I don't trust new products anymore, especially anything like a new chat app. I don't install new apps. I'm more willing to try something if they have a website that works in incognito mode and doesn't require a phone number to create an account.
wild... I haven't been able to use my old account for a very long time... created a new one a few years back, tried that one... neither seem to work...
I don't want to make a new one tied to my phone number.
Just as the case with Skype that changed like 3 protocols, 2 architectures and 4 ownerships in its existence. Would you say it has nothing to do with original Skype?
I'm not sure why you were downvoted for this but I share the same sentiment. I only use apps I'd they are essential or need to be apps. Automatic app updates are essentially a giant bait and switch.
Unneeded permissions are practically a cliche by now and the permissions that apps get are routinely abused. Give an app notifications and they will spam you while the app interface isn't running.
Some software doesn't even need to be native or connected. Word processors, calculator apps, many lower definition games and even image manipulation could be done with one fat webpage.html file.
You should try to set up your computer so that you can run native apps with only about the level of privilege that a website in incognito mode has. It would really increase your flexibility.
I'd personally suggest setting up a virtual machine with some sort of "checkpointing" feature, where you can rewind the machine to an earlier state if you don't like what an app did to it.
I was talking about the specific problem that makes you avoid native apps in favor of web apps. Not all native apps are IM programs that ask you to do phone-numbers-based KYC.
I hadn't used ICQ since the 90s and maybe early 2000s. The screenshots of ICQ New on the site certainly look quite similar to Whatsapp Web. I'm kind of surprised that there's active development in ICQ all these years even though I don't know of anyone personally who still uses it. Maybe ICQ is active in other parts of the world?
It has just been updated a lot between then and now. While ICQ died out in the west, it has consistently been the largest IM app in Russia and parts of Eastern Europe.
>I don't know of anyone personally who still uses it.
I always liked ICQ, but there was always a tad bit of friction remembering huge strings of numbers as practical IDs, and the naming schemes came way later.
11984431 or whatever doesn't roll off the tongue very well.
As do i. 32939464 probably haven't touched it in near 20 years ( guessing about 18 ). And whilst nostalgia is great, it would be great to free up memory sections of the brain like this :)
When I would reserve a book at the public library, I'd get an automated phone call when the book arrived. The phone call always began by listing off my library card number.
So I know my first library card number was 1000102772901. I had to replace the card a few times, getting new numbers, but I only ever remembered the first one.
That's funny! I tried to remember it and typed what came to mind first into gmail and I got a hit from an archived GoogleTalk session from 2006. Layers upon layers of computer archeology.
72873246. Can’t remember my other number (same length, also starting with 7) but I have saved it somewhere. It was the main messenger in Germany when I grew up.
It’s really not harder than remembering a phone number, and back then, I used it more often.
On the topic of New ICQ, it looks like all those other multi-user messengers. I wish everyone would switch to Jabber were there are clients for people who don’t have group messaging as their primary use case.
It was widely popular in Russia perhaps because '11984431' rolls off the tongue much better than explaining a string of latin characters like "s like dollar sign, not like the Russian s".
"(2010) AOL has sold ICQ to Digital Sky Technologies (DST), Russia's largest Internet company, for US$187.5 million. DST's offer was apparently more attractive than those of Russia's ProfMedia and China's Tencent. ICQ, originally released in 1996 and bought by AOL in 1998 for US$407 million, was one of the world's first major instant messaging systems. Although largely forgotten in English-speaking countries, it remains widely popular in Central Europe, Russia, and Israel. Moscow News has additional coverage of the deal."
(Legacy) ICQ has widespread adoption in the criminal underground. If you were a security service it probably had the highest signal to noise ratio of any network.
Some more context: DST was renamed to Mail.Ru Group, and is now owned by one of the russian oligarchs (Alisher Usmanov). They also control all the largest russian social networks (some like VK through hostile takeovers) and is widely reported to pipe all the data directly into russian secret services
Same here... I haven't even thought about it since the turn of the century!
I only used it a couple times. A colleague asked me to install it so we could work together on a project. If I recall right I started getting messages from people I didn't know so I deleted it shortly after installing it.
My take on it is that when MSN Messenger came out, they stored the contacts "in the cloud" (which was a new concept back then). So let's just say hypothetically that Windows 95 crapped the bed with a true blue screen of death, you'd re-install MSN Messenger and bam, your contacts were back. ICQ kept contacts local and if you lost them, you lost them.
True, but they caught up within one year and had the feature. Then they heavily bloated the client, then released a "lite" version which really brought them back on the map. Then facebook came and suddenly it was cooler to communicate non-instantly for some time. :)
Do you remember that feature that you could use to "call someone's attention"? It would make a lot of noise and the window would shake like crazy in your face.
IT was great for dating around 2000. Search by gender, age, city, open conversation and try my luck. Ended up in ~4 year long relationship from random contacts.
AOL missed an opportunity to create a cross compatible family of AIM, YIM, ICQ. Different apps with different features, or different interfaces targeted at different audiences, that can all do roughly the same thing.
The sale was actually blocked by the federal government for a period of time and AOL continued to run the back end servers for icq until just a few years ago.
