That’s actually some very interesting discussion down there.

“attitude” which is calculated as follows: (upvotes cast - downvotes cast) / (upvotes + downvotes). If your “attitude” is < 0.0 you can’t downvote.

The math here is hilarious.

Again, that’s not some theoretical topic. They can block most VPNs, they do so in China, Russia, Iran. And there are no riots on the streets, their corporate overlords don’t do anything against it. One of the reasons is that they do allow ipsec for corporate clients. Are you a corporate client? Do you use ipsec for vpn? Are there riots on the streets for this censorship instance?

It’s not some theoretical topic, it’s the reality for China, Russia, Iran. They do block commonly used VPN protocols, so people now use VPN with obfuscations. Some work, some doesn’t, some stop working as time goes. So when people say “Ha-ha, I’ll just use VPN”, it will help you for some time but the trend is they will make it a problem for you, better start preparing before it happened.

What vpn obfuscations do you use? Because you know they’ll block vpn next.

Remember subreddits going dark and people leaving reddit. Hahaha how did that work out ?

We are on lemmy now, so I don’t get your point here.

None of this has anything to do with Signal itself, which is as secure as it gets.

Didn’t I say that at the start of my questions? What’s your point?

server would catch and reject it if it’s fingerprints don’t match the previously known good copy, or a public version

If I understand you correctly, you mean that Signal app checks itself and sends the result to the server that can then deny access to it? Is that what Signal does and what makes it difficult to spoof this fingerprint?

I don’t think you answered any of my questions though since they weren’t about Signal.

Now you’re just coming up with weird things to justify the paranoia

I’m just asking questions about security I don’t know answers to, I’m not stating that’s how things are.

What if the malicious actor is not Signal but Google or the hardware manufacturer?

Can we check that the encryption key generated by the device is not stored somewhere on the device? Same for the OS.

Can we check that the app running in memory is the same that is available for reproducible build checks?

Can we check that your and my apps at the moment are the same as the one security researchers tested?

More likely they just send the encryption key to the server after it’s generated.

Should you not also trust your device hardware, it’s os and the market you got the app from?

The code can be okay but it’s delivery method(aka Google), the OS(aka Google) or the hardware can be compromised.

likely many other people who are more skilled at auditing cryptographic code than I am

Maybe but that doesn’t mean you have the same app they do, Google may have different apks for people who could check it and for those who won’t.

If it’s false

How would we know?

Signal has reproducible builds and here’s the instruction how to check it on Android https://github.com/signalapp/Signal-Android/blob/main/reproducible-builds/README.md

Obviously if you already failed at educating people that’s hard to fix later. So children education should be the focus.

Education is a good solution to most problems.

Did it help?

The only games that don’t run nowadays I think are the ones that require installing kernel malware so you might reconsider playing them regardless of your OS.

It was made default for rm command in 2006.

That’s actually pretty cool.