The problem with China is that while 'protecting' themselves from 'evil West' they keep doing to other countries (in Africa and Asia) the same things they are protecting themselves from.
Yep, some of the imposed limitations (single server, necessary to sign up with your phone number) make the conspiracy-theorist part of my brain fire up. And the longer this goes, the less beliveable are Moxie's excuses for doing it that way.
Conspiracy-theorist mode: spooks wanted to control the scene once it was obvious that it will be impossible to stop the proliferation of the idea of 'e2e encrypted secure messaging'. For this, they had to have an actually secure product without obvious backdoors (to gain and keep marketshare), but also some way to sidestep it. As long as they have the necessary metadata (who is contacting who, and the phone numbers they use), they can just sidestep the end-to-end encryption and hack the endpoints to access data. And moxie is insisting pretty hard on the 2 aspects of Signal that are unnecessary for the stated goal of the project, but are necessary for this purpose: 1) single central server, 2) having to share your phone number to communicate
It is server-less, no phone numbers required (Sorry NSA :( )
I looked at all the "secure" chat clients (Facebook, WhatsApp, Riot, Matrix, etc.) and Tox seems to be the only one that is SECURE (read: encrypted) and more importantly PRIVACY-FOCUSED (no phone numbers & central servers).
After ICQ, MSN, AIM, XMPP, Jabber, GoogleTalk, etc. I learned my lesson:
Not gonna trust any single entity EVER! No matter how "secure" they say they are.
> and Tox seems to be the only one that is SECURE (read: encrypted) and more importantly PRIVACY-FOCUSED (no phone numbers & central servers).
I wouldn't bet on that just yet. Tox is not secure right now. [0]
For now Riot (Matrix) through Tor fills this purpose nicely. It's completely encrypted end to end, and Tor avoids being identified from metadata. It does use servers, but you can choose any of the public servers available[1] or create one yourself and have people use it for plausible deniability (while you use it through Tor). There's interest in making Tor-only Matrix servers that can communicate with regular servers[2] but I think Matrix clients through Tor is secure enough.
Also, allowing using phone numbers for authentication is in my opinion very important for a service to reach some level of popularity (and therefore more work put into it, more audits, and not having to use a gazillion of clients yourself, etc). Riot main server has it but of course it's not required at all.
The problem that unless you are going to blow up the Empire State Building it's very hard to convince people to use yet another not to mention switch to a different messaging app.
What happens is that the person who does it effectively being cut out of the loop with maybe a handful of their contacts becoming partial converts that might serve as human routers for a while.
WhatsApp and Signal work because they are easy they are mom/grandpa proof and they have a huge user base.
Can I add the amount of required permissions to the conspiracy theory? For a privacy-oriented app, requiring access to EVERYTHING is what has kept me away so far.
(Or maybe there's a "Signal Lite" I'm not aware of?)
Right from the get go, if you deny it access to SMS it forces you to wait 2 minutes (no way to skip), then only gives you the option to receive a phone call with a code to enter.
Why not work like every other app and allow me to just enter the code from the SMS I received?
As someone whose primary motivation had little to do with "hiding my conversations" and much more to do with "not having my entire address book, unrelated SMS history, and identity sucked up and sent to some company I don't trust", Signal just wasn't a great onboarding process at all. In the time I spent waiting to see what happened when the SMS timed out, I'd already installed Telegram and gotten setup. And if I remember correctly, even once I went through the phonecall process Signal was basically non-functional without access to my contacts.
So Telegram it's been - shitty crypto and all. Though I'm open to other recommendations.
The server is open source, you can run your own private Signal network and rewrite the authentication if you wanted or remove the sms verification. Now that there's no longer a google play dependency this is possible. There's other software that is designed for nyms and is federated I don't get why people demand Moxie cram more features when what they want is already built.
I don't understand why are you accusing me of 'demanding moxie cram more features'. I do not use signal at all.
> you can run your own private Signal network and rewrite the authentication if you wanted or remove the sms verification.
You can. What's your point? Most important thing with IM is network effect, i.e. how many people can you contact with it.
You propose putting effort into rewriting the code, then running your own server, then only talking to people who you get to install your modified version of signal on their devices. This is not a solution to the problem, because if you're gonna put all that effort in, there already are viable alternatives.
My main point with my 'conspiracy theory' was that spooks would want to control the scene by being in control of the most popular IM networks. I do not see how you disprove that.
I'll grant that the conspiracy theory does explain the facts you mention (as well as the fact that Signal shares contacts with OWS), but I think that a simpler theory explains the facts too: the the OWS guys really do want to get some crypto into the hands of the masses, and are willing for their product to be less secure than it could be if it means that end users are more secure than they'd otherwise be (i.e., they believe the alternative to Signal-as-it-is is not Signal-as-it-could-be but rather SMS).
