.
Im surprised there are zero calls to any official matrix server(s) from those instances.
Not even random API for metadata, update status, etc?
Telemtry is a word. It only means as much as it means in each context, and without full context it means little atm.
Do you have a resource where I could learn more about what data Matrix considers telemetry?
The whole point of not being federated is not to call the other servers. I don’t run a server but I hope it’s not calling home if specifically configured to not be federated.
People who live in countries where DNS and IP blocks are common probably use a different server. I’ve been running my own for over a year and it works like a dream
Being decentralized prevents DNS or IP blocks but not blocks through DPI.
Signal has an option to masquerade it’s traffic as regular HTTPS, I don’t know if Matrix can do such a thing.
x.com/signalapp/status/1821979304626155930
I can answer this! All matrix calls are over https APIs. Ports and addresses are stored in a text file on the base domain or in DNS txt entry.
Thanks, nice to have someone knowledgeable.
Would you say matrix is censorship resistant? I’ve very limited knowledge of it but given what you said I imagine that if I was trying to block matrix I would just need to query the url of the text file and check the DNS text entry, if either exist just add the domain to the blocklist.
Ok this raises a question for me. How do you find a url like this which wouldn’t be like, “linked on their site” or something? I know it must be possible to like dump a URL list for a site to a textfile, I’m just wondering how.
Like say I want to find all the super secret pages on www.subgenius.com, they link some but say www.subgenius.com/pam1/pamphlet.html wasn’t directly linked (it is, but pretend lol) but could be accessed by the URL, how would I find that URL? Can you just run like
someprogram -a www.subgenius.com -o subgenius.txtbecause that would be cool.Maybe I’ve misunderstood how it works. I thought that when connecting to a matrix instance you would point to the domain name and the text file would be on a standard location (as with
/robots.txtor all the files in/.well-known/) so it would be easily discoverable. In fact I just checked and matrix does use/.well-known/so one should be able to identify matrix servers by querying these URLs. Unless their is a way to use a non-standard location, but that would require further configuration on the client I guess.And just to answer your question, the only way to find some hidden file would be to brute force. This could obviously be extremely time consuming if the URL is long and random enough, especially if you add rate limiting (this last thing could be circumvented by using multiple IPs to scan, which would be easy for a state actor).
Edit: I’ve just realized I wasn’t answering to the same person, the first part of the message was more for @TarantulaFudge@startrek.website
Ah maybe I’ve misunderstood then, lol. I didn’t know any of that. Oh well!
Yeah the main thing is that the ports and addresses can change and it’s nbd. From a firewall perspective, it’s impossible to block them all. Especially when the clients are doing mundane https requests. Even if the server goes down or partial connectivity, the channel can still be used.
But this seems easy to automatically block, no? If a client is querying an unknown domain check for some Matrix related data in
/.well-known/and add it to the block list if there is. And since the servers are publicly advertising the port used you just need to periodically check the list of known matrix domains you are creating in the first step.Russia is already doing DPI and blocking ESNI so that seems easy. A more widespread usage of ECH would help everyone, as is Signal advocating, but that’s not the case yet.
Or SimpleX?
It cannot be easily blocked especially if you use your own homeserver every homeserver replicates the channel and it can operate without the original server! That’s why signal and telegram are inherently flawed.
To be devils advocate in a sense, this may mean that it doesn’t have any backdoors that Russia or Venezuela can use, but the NSA or something still could have one of their own.
Matrix doesn’t have encryption as the default
Also Signal doesn’t have any backdoors. I can say that with high certainty as it has been audited more than any other messager.
It doesn’t matter if it is a business entity operating under a government then you can never really know because gag orders. Centralized servers can be blocked. Telegram and Signal apps could have a back door. This is why open stack is important. And not just the code. Also encryption is default for p2p one on one conversations. It’s not in channels by default because it can complicate public use.
Yes
Why countries that do not prosecute political dissent bock apps used by political dissenters? /s
Unless you click the “unblock” button.
