It’s not some theoretical topic, it’s the reality for China, Russia, Iran. They do block commonly used VPN protocols, so people now use VPN with obfuscations. Some work, some doesn’t, some stop working as time goes. So when people say “Ha-ha, I’ll just use VPN”, it will help you for some time but the trend is they will make it a problem for you, better start preparing before it happened.
What vpn obfuscations do you use? Because you know they’ll block vpn next.
Remember subreddits going dark and people leaving reddit. Hahaha how did that work out ?
We are on lemmy now, so I don’t get your point here.
None of this has anything to do with Signal itself, which is as secure as it gets.
Didn’t I say that at the start of my questions? What’s your point?
server would catch and reject it if it’s fingerprints don’t match the previously known good copy, or a public version
If I understand you correctly, you mean that Signal app checks itself and sends the result to the server that can then deny access to it? Is that what Signal does and what makes it difficult to spoof this fingerprint?
I don’t think you answered any of my questions though since they weren’t about Signal.
Now you’re just coming up with weird things to justify the paranoia
I’m just asking questions about security I don’t know answers to, I’m not stating that’s how things are.
What if the malicious actor is not Signal but Google or the hardware manufacturer?
Can we check that the encryption key generated by the device is not stored somewhere on the device? Same for the OS.
Can we check that the app running in memory is the same that is available for reproducible build checks?
Can we check that your and my apps at the moment are the same as the one security researchers tested?
More likely they just send the encryption key to the server after it’s generated.
Should you not also trust your device hardware, it’s os and the market you got the app from?
The code can be okay but it’s delivery method(aka Google), the OS(aka Google) or the hardware can be compromised.
likely many other people who are more skilled at auditing cryptographic code than I am
Maybe but that doesn’t mean you have the same app they do, Google may have different apks for people who could check it and for those who won’t.
If it’s false
How would we know?
Signal has reproducible builds and here’s the instruction how to check it on Android https://github.com/signalapp/Signal-Android/blob/main/reproducible-builds/README.md
The only games that don’t run nowadays I think are the ones that require installing kernel malware so you might reconsider playing them regardless of your OS.
It was made default for rm command in 2006.
There’s whole industry to solve this problem and yet there are many millions affected each year meaning it’s not even close to being solved. Maybe quite the other way around judging how companies like Google recently said it’s a big problem for them.
The dude above says it themselves: you need to be smart to not fall for some malware(which they are wrong about, there many examples of smart people falling to phishing). Luckily LLMs are perfectly smart and never do stupid shit, right?
The people who block HDMI for Linux are also the people who make TVs and other media stuff. So you may not be able to use displayport or hdmi just because some rich people decided so to make more profit.
There’s nothing evil in Steam monopoly. Their evil thing is gambling.
You don’t even need to pay them, this service is free.
Why the heck is everything stripped to them
You need some CDN to hide your server IP from DDOS. Cloudflare is the only free one. AWS and Azure are the big ones with many additional services and seemed pretty reliable. So here’s 95% of the Internet probably.
Well they are pretty open on that you should not use it.
Again, that’s not some theoretical topic. They can block most VPNs, they do so in China, Russia, Iran. And there are no riots on the streets, their corporate overlords don’t do anything against it. One of the reasons is that they do allow ipsec for corporate clients. Are you a corporate client? Do you use ipsec for vpn? Are there riots on the streets for this censorship instance?