First thing that signal foundation website says is protecting “free expression”, which sounds like a similar idea, but I’m not an expert on what people mean by either term
June 18, 2025 at 11:04 PM
First thing that signal foundation website says is protecting “free expression”, which sounds like a similar idea, but I’m not an expert on what people mean by either term
Also I do think something similar is one of the goals of the signal project, not removing blowback for things you say publicly but perhaps removing it for things you say privately, or stopping you from subconsciously having to be careful with your words from knowing that you could be being watched
June 18, 2025 at 11:00 PM
Also I do think something similar is one of the goals of the signal project, not removing blowback for things you say publicly but perhaps removing it for things you say privately, or stopping you from subconsciously having to be careful with your words from knowing that you could be being watched
I mean for example if you knew something sensitive was true about one of your friends, but didn’t know which one, that is quite different than knowing the exact person, that person has more privacy in the first scenario, irregardless of free speech
June 18, 2025 at 10:37 PM
I mean for example if you knew something sensitive was true about one of your friends, but didn’t know which one, that is quite different than knowing the exact person, that person has more privacy in the first scenario, irregardless of free speech
Also if there is anything else signal knows about your account (which fortunately there isn’t much afaik), they can now link it to your real identity instead of just knowing it about an anonymous user.
I mean anonymity clearly supports privacy I feel like, not just free speech.
I mean anonymity clearly supports privacy I feel like, not just free speech.
June 18, 2025 at 10:37 PM
Also if there is anything else signal knows about your account (which fortunately there isn’t much afaik), they can now link it to your real identity instead of just knowing it about an anonymous user.
I mean anonymity clearly supports privacy I feel like, not just free speech.
I mean anonymity clearly supports privacy I feel like, not just free speech.
If they have your identifying phone number then a third party with access to their servers/ their records (eg a government) could hypothetically confirm/detect whether somebody is on signal, which is a fact that you might not want to share.
June 18, 2025 at 10:37 PM
If they have your identifying phone number then a third party with access to their servers/ their records (eg a government) could hypothetically confirm/detect whether somebody is on signal, which is a fact that you might not want to share.
They’ve removed the requirement to share your phone number with people you talk to, you still have to use it to sign up though
June 18, 2025 at 2:30 PM
They’ve removed the requirement to share your phone number with people you talk to, you still have to use it to sign up though
more stuff it might not have or that we need to implement
- share permission to read groupchat to a wider group than just the writers, while doing so don't expose contact info of writers to readers (don't let readers spam writers)
- share doc by secretURL with no login (needed for me)
- share permission to read groupchat to a wider group than just the writers, while doing so don't expose contact info of writers to readers (don't let readers spam writers)
- share doc by secretURL with no login (needed for me)
February 24, 2025 at 7:53 AM
more stuff it might not have or that we need to implement
- share permission to read groupchat to a wider group than just the writers, while doing so don't expose contact info of writers to readers (don't let readers spam writers)
- share doc by secretURL with no login (needed for me)
- share permission to read groupchat to a wider group than just the writers, while doing so don't expose contact info of writers to readers (don't let readers spam writers)
- share doc by secretURL with no login (needed for me)
Also seeing some other potential tradeoffs and problems to fix, which is to be expected
it does also sound less fun to do though as well - trying to figure out signals undocumented apis vs designing my own thing from ground up. but seems more secure that way. we'll see what I do lol
it does also sound less fun to do though as well - trying to figure out signals undocumented apis vs designing my own thing from ground up. but seems more secure that way. we'll see what I do lol
February 24, 2025 at 7:34 AM
Also seeing some other potential tradeoffs and problems to fix, which is to be expected
it does also sound less fun to do though as well - trying to figure out signals undocumented apis vs designing my own thing from ground up. but seems more secure that way. we'll see what I do lol
it does also sound less fun to do though as well - trying to figure out signals undocumented apis vs designing my own thing from ground up. but seems more secure that way. we'll see what I do lol
Also doesn't have read only sharing which I would want - so I would need to implement my own layer on top to either block messages or ignore messages based on auth permissions. so I am still designing my own cryptosystem somewhat. but hopefully in a way thats at lest as secure as signal not less?
