mirror of git://git.qorg11.net/kill9.git
added stuff
This commit is contained in:
parent
e676d09c5b
commit
884ad6f3b2
|
@ -5,3 +5,4 @@
|
|||
* Per (also pers, or perself): [Short for person](https://www.gnu.org/philosophy/kind-communication.html#f1)
|
||||
* Soykaf: s/shit/soykaf/ig
|
||||
* Fuarrrk: s/fuck/fuarrrk/ig
|
||||
* RIP: Rust in peace
|
||||
|
|
|
@ -1 +1 @@
|
|||
# C\# is horrible
|
||||
>\>c#
|
||||
|
|
|
@ -18,8 +18,8 @@ Disadvantages: Activity
|
|||
### Wired-7
|
||||
|
||||
Advantages: Allow posting for proxy/vpn/tor, no captchas of any kind,
|
||||
node is a good admin that always accept requests
|
||||
Disavantages: 5 samefags community, if you don't speak spanish, you're out of luck imageboards
|
||||
node is the less bad jannie out there.
|
||||
Disavantages: 5 samefags community, if you don't speak spanish, you're out of luck.
|
||||
|
||||
## Regular forums
|
||||
|
||||
|
|
|
@ -0,0 +1,118 @@
|
|||
# Signal considered harmful
|
||||
|
||||
Signal claims to be a ultra private instant messenger. It encrypts the
|
||||
messages and there's no central server. Or is there?
|
||||
|
||||
Let's find out!
|
||||
|
||||
# Distribution
|
||||
|
||||
Signal always struggled with which should be the most easy thing (and
|
||||
mandatory if you want users to use your thing) the distribution.
|
||||
|
||||
Being Signal Android/The Apple Garbage software, it should be
|
||||
distributed in their respective stores. In Android, you can use
|
||||
F-Droid. But Signal discourages getting Signal from F-Droid.
|
||||
|
||||
G\*\*gle Play Services are literally botnet. They allow software to
|
||||
run in the background (for things like notifications). They also allow
|
||||
the software to update in the background. Basically, G\*\*gle play
|
||||
services is a rootkit, that allows \<thing\> to do anything with your
|
||||
phone. Without you knowing!
|
||||
|
||||
For the longest time, **Signal would not work without *G\*\*gle Play
|
||||
Services*** Thankfully, this is fixed since 2017, and Google Play
|
||||
services are not longer needed.
|
||||
|
||||
**BUT** if you go to signal.org->get signal->Android **will redirect
|
||||
you to G\*\*gle Play**
|
||||
|
||||
## F-Droid
|
||||
|
||||
F-Droid is a repository that only gives you Free (as in freedom (and
|
||||
as free beer)) software for Android.
|
||||
|
||||
Moxie [Don't want to use F-Droid as official way of
|
||||
distribution](https://github.com/signalapp/Signal-Android/issues/127#issuecomment-13335689)
|
||||
because it does not allow auto-updating. Auto-upgrades are
|
||||
harmful. And we all know that.
|
||||
|
||||
F-Droid supports upgrades. They're just manual. Android sucks and you
|
||||
cannot do like `xbps-install -Su` to verify and upgrade all your
|
||||
packages. You have to install the APKs one by one.
|
||||
|
||||
But the thing here is that F-Droid **supports** upgrades!
|
||||
|
||||
Moxie also claims that APKs could not be verified in another
|
||||
store. This is [not
|
||||
true](https://f-droid.org/en/docs/Signing_Process/).
|
||||
|
||||
Moxie could setup his own F-Droid repository (it's easy as crap). But
|
||||
Signal cared more about important features that security-wanting
|
||||
users. Such as [Emoji
|
||||
reactions](https://signal.org/blog/more-reactions/) or [Animated gif
|
||||
search, using 3rd party
|
||||
websites](https://signal.org/blog/signal-and-giphy-update/)
|
||||
|
||||
## Direct APK download
|
||||
|
||||
Anyways, You can [Download the apk from the official signal website
|
||||
](https://signal.org/android/apk/) but I had to use my search engine
|
||||
to find this. So this is hidden as shit. Also, **it encourages to
|
||||
download signal from G\*\*gle Play**
|
||||
|
||||
And the way to verify it is using `keytool` (whatever that is (I also
|
||||
had to use my search engine to see that the hell that is))
|
||||
|
||||
To verify the file. I had to unzip the apk (what?), get to the
|
||||
META-INF folder, and use keytool to verify.
