Perhaps it was a bad choice of words. What I mean is that they say "you don't need to trust us", yet they require you to run through them. They refuse to build their system in a decentralized way, and the more that time goes by the more the decentralized alternatives are showing they are as secure as Signal without forcing us to accept their restrictions like mandatory use of phone numbers for authentication.
you literally don't. It's a fully encrypted service. The literal purpose of encryption is to move data securely through insecure or even adversarial channels. Which you can verify, it's audited and open source.
They refuse to build the app in a decentralized way because decentralization is an ideological obsession that is useless in this context, and because centralized organizations can actually ship polished software that works for normal people and move quickly.
Centralized supply chain, and metadata protection is anchored on SGX.
They can use their pick of SGX exploits to undermine the weak metadata protections and they (or apple/google) could, if pressured, ship tweaked versions of their centrally compiled apps to select targets that use "42" as the random number generator. No one would be the wiser.
Signal is a money pit with a pile of single points of failure for no reason.
Matrix is already proving federated end to end encryption can scale, particularly when users are free to pay for hosting their own servers as they like, which can also generate income.
> They can use their pick of SGX exploits to undermine the weak metadata protections and they (or apple/google) could, if pressured, ship tweaked versions of their centrally compiled apps to select targets that use "42" as the random number generator. No one would be the wiser.
Signal builds on Android have been reproducible for over seven years now. That's not to mention the myriad of other ways that people could detect this particular attack even without build reproducibility.
Moxie made it very clear he never wants third parties like f-droid -actually- reproducing and signing packages for distribution to de-googled signature-enforcing android distros etc. Providing side-loadable apks as an alternative a joke.
Third party builds and distribution would serve as public canary and be better for privacy forbidden. He argued the tracking advantages of centralized development and distribution outweighed any wins of allowing third party clients.
In reality a build published with a breaking change and a subtle crypto backdoor omitted from public sources may not be discovered for days or longer. Long enough to decrypt most every convo on the planet.
Something built like any other internet protocol with staying power.
A federated network with multiple strong client and server implementations that are able to be built, reproduced, and distributed by multiple independent parties. Like Matrix.
Matrix is far from perfect yet but it is miles beyond Signal in being a sustainable solution that can survive any single point of failure.
> can actually ship polished software that works for normal people and move quickly
They can ship it, because they got a fuckton of money. But apparently they can not maintain it, because now they are crying about how expensive it is to run it.
Signal is acting like a sprint runner who signed up for a Marathon and wants to be carried out to the finish line after showing how much faster he was in the first mile. That's what I think is dishonest here.
