Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Even worse, what happens when they MITM all of the installs because the docker container has really bad security such as:
RUN wget http://nginx.org/download/nginx-1.18.0.tar.gz
https://github.com/signalapp/Signal-TLS-Proxy/blob/master/ng...
Installing via HTTP, with no verification of installer seems like a reallyyyyy bad idea.
Yes, they have some docs on GitHub for how to do it: https://github.com/signalapp/Signal-Android/wiki/How-to-buil...
You can build the iOS version too for development: https://github.com/signalapp/Signal-iOS/blob/master/BUILDING...
I haven't done it before but you should even be able to deploy that build to your phone in theory: https://codewithchris.com/deploy-your-app-on-an-iphone/
It's unclear to me if there are any restrictions on iOS that would prevent you from doing that.
I'm a big fan of the idea of independently-run proxy servers.
Caddy has a secure forward proxy plugin born out of a research project at Google that does something similar, but works with any clients that let you configure HTTP proxies, and doesn't terminate TLS: instead it tunnels it over TLS. The proxy server itself can also be probe-resistant, i.e. difficult to detect that a website is acting as a proxy.
I'm hoping more people can help test the patch to support Caddy v2: https://github.com/caddyserver/forwardproxy/pull/74
Session has:
1. An associated crypto-currency (not outright bad but weird smell IMO) [1]
2. Abandoned perfect forward secrecy and deniability [2]
3. Never completed an audit (though supposedly one is in progress) [3]
There are a million and one encrypted chat programs out there. Why should I use this one?
[1]: https://github.com/oxen-io/oxen-mobile-wallet
[2]: https://getsession.org/session-protocol-technical-informatio...
[3]: https://getsession.org/faq/
See here: https://github.com/net4people/bbs/issues/60
2. TLS fingerprinting.
The first could be defeated by adding padding to the first few packets of each of your connections. [1]
The second.. someone built a socks5 <-> https CONNECT proxy client [2] out of Chrome's codebase, which means it shares all the fingerprint with Chrome and you really can't tell.
[1] https://github.com/klzgrad/forwardproxy/commit/2350f380f8db2...
[2] https://github.com/klzgrad/naiveproxy