What is this? Good news? In this economy? It simply cannot be!

The problem will get worse until consumer protection and privacy are priorities. It will only get worse yet with the growth of identity verification enforcement across technologies.

Please drink verification can.

Okay but your best masons are. Architects and developers are different.

It’s a mixed bag.

Maybe I came off as dismissive or just stupid, but I really did mean to be helpful. Of course you don’t want users experience bad interactions. I meant if those interactions were for an actual intended reason. So yeah, never mind.

Bummer you’ve had a hard time. I think they and the free software community are trying to put together a good solution.

What server are you using and with which client most recently? It sounds like your device is unverified so untrusted or the key isn’t present.

To expand, “unable to decrypt” would affect a lot of users. That’s a good thing and exactly what you want it to do when not correctly trusted.

I use it all the time. There are many mature clients, and matrix is a protocol, so I don’t know what you mean. Since the sliding sync implementations, I have found it really nice to use.

The sandboxes are different. The embeddable Java plugin sandbox was a bit different and susceptible to confused deputy and other attacks. So yeah, I guess you can say it is iterative but they’re kind of worlds apart. You can run thousands of wasm modules in a single process and have them all be completely isolated. Its performance and security gains, portability, and usability are all superb.

I guess I can’t really defend it well, but I think it is interesting and important.

It isn’t interesting for being bytecode. Rather for being the first universal sandboxed runtime for the browser and elsewhere. Being able to write in many languages and compile to wasm targets is awesome. Safety guarantees and performance are both great too. And it can run in tiny environments.

Great article. I think wasm is one of the more interesting things to happen in the last few decades in computer science, though there are many. I think it’s here to stay for sure, but am always curious where the adoption curve will go.

It also means the people operating them will have a high threshold for consequences and maybe not care so much about the community.

Actually great questions. Yes and no. There are vulnerabilities if the private key leaks, but public keys are just that; perfectly okay public in any hands. You only encrypt data with it.

What makes the Signal protocol so awesome, and other algorithms like it, is that it reduces the threat surface area further by using onetime keys. So even if your key is leaked, it cannot be used to decrypt old or forthcoming messages as the keys have already ratcheted to the next pair.

They share it with you. Their public key is generated by them. You encrypt a message to them with their public key. They use their private key to decrypt it.

I want to add before I get completely roasted here, that this is intentionally reductive. Signal actually uses a much more interesting multikey sharing algorithm, double ratchet. This uses onetime keypairs, and really is worth reading about.

I’m not following. In the WhatsApp case, yes, because we can’t see how those keys are managed. In the Signal case, we can. So the centralized server has zero impact on the privacy of the message. If we trust the keys are possessed only by the generating device, then how does the encrypted message become compromised?

I’m not talking about anonymity, only message privacy. No different than any of the other proxies or routers along the way. If they don’t have the key, the message is not readable.

Sorry but you’ll need to hold the L on this one. If I encrypt a message with public key material for which the only private key material that can decrypt the message is in only my possession, it doesn’t matter if the message passes centralized servers.

I’m not trying to be rude, that’s just how it works.

Step 0. It just goes without saying.