Gotta love Verge.
Are you mad at verge for not expounding on what that button does, or trying to display the issue itself?
signal.org/blog/proxy-please/ in case
It’s like a medal of honor for a privacy preserving app 😄
Indeed. If whatsapp isn’t on the list, then I have all the confirmation I need.
kyivindependent.com/messenger-signal-blocked-in-r…
Some US bank got in trouble for using it internally.
in trouble with who?
This is a story from August 2023, and was covered in many outlets (I quote here NYT for reference only)
Original NYT
Archived version
Zucks check didn’t clear yet.
www.msn.com/en-us/news/world/…/ar-AA1oi4vz
Maduro uninstalled whatsapp live on television a few days ago
“Banned in 15 dicatorships!”
why telegram is not blocked? makes you think…
WhatsApp supposedly uses Signal protocol.
Why is THAT not blocked? Certainly they wouldnt roll their own encryption and bypass Signal security protocols after having Moxie come in, right? Right???
Russia is reportedly planning to block WhatsApp as well.
It is owned by Meta and is proprietary
Telegram is not secure, I guess if you can listen to it better not block it.
I mean it was blocked before Signal was blocked. Russia somewhat famously badly broke their Internet trying to shutdown telegram… and eventually gave up.
I’m guessing Signal finally has enough market share to get the Russian government’s attention but not enough market share that they think the web of proxies that kept Telegram online will keep Signal online.
or maybe they came to an agreement on mutually beneficial terms
Maybe, maybe not, maybe I’m a duck in a suite.
It isn’t private
Some say it was unblocked because they made a deal with Durov. Another opinion is that too many people and services including officials continued to rely on it even during the time it was blocked. Regardless, Telegram did a huge job on circumventing those blocks.
Relevant context
I wrote this, but I’d also like to add Drew Devault - Why I don’t trust signal. There’s a huge disconnect between what privacy advocates are saying about signal, and what reddit “privacy” communities think about it. If you read the article I linked, you’ll see its because the Open Technology Fund (a US state-run entity), actively pushes signal in privacy spaces.
Signal is secure and anyone who says it isn’t needs to have very strong evidence. It has been audited by hundreds of people at this point.
Source: trust me bro.
Seriously tho, that’s been most of the defense of signal advocates, with zero backup other than signal’s own claims. Signal is not self-hostable, and all the data lives on a centralized, US-domiciled server, subject to NSL requests (the US issues ~ 60 of them per day).
Unfortunately you can’t verify what their server stores, nor the metadata that they are legally required to share with the US government (which includes phone numbers, and your name and address).
BTW if signal is secure, can you give us your phone number, so we can use it with you?
You don’t need the phone number to contact someone with Signal.
Wrong, you need a phone number to create a signal account.
Yes, to create an account, but not to contact someone. You have an habit of being off the mark.
Also there is a difference between giving your phone number to some service and giving it to some random on the internet.
They must’ve added that recently then, but still doesn’t get around the fact that they’re required, which means signal (and likely the US government) knows exactly who you talk to and when.
Signal is end to end encrypted. Everything related to encryption happens inside the app. It doesn’t matter if the server is in mainland China it would still be secure. However, that doesn’t mean it is anonymous. Signal is pretty bad from that perspective.
Signal might be one of the most audited pieces of software in existence. Any criticism is likely either coming from or is supported by countries that fear encryption such as China, Russia and Iran.
The big downsides of Signal are that it requires a phone number and that is depends on Signals servers. That is it. You messages are completely safe as all messagers use the same underlying cryptography.
The audits mean nothing for a server domiciled in a Five-Eyes country. Signal has your phone number, and the other phone numbers you talk to (social connection graphs), and it is 100% illegal for them to tell you that they’ve been issued a national security letter divulging that information.
You shouldn’t trust a server to do your computing for you. Assume any data the server has about you to be available to all.
