Ashoat on Warpcast

Content pfp

0 reply

0 recast

0 reaction

Ashoat pfp

Been hearing a lot of FUD about Signal recently and have been wondering where it came from. Seems like it might be connected to this campaign. https://twitter.com/matthew_d_green/status/1789687898863792453

6 replies

3 recasts

11 reactions

Vitalik Buterin pfp

Vitalik Buterin

Is there much evidence of an "intense campaign"? I have seen https://twitter.com/matthew_d_green/status/1789690133765091532, but that doesn't quite rise to "intense campaign" levels for me. Also, it seems to me that the recent wave of people caring was triggered by the board of directors stuff, not anything Durov did?

2 replies

1 recast

0 reaction

Vitalik Buterin pfp

Vitalik Buterin

(I do think that Signal is far more secure than Telegram and would recommend it. My impression is that Telegram continues to be successful at least within crypto because it has better degen-friendly features (group chats, emojis, sticker integrations...))

1 reply

1 recast

3 reactions

Ashoat pfp

Yup. Durov argues those features / scale can't be done with E2EE https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by-Default-08-14 I'm skeptical. Between the `getDhConfig` issue and the misleading claims about reproducible builds in the OP, I find it hard to trust Durov https://warpcast.com/v/0xac446c9e

2 replies

0 recast

0 reaction

Ashoat pfp

fwiw, our solution at @comm.eth to the scale problem is basically federation. Small chats are pairwise E2EE with Double Ratchet, but for large chats ("communities") we require admins to stand up chat servers (with access to plaintext) Would love to share a demo!

1 reply

0 recast

3 reactions

Vitalik Buterin pfp

Vitalik Buterin

Amazing, glad to see that you're working on this!

1 reply

0 recast

1 reaction

Vitalik Buterin pfp

Vitalik Buterin

Hmm this feels like the wrong way to do it? Why not let users use a custom recovery option (eg. ethereum addresses, which can encode arbitrary policies via smart contract wallets)?

1 reply

0 recast

0 reaction

Ashoat pfp

In Comm we have two kinds of accounts: username/password accounts and Ethereum accounts. Password accounts encrypt their backup with their password. For Ethereum accounts we wanted two properties: 1. Free to use 2. Recovery always possible if user still controls wallet

1 reply

0 recast

0 reaction

Ashoat pfp

Backup for Ethereum accounts uses an ERC-191 signature passed through a KDF. The resultant key is used to encrypt the backup. The signature never leaves the device. Our whitepaper is still in draft (happy to DM you a copy if you're curious) but here are some relevant sections with details:

1 reply

0 recast

0 reaction