sup is like Facebook Messenger, but for the fediverse.
Connect all of your fediverse accounts on one app, and connect with people on other platforms or protocols, like IRC.
It's also going to be fully open source, and modular with a simple plugin system to add support for other fediverse platforms and more.
A universal, open, federated messenger.
Built by @PixelFed ✨
[#]sup
=> More informations about this toot | More toots from dansup@mastodon.social
@dansup @PixelFed will it also use the signal protocol?
=> More informations about this toot | More toots from shnoorg@infosec.exchange
@dansup @PixelFed federated signal servers would be sick.
=> More informations about this toot | More toots from shnoorg@infosec.exchange
@shnoorg @dansup @PixelFed one could argue that matrix is kind of a federated signal.
I doubt that federating in that sense will be possible without signal opening up for it. The only thing I see possible would be a bridge still requiring you to setup an account on signal server... Like it's with the matrix-signal bridge.
So yes, in the end I would simply recommend to use matrix if you want a federated encrypted messenger that also can connect to signal today.
=> More informations about this toot | More toots from TheGymNerd@mastodon.social
@TheGymNerd @shnoorg @dansup @pixelfed What's the argument that Matrix is like federated Signal?
=> More informations about this toot | More toots from tilde@infosec.town
@tilde @dansup @PixelFed @shnoorg because it is centered around private communication, has (as far as I can tell) secure E2EE and is federated...
So from a function perspective it does all for me that signal does + it's running on federation.
=> More informations about this toot | More toots from TheGymNerd@mastodon.social
@TheGymNerd @dansup @pixelfed @shnoorg Aaah, I see what you intend. I disagree. Matrix has substantially different cryptography from Signal, and a design which relies more heavily on the good behavior of severs. It also has what I'd call bad "security smells": issues indicative of larger underlying problems in design & implementation, like this one. I don't think it's reasonable to characterize Matrix's security as equivalent to Signal's.
=> More informations about this toot | More toots from tilde@infosec.town
@tilde @dansup @PixelFed @shnoorg
Ok IDK what the problem with the servers should be but if you don't trust a server you can setup your own so you only need to trust yourself.
For me it looks like the article is mostly complaining about an issue in a library that some clients use and that is deprecated and no longer used by matrix.org.
All I can say is there was a professional security audit founded by German government in that no issues were detected. https://element.io/blog/bsi-funds-security-analysis-of-matrix/amp/
=> More informations about this toot | More toots from TheGymNerd@mastodon.social
@TheGymNerd @dansup @pixelfed @shnoorg "You can just run your own server." should be all the illustration needed for why these two things are not equivalent. But alas, that does not actually solve the issue. Even if you're using your own server, any channels hosted on other servers are vulnerable to those servers' manipulation. You need to rely on every server you have channels on. And if you don't have conversations on other servers, well, now it's just worse than Signal and you have to host it yourself, still no federation.
That issue I pointed out is not only so much worse than you characterize, but fundamentally indicative of poor development practices which produce many more problems which the developers are not well-suited to detect. Read the whole article. Which is why I'm not pointing at that issue as an active unfixed vulnerability, but as a "code smell" indicative of deeper and more pervasive issues.
=> More informations about this toot | More toots from tilde@infosec.town
text/geminiThis content has been proxied by September (3851b).