> (those who do indeed verify fingerprints are excluded from this program)
Does this use mind-reading or time travel? Which is it?
Suppose I walk across to my friend Steve's house tomorrow and I verify our Safety Numbers match. Do the Secret Police hop into their time machine and go back and cross Steve and myself [and all our contacts?] off their MITM list?
Or did they use precognition to know I was going to do it and so they were able to never intercept the affected messages in the past?
> Don't want to be spied by your service provider - run you own server. That's what federation is for.
Notice that when you do this, the Secret Police's job is suddenly trivial. Gee, I wonder who we should arrest for this conspiracy that was organised on Andrew_nenakhov's server? Let's try starting with Andrew_nenakhov. Bingo.
Job #1 if you actually don't want this sort of global surveillance effort to be successful is Don't Stand Out. If your traffic is special, if your users are different, if your service is unlike all the others - you are a target. So blend in, that means you use TLS because everybody else does, and you use Google's Play message service because everybody else does, and you use the same server for all the mundane shit that is used for the plot to kill the Secret Police chief.
> Does this use mind-reading or time travel? Which is it?
Read my lips.
You do not trust the service provider. To be consistent, you do not trust the software provided by this provider. From here, the possibilities are endless. They can just show you some fingerprint numbers so you feel safe, while in practice they might be completely unrelated to the real keys. Or whatever. The keys you verify with your friend Steve might be generated on the very moment you look at them, unrelated to your prior keys that you used 'trusting' the Signal's CA.
> Job #1 if you actually don't want this sort of global surveillance effort to be successful is Don't Stand Out.
That's why just use a plain old email server in TOR network, not tied to your identity. Email blends in juuust fine, certainly much better than centralized silo Signal where your accounts are tied to your identites.
> You do not trust the service provider. To be consistent, you do not trust the software provided by this provider.
These are completely different threat models. You're saying that since you can't have bulletproof security, you might as well have none. This is simply not the case.
You made a claim ("those who do indeed verify fingerprints are excluded from this program") and "read my lips" doesn't substantiate it. Your claim was in fact just nonsense.
I was just listing the possibilities, which your paranoia about being spied upon somehow doesn't account for. You have no means to really verify if your communications are being compromised, so you just trust Signal. But at the same time you don't trust Signal and use e2ee. That's schizophrenia.
Does this use mind-reading or time travel? Which is it?
Suppose I walk across to my friend Steve's house tomorrow and I verify our Safety Numbers match. Do the Secret Police hop into their time machine and go back and cross Steve and myself [and all our contacts?] off their MITM list?
Or did they use precognition to know I was going to do it and so they were able to never intercept the affected messages in the past?
> Don't want to be spied by your service provider - run you own server. That's what federation is for.
Notice that when you do this, the Secret Police's job is suddenly trivial. Gee, I wonder who we should arrest for this conspiracy that was organised on Andrew_nenakhov's server? Let's try starting with Andrew_nenakhov. Bingo.
Job #1 if you actually don't want this sort of global surveillance effort to be successful is Don't Stand Out. If your traffic is special, if your users are different, if your service is unlike all the others - you are a target. So blend in, that means you use TLS because everybody else does, and you use Google's Play message service because everybody else does, and you use the same server for all the mundane shit that is used for the plot to kill the Secret Police chief.