The entire protocol is build under the assumption that you do not need to trust the servers. Let the NSA have then, it doesnt matter. On the other hand 95% of Matrix users are hosted on Matrix.org which was not only hacked several times, but would be an ideal target for any agency to compromise. Its naiive to belive the big Matrix hosts arent compromised. The only effective defense is to build your system aroudn the assumption that the server is compromised, which si what Signal did.
Metadata is data. While we can be pretty sure that message contents are secure we have to rely on trust for the metadata.
I use Signal and trust it way more than most other apps but still, one have to be careful, a state actor could still find ways.
Signal honored!
Smart move, considering Signal is a US-hosted centralized service that has to comply with US NSL laws.
These comments below seem to be unaware of all the issues privacy advocates have of signal.
I don’t get it, are you really arguing that Russia and Venezuela are blocking Signal to protect their citizens from American snooping?
All countries should ban US-domiciled companies like signal, or any communication platform hosted in Five-eyes countries, and especially ones domiciled in the US, which has to adhere to National Security Letters.
www.eff.org/issues/national-security-letters/faq
Isn’t the whole point of something like End-to-End Encryption so that not even the company themselves can read your messages?
In that case it wouldn’t matter even if they did turn the info over.
Edit: I read more into the page you linked. Looks like those NSLs can’t even be used to request the contents either way:
You can read my article, or Drew Devaults on why he doesn’t trust signal, which get more into this, but the short version is that US security forces don’t have time to read the content of everyone’s message anyway, they care more about the metadata: message timestamps and social graphs.
Signal stores all that data (via required phone numbers, meaning its linked to your real name and address), and via the US’s key disclosure laws, it would be illegal for them to tell you that the US government is hoovering up that data.
Most security experts who actually know what they are talking about do recommend Signal for most users, including [twitter.com/Snowden/status/661313394906161152](Edward Snowden), [www.schneier.com/blog/…/russian_censors.html] (Bruce Schneier) and [linktr.ee/glenngreenwald](Glenn Greenwald). Eveyone should consider whether they would rather follow the advise of people who have literally fought the NSA and read the entire Snowden documents or belive in the FUD spread by some people here.
The company, or any middleman, can read your messages if they have the keys. In many services, the keys come from the company. EEE is only as trustworthy as the clients and processes you use.
My question was more about the motives in this case.
Well IMO all countries should have the motivation to prevent US spying on their country’s populations. You generally don’t know about honey pots before they get exposed.
The question of what should be done can be interesting, but that was not my question. It’s obvious this is not the motive here.
If you are in your own country opposition it’s better to use a foreign tool, even better if it’s in a country that’s not gonna collaborate with yours.
I imagine just using metadata you can look for people who are discontent, then provides list of those people to the opposition to contact and mobilize them and get them to protest.
Or target them with stories and bots to turn them into a revolutionary force, but that would be more useful for social media networks instead of signal.
Mass censorship is never good for civil liberties. Let people decide on there own.
Also Signal is cryptographically sound. Many other messagers use a similar protocol
As I commented below, US security forces aren’t that interested in message content anyway, since they don’t have time to parse through every message to construct meaning. Signal does require your phone number tho, as well as message timestamps, meaning they can build social graphs of real people. Tons of metadata living on a single US-based server.
It doesn’t matter if it is US based. You shouldn’t trust the server.
Signal has known issues. That doesn’t mean it is entirely bad though. Saying things like Signal is insecure is simply untrue. It has weaknesses but it also has the benefit of protecting your messages completely and being well established.
they hated him because he spoke the truth smh
use matrix, briar, simplex in that order
also what email platforms + vpns do you recommend, out of curiosity?
Matrix isn’t as good as Simplex Chat. Briar is good as it is very hard to censor but it does use battery and requires you to be only all the time. (unless you count Briar mailbox)
sure, simplex is very private, but its also a pain in the ass to use currently. i feel like matrix makes a decent tradeoff between easy use and privacy
Signal has strong cryptographic protocols that are not easily broken. It pioneered the use of double ratchet encryption. (Different keys for each message)
It does expose phone numbers to Signal and the US government but that may or may no be a concern depending on what your threat model is.