February 24, 2025 at 7:29 AM
Also doesn't have read only sharing which I would want - so I would need to implement my own layer on top to either block messages or ignore messages based on auth permissions. so I am still designing my own cryptosystem somewhat. but hopefully in a way thats at lest as secure as signal not less?
assuming that protocol has all the stuff I need that might be less important for a messaging service than for a doc service
- like fully consistent message ordering and receiving that's the same on all clients. but can help with that by frequently sending doc state squash to replace clients local
- like fully consistent message ordering and receiving that's the same on all clients. but can help with that by frequently sending doc state squash to replace clients local
February 24, 2025 at 7:25 AM
assuming that protocol has all the stuff I need that might be less important for a messaging service than for a doc service
- like fully consistent message ordering and receiving that's the same on all clients. but can help with that by frequently sending doc state squash to replace clients local
- like fully consistent message ordering and receiving that's the same on all clients. but can help with that by frequently sending doc state squash to replace clients local
maybe we can add someone to the group chat (document) at the moment that the inviter clicks "invite to chat", if so then the inviter would just send a catch up state message while he's still online, and the inviter would get that and all future messages
February 24, 2025 at 7:09 AM
maybe we can add someone to the group chat (document) at the moment that the inviter clicks "invite to chat", if so then the inviter would just send a catch up state message while he's still online, and the inviter would get that and all future messages
I wish bluesky allowed more than 300 characters per skiff
btw.
btw.
February 24, 2025 at 7:04 AM
I wish bluesky allowed more than 300 characters per skiff
btw.
btw.
Or maybe it's fixable. maybe catchup package can be messaged to someone when we invite them. but it would need to be updated for messages in between getting invited and joining.
Anyways I will keep thinking about this not on a bluesky thread
Anyways I will keep thinking about this not on a bluesky thread
February 24, 2025 at 7:04 AM
Or maybe it's fixable. maybe catchup package can be messaged to someone when we invite them. but it would need to be updated for messages in between getting invited and joining.
Anyways I will keep thinking about this not on a bluesky thread
Anyways I will keep thinking about this not on a bluesky thread
oh wait how will they be caught up unless someone else is online at same time - darn. I don't want to make that tradeoff. So we need to store shared docstate online at all times and share keys and stuff anyways.
February 24, 2025 at 7:04 AM
oh wait how will they be caught up unless someone else is online at same time - darn. I don't want to make that tradeoff. So we need to store shared docstate online at all times and share keys and stuff anyways.
I feel like that might work. I just simplified away all the complexity I was spending so much time thinking about / working on! well doing so is a virtue...
(I had also previously simplified offline mode merges into the mental model - just another action). hopefully the simplified models are good
(I had also previously simplified offline mode merges into the mental model - just another action). hopefully the simplified models are good
February 24, 2025 at 7:04 AM
I feel like that might work. I just simplified away all the complexity I was spending so much time thinking about / working on! well doing so is a virtue...
(I had also previously simplified offline mode merges into the mental model - just another action). hopefully the simplified models are good
(I had also previously simplified offline mode merges into the mental model - just another action). hopefully the simplified models are good
Like maybe I can fork libsignal.
there is a sad lack of well-supported libraries afaik to even just do encrypted messages, just low level libraries, except it's uniquely easy to miscombine primitives in this field
the highest level library i know is libsodium which is not even that high level
there is a sad lack of well-supported libraries afaik to even just do encrypted messages, just low level libraries, except it's uniquely easy to miscombine primitives in this field
the highest level library i know is libsodium which is not even that high level
February 24, 2025 at 7:04 AM
Like maybe I can fork libsignal.
there is a sad lack of well-supported libraries afaik to even just do encrypted messages, just low level libraries, except it's uniquely easy to miscombine primitives in this field
the highest level library i know is libsodium which is not even that high level
there is a sad lack of well-supported libraries afaik to even just do encrypted messages, just low level libraries, except it's uniquely easy to miscombine primitives in this field
the highest level library i know is libsodium which is not even that high level
so maybe signal + state_catchup for new members + encrypted backups of state? so still combining systems but a lot simpler and closer to existing apps like signal/whatsapp/imessage. I mean they have backups too.
