• 𝕸𝖔𝖘𝖘@infosec.pub
            link
            fedilink
            English
            arrow-up
            5
            ·
            2 months ago

            While I do love your optimism and appreciate the addition of this software to our (collective) arsenal, it absolutely can. Chat Control can force the developers to add back doors, for example, or to start log collection to include IPs and PSPs, etc. Please don’t misunderstand, I’m not negating the benefits of Amnesichat at all. It’s awesome. But, being a chat, it would still fall under the same regulatory nonsense as Briar, for example, which can also be run through Tor. Now, whether the developers adhere to Chat Control regulations, is another thing altogether.

            • EngineerGaming@feddit.nl
              link
              fedilink
              arrow-up
              1
              ·
              2 months ago

              If a backdoor is forced to be added into any project, wouldn’t someone be able to fork it and go on without the backdoor? Maybe even the original dev incognito…

              • 𝕸𝖔𝖘𝖘@infosec.pub
                link
                fedilink
                English
                arrow-up
                3
                ·
                2 months ago

                Theoretically, yes. But if it’s a legal entity that added it, they can easily circumvent any attempt to eradicate it. Or, in a more extreme way, criminalize FOSS chat apps altogether, then the code will have to be analyzed in a RE environment. Maybe the non FOSS server code is where the backdoor is added. There are so many relatively hidden ways to compromise a chat app’s supply chain.

                • EngineerGaming@feddit.nl
                  link
                  fedilink
                  arrow-up
                  3
                  ·
                  2 months ago

                  I doubt any FOSS restriction is doable at all. As for the supply chain - xz showed this is indeed possible… But no one can guarantee that every encrypted client would be able to get such a well-hidden backdoor, and that it will stay undiscovered, and that it wouldn’t be invalidated with an update… But yeah, the only way this can be combatted is having more eyes on such software.

      • Imprint9816@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        2 months ago

        You will be surprised to learn not everyone lives in the EU ;)

        There will be a ton of great privacy services that will be unaffected or will just leave the EU market (including signal). No need to switch to a completely unproven chat.

    • 𝕸𝖔𝖘𝖘@infosec.pub
      link
      fedilink
      English
      arrow-up
      7
      ·
      2 months ago

      Or Briar. Or Signal. Or so many others that have been audited throughput the years. While I appreciate the addition of Amnesichat to this arsenal, it has yet to be properly audited and is, therefore, not yet trusted.

          • foremanguy@lemmy.ml
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            2 months ago

            It’s really an absolute no. But it requires your phone and is centralized, basically that’s the two mains concerns that I have.

            • 𝕸𝖔𝖘𝖘@infosec.pub
              link
              fedilink
              English
              arrow-up
              2
              ·
              2 months ago

              We each have our own levels of acceptable privacy posture. Signal make it easier for the masses to get off, say, Whatsapp and feel little to no real hurdles. I agree with you, though, that the phone number and physical phone requirements are a hard sell for people with a more strict posture requirement, which was the reason it took me long to get on it. But, alas, I had to settle, because SimpleX wasn’t available on iOS at the time (my family and friends are on iphones) and it is much more private that Hangouts or Whatsapp (which I still can’t believe we were on). We did try Matrix for a time, but it wasn’t “production ready” then, which was a deterrent to them as well. Signal being centralized wouldn’t be a huge deterrent for me, if it wasn’t for their continuous push to keep it that way and them actively preventing decentralization, both of which have been scratching me the wrong way for a while. I had a conversation with my groups to switch to something else, but they’re not all on board. Signal, they say, is “as easy as Whatsapp and more private”. I mean… they’re right, but we could have better.