Found this wondering town

RedditWanderer , 14 days ago

I wander what it means

possiblylinux127 , 14 days ago

It probably it is a person putting up flyers

InternetCitizen2 OP , 14 days ago

I guess I mean someone in my city not the government.

toastal , 15 days ago

Okay, but who’s is doing guerrilla advertising for a centralized service that requires a SIM card & an Android/iOS primary device or no account for thee. …At least in the past I convinced grandma this is the new SMS app you can use as I knew she would treat it as such, but now I wish I hadn’t since even that useful feature was lost. I want to drop Android entirely, but I need access to my contacts locked in the Signal system--which centralized system lock-in is one of the things we privacy-concerned folks want to avoid.

qaz , 15 days ago

Signal isn't perfect but it's still one of the best options.

toastal , 15 days ago

It’s the bare minimum for passable due to E2EE, not being owned by a corporation, & mostly open source--not “best”. We have better.

Vilian , 15 days ago

what?

toastal , 15 days ago

XMPP is an extensible protocol that has over a decade of battle testing from the casual chat to massive industrial communications applications (Zoom, Jitsi, almost certainly any online game you’ve played). It has E2EE in modern clients. It’s decentralized by nature & relatively easy to self-host. Both servers & clients use very few resources like bandwidth, storage, processing, memory (consider conditions of the time of invention). It doesn’t take minutes to join & sync chatrooms (MUCs). Gateways allow folks to talk across non-XMPP platforms. Governance is distributed in the open & not tied to a single entity. There are even projects like Snikket that can be rolled out for a family that is close to turn-key for set up. Along with something like Movim can create a self-hosted social network built atop an XMPP server for posts to share stories & media for a longer-term storage.

If E2EE encryption isn’t seen as a must relying on TLS + self-hosting: lighter, simpler IRC (good feature set with v3) which has been around since the ’80s can be a good choice. Zulip which is a forum/chat platform that has the most usable UX for trying to actually hybridize both (it’s not amazing UX, but better than the rest); this can work for a great for certain communities that desire this behavior.

Distributed (not to be confused with decentralized) encrypted chat there is Briar with a mesh network not even requiring internet, but has limited platform support & last I used years ago had massive battery drain issues.

---

If you must, there is Matrix which decentralized & offers E2EE but is relatively expensive to run from the clients, to servers, to the design generally being that it replicates the room messages & attachments & state across all servers for all users. While that duplicated data is great for resilience, can be expensive to store & is what takes minutes to join any room. I think it was a design decision ‘miss’ to try copy Slack/Discord/Telegram-but-FOSS as doing too much & none of it that well--where I think chat is better to be a bit simpler + expected to be ephemeral & a different service like a forum for important, permanent discussions & FAQs. Mastodon suffers similar issues with replication that makes some have to shutdown their self-host due to cost--which has led to Matrix in practice centralizing around Matrix[dot]org (who has a history of Israeli intelligence funding) & the servers they provide to others funneling all the metadata thru their org since they offer free accounts, are big enough to scale, & have most of the users. Folks act like Matrix is great just for being newer, but the aforementioned already cover its uses while being more mature.

crispy_kilt , 15 days ago

Lol xml

toastal , 15 days ago (edited 15 days ago)

Balisage Paper: Fat Markup: Trimming the Fat Markup Myth one calorie at a time

Old paper, but so are these specs which haven’t really changed. I know there are more formats than XML vs. JSON but they are two of the most common, and relevant to the battle of XMPP/XML vs. Matrix/JSON.

crispy_kilt , 15 days ago

It's not just the verbosity, it's also the complexity

jjlinux , 15 days ago

Wao, you really let'em have it. Love it.

There's also Session, Simplex, Riot, Delta Chat, etc.

There are plenty of options. Yes, Signal is one of the lesser evils, but certainly not the holly grail as some would make it look.

possiblylinux127 , 14 days ago

It isn't the holly grail but it is simple to use

jjlinux , 14 days ago

Absolutely. It's probably the most likely to be accepted by people that are in the mainstream apps life, for sure.

possiblylinux127 , 14 days ago

Good luck getting people to use XMPP. It is complex and doesn't even properly support photos and other media.

toastal , 14 days ago

?

