That's 26% of US states, but potentially much more than 26% of the US population (have not computed, but Texas, New York, Florida and, to a lesser extent, Washington all have large populations).
The daily mail is one of the most prudesh pseudo-newspapers published in europe . This is despite its continual bikini picture body-shaming content and lack of regard for accurate reporting . This kind of word censorship is straight out of the 1950s just in case some old phone e-reader is offended by the mildest slang term for a penis.
Hi, I experienced some auditory sensation for a few videos. The police sirens were particularly vivid - I imagined a series of rising tones quite involuntarily. The description of this sound as coming from "inside your head" is particularly apt - it is not an auditory hallucination, it's more like something I am imagining involuntarily. Interestingly, what I imagine is the same every time I watch the video.
In retrospect, I have experienced this phenomenon everyday, but never thought much about it.
> The most important concern is that Signal is a silo [...] you have to connect to OpenWhisperSystems servers to communicate with other users.
You can run your own private Signal service with OpenWhisperSystems' tools [1].
It's also worth noting that Signal - as a protocol - could easily be federated. (As others have mentioned, Moxie has chimed in on why the app is centralized [2]).
If confederated messaging is important, why not use the existing Signal protocol implementations, (including the X3DH key exchange, ratcheting protocol, etc), which is all F/LOSS, and has already been widely reviewed (as the article mentions)?
A distinction without a difference. I use Signal because people use Signal. People do not use 'the Signal service'. They use OWS's app and OWS's servers and moxie has explained he will not federate.
The fact that OWS goes to all the effort of creating this excellent protocol, and then insists on only deploying it to insecure devices (with direct-memory-access baseband radios) baffles me, but I hope that things move in a saner direction with time.
The biggest benefit I think OWS has provided is the ability for other platforms (e.g. Whatsapp) to use their protocols. I daydream about a day when all these competing messaging services realize they would stand to gain a lot by federating, but I know it won't happen in my lifetime.
I'm not a fan of opaque baseband firmwares either, don't get me wrong, but what's the alternative? Not for the DoD, I mean for union organizers making $50k a year -- people who aren't going to get murdered by Mossad, but still need to authenticate and encrypt their communication channels. What device would you recommend?
conflating the specific binary instantiation with the general cryptosystem. Regardless, depending on your threat model, you can take increasingly { reasonable | paranoid } precautions like manually compiling and loading Signal, as it's OSS.
edit: "private group" can encompass a lot, especially in other ecosystems like Google and FB. If said "private group" adversary is, say, a prominent and wealthy Silicon Valley businessman and enterprising vampire who collaborates with fascists, then you can see the potential of compromising someone's security by coercing Google or Facebook engineers to run you a Hadoop query or conditionally inject malicious JS.
> like manually compiling and loading Signal, as it's OSS.
Except, I’d have to modify the code, as the current version depends on Google’s proprietary libs, which I can’t inspect. And I lose half of the functionality, as RedPhone is also proprietary.
> by coercing Google or Facebook engineers to run you a Hadoop query or conditionally inject malicious JS.
The same can be done by coercing OWS engineers to backdoor their services.
And in any case, Signal can start collecting metadata any minute now, and there’s nothing we could do against it.
But not anything underneath, including getRandomValues(), as you write. A recent issue about this [1] on the WebCrypto spec itself was closed with 'wontfix' because in their view, polyfilling web APIs is a common and accepted practice.
Reposting imglorp's comment on the root of the comment tree, as it's buried currently. This should restore service for those desperately needing to access Github etc ;)
> ....point your machine or router's DNS to use opendns resolvers instead of your regular ones: 208.67.222.222 and 208.67.220.220
