Nice long read on hacker Moxie Marlinspike, one of the brains behind the private messaging app

@franklinlopez @signalapp almost never say shit like this, but the guy's a sellout. does backflips to justify not letting people run their own signal servers and defending centralized messaging systems in general.

@zeh Of course a federated service would be preferable. Maybe soon Don't know the backstories to what you are talking about, but it has to be acknowledged that signal brought end to end encryption to the masses. Hell my family is now on signal! Also never met the man.

@franklinlopez @zeh

hey Frank, read this when/if you have the time, it's the best critique of Signal (and Moxie) I know of:

I agree that it did bring e2ee to the masses in a way that no one else did, and that's great, and I also get my family to use Signal whenever possible, lol. but, on at least a few occasions, the Signal project has made a decidedly wrong call, and the only rejoinder is "trust us, we know what we're doing" :/

and specifically, I don't think we're EVER gonna see Signal move to a federated model

@franklinlopez @ombres agreed with you all. that's a great article. also this short one: point #1, tying identities to phone numbers is very serious for many threat models, as it precludes anonymity and lets the provider know who talks to whom, which is half of the police work right there

@zeh thanks, I think I will add that link to my collection for when I want to have arguments about Signal :)

@ombres these facts lend weight to this suspicion I've had about this single point of failure on centralized infrastructure. What to do then? The argument that the Play Store is a rootkit (no mention of iOS) will only resonate with the tech-minded. I think it's easy to underestimate what a barrier to entry poor usability represents. That being said, I think it's time to shift from "we can do better" to "we have to do better". This may not feel true for the general population but for @'s, we do have to do better.