|
||||
|
||||
Why don't just use `.sig` files to verify things? (Like any other Free
|
||||
Software does with their binaries and source packages? (Also, every
|
||||
sane repository does this with RSA))
|
||||
|
||||
Also: A checksum **IS NOT** a signature. Your local fed can break onto
|
||||
your server, put a backdoored APK, and change the signatures. What a
|
||||
fed cannot do though is to sign that backdoored APK with your PGP key,
|
||||
because you need the private key to sign. Also the passphrase in any
|
||||
sane implementation of OpenPGP, BTW F-Droid signs the packages
|
||||
automatically.
|
||||
|
||||
## Centralization
|
||||
|
||||
Signal claims to be a P2P messenger, this is true I guess. But what is
|
||||
not true is that the whole system is P2P. It has **centralized
|
||||
servers**
|
||||
|
||||
Where does Signal stores your phone number, so you can use your
|
||||
account in multiple clients? How do i get information about my
|
||||
contact? Yup, they're stored in Moxie's servers!
|
||||
|
||||
Signal should be federated. Basically a federation are like email,
|
||||
Lain can send an email from lainswebsite to qorg, whose email is at
|
||||
vxempire.xyz, and nothing says you cannot do that.
|
||||
|
||||
I should be able to setup my own Signal server, in my own hardware. So
|
||||
I'm in control of the logs and data. I can also let my friends to use
|
||||
my server. And this server should be able to communicate to the
|
||||
official signal servers.
|
||||
|
||||
BUT Moxie forbids this. Your fork of Signal cannot use the official
|
||||
Signal servers. Because servers are not federated. This means that
|
||||
Signal Fork's users cannot talk to official Signal users. No fork of
|
||||
Signal will ever have any large user base.
|
||||
|
||||
Your Signal fork, also, can't have the name "Signal" on it. Because
|
||||
that makes [Moxie
|
||||
angry](https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165)
|
||||
|
||||
# Conclusion
|
||||
|
||||
XMPP does not have any of these problems.
|
||||
|
||||
Okay, Signal is good, but the things we have talked about here is not
|
||||
what you expect from a "security focused" program. The chat itself is
|
||||
P2P, and that's good. Also it is encrypted. So if you have to choose
|
||||
between \<big corporate owned IM\> and Signal, choose Signal.
|
||||
|
||||
Did I mention it needs phone number to work?
|
5
index.md
5
index.md
|
@ -5,7 +5,8 @@ runs [werc](http://werc.cat-v.org) as its "cms"
|
|||
|
||||
The theme is Yotsuba B
|
||||
|
||||
Anything that I've written in this website is under CC BY SA license. Images might or might not be under that license.
|
||||
Anything that I've written in this website is under CC BY SA
|
||||
license. Images might or might not be under that license.
|
||||
|
||||
Any article in this website is WIP. And they will always be WIP.
|
||||
|
||||
|
@ -17,6 +18,8 @@ will appear here. If you don't want to use Git,
|
|||
[email](mailto:qorg\[@\)vxempire.xyz) me a diff and I'll patch the
|
||||
file. Atribution will be given if wanted.
|
||||
|
||||
If you want to request an article, just submit an issue or email me.
|
||||
|
||||
## IRC
|
||||
|
||||
Join use at #the-wired in [kill-9.xyz!](irc://kill-9.xyz)
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
# Smell my onions!
|
||||
|
||||
Tor is an anonimity network that works with *nodes*. Each node is in a
|
||||
random place in the world.
|
||||
|
||||
Your computer picks a random nodes path. making it hard to guess who you are
|
||||
|
||||
A shitty thing about this is that your IP address will be shown to the
|
||||
first node you visit. And traffic on it it's unencrypted.
|
||||
|
||||
![More information about
|
||||
tor](https://wiki.installgentoo.com/images/2/20/1327674341221.jpg)
|
||||
|
||||
## Hidden Services
|
||||
|
||||
If you're too poor to get yourself a domain, and don't mind having a
|
||||
random 16 chars long domain, you can get a .onion, which are free, and
|
||||
easy as shit to setup. And if you think somebody can do something with your IP address, well, as long as [you're](https://nitter.net/x0rz/status/932560332614258688) [not](https://nitter.net/x0rz/status/908312394186858501/photo/2) [stupid](https://nitter.net/x0rz/status/919888593958694912)
|
Loading…
Reference in New Issue