Okay. But this method doesn’t address that the service doesn’t need the message to include the sender to know who the sender is. The sender ('s unique device) can with 100% accuracy be appended to the message by the server after it’s received. Even if we trust them on the parts that require trust, the setup as described by the blog doesn’t do anything to prevent social graphs from being derived, since the sender is identified at the start of every conversation.

If we trust them not to store any logs (unverifiable), then this method means they can’t precisely know how long a conversation was or how many messages were exchanged. But you can still know precisely when and how many messages both participants received, there’s just a chance that they’re talking to multiple people. Though if we’re trusting them not to store logs (unverifiable), then there shouldn’t be any data to cross reference to begin with. So if we can’t trust them, then why are we trusting them not to take note of the sender?

The upside is that if the message is leaked to a third-party, there’s less info in it now. I’m ignoring the Github link, not because I don’t appreciate you finding it, but because I take the blog-post to be the mission statement for the code, and the blog doesn’t promise a system that comprehensively hides the sender’s identity. I trust their code to do what is described.

I think Dessalines most recent comment is fair even if it’s harsh. You should understand the nature of a “national security letter” to have the context. The vast majority of (USA) government requests are NSLs because they require the least red tape. When you receive one, it’s illegal to disclose that you have, and not to comply. It requires you to share all metadata you have, but they routinely ask for more.

Here’s an article that details the CIA connection https://www.kitklarenberg.com/p/signal-facing-collapse-after-cia

The concern doesn’t stem from the CIA funding. It’s inherit to all services operating in or hosted in the USA. They should be assumed compromised by default, since the laws of that country require them to be. Therefore, any app you trust has to be completely unable to spy on you. Signal understands this, and uses it in their marketing. But it isn’t true, they’ve made decisions that allow them to spy on you, and ask that you trust them not to. Matrix, XMPP and SimpleX cannot spy on you by design. (It’s possible those apps were made wrong, and therefore allow spying, but that’s a different argument).

How does that work? I wasn’t able to find this. Can you find documentation or code that explains how the client can obscure where it came from?

Yes.

Your client talks to their server, their server talks to your friend’s client. They don’t accept third party apps. The server code is open source, not a secret. But that doesn’t mean it isn’t 99% the open source code, with a few privacy breaking changes. Or that the server software runs exactly as implied, but that that is moot since other software also runs on the same servers and intercepts the data.

We can’t verify that. They have a vested interest in lying, and occasionally are barred from disclosing government requests. However, using this as evidence, as I suggested in my previous comment, we can use it to make informed guesses as to what data they can share. They can’t share the content of the message or calls – This is believable and assumed. But they don’t mention anything surrounding the message, such as whom they sent it to (and it is them who receives and sends the messages), when, how big it was, etc. They say they don’t have access to your contact book – This is also very likely true. But that isn’t the same as not being able to provide a social graph, since they know everyone you’ve spoken to, even if they don’t know what you’ve saved about those people on your device. They also don’t mention anything about the connection they might collect that isn’t directly relevant to providing the service, like device info.

Think about the feasibility of interacting with feds in the manner they imply. No extra communication to explain that they can’t provide info they don’t have? Even though they feel the need to communicate that to their customers. Of course this isn’t the extent of the communication, or they’d be in jail. But they’re comfortable spinning narratives. Consider their whole business is dependant on how they react to these requests. Do you think it’s likely their communication of how they handled it is half-truths?

Used by a bunch of NATO armies isn’t the same as promoted by or made by. It just means they trust Element not to share their secrets. And that blog post is without merit. The author discredits Matrix because it has support for unencrypted messaging. That’s not a negative, it’s just a nice feature for when it’s appropriate. Whereas Signal’s major drawback of requiring your government ID and that you only use their servers is actually grounds to discredit a platform. Your post is the crossed arms furry avatar equivalent of “I drew you as the soyjack”. The article has no substance on the cryptographic integrity of Matrix, because there’s nothing to criticise there.

Sure. You can trust your own fork. Just don’t use the official repos or their servers. The client isn’t where the danger is.

Your link lists all the things they don’t share. The only reasonable reading is that anything not explicitly mentioned is shared. It’s information they have, and they’re legally required to share what they have, also mentioned in your link in the documents underneath their comment.

