Here’s the repo in case anyone is interested in hosting an instance: https://github.com/signalapp/Signal-TLS-Proxy

Just tried framed out of curiosity, it works fine on my Pixel 9.

The title text mentions imagemagick, there are other examples in the wiki.

Lots of modern indie or AA games are cheap and really, really good.

Yeah, I’m pretty sure 15 minutes after this post OP was crawling barefoot in HVAC ducts.

The point is also to minimize potential damages caused by a bug in the software. Just this year there have been multiple data-destroying bugs in publicly released software. If the app runs as a server it’s usually trivial to have it run as a dedicated user, with just enough permissions to do its job.

It’s just good practice, even though the risks might be low why risk it at all?

Like it or not, ads are still the most popular way to pay for online content. I despise ads and I hope some kind of micro-payment solution catches on and offers an alternative, but until then there needs to be a way to reward people for their work, so ads and full-on subscriptions it is.

I know “security experts” from a top French bank who insisted on using telegram instead of signal. So even people who were supposed to stay informed about this stuff fell for the hype and marketing.

I read your comment before the article and I thought you had made the second quote up lol, unbelievable. And people are throwing money at these guys?

OK so this is most likely by design, impressive.

Does the timer “jump” to the correct time after you dismiss the window ? It’s also possible that they didn’t bother testing the app when logged out, and that the popup blocks the UI thread while it’s displayed. In short it could be bad coding and QA instead of intentional enshittification.

Telemetry is not bad in itself. It can be used for bug/crash reports, or usage statistics, without tracking or personal data collection.

That’s because he planted a backdoor into GIT, and now he reviews your bad commits every night.

Insane lineup, I’ve seen every single one of these bands is an headliner at least once.

Same as Windows and MacOS, really. You can follow best practices and conventions, or just install your software wherever you want.

I guess it could, as we have to take meta’s word for it, and a quick google search hasn’t turned up any independent security audit.

They don’t want to ban encryption, they want to block encrypted chat apps, precisely so they don’t have to build backdoors. AFAIK it’s not possible to break signal/WhatsApp encryption without access to the targeted device, and once you have access you can get the messages directly without having to break the encryption.

Thanks for checking us out :) We had an audit done by quarkslab a few years back, and another one coming up this year since we’re currently implementing verified relations (signed SDPs). I’ll edit my comment with a link when I get back to work next week.

If you want a simpler solution than Matrix and don’t mind using a non-opensource app you could try twinme. You only need a username and a picture to create an account (could be anything, “Jane Doe” and a white square if you want). It has a couple unique features like multiple identities and click-to-call links, which you can share with people who don’t have the app so they can call you using only a web browser (e.g. on craigslist, lost pet flyers, …).

I work on this app as a full-stack dev, and for what it’s worth we only upload/store data that is strictly required for the app to work. We’re lobbying to open source it because we have nothing to hide and we know how important it is for the privacy/security minded folks, but it will take some convincing before management agrees to it…