Or… you know… at least for Venezuela, the USA constantly fucking around with their elections and politics and local assets using Signal or something. Maybe, I dunno?
Yeah. Telegram, should be next, there’s a huge risk with it too. And email! Social networks too, just in case. And postal mail, we can’t forget that. We should crack down any form of uncensored communication.
All for the benefit of the people, of course. \s
In UK don’t ban them, but jail you if they don’t like your posts, more democratic.
I’m not aware of the kingdom of whataboutistan. Is it related to this post somehow?
Yes, different kind of censorship in the world. A more broad vision.
Keep going, then. Any other country to mention, seeing how it’s important to you? Russia? China? Italy? India? Pakistan?
I somehow feel your “broad” is actually quite narrow. Usually happens with the whatabautisms
Why going so long when we have a near, english-speaking , clean example of a country famous for the free speech. If you have the highest example of human rights why check the rest.
So much from broadening… As soon as I mention any other suddenly there’s no point checking other countries.
While I don’t live in the UK I do believe they have protections on free speech.
If you are concerned you can always hide your identity.
I’m not living in uk, i live in italy. I saw every kind of comment written on italian social networks and i have never seen a conviction. When the police had taken the names of protesters, ( not arrested ) we had a public outcry. We had arrest for direct call for violence, not simply rants. So seeing people jailed for rants on twitter scares me. We have actual fascists and communists, both parties were strong, and we had an actual civil war. We have strong linguistic minorities and regional parties. So a lot of people hating each other. Who decide the right speech in such a situation?
I have some bad news for you. There is no right answer
And normaly it is very difficult to be comdemned for a generic rant. It is easier in case of insults or defamtion, but it is mostly an high fee. Jailing a political adversary for a speech ( when we had a lot of political/mafia killing in the past ) is a big no. We had actual people killed for their speech.
That movie director that got killed 50 years ago is a wild story.
Yes, i think you talk about Peppino Impastato , he was killed cause he joked about mafia.
Are people really jailed for rants in the UK? I’ve only seen stories of actual call to violence.
The line between rants and call for violence is quite blurred in some cases IMHO
Can you give an exemple of such case in the recent events in the UK?
false informations , even worst, newspapers publish false information ( rumors ) every day
So she has been arrested, not jailed. We don’t know much about this specific case yet but this has nothing to do with a rant, like you said.
Ok, not a rant, a fake news…
A fake news meant to stir up racial hatred.
Lol, so ban every news… We have politicians telling worst thing that a simple fake news and no one riot. Maybe a thousand of rapes in one city could cause it. Here ONE rape is a news with the name and the nationality of the criminal. Why the people that havr covered that are not in jail?
She has not been jailed and we don’t know what she posted.
Obviously there is no ground to ban every news but I agree something should be done about politicians and media spurring hate.
About spreading hate? Like one thousand rapes in one city, like everyone have one friend/relative victim of it and the problem is spreading hate? I hope you are jocking. ( i’m talking about rotherham )
I did not know about Rotherham, what’s the link between the two?
The assault of the refugee hotel was in rotherham, and the riots were mostly in the north of england, in labour areas where the phenomenon of the asian grooming gang were most prevalent. I remember rotherham cause it was the most in(famous) case and also one of the places of the worst riots.
But what’s the link with the arrested woman?
It is a link that the reasons of the riots were far more deep that a single tweet. The world is a little bit more complicated that button-> action.
But no one is saying that a single tweet started all this.
No one? The narrative is : fake news and tweets started all this. We need to regulate the internet. As the french revolution was started by the statements of Marie-Antoinette.
You are right that there are underlying causes that needs to be addressed. That’s why it spread so much and so fast. But that doesn’t make racially motivated fake news OK.