Your data is routed through Signal servers to establish connections. Signal absolutely can does provide social graphs, message frequency, message times, message size. There’s also nothing stopping them from pushing a snooping build to one user when that user is targeted by the NSA. The specific user would need to check all updates against verified hashes. And if they’re on iOS then that’s not even an option, since the official iOS build hash already doesn’t match the repo.

It’s not my friends I want to hide my number from, it’s Signal.

Signal is USA government approved. Definitely don’t trust it. Use Matrix.

It only knows what you tell it. Just use it like any other website, and follow the same rules you do for all websites, which is to think about what you’re sharing, and only share what you’re okay with them knowing.

Facebook is for local things, so it’ll have to know where you live and who you are. So a VPN is kinda pointless. If you engage with three groups that are in the same village, you’re probably someone from that village, you know.

You also don’t need to clean cookies, because closing the browser clears the cookies, that’s what private browsing is for. But even without private browsing, you should have a global sensible cookie policy that only accepted cookies from whitelisted sites, and for those sites, doesn’t allow them to see cookies they didn’t give you.

On the last point: The most sensible and important thing to worry about here is fingerprinting. Using a different device for every service is an effective way to combat that. It’s not very practical, but specifically using your work phone that you use for other local services, to me makes a lot of sense.

I think you mean sabre rattling and threatening to use nuclear weapons and something about provocative and aggressive and maybe wolf warrior diplomacy.

Rail is more expensive than flying in China and Europe as well. It’s slower and costs more, but the experience is normal and dignified instead of airport security and aeroplane seats and Boeing quality pressurisation. It’s also better for the environment and the senses of anyone unlucky enough to live close to a terminal.

Germany has sanctions against Iran?

The two sources yogthos@lemmy.ml provided are nato.int for a NATO statement, a primary source, and the Wikipedia page for burden of proof, a concept that doesn’t have a primary source. In this thread yogthos@lemmy.ml has a perfect track record of using 100% (1) primary source, and 0% (0) secondary sources.

I was just showing that the world outside russia agrees putin has on a few occasions threatened the use of strategic weapons.

Why? Why are you showing this? Your evidence is weaker than that shown by sweng@programming.dev and pushes the same agenda as that post. Your post is completely superfluous unless you can address the specific shortcoming of that post, which is a shortcoming of proof.

This is yogthos@lemmy.ml’s reply to sweng@programming.dev’s post.

Pretty much none of those were actually stated by Russia. The trend has been that it’s the west that make up these red lines, then crosses them and says, see nothing happened. Last I checked, the actual red line Russia set out was Ukraine joining NATO, and when that red line was ignored the war started. This notion that you can just keep pushing a nuclear superpower and nothing bad will happen is imbecilic beyond belief.

If you bother reading the sources, then you’ll see that these aren’t primary sources of anything the Russian government said. These are articles and interpretations by western analysts and think tanks. Feel free to link statements from the Russian government though.

To which you replied. Now given that your message is a reply and not a new thread, it’s should be expected to actually respond to the criticism that there was a lack of proof. A proof of a statement is very easy to get, since all you need to do is link the statement or a recording of the statement. This isn’t a case where you’re asked to prove something where proof wouldn’t exist or could be ambiguous.

Now in this most recent reply, you pretend that you didn’t realise the current topic was about finding primary sources. But if we go further back in the thread, this reply from you shows that you do actually understand that you’re being asked to provide a primary source:

Where are your primary sources?

I’m using “you’re” to include your side of the argument, not “thou”. You also claim to have a primary source available. Linking this source with a timestamp should be easy for you. This would completely win the argument in your favour. The only reason you wouldn’t do this is if you are deliberately lying.

They did and some of us watched it live (we are told) on russian state TV in 2022,2023 and just last month. Please provide primary sources that contradict what I witnessed. But yes, if you want to have a official statement watch the victory day parade speech putin made.

Putin is a primary source on the statements Putin has made. This is excellent for you because if he said something to the effect of what was alleged by sweng@programming.dev then you will have addressed yogthos@lemmy.ml’s two comments. sweng@programming.dev made a strong emotional argument which you agree with, its only shortcoming is that it’s lacking supporting evidence. You joined this thread to provide supporting evidence, because emotional rhetoric was already supplied by sweng@programming.dev. Do you see now how adding additional and weaker emotional arguments is not further strengthening the emotional argument? This is because the emotional argument is already strong enough, it simply needs to be supported by evidence so that it can be considered.

