Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
fog
DEPRECATED: Repo Contents moved to https://github.com/mobilecoinfoundation/mobilecoin (by mobilecoinfoundation)
-
Signal-Server
Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
> AFAIK the Signal app doesn't connect to the Google servers directly, so even if it exists, the cookie doesn't get transferred anywhere. The Firebase Cloud Messaging library / Google Play Services on your phone do connect to Google but they carry unique identifiers, anyway.
No, that's a wrong assumption. It does connect to google's servers for pretty much everything [1] - you can look for these constants in the codebase and you'll find lots of things that would worry any netsec person, including the key backup related stuff.
Signal doesn't only use firebase for the sake of Push Notifications. Also have in mind that push notifications/firebase is unnecessary with a high priority notification, which is what e.g. other f-droid FOSS forks of other apps use instead.
> What legal threats? (I'm familiar with the discussion but I have yet to see Moxie threatening anyone.)
Granted, most of the discussions in LibreSignal's repo [2] got very heated very quickly. Can't find the twitter thread of @moxie at the time, and lots of replies in there got deleted from both sides. Maybe someone else can provide an archived version or screenshot? [3]
> Could you provide a source that's more accurate (...)?
Make an Access Point, use smartphone to connect to it. Run Wireshark, and you'll see what's happening.
[1] https://github.com/signalapp/Signal-Android/blob/d74e9f74103...
[2] https://github.com/LibreSignal/LibreSignal/issues/37
[3] https://twitter.com/comzeradd/status/733677192870297600
{Today's Wired article for context: https://www.wired.com/story/signal-mobilecoin-payments-messa...}
Hi!
I'm the CEO of MobileCoin. If anyone has any questions please feel free to ask here. We've been working on this project for four years and it has been a labor of love. There's a lot of new technology here.
We exist in a highly regulated space so it's possible some questions will require reaching out to lawyers to make sure we answer them in a way that's compliant so please don't feel offended if a response takes a while to come back.
The best set of docs for how the whole thing fits together is our book "The Mechanics of MobileCoin"[0].
We'll be around here and on our forums [1] to answer questions. Please also check out our foundation website[2]. The github[3] is also a lot of fun, especially the section on Fog[4].
[0]https://github.com/UkoeHB/Mechanics-of-MobileCoin/blob/maste...
[1]https://community.mobilecoin.foundation
[2]https://mobilecoin.foundation
[3]https://github.com/mobilecoinfoundation/mobilecoin
[4]https://github.com/mobilecoinfoundation/fog
{Today's Wired article for context: https://www.wired.com/story/signal-mobilecoin-payments-messa...}
Hi!
I'm the CEO of MobileCoin. If anyone has any questions please feel free to ask here. We've been working on this project for four years and it has been a labor of love. There's a lot of new technology here.
We exist in a highly regulated space so it's possible some questions will require reaching out to lawyers to make sure we answer them in a way that's compliant so please don't feel offended if a response takes a while to come back.
The best set of docs for how the whole thing fits together is our book "The Mechanics of MobileCoin"[0].
We'll be around here and on our forums [1] to answer questions. Please also check out our foundation website[2]. The github[3] is also a lot of fun, especially the section on Fog[4].
[0]https://github.com/UkoeHB/Mechanics-of-MobileCoin/blob/maste...
[1]https://community.mobilecoin.foundation
[2]https://mobilecoin.foundation
[3]https://github.com/mobilecoinfoundation/mobilecoin
[4]https://github.com/mobilecoinfoundation/fog
{Today's Wired article for context: https://www.wired.com/story/signal-mobilecoin-payments-messa...}
Hi!
I'm the CEO of MobileCoin. If anyone has any questions please feel free to ask here. We've been working on this project for four years and it has been a labor of love. There's a lot of new technology here.
We exist in a highly regulated space so it's possible some questions will require reaching out to lawyers to make sure we answer them in a way that's compliant so please don't feel offended if a response takes a while to come back.
The best set of docs for how the whole thing fits together is our book "The Mechanics of MobileCoin"[0].
We'll be around here and on our forums [1] to answer questions. Please also check out our foundation website[2]. The github[3] is also a lot of fun, especially the section on Fog[4].
[0]https://github.com/UkoeHB/Mechanics-of-MobileCoin/blob/maste...
[1]https://community.mobilecoin.foundation
[2]https://mobilecoin.foundation
[3]https://github.com/mobilecoinfoundation/mobilecoin
[4]https://github.com/mobilecoinfoundation/fog
This is not entirely true. There has been a delay (11 month) in the sync of the server code with a public GitHub repo. Currently all commits are there: https://github.com/signalapp/Signal-Server/commits/master
For contact discovery, AFAIK no[0].
For everything else: Yes, by setting a randomized long Signal PIN since SGX is effectively used to add entropy to Signal PINs[1]. You can also disable Signal PINs – in this case Signal will simply set a randomized long PIN for you.
[0]: https://signal.org/blog/private-contact-discovery/
[1]: https://signal.org/blog/secure-value-recovery/
> AFAIK the Signal app doesn't connect to the Google servers directly, so even if it exists, the cookie doesn't get transferred anywhere. The Firebase Cloud Messaging library / Google Play Services on your phone do connect to Google but they carry unique identifiers, anyway.
No, that's a wrong assumption. It does connect to google's servers for pretty much everything [1] - you can look for these constants in the codebase and you'll find lots of things that would worry any netsec person, including the key backup related stuff.
Signal doesn't only use firebase for the sake of Push Notifications. Also have in mind that push notifications/firebase is unnecessary with a high priority notification, which is what e.g. other f-droid FOSS forks of other apps use instead.
> What legal threats? (I'm familiar with the discussion but I have yet to see Moxie threatening anyone.)
Granted, most of the discussions in LibreSignal's repo [2] got very heated very quickly. Can't find the twitter thread of @moxie at the time, and lots of replies in there got deleted from both sides. Maybe someone else can provide an archived version or screenshot? [3]
> Could you provide a source that's more accurate (...)?
Make an Access Point, use smartphone to connect to it. Run Wireshark, and you'll see what's happening.
[1] https://github.com/signalapp/Signal-Android/blob/d74e9f74103...
[2] https://github.com/LibreSignal/LibreSignal/issues/37
[3] https://twitter.com/comzeradd/status/733677192870297600
Related posts
- Cap – open-source alternative to Loom
- How to Deploy Directus as a Backend-as-a-Service (BaaS) on Koyeb
- The xz sshd backdoor rabbithole goes quite a bit deeper
- Apple Updates App Store Guidelines to Permit Game Emulators, EU Music App Links
- Butterfly: Powerful, minimalistic, cross-platform, open source note-taking app