The people inciting race riots deserve everything they get.
they do seem to have blocked reddit and twitter
We can’t have individual thinkers running around can we. We need a shared vision that is dictated from the top down.
For their own good. Individual thinkers tend to have short lives. Just look how many people thinked themselves of a window in Russia on the last year.
Like literal genocide being pushed from the top down as a pesky single issue vote? Our individual thinkers are too busy working 80hr weeks, btw.
I mean signal was funded in part by the US intelligence community up until last year.
Unrelated to what the previous person is saying (banned because it was used by dissidents), but still, we have the source code. If you’re arguing they are somehow accessing the data, what’s encrypted and what isn’t is known.
Signal knows who you are taking to. You can build a network of contacts based on that information. When you send messages your phone number is protected but your ip address is not, and the receivers phone number is not protected. So you can find two people chatting based on that information. The app automatically sends a delivery receipt when a message is received to the other user, exposing the senders phone number and IP address.
However, opposition in the country is backed by western agencies and NGOs, and likely their primary means of communication is signal since it’s backed by western intelligence, meaning, western actors believe it to be safe from external interference.
I’m not arguing that the west is reading messages. I’m arguing that they believe it’s a safe haven for their agents because they pay money to ensure it’s safe for their agents. If it wasn’t, they wouldn’t use it. Its the same reason why the intelligence community in the west is a large supporter of the tor network. They use it in the field and operate their own exit nodes to protect their operations.
That’s what you fail to understand. It’s open source, it has been audited. Venezuela and any other country can check and crack the encryption if has holes in it. The long first paragraph is something that’s not a secret, but widely known.
You know what’s also safe? Encrypted emails. VPNs. Matrix.
If you think this is a movement against foreign agents, you should think it’s useless too. For a sufficiently motivated agent, this will be trivial to overcome. For the general population? Not so much.
Unless next all forms of private communication re forbidden, of curse. Surely what people on a privacy community advocate for.
Is the opposition using those services?
Which ones? Signal? Likely. Secure mail and VPN? For sure. Can “foreign agents” use them? Certainly.
Who will have a hard time to use them? General population. Signal is the privacy communication service with the lowest barrier to entry, in terms of cost and setup complexity. Not a tool for spies, but for average Joe.
What service do you recommend BTW? That ensures government cannot snoop and prevents “foreign agents”. It seems that any privacy is a risk, so I’m curious what a privacy minded person thinks should be OK.
“Likely”? “For sure”? So you have no idea of the opposition is using them, got it.
Yeah, I don’t know. Do you? It’s a fair assumption they use email, right? And VPN is standard in most organizations. I never even mentioned the opposition. Dissidents can be non affiliated people, who is discontent with their government or feel oppressed.
Why is it relevant? I thought you were interested about foreign agents? Or is all the opposition foreign agents?
Please tell me, should it be possible to have privacy from the government in Venezuela? If so, how? If you only answer one thing, please do this one.
Lol do you know how to migrate a community off one platform to another? Its about disrupting comms, not stopping them. Regular people will find other ways to communicate, as they always have. They have lots of options, as you’ve pointed out. I have no failings in understanding here. I told you already, signal is secure. Its security is backed by it’s western intelligence financing. It has flaws in leaking meta data, just like matrix, proton mail, and any other means of encrypted communication tools. This move is to disrupt organized communication to make it disorganized.
No one needs to mention foreign agents. If you are able to observe and analyze the greater context for a given action you can arrive at an approximate rationale for the action. The west has a history of attempting to destabilize Venezuela, they back right wing dictators as successors, they regularly fund dissident groups who want nothing more then to violently take power in Venezuela.
Its clear that Venezuela is facing external pressure to dismantle their democracy, and are taking actions to disrupt those efforts.
“Foreign agents” could install a VPN, probably already have to send data. 0 impact whatsoever for those “agents”. Even for casual privacy enthusiasts judge be easy, depending on what’s already blocked. Average people on the other hand…
Also pointed out how those present more challenges. Why you think WhatsApp and face time are popular, anybody can use them. I’m still wondering what alternative you propose. It seems there’s nothing that suits privacy and making Maduro happy.
