In case you wonder what's the market for this: film making. I have friend that's in the sfx/field recording business. They engage in sneakernet type of trading of sound libraries. He's got terabytes of meticulously tagged SFX.
They seem to have have lotsa fun. A couple of years ago he went to Finland with a leading game developer to record people shooting cannons and other weapons from the ww2.
The project has transitioned to a non-commercial license (https://creativecommons.org/licenses/by-nc-sa/4.0/) until sustainable funding has been acquired. The code is still open source, but apparently asking to be compensated for work that improves the security of the entire Android ecosystem is too much for FOSS fanatics.
Funny, I've been waiting for something like this to surface. About two years ago I was listening to a Swedish podcast. One of the hosts talked about his super model friend who, along with a bunch other super models, had been invited to a dinner with the world's leading cancer scientists. She was seated at the table right next to one of these men and during their chat she eventually pleaded guilty and told him that she was a periodic smoker. His answer was:
— As long as you don't eat fish, you're probably fine, and explained to her that these cancer findings would the next big pile of shit to hit the cancer fan.
The two hosts joked about the irony that supermodels were the first to hear about these findings.
- DESCRIPTION: Me and many other are not too happy with the launcher. It should be possible to disable the launcher (not just hide it with a forced "reveal location"). This option should be so easy to implement.
- ROLE/AFFILIATION: Web developer, photographer, tinkerer.
They're sitting on troves of data. Extremely few use the E2E encrypted "secure chat" feature (mainly because it isn't default, but also because it doesn't sync between devices) and all the chat logs and data are stored on their servers (and are readable by Telegram). They also store your address book on their servers.
I'm sure they will find ways monetize this. Data is the "new gold", as they say[1]...
And what in the world makes you think that a company run by a russian nationalist[1] offering a free service with a million dollar bill will stick by their word (which, in this case is literally a single word)? The naivety of people in this post Snowden world is striking to me.
Are you really serious? This is a post snowden society.
> An FAQ isn't binding.
Probably not, but please beware that this service is not subject to US law, but the laws of the Russian Federation.
> What does their TOS say?
TOS are subject to change, right? And even if it wasn't, do you really think the TOS will stop a company run by a russian nationalist[1] offering a free service with a million dollar bill will stick by their word (which, in this case is literally a single word)?
The same goes for Telegram. The android client hasn't seen any updates to it's github repo since sep 2016.
And, it is quite easy to verify that WhatsApp's encryption is doing what we think. A friend of mine managed to reverse engineer their protocol in 2012 in less than 24 hours, by himself. And there is quite a big chunk of the computer security market that would disagree with the claim that something has to be open source to be verifiably secure.
No it's not. The fruit is: use a sideloaded Signal which you built yourself if you really need to be secure. If you're not, Signal is still better than Telegram or Whatsapp.
How come https://riot.im (Matrix) manages to sync between devices AND have E2E, while also being federated?
That's not what you get when you have a secure system, that's what you get when you design a system that can collect (and possibly monetize) the data of millions of users.
I believe that making sync work with E2E bring either security issues or more burden on the user; I would like them in telegram, but I also like the "if you send this message you exactly the device it go to, not an old laptop i forgot in the office, just my phone". it is meant to be secure on a device level.
That's not what I meant. Yes you can have sync and E2E. With different trade-offs.
Telegram is secure from device to device, not from account to account. If I send you a secure message from my iPad I don't have to worry about the web session I opened a week ago on someone else laptop.
Signal and WhatsApp both support multi-device encrypted chats. Signal is better than WhatsApp in this respect as your primary device doesn't need to be online for it to work.
Signal multi-device support is very limited. Doesn't support multiple mobile devices. Primary device must be a phone, all others must be desktop computers with Chrome.
How come https://riot.im (Matrix) manages to sync between devices AND have E2E, while also being federated? How come I can use both WhatsApp and Signal on both my computer and phone (and they stay in sync)?
It looks like in [1] that each device registered to a user has a device_key and when an encrypted message is sent, they user's public devices keys are requested and the message is encrypted for each device. New devices can't see old messages.
The message isn't encrypted for each device; the message is encrypted once for the room, as part of a 'session' of messages - and then the key data for that session is shared with the devices who are allowed to read it. Thus you can share old session key data with other devices if you want, meaning that new devices /can/ see old messages, although we're still working through the UX for that. (Currently the only way to do it is by import/export session key data in settings and transferring it between devices).
Thanks—so there's another layer of encryption over the ever changing (Megolm) key that encrypts the room, if I understand this. Looks like I simplified too much.
Sort of. Just to clerify: the first layer (Olm) provides a secure channel between pairs of devices, used mainly to share Megolm encryption state between them.
The second layer (Megolm) encrypts each sent message once per room, using a ratchet described by session key data. The session key data is shared 1:1 between the appropriate devices (past and future) over Olm.
Wire? I used it for a year with friends and family. I have never in my life experienced a buggier app on Android. My friends and family said the same about it.
They seem to focus on bringing new features (like an alien voice FX feature) when they should try to fix the basics first.
The worst thing that happened to me was that UI told me I was in a chat with Alice, but I soon realized I was actually chatting with Bob. So much for E2E...
Now we use https://riot.im. I'm kind of surprised a federated solution offers a decent UX and is less buggy.
Never experienced anything like that on Riot. I mostly call from Android to other Android and iOS phones though.
I'd say we had a 40% chance of actually connecting a call with Wire. Suddenly there was an update to the app and calling didn't work _at all_ until the next update came (this happened more than once).
A close relative finally gave up and yelled something along the lines of "who the f* uses this POS app", and I couldn't really argue. :)
e2e on Riot/Matrix is in beta. I've had some experiences with someone else in a group chat only being able to read messages on one of their devices, and this is apparently not uncommon.
I'm a firm believer that Matrix is the future. But right now I wouldn't recommend it to anyone that isn't an early adopter.
We're not aware of any crashes at all on Riot/Desktop (especially as it's an electron app, so crashes will be due to chromium bugs). Please can you make sure it's filed on https://github.com/vector-im/riot-web/issues? thanks!
I used it for a year with friends and family. I have never in my life experienced a buggier app on Android. My friends and family said the same about it. The seem to focus on bringing new features (like an alien voice FX feature) when they should try to fix the basics first.
They seem to have have lotsa fun. A couple of years ago he went to Finland with a leading game developer to record people shooting cannons and other weapons from the ww2.