You recognised this in the past and are now deliberately lying about your intentions. You wrote:

Should be [easy to find], go nuts look it up.

This is because you knew that if the evidence existed, it would’ve completed sweng@programming.dev’s argument, which you agreed with. You didn’t deny the existence of the proof because you understood that it would cause the argument to not be considered. You also didn’t provide the proof yourself because didn’t want to. Potentially because you knew it didn’t exist, which would be a second lie. But regardless, you have lied once during this argument.

yogthos@lemmy.ml’s next comment which you responded to is the following.

I can’t look up what does not exist. There is no such statement, you made it up and now you’re asking me to prove a negative.

This is the comment which you chose to respond to by “showing that the world outside russia agrees putin has on a few occasions threatened the use of strategic weapons.”

This makes no sense. That is not a sensible reply to that comment. Why would you assume anyone else would follow when you switch topics unannounced? You wouldn’t. You are lying about the intention of your comment. Your comment was meant to be interpreted as primary sources. You were hoping no one would notice that you failed to provide them.

This is the evidence for you now claiming to not have intended to provide primary sources. This is a quote from you, so it’s a primary source.

My “pithy one-liner” was a dig on how another .Ml person just so happens to show up to have the argument as the russian apologist. No where did I claim to provide any primary sources, in fact if you look you can see me making fun of that requirement.

Neither highalectical@lemmygrad.ml nor I are Lemmy.ml users. yogthos@lemmy.ml can’t be described as a Russian apologist since no Russian claims were addressed or apologised for. The only claims that have been substantiated in this thread with evidence were western ones.

You end by saying you were making fun of the requirement to provide evidence. This is a stupid statement. This is clearly a lie because no reasonable person would think it is anything but expected for evidence to be part of an argument or statement.

Are you taking the piss mate??

The BBC.com is the UK government. They are not the Russian military. I’m confused why you thought they’d be. So no, they are not a primary source.

Politico.eu isn’t the Russian military either. Did you think they were part of the BBC maybe and since BBC is Russia, Politico would be Russia too? Anyway, they’re actually a German private business. They aren’t a primary source either obviously.

ABC News also isn’t the Russian military. Did you really think the Russian military controlled all the major Western news sites??

Aljazeera.com is also not the Russian state. They are the government of Qatar. It’s a completely different country. Not a primary source.

Armscontrol.org is not the Russian government. They’re a lobbying group in the USA. You need to scroll down to see where it says, but it’s on the page you linked, so it’s weird you didn’t notice. As a general tip, Russian government websites are on the .ru top-level-domain.

Reuters.com is the UK government again. They’re still not Russia and still not a primary source. Did you think the UK was part of Russia?

nypost.com isn’t a primary source either. The “ny” is short for “new york” which is a city in the USA. The USA and Russia are different countries.

cbc.ca is a Canadian thing, the .ca means Canada. If you thought Russia owned the UK maybe that’s where you went wrong, since The UK owned Canada at some point in the past, but actually Canada is a sovereign country now. They’re not part of the UK or of Russia.

inquirer.com is the website for the Philadelphia inquirer, it’s the same situation as the nytimes one, where it’s named after a city in the USA, because they are not Russian. The Russian military didn’t name themselves after a city in the USA. It’s really strange you would think they did.

Washington post is named after another city in the USA. “Washington”. Did you really think all of these outlets were the Russian military, or did you perhaps just not know what a primary source is?

Cars, including EVs are bad. Climate tax on EVs to encourage public transport use is good climate policy. I’m not trying to imply that’s what’s happening here. European EVs aren’t* better. I just want to push back against EVs being a viable strategy for fighting climate change.

*In theory it’s possible for a European made product to be made with the same emissions as a Chinese made product, and then there would be one fewer ship journey involved in delivering it to customers. But in reality, European production has higher emissions because of laxer environmental protection mandates.

But I agree with the sentiment of your comment 100%. There’s evil desire among our policy makers to limit Chinese solar panels in the EU. Everyone’s priority should be to maximise solar panel use, even if that means having to fully subside production. There shouldn’t be any scenario where a manufacturer in China is willing to sell us solar panels and we put up barriers to that sale.