It’s security is backed by the fact it can be audited. Of course governments want PQC encryption. You think other countries don’t want or invest on it? The only difference here is that is pubic, free and can be checked for backdoors.
When preserving “democracy” is the excuse to not be Democratic, something is wrong.
I’m still waiting to know what do you think is a good alternative. You already complained that signal is secure against all parties, and I’m wondering of there’s even a truly private messaging platform that is open and approved by Venezuela, Russia, China… Please enlighten me. There has to be at least one… Right?
Ah there it is. Its only Democracy if it comes from the democracy region of the west. Got it. Venezuela has one of the most robust voting systems in the world. Requires voter finger prints, signatures, national ID cards, and has paper ballot verifications. Meanwhile elections in America can be decided by some elite cobal system established in the 18th century by rich property owners for the explicit intention of disregarding the will of its people to favor the property class.
I see you have issues with focus, so I’ll just ask again. What messaging system is private and has the approval of Venezuela, Russia, China…? Or is privacy against the state bad?
You are the one who lacks focus. This chain stared from this comment:
Do nation states have the right to defend themselves from foreign interference in their elections? What actions should a nation state take to ensure the security of its elections? What actions should a nation state take to combat misinformation spreading about their elections?
Based on your previous comments it sounds like you believe a nation should do nothing.
Again, do Venezuelans deserve to be able to communicate privately?
Every state has the right to defend themselves, I’m a big supporter of Ukraine. But this is not that. You asked me of I know what apps the opposition use. Do you have proof that there are foreign agents and they use signal?
From a technical standpoint, this is useless. Only harms the population. If you believe this is wrong, please explain why this can’t be bypassed with a VPN or proxy. I’m even forfeiting the proof that it’s actively being used for “enemies of the state”. And to west l what extend should Venezuela go? Lockdown from outside? Banning all encryption?
I have replied to all or nearly all your questions. If you don’t intend to answer mine, then it’s a waste of time.
I see your colors. Ukraine, historically, undemocratic due to western interference. Made the Communist Party illegal and disbanded it. Very good democracy there.
They are very much the same, except Venezuela is better at defending itself from said western interference.
Again, no answers. Why do I try to speak with a Tankie? Just another “useful” idiot that never left his US state.
At least your messages are here to show what you really think about privacy.
Lol Aw, are the geopolitics to complicated for you? At least your comments are here to show how you really feel about democracy.
well, except for all the times Signal just “forgets” to update the published source code of a year or so. Other than that its perfectly open source
The only relevant part is the client, which as always been open source.
The server is arguably more important, that is where the data and meta data itself are stored. Linux has never hid its source code for a year, and matrix can be self hosted.
I mean if you want to trust a honey pot go right ahead
More baseless nonsense
The current president of Signal is also still happy to do interviews with US-defense-oriented think tanks like Lawfare.
They probably still are funded by USIntel, considering how interested RFA was in pushing Signal in privacy-oriented spaces.
Self defense is self defense, would we expect some different behavior from a country being attacked from outside interests with publicly accessible end to end encryption services?
Publicly accessible: reviewed and audited by hundreds of teams that confirmed there’s no backdoor. Venezuelan, Russian and Chinese governments didn’t find the holes, even having access to the code. If they did, they would be exploiting it to… reeducate.
Yeah, I would expect to trust that. Still, you said yourself, the problem is that is used by dissidents. And we can’t have that, right?
Open source, except when they do not publish it. Funded incredibly heavily buy the United States Intelegency Agencies. That would be more than enough to raise red flags for any nation that is not on the best terms with the United States.
Signal in all likelyhood is a honey pot
Funded by the US? Well thats the entire internet, including Tor, Linux and Matrix…
Amazing how much BS is spread here
The server is arguably more important, that is where the data and meta data itself are stored. Linux has never hid its source code for a year, and matrix can be self hosted.
