For some reason that article doesn't link to it, but it is a real tweet he made in February (and didn't even delete after being called out for the highlighted search terms in his screenshot).

Regarding your browser-based thing: what are the specific capabilities of the "threat agents" (in your threat model's terminology) which your e2ee is intended to protect against?

It seems like the e2ee is not needed against an attacker who (a) cannot circumvent HTTPS and (b) cannot compromise the server; HTTPS and an honest server will prevent them from seeing plaintext. But, if an attacker can do one of those things, does your e2ee actually stop them?

The purpose of e2ee is to protect against a malicious server, but, re-fetching JavaScript from the server each time they use the thing means that users must actually rely on the server's honesty (and HTTPS) completely. There is no way (in a normal web browser) for users to verify that the JavaScript they're executing is the correct JavaScript.

If you run a browser-based e2ee service like this and it becomes popular, you should be prepared that somebody might eventually try to compel you to serve malicious JavaScript to specific users. Search "lavabit" or "hushmail" for some well-documented cases where this has happened.

It’s amazing how so many people here are completely oblivious to sarcasm.

from this commercial, apparently it's a joke but also a real product from Daily Wire 😬

What a confused image.

1. TiVo complied with the GPLv2 and distributed source code for their modifications to Linux. What they did not do was distribute the cryptographic keys which would allow TiVo customers to run modified versions it on their TiVo devices. This is what motivated the so-called anti-tivoization clause in GPLv3 (the "Installation Information" part of Section 6. Conveying Non-Source Forms.).
2. Linux remains GPLv2, so, everyone today still has the right to do the same thing TiVo did (shipping it in a product with a locked bootloader).
3. Distributing Linux (or any GPLv2 software) with a threat of violence against recipients who exercise some of the rights granted by the license, as is depicted in this post, would be a violation section 6 of GPLv2 ("You may not impose any further restrictions on the recipients' exercise of the rights granted herein.").

this isn’t remotely how this meme is used lol

shoutout to the person who reported this post with "Reason: Bot meme, you can't even read it. whoever replies is a bot too" 😂

xkcd#2501:

Sure, fuck WhatsApp, but Telegram isn't even end-to-end encrypted most of the time. Their group chats never are, and their "secret chat" encryption for non-group chats must be explicitly enabled and hardly ever is because it disables some features. And when it is encrypted, it's with some dubious nonstandard cryptography.

It's also pseudo open source; they do publish source code once in a while but it never corresponds to the binaries that nearly everyone actually uses.

And the audacity to talk about metadata when Telegram accounts still require a phone number today (as they did five years ago when this post was written) is just... 🤯

State-sponsored exploits against WhatsApp might be more common than against Telegram, or at least we hear about them more, but it's not because the app is more vulnerable: it's because governments don't need to compromise the endpoint to read your Telegram messages: they can just add a new device to your account with an SMS and see everything.

(╯° °）╯︵ ┻━┻

Anything claiming to prioritize privacy yet asking for your phone number (Telegram, WhatsApp, Signal, ...) is a farce.

the famous "This incident will be reported" error was briefly removed last year before being replaced with a less ominous version.

I'm disappointed in arstechnica for only supporting their provocative headline (Judge in US v. Google trial didn’t know if Firefox is a browser or search engine) with this vagueness in the article:

While Cavanaugh delivered his opening statement, Mehta even appeared briefly confused by some of the references to today's tech, unable to keep straight if Mozilla was a browser or a search engine. He also appeared unclear about how SEM works and struggled to understand the options for Microsoft to promote Bing ads outside of Google's SEM tools.

What did he actually say?!