Comment by OhMeadhbh 5 days ago
I talked to Moxie about this 20 years ago at DefCon and he shrugged his shoulders and said "well... it's better than the alternative." He has a point. Signal is probably better than Facebook Messenger or SMS. Maybe there's a market for something better.
I wasn't assuming the actual messages would go through email. I assumed they just needed that for a onetime setup. Isn't that the only reason for using a phone number currently?
I remember listening to his talks and had some respect for him. He could defeat any argument about any perceived security regarding any facet of tech. Not so much any more. He knows as well as I do anything on a phone can never be secure. I get why he did it. That little boat needed an upgrade and I would do it too. Of course this topic evokes some serious psychological responses in most people. Wait for it.
All easily activated over the air.
Indeed. The only reason this is not used by customer support for more casual access, firmware upgrades and debugging is a matter of policy and the risk of mass bricking phones and as such this is not exposed to them. There are other access avenues as well including JTAG debugging over USB and Bluetooth.
I don't think the FCC requires DMA channels. That's done out of convenience because it's how PCIe works.
47 CFR Part 2 and Part 15
FCC devices are certified / allowed to use a spectrum, but you must maintain compliance. If you're a mobile phone manufacturer you have to be certain that if a bug occurs, the devices don't start becoming wifi jammers or anything like that.
This means you need to be able to push firmware updates over the air (OTA). These must be signed to avoid just anyone to push out such an OTA.
The government has a history of compelling companies to push out signed updates.
There are hobbyist groups that tinker with these things. They are just as lazy as me and do not publish much. One has to find and participate in their semi-private .onion forums. Not my cup of tea. Most of it goes over my head and requires special hardware I am not interested in tinkering with.
I have no idea if that was true 20 years ago, but it's not true now. XMPP doesn't have this problem; your host instance knows your IP but you can connect via Tor.
Is that good? According to the wikipedia page it seems last stable release was 9 years ago. Is anyone using that? Last time I had a look at XMPP everybody was using OMEMO.
OMEMO has its own flaws too
Is there any reason they didn't use email? It seems like something that would have been easier to keep some anonymity., while still allowing the person to authenticate.