I mean if you want to trust a honey pot go right ahead
Your claim about it being a honey pot is entirely baseless. There is a significantly better chance you are working for the US to prevent people from using signal…
Yes because the US does not want you useing a central server in its jurisdiction so it can force the organistation to give out all the meta data while not being alowed to alert anyone. How dare you use something that could give the US so much information in one easy package
You clearly have no clue how the internet or signal works. There is no information on signal servers that arent already available through the telcos, litterally zero
Did I say the prefrence was to use normal telecomunication providers? or that the internet in general where super secure, no, but Signal is not secure either, and it in all likelyhood a honey pot
There is no reason to assume that based on the fact that they do not posess any information on their servers that would not be available to authorities anyway. You are making up nonesense based on your own delusions.
I’m pretty sure Venezuela was unstable before the US started getting involved.
Anyway Signal is secure so that shouldn’t be the problem. It has more to do with the government working to crush civil liberties and independent thought.
Same story in all authoritarian countries
First no Venezuela was stable before US medeling.
Second, “is secure” is quite a leap, it is funded to a sickening extent by the United States government, has gone about a year before opening up its source code, and is in the US where there is a law that says if the US government says show us everything and keep quiet, they have to do that. There are real concerns
Or you can uncriticaly say “Athoritarian Country” with no defineing term there, or real understanding of Athoritarianism and disreguard all concerns from these countries.
The US government funds it because they use it heavily. I think you should pay for software you use.
Also Venezuela has never really been stable. You could argue that the US made it worse but honesty the problem is everyone getting involved.
Honestly I would’ve expected it to be blocked much earlier
That’s what would’ve means?
You need a certain market saturation before a ban becomes useful. If very few people are using the service, there’s little incentive to invest time/energy in a block.
I suspect the recent wave of riots in the wake of the election is driving the urgency.
matrix stays winning
Matrix isn’t secure depending on how you use it. It also doesn’t protect individual identities terribly well.
Simplex Chat would be the better option however the main Simplex Chat server and matrix server could end up blocked as well.
plenty of servers for both though
Couldn’t they block them too? Monitor the domains people connect to, check if it’s a Matrix server and block it if it is.
What would a blockchain provide here?
buzzwords
Overhead
You don’t need any blockchain there, you need mixnets and hidden services like with tor and i2p
The overwhelming majority of users are on the main servers. It also impacts self hosted Matrix servers that use the matrox.org identity server.
Matrix is entirely self-hostable, and you can turn off both federation, and the requirements for any linkable identifiers.
Signal by contrast requires your phone number, isn’t self-hostable, and is based in a five-eyes country.
Matrix doesn’t protect metadata, which is arguably just as (if not more) important than message data. Signal by contrast does protect metadata and proper implements Perfect Forward Secrecy for all chats. I do think Signal’s centralized design and phone number requirements problematic, but Signal still has many merits. Such as its massive user base for a AGPL-only project.
Matrix also implements Perfect Forward Secrecy, and that’s been the case for a very long time: …stackexchange.com/…/are-matrix-messages-encrypte…
What do you mean by AGPL-only? Synapse is also AGPL. And you can only guarantee that there won’t be projects with other licenses if you prevent them from existing… which is not something to be desired
Isn’t it? Maybe I’m misunderstanding something, so let’s start from the definition. PFS is when future joined users can’t read messages sent before they have joined, right?
In that case, it is not just implemented, but cannot be avoided and is a major hassle to deal with. In my understanding when someone joins, all members start a new olm session, meaning they now encrypt future messages with a new key. The old keys are not being sent to the joined users, not even if the room has been set up to allow reading history, and this results in them only seeing undecryptable messages, and all the metadata you’re taking about (except when the client hides these to reduce new user’s confusion).
Former keys are not shared among clients for now because there’s no mechanism (for now, but this is planned) to verify that a new member is actually a legit member, not just someone popped in by the server admin by DB editing or whatever.