Images & video work fine on Cheogram, Dino, Gajim, & can be piped from Profanity

possiblylinux127 , 14 days ago

And your response brings up another reason why no one is going to adopt XMPP. There isn't a central app or server for someone to use.

toastal , 14 days ago

So one of the best features is a bad thing? Is the irony lost on you that Lemmy is a decentralized system without a central server or app?

pkill , 14 days ago

one of the best

(link in alt text)
https://github.com/signalapp/Signal-iOS/issues/641

And then for no good reason a "FOSS" app's binary grows by a couple MB...

possiblylinux127 , 14 days ago

You also are quoting a communist. I can't take you seriously

hash0772 , 14 days ago

Don't hate them because they are a communist, hate them because they are a tankie.
Also, even if he is a tankie, this has nothing to do with it.

possiblylinux127 , 14 days ago

In this case it does. He is prejudice against the US and anything but Russia maybe China. He has repeated cited cold war rhetoric such as East vs West.

bamboo , 14 days ago

This argument implies there's an easy way for you to perform the reproducible builds on iOS, but it's quite involved and requires a jailbroken iPhone. Overall this is more a limitation of apple and not signal.

Even if you were able to perform a reproducible build of Signal on a jailbroken iPhone, there's no way to confirm that the stock iOS Signal app will match, or has a backdoor that got added in a supply chain attack that only is delivered to non jailbroken phones. You could use a jailbroken iOS device, but then it could be lagging behind updates and be even more vulnerable from zero days.

The real pressure here should be on Apple to provide a way to verify a build of an open source app matches what is being installed via the app store, but for some reason this is being framed as a Signal issue, which is disingenuous.

possiblylinux127 , 14 days ago

What should people use? Many of the apps have gottas or are complex to use. Signal has the benefit of being easy. It can even be Foss if you use Molly

toastal , 14 days ago

https://lemmy.ml/comment/11113492

gencha , 15 days ago

That's wanderful!

Baguette , 15 days ago

Cool but I wouldnt exactly trust a random qr code

my_hat_stinks , 15 days ago

QR codes essentially just encode text, as long as you're using a sensible QR code reader and check any URLs before opening them there's minimal risk to scanning a QR code.

TaviRider , 15 days ago

I still wouldn’t trust it because of homograph attacks.

hashferret , 15 days ago

Respectfully I think this is a minimal attack vector in this case due to the limited character set of urls. But thanks for the callout, I didn't know there was a name for this sort of attack.

Lichtblitz , 15 days ago

Modern browsers happily show you the actual characters, while sending their encoded entities to the server. So, from a user perspective there is no ASCII limitation. Case in point: söhne.at (just some random website, I have no idea what they are or if they are legitimate)

gila , 15 days ago

They'd still resolve via DNS to an address in ASCII though, right? Wouldn't that only be an issue if ICANN didn't have a monopoly on DNS registration? i.e what we already depend on for a semblance of convenience without totally compromising opsec

qaz , 15 days ago

It utilizes punycode under the hood. The actual DNS entries still use ASCII.

qaz , 15 days ago

Punycode enables you to encode any Unicode character as ASCII. Almost all browsers support this.

4stringscooter , 15 days ago

Or xss/sqli/etc attacks on vulnerable sites that don't sanitize url query parameters

4stringscooter , 15 days ago

Or maybe a fraudulent signal app.

I mean, generally speaking, just don't click on random links. This is a random link. Qr codes are valuable but we're conditioning society to just be cool with clicking on random shit without putting much thought into it.

InternetCitizen2 OP , 15 days ago

That's fair

captain_aggravated , 14 days ago (edited 14 days ago)

Oh is that like bankofarnerica.com or whatever, hoping the r and n look enough like an m for at least some people to click?

edit: under absolutely no circumstances click on the above link. Your bank will be robbed and your foreskin soldered shut. To very don't.

bloubz , 15 days ago

Well not really, it's a good way to do a IDN homograph attack

Successful_Try543 , 15 days ago

You could still enter the URL manually if you are concerned.

jqubed , 15 days ago

I may have in the past put lyrics from “Never Gonna You Up” or links to the music video on YouTube in QR codes I printed on blank business cards and left them in public places around town.

possiblylinux127 , 14 days ago

You should a tracking link that has been shortened

NegativeLookBehind , 15 days ago (edited 15 days ago)

Surely it's legit

EDIT: It actually is

CrayonMaster , 15 days ago

What is it? Just signal's webapge? I'm a coward.

NegativeLookBehind , 15 days ago

Yup. I cropped the QR code and checked it with an online reader, and it’s literally signal.org