Tying things to a phone number makes sense in order to reduce Sybil attacks, but I think that OWS could operate a phone-number-based identity service which would be relied upon by federated Signal servers, reducing the degree centralisation while still preserving Sybil resistance. This matters because without Sybil resistance it'd be pretty easy for a malicious party to send a Signal user 10,000,000 messages per second, saturating his data connexion and depleting his battery; tying identity to phone number makes it easier to limit & block such bad actors.
> Tying things to a phone number makes sense in order to reduce Sybil attacks, but I think that OWS could operate a phone-number-based identity service which would be relied upon by federated Signal servers, reducing the degree centralisation while still preserving Sybil resistance. This matters because without Sybil resistance it'd be pretty easy for a malicious party to send a Signal user 10,000,000 messages per second, saturating his data connexion and depleting his battery; tying identity to phone number makes it easier to limit & block such bad actors.
I think people who are for anonymous use of Signal don't understand that the bulk of Signals users don't want anyone who is anonymous to contact them. If I don't know who you are or I can not track you down, then you can't contact me.
I don't think too many people want the people they communicate with using Signal to be anonymous to them; they want them to be anonymous to Open Whisper Systems. Ideally, OWS would have no way to know that I'm talking to my best friend, or who we are.
Getting that to work is tricky, but it'd be awesome.
I can imagine a system where users prove possession to OWS of their phone numbers via SMS — as they currently do — and OWS issues them certificates using some sort of blind signature scheme; they can then use those certificates to prove to any server they talk to that they are someone with an identity, and the server can use a subsidiary certificate to demonstrate to other servers that it's acting on behalf of someone with an identity (but not whose identity), and the recipient's server can rate-limit based on that identity, and potentially even record information to aid in manually tracking someone down — without revealing the identity in normal use.
I could be wrong, and I've definitely not proven that it can work. But I think it can be made to.
I agree with you; I'm not some crazy kookoo yelling about judgement day on the corner, this is just some 'food for thought' discussion.
For the first part of your argument, the issues I mention do not affect the security of the product (signal) itself, they would just enable spooks to more easily sidestep the whole product.
I also do not have anything against using the phone number as uid, it's 'good enough' for most people, and it greatly simplifies things. It is a very sensible default. What I'm questioning is the hardline stance of not allowing anything else at all - while 90% of people would be fine with signal as is, why not give the remaining 10% of us kookoos a bit more freedom?
As for the Sybil attack, does signal allow users not in your 'buddy list' to send you messages?
I'm with you — I'd love it if (internally) Signal user IDs were URLs, e.g. tel:+12025551212 — which would mean they could also be email addresses or anything else.
I think Signal allows anyone to send messages; I don't think it only permits communication when both parties have one another in their contact lists.
Yup, cooking and increased animal protein/fat intake (aka eating more meat) are responsible for 2 most important evolutionary jumps in our history by increasing both availability of calories+protein and (in case of fire) reducing parasite load.
Or alternatively, go on keto diet - 60-70% fat (mostly animal and milk fat), 20-30% protein, 5-10% carbs. Make sure to increase your electrolyte and fiber intake to account for lower intake of those through the diet.
A few colleagues at work recently started their keto diets (primarily in order to lose weight). I am interested in gut health and looked at some of the background materials I could find. It seems reasonable that the body can switch its energy source to fat, but the (long term) effects on overall health seem to be poorly studied/ understood.
My father worked in Mongolia and observed how local people in remote rural areas ate. Calories came only from meat of horses, sheep, camels and some small game plus fermented camel milk. There were no vegetables or any other plants besides few herbs that they used for tea. This is not surprising as it is very difficult to grow there anything but local grass, so one can survive only from animals that can eat that.
My father does not remember that locals got some particular health problems from that. Old people looked healthy and worked pretty much until the dearth. What is especially interesting that it was also true for descendants of Russian emigrants there from 100 years ago, but they did grow some vegetables and cereals.
Of cause, that does not prove that meat is healthy. But it does show that in a particular climate eating only meat is not harmful when the meat is from animals that was treated by locals with extreme respect and that were fed on grass that was either fresh or covered with snow at winter.
Meat is not bad on its own. All claims and 'research' about meat being bad are by people who have an ulterior motive. Online it's mostly sensitive vegans who think that the legitimacy of their goal of 'not hurting animals' gives them right to steal, cheat and kill their way to it.
All bad things related to meat consumption are result of intensive and unhealthy farming practices, and combining increased fat intake with increased carb intake (especially fructose). Correlation, not causation.
That being said, there are two issues with meat: in the West, we pretty much only consider muscle as meat, and dislike the internal organs, when it should be the other way around. Even obligate carnivores prefer internal organs because they are richer with fat, and often leave a lot of muscle meat on carcasses.