Earlier there was a workaround mechanism, where with element clients, when you have invited someone, your client has sent keys to all the previous messages which it had, to the invited user. That was not (yet?) reimplemented in their new crypto library, but apparently they’re working on it.
But the point is, that afaik PFS is on and cannot be disabled for encrypted rooms, new rooms are encrypted by default, you have to toggle that off by yourself if you don’t want it, and it can’t be toggled off after room creation.
That’s right. I don’t think that’ll ever change, but it’s for sure that it’ll not change for a long time, because fundamental changes would be needed.
But! For when that is a concern, you are not entirely unprotected. For example you can set up a room to never federate, or only federate with specific homeservers. If your group runs their own, on owned real hardware, information can’t really leak from your control.
In my experience, room encryption is opt-in and permanent for a room.
Indeed.
It is optional, but enabled by default when you create a room, at least in the element clients.
Citation needed. It is undisputed that the software that runs on their servers is not identical to the code they release; if they release at all because sometimes they just stop for a year, until people complain 🫠
Signal no longer requires your phone number.
This is false. You still need a phone number to sign up and it is used as an internal identifier.
All they did is to allow you to hide your phone number from other users.
If Russia doesn’t block it, you can be sure it’s not great to use it ✨
Probably mostly because almost nobody uses it.
Couple million is absolutely nobody /s
Almost is absolutely \s
Would peer to peer apps be resistant to this sort of thing?
Peer to peer apps do not work without a centralized relay to get you around the CG-Nat that cellphones live behind. So they’re not really peer to peer. You would be playing whack-a-mole with the relays, having to spin them up as they get blocked. Many ISPs implement CG-NAT as well. Its really dependent on how the network providers structure things. Someone from the country with local knowledge would have to test it.
IPv6 doesn’t need CGnet. So as long as it’s capable of doing IPv6, it can directly communicate peer to peer using globally unique addresses. How do I know this? Simple because my ISP on IPv4 is completely CG NAT and I cannot get anything past it. So I am completely forced to use IPv6 for any service I want to run and access from outside my network.
IPv6 doesn’t need CGNAT. So as long as it’s capable of doing IPv6, it can directly communicate peer to peer using globally unique addresses. How do I know this? Simple because my ISP on IPv4 is completely CGNAT and I cannot get anything past it. So I am completely forced to use IPv6 for any service I want to run and access from outside my network.
Sure, but ipv6 is not widely adopted. I’m behind a CG-NAT but can’t get an ipv6 so I have to operate a vps bridge to host my services. Some cell networks have ipv6 support but a few implement a NAT for it as well. AT&T only allows port 80 and 443.
Its not consistent enough to be useful without a centralized relay.
I think that really depends on where you are. Here in the US, for example, IPv6 is pretty darn well adopted. And even 45% of Google’s internet traffic is done over IPv6.
Sure but if your looking to use a chat service, 45% is not a high enough watermark to have reliability. Its so contingent on the network operator to allow for an IPV6 connection. And like I said, places like AT&T have a NAT on their IPV6 network.
True, the only other option is something like simplex through tor. There are also p2p options like meshtastic as well.
Non ipv6 parts of the internet are considered derelict at at this point.
And… That doesn’t change the fact it’s not widely adopted enough for peer2peer chat services without the need of a relay.
Yes, but you’ll have to install them from sources other than what governments deem official. Like F-droid.
Now, if they block p2p traffic that’s a different story
I am totally cool with F-droid.
It depends. Somehow it has to discover the peers. Other than that, they could block traffic between residential IP addresses and there goes large part of the P2P network
Russia and Venezuela are huge hotbeds of piracy from populations without access or capital to access most forms of entertainment.
Breaking P2P in this manner would basically be getting rid of the circus part of bread and circuses. Not a good move for an authoritarian.
they figured it out that it’s CIA :)
So signel proxy for the win?
signal.org/blog/proxy-please