> If it that isn't 'safest', what do you think is safer (and practical)?
Distributing trust is safer and practical. A single, centralized server will always be vulnerable, whatever defenses in depth you deploy. Standardization and decentralization is more valuable in the long run for privacy/security than any customized efforts.
That's what allows us these past years to do PGP over email over Tor onions, transparently via onionMX SRV records (+ a local cache/mapping to prevent lying DNS). Meanwhile, Signal still requires a unique identifier (phone number) to operate and mandates usage of AWS and other privacy-hostile providers to reach their server, and there's nothing we can do about it because they control the entire infrastructure. Some resources on that:
- https://gultsch.de/objection.html <-- A free-software Jabber/XMPP client developer's answer to Signal team's stance against federation and open standards
Distributing trust is safer and practical. A single, centralized server will always be vulnerable, whatever defenses in depth you deploy. Standardization and decentralization is more valuable in the long run for privacy/security than any customized efforts.
That's what allows us these past years to do PGP over email over Tor onions, transparently via onionMX SRV records (+ a local cache/mapping to prevent lying DNS). Meanwhile, Signal still requires a unique identifier (phone number) to operate and mandates usage of AWS and other privacy-hostile providers to reach their server, and there's nothing we can do about it because they control the entire infrastructure. Some resources on that:
- https://gultsch.de/objection.html <-- A free-software Jabber/XMPP client developer's answer to Signal team's stance against federation and open standards
- https://north-shore.info/2019/06/02/signal-fails/ <-- A critique of Signal from a militant, non-tech, "security culture" perspective