Heh, thanks. AMA I guess.

I hate it when I don’t know an acronym, but this one is particularly hurtful to my brain since everyone is saying “yeah, that link to the FSB was obvious glad someone demonstrated it.” So… I will just assume FSB=KGB and be done.

Russian FSB is the successor of the Soviet KGB, so yeah, that works.

Take for example Tor network (high number of exit nodes are controlled)

I substantiated my claims about Telegram by a pretty deep technical analysis. Mind at least providing a link for your pretty strong claim about Tor?

Except those apps or protocols that are truly decentralized (e.g. OMEMO in XMPP), these are good.

Nope. Decentralization is important from power dynamics standpoint, but can actually be detrimental to information security due to (among others) metadata and complexity.

I would most definitely not recommend Matrix for private or sensitive communication, no.

https://soatok.blog/2024/07/31/what-does-it-mean-to-be-a-signal-competitor/
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/

Matrix is fine as IRC replacement, it might also be a decent replacement for Telegram's channels thingy, sure. But I would not trust my family photos to it. Much less anything actually important.

For the internet messenger functionality that would be Signal.

For other things (channels, mostly), anything that does not pretend to be end-to-end encrypted when it is not. A website with an RSS feed would be one trivial choice for channels that are open to anyone. Public communication like that has no business going through "platforms".

Also, AMA I guess.

I know, right? That's why investigative journalism is such a thankless, frustrating job. You need to prove beyond any doubt things that are often pretty obviously true.

Roman Anin and the rest of the IStories team did an absolutely amazing job. Found court documents going years back. Dug up signed statements and contracts. They did something nobody in the infosec community seemed to have done: actually looked at the IP addresses used by Telegram and followed that lead to its logical conclusion. And then published all of the receipts!

And still people will say this is "unsubstantiated" or find other ways to wave this off.

And yet this does move the needle. There is now proof of things we kinda sorta knew was probably true for years. It doesn't sound like much perhaps, but it's really important.

Transparency though. 🫠

HAproxy cannot serve static files directly. You need a webserver behind it for that.

Apache is slow.

Nginx is both a capable, fast reverse-proxy, and a capable, fast webserver. It can do everything HAproxy does, and what Apache does, and more.

I am not saying it is absolutely best for every use-case, but this flexibility is a large part of why I use it in my infra (nad have been using it for a decade).

This Tech Won't Save Us podcast episode makes a very important point: any movement that does not have a structure and some form of leadership can easily be taken over by anyone willing and able to fill that kind of power vacuum.

Fediverse currently does not have a structure nor a form of leadership other than perhaps "whatever Mastodon is doing". That's problematic. I hope that we recognize this and do something to fix it, before that power vacuum gets filled by… someone we might not like.

I do see that the researchers involved in the OP link are Erin Kissane and Darius Kazemi. That's fantastic. They are truly fedi old guard, deeply engaged, very knowledgeable, and generally wonderful human beings.

The problem with AI is the problem with capitalism.

Hiper-capitalists like Andreessen Horowitz, who had been pushing cryptocurrencies for a long while and still seems to be doing so, have vested interests in generating the AI-hype.

Well duh. "PC" means "Windows", obviously.

sigh