greybeard

Oh, I'm not defending these dumb-asses doing illegal things to avoid systems setup to safeguard American and its people. They absolutely could have synced things to compromised devices. Just that Signal, themselves, couldn't do that.

So I and some others here have probably sounded a bit antagonistic to you, but good on you for asking and trying to understand. Public Key Cryptography feels like magic to me too, it's just magic that I've accepted exists without understanding the base math of it all. Without it, however, most of the security of the Internet doesn't work.

Even most symmetrical encryption (Like AES, which is how you are picturing encryption working) layers on asymmetrical encryption as a negotiation layer to share a key that both parties have but that nobody eves dropping can read. Then once the key is exchanged, they use that because symmetrical encryption is way easier for computers. But for short messages like Signal sends, it wouldn't surprise me if they stay asymmetrical for the entire communication.

Signal does hold the public keys for every user. But having the public key doesn't let you decrypt anything. You need the private key to decrypt data encrypted with the public key. So in a chat example, if you and I exchange public keys, I can encrypt the message using your public key, but only you can decrypt it, using your private key.

Signal does run the key exchange, which means they could hand a user the wrong public key, a public key which they have the private key for, instead of the other person's. That is a threat model for this type of communications, however, signal users can see the key thumbprints of their fellow chat participants and verify them manually. And once a chat has begun, any changes to that key alerts all parties in the chat so they know a change has happened. The new key wont have access to any previous or pending messages, only new ones after the change took place.

In the case of signal, it is provable that it cannot. They do not hold the keys to decrypt. The closest risk is the server injecting a new public key into the conversation, which the Signal app will warn about.

The server can't decrypt it if it doesn't have the keys to do so. It can be proven that private keys never leave the local device. It can also be proven that the proper public keys are being provided, and that the local device alerts on public key changes with a partner are announced.

Of course, nobody as part of the linked article did any of that verification, but still, a server doesn't need to be trusted to be functional.

Nobody in this thread suggested not getting the vaccine. Entire problem is that we are dropping below herd immunity thresholds and that means worse outcomes for the vaccinated and unvaccinatable alike.

My experience is that their ass end ends up hanging over the sidewalk, and the tow hook takes an extra foot or so.

When I got a node, I learned there are actually quite a few more people in my area than meshmap suggests, because there is a state based MQTT server that most people in this area use. It also means I'm still chatting somewhat locally, but hitting a much wider net than a purely local radio could.

There are plenty if multiplayer Tetris games out there. Tetris 99 was going for something very different.

I replaced pocketcast with Antennapod a year or so ago. It took some time to adjust, but I'm quite satisified with it now. I feel like I'm slowly converting over at an F-Droid stack on my phone. About all I have left from the Play store are streaming apps and banking apps. I should look into replacing the banking apps with PWAs.

For those rare times I forget a load in the washer and it sours, I generally use a little vinegar.

I generally agree with you, GIMP is way behind the commercial options. And is almost unusable by the lay person and is lacking features a professional needs, which leads it to be almost useless for the majority of people. I use it, but also get frustrated at it every time I do. Let's hope 3 really is an inclection point.