Second, and related, issue is that muscle meat based diet is a high-protein diet, not high-fat diet, so it's more akin to Atkins than to keto diet. High protein diet comes with its own set of issues: it places significantly higher load on liver, which causes increase in liver size; obligate carnivores have extremely large livers compared to their body size (just google for an image of shark's liver compared to its body, it's almost 1/3 of the volume). This also applies to humans, for example Inuit have enlarged livers as well.
This is the result of increased need for protein-processing capacity. Liver can only process so much protein into fuel per unit of its volume per unit of time. And to use Inuit as example again, because of this, they keep snacking every couple of hours, more often when exerting themselves physically.
A related concept is 'rabbit starvation': eating lean meat (rabbit in winter) is not enough to keep a human being alive - while you're in theory ingesting enough calories to survive, your liver's capacity to process pure protein into fuel is less than your body's need for fuel.
[1] gives direct evidence that meat from grass-feed cows comes with higher load of endotoxins than wild game. It will be interesting to know if this is a consequence of modern breading/farming or something related to cow domestication.
The summary doesn't mention 'grass-fed', only 'wagyu'; wagyu is intensively grain-fed in the last year of their life or so.
To quote from a quickly-googled article:
"What many people overlook is that farmers make Wagyu as fatty as possible by feeding their cows huge amounts of grain for the last 300-500 days of their lives. Some farmers even add wine and beer to further increase fat content. The result is that a wagyu cow’s muscle tissue is thoroughly marbled with fat. Unfortunately, it’s the kind of fat that is not good for you. The mold toxins in all that grain are bad for the cow and end up in its fat, and then in you, which would mean wagyu beef has a disproportionately high toxin load."
No bad, it's a pleasure to discuss these things with someone who is willing to research and to admit their mistakes.
Much better than the usual crowd I get in these kind of discussions, the 'sensitive vegan' type who pushes false statistics to try to hide being emotionally invested behind the authority of science (two of their favorite falsehoods are to push all people who consume meat into the same group for comparison vs vegans - bad science, because majority of omnivores have very bad diets incomparable to my efforts at keeping on keto, and arguing that 'cows emit methane, so we need to eat less meat', never 'cows emit methane, so let's eat other meat more'). And then when I display patience and deconstruct their arguments, the mask of reason falls off and they just start calling me Hitler, murderer etc. lol.
I vouch for it based on my personal experience - I suffered from a serious and untreatable autoimmune disorder (of thyroid, not directly of gut), and the only 'treatment' proposed by doctors was to cut out my thyroid and make me dependant on taking thyroid hormones orally for the rest of my life.
I refused, did some research on my own, and went on keto. My thyroid bloodwork is back to normal and I have no symptoms. And I feel much 'healthier' and more 'energetic' than before all this as well.
I am not proposing keto diet as a magical cure-for-all, but as a possible venue that should be tried before being forced to undergo irreversible surgical procedures for example.
P.S. body does not 'switch' the energy source to fat, it increases the production of ketones as result of interrupted Krebs cycle ( https://en.wikipedia.org/wiki/Citric_acid_cycle ) because oxaloacetate gets rerouted for use in gluconeogenesis (creating glucose for brain's needs), because there's not enough glucose in diet. This interruption causes the buildup of the main source for Kreb's cycle, acetyl-COA, which is then converted to acetoacetate (a ketone), which is then also partially converted to acetone and beta-hydroxybutyrate (also ketones). Of these, body uses acetoacetate and beta-hydroxybutyrate as fuel. Body is always able to use them, it's just that there's not enough of them to use if you're not on carb-restricted diet, so body defaults to using glucose as fuel.
Like you say, long-term effects of keto are poorly studied, mostly because of two reasons: early keto hype as an effective seizure treatment died out once we got good enough chemical seizure treatments, and there was a lot of money poured into blaming fat intake for negative health effects of increased carb intake from the 50ies (starting with Ancel Keys), and picking up significantly in 70ies.
There are animal studies that demonstrate increased longevity of animals on keto diet, similar to calorie restriction and strict veganism. While the calorie restriction and strict veganism most likely work through lowered intake of methionine (an essential aminoacid which functions as START coding block for protein synthesis, meaning that with lowered methionine intake your body creates protein at lowered rate and renews itself more slowly), keto achieves that through effectively tricking the body to go into 'starvation mode' i.e. the mode of using own fat reserves while the actual fat source is the diet.
Some tribes in north of Australia have verifiable myths about the geography of the lands that have been under the sea off the north of Australia for 6-8 thousand years at least (meaning, the description of the land features matches the sea floor geography).
Well, we are all related to each other, the only question is how _closely_ related we are. And as for that, any non-Khoisan/non-Pygmy human subgroup is more closely related to any other non-Khoisan/non-Pygmy subgroup than they are to Khoisan or Pygmy people. In other words, Khoisan and Pygmyies are the most distant cousins to all other homo sapiens (diverged from us 175-200 thousand years ago).