Do backups defeat the point of forward secrecy? anyway that's not essential
Do backups defeat the point of forward secrecy? anyway that's not essential
February 24, 2025 at 7:04 AM
so maybe signal + state_catchup for new members + encrypted backups of state? so still combining systems but a lot simpler and closer to existing apps like signal/whatsapp/imessage. I mean they have backups too.
Do backups defeat the point of forward secrecy? anyway that's not essential
Do backups defeat the point of forward secrecy? anyway that's not essential
huh, TLS being a solved problem makes me think maybe I actually can use an existing e2ee messaging solution and build stateful documents around that - I would need full history of messages about a doc or state which messaging apps like signal don't always support
February 24, 2025 at 7:04 AM
huh, TLS being a solved problem makes me think maybe I actually can use an existing e2ee messaging solution and build stateful documents around that - I would need full history of messages about a doc or state which messaging apps like signal don't always support
so the main attackers are me, my server providers, and secret government subpoenas
hopefully the app grows big enough that we can afford to fix the crypto system before it grows big enough to be attacked by those 3 parties
hopefully the app grows big enough that we can afford to fix the crypto system before it grows big enough to be attacked by those 3 parties
February 24, 2025 at 7:04 AM
so the main attackers are me, my server providers, and secret government subpoenas
hopefully the app grows big enough that we can afford to fix the crypto system before it grows big enough to be attacked by those 3 parties
hopefully the app grows big enough that we can afford to fix the crypto system before it grows big enough to be attacked by those 3 parties
the e2ee part is the part I'm innovating on - ie hiding info from / not trusting the server - protecting data in transit between client and server is an already solved problem with TLS.
February 24, 2025 at 7:04 AM
the e2ee part is the part I'm innovating on - ie hiding info from / not trusting the server - protecting data in transit between client and server is an already solved problem with TLS.
yeah my cryptography might have a chance of being broken to start with, but at least the intention is there, it will also be a notes app not just a cryptography app. And it will still be more likely to be private than if I had not bothered with e2ee
February 24, 2025 at 7:04 AM
yeah my cryptography might have a chance of being broken to start with, but at least the intention is there, it will also be a notes app not just a cryptography app. And it will still be more likely to be private than if I had not bothered with e2ee
still I'm unreasonably optimistic that I can do a "good enough" job
February 24, 2025 at 7:04 AM
still I'm unreasonably optimistic that I can do a "good enough" job
the other problem for both fields, but especially crypto, is that it's hard to tell for sure if your solution is broken until it's too late. (Consequences from broken crypto are worse though, assuming they're critical for security)
February 24, 2025 at 7:04 AM
the other problem for both fields, but especially crypto, is that it's hard to tell for sure if your solution is broken until it's too late. (Consequences from broken crypto are worse though, assuming they're critical for security)
But just like rolling your own distributed system, you have to roll your own crypto in order to make a unique app.
I am trying to make an end to end encrypted collaborative notes app. There are no audited libraries for doing this (to my knowledge), and even if there were I might want to do it diff.
I am trying to make an end to end encrypted collaborative notes app. There are no audited libraries for doing this (to my knowledge), and even if there were I might want to do it diff.
February 24, 2025 at 7:04 AM
But just like rolling your own distributed system, you have to roll your own crypto in order to make a unique app.
I am trying to make an end to end encrypted collaborative notes app. There are no audited libraries for doing this (to my knowledge), and even if there were I might want to do it diff.
I am trying to make an end to end encrypted collaborative notes app. There are no audited libraries for doing this (to my knowledge), and even if there were I might want to do it diff.
(Sorry for rolling my own crypto)
February 24, 2025 at 7:04 AM
(Sorry for rolling my own crypto)