• 0 Posts
  • 34 Comments
Joined 3 years ago
cake
Cake day: March 20th, 2022

help-circle
  • Of course it is, that’s the innovating part of it ! My opinion was that I rather use SimpleX if I wanted to switch away from Signal, if not I’ll simply use Signal not Session. But my threat model isn’t everyone’s.

    I think as people will be more educated on cryptography in there digital lives we will have better UX to the point of it not be as difficult as sending on e-mail in the late 80s. Innovation like Bitcoin, nostr, U2F, passkeys etc… will be more accessible over time. Today sending a message on Signal is infinity more easy, secure and private than the majority of e-mails of the 21th century.





  • Your comment is quite misleading. Blockchain is all about verification and transparency and that is the reason why people knew about the hack that quickly. Authorities, private companies and individuals are following the funds block after block. The hack concern an exchange, a central entity with lots of ether tokens, not a blockchain.

    From my understanding and this is still under investigation, the main issue is that the compromised exchange didn’t suffer from any breach. Their multi-sig setup signed a transaction liked if the company was agreeing. Could have been all the required key stolen ? Maybe. All the employee having keys getting corrupted ? Unlikely. From what I’ve read about the Ethereum Virtual Machine (EVM), in multi-sig (Safe or Gnosis safe as exemples) setups, users have no way to verify what they are signing on their harware wallets (signing devices).The whole Ethereum ecosystem have been used to blindly signed for years and today they might realize that’s a bad design choice. Lazarus could have hacked the centralized coordinator entity such as app.safe.global, but as I said this is still under investigation and I’m not a professionnal just a free software enthousiast.

    This is an Ethereum, actually more of a EVM Turing Complete, design issue if I understood it correctly. You don’t have this problem that much the on Bitcoin multi-sig UTXOs ecosystem were it’s simpler and many great hardware wallet let you verify on their screen what you are signing (hww without a trusted screen are not designed to be signing devices) but none, 0% let you verify what you sign with an Ethereum smarcontract. It is possible you can do that on Ledger with 1Inch from what I’ve understand.

    A feature of blockchains, actually it’s not blockchain in itself but rather the competitive PoW consensus mechanism (Ethereum forked to PoS) enforced by game theory is immuability and finality of the transactions. With Bitcoin you cannot rollback. Ethereum did a rollback in the early days creating a fork named Ethereum Classic which is the ledger that did not rollback. I don’t think Ethereum will rollback again, especially for such a small amount of ether and I think if they wanted and had the opportunity, it would have been already done. People screaming they will are delusional but maybe I’m wrong :)

    Finality might seem a scary feature at first, in reality it enable you to create reversible transactions through escrow multi-sig setup. Actually you don’t even need to, the mempool is not immuable on Bitcoin you can do a RBF. You don’t create trust by simply having a shiny blockchain, people thinking it removes trust don’t understand money. Whatever, with this hard finality system you can create softness emulating what the banking system usually offers. So you get the soft system built on top of a hard system, unlike internationnal banking on which you can’t put a hard system on top of.

    Edits : Add nuance, clarifications, improved readability, etc…





  • Yes but if ente goes bankrupt even if the code is open and free (AGPLv3 if I remember correctly) it doesn’t mean that it will find maintainers and even if it does the nooby customers will have a hard time knowing and transfering to the new repo/fork. For these online services I totally understand that people prefer stability and sustainabilty over privacy. Remember CTemplar, Skiff, etc…? Companies like Proton, Standard Notes, have proven that you can run a privacy business for over a decade but that does not mean every privacy product or services will sustain that long.



  • Cryptobros aren’t really present on there, at least I never encounter such people. But it’s mainly a “Bitcoiner Bubble” and that’s why I have some issue with staying on there regularly, I don’t like mind-bubbles. However there is some amazing experimentation on there with Value4Value or tipping sats (fractions of bitcoins) instead of liking, local-side open source algorithmes that you can choose and change and the thing I’m most excited about is Ditto which is a community server that act as a Nostr relay AND an ActivityPub instance.

    I think Nostr is superior to ActivityPub because you don’t need accounts, it’s authentification is based on asymetrical cryptographic keys which enable digital identities without a central server. However I use the Fediverse more because it is more mature, less mind-bubble and fucking better than commercial, centralized plateforms with opaque algorithmes that you have no control over.