> it remains widely popular in Central Europe, Russia
It used to be popular in Russia to the point of being synonymous to instant messaging, but it's since been largely forgotten. My current circles use VK and Telegram. WhatsApp is also somewhat popular apparently but not so much around me. If ICQ ever pops up in conversations these days, it's always something nostalgic (also, back then no one used the atrocious official client).
No mention of any sort of chat encryption either. As with all the Mail.Ru Group's other services (VK, Odnoklassniki) it is widely understood that the russian secret services have essentially unrestricted access to everything happening on them, so be advised
People don't seem to understand what level of access FSB has there. Like literal spying boxes with APIs pulling linked phone numbers and identities to associate with messages all directly controlled by FSB.
Even rms agrees that games do not need to be open source. It's when the program has control over your actual life when freedoms, privacy and security start to matter.
Oh my god why do people make websites with scrolling like this? It's such a weird and frustrating experience, and it seems like people are doing it more as time goes on.
Please take a moment to review this privacy policy before signing up; for example, it does not indicate any intention to comply with EU, GDPR, CCPA, etc. privacy laws or guarantees in any respect whatsoever.
It seems to be yet another messaging app to compete with Signal, iMessage, WhatsApp, Telegram, maybe there's some google product too (formerly Allo)? Unlike iMessage and Signal, no requirement for a phone number. Maybe owned by big brother? Seems to be a product of mail.ru.
Still a centralized messaging service though. I'm sticking with Signal I think.
Please, be aware that ICQ was bought by Mail.ru - russian company owned by oligarch Alisher Usmanov, who's very connected to russian crooked elite. It's the company which was used for a hostile takevoer of VK.com from it's founder after it wouldn't censor it's content. It's voluntarily provided private data about it's users to the state (far outside of what's required by law) and was involved in a number of similar breach of privacy cases.
Basically, it's company in the pocket of russian government, and you should use any of it's product if you completely disregard your privacy.
They are also required by the government to link phone numbers to accounts and log and store messages for a long time and make them directly accessible by FSB.
To add, never rely on products that require you to trust the company respects your privacy. E.g. Telegram lacks ubiquitous end-to-end encryption (E2EE) so even if the company chooses not to abuse the insane amounts of valuable data, nation state hackers are most interested in hacking these centralized troves of data. Not even opt-in E2EE is good because that leaks metadata about desire to use proper encryption. Always use apps that are E2EE by default (e.g. Signal) to ensure you're not leaking content or metadata about wanting to keep discussion hidden.
> To add, never rely on products that require you to trust the company respects your privacy.
> Always use apps that are E2EE by default (e.g. Signal)
You are contradicting yourself here. You are required to trust Signal the company to respect your privacy, to trust that it's actually doing end-to-end encryption, doing it properly and doesn't issue an update breaking it because of some secret US government order. Because Signal controls software distribution, it's pretty much just a binary blob that some guy from Signal can update any time.
A proper end-to-end encryption at minimum requires an open source implementations and distribution to avoid trusting the company to respect your privacy, since this is the primary reason for end-to-end encryption to exist. Otherwise incentives are misaligned and it will be broken by the same company it is supposed to protect from as soon as they need your messages for something.
You can read the source, you can compile it yourself, and you can use it.
You can also do a reproducible build and check that it matches the hash of the APK served by the play store.
"Open source distribution?" What is that? If you can't trust the vendor, no F-Droid is going to help there. If you need to verify the source, you need to do it yourself.
>some secret US government order
Explain how that would work on legal level when compelled speech violates the constitution.
> You can read the source, you can compile it yourself, and you can use it.
I can read some source code they provide, not necessarily what everyone has installed at any given moment. Even if I could review it and compile it and run it the other ends of end-to-end won't, so I still have to trust Signal the company to not violate the other ends.
Open source distribution means packages in various open source repositories, not controlled by software vendors.
> If you can't trust the vendor, no F-Droid is going to help there.
F-Droid model is exactly what's going to help with not having to trust the vendor. It's sort of an infrastructure to reduce trust in software vendors. Independent parties maintaining forks and packages are more likely to notice if vendor does something stupid, more likely to have people and tools to verify claims and implementations, provide a way for independent implementations.
> Explain how that would work on legal level when compelled speech violates the constitution.
It doesn't matter, they can come up with plenty of bullshit excuses claiming child porn or whatever. The important thing is you have to trust Signal the company, the US government, the legal system, etc.
>not necessarily what everyone has installed at any given moment
That applies to any distribution mechanism.
>I still have to trust Signal the company to not violate the other ends.
99% of people are going to download the app from Play store, even if F-Droid was available. You're screwed.
>It's sort of an infrastructure to reduce trust in software vendors.
Oh dear god. No. It's just more steps into distribution chain the user needs to trust.
>Independent parties maintaining forks and packages are more likely to notice if vendor does something stupid,
The same people might look at Signal's main repository for the same concern, and notice the same things. Furthermore, Signal is the entity innovating on secure messaging protocols, so I wouldn't say the chances are they're doing stupid things.
>more likely to have people and tools to verify claims and implementations
No. Nobody's looking at some John Smith's Signal fork. Besides, using such fork is an incredibly dangerous weak point, from the maintainer's improper singing key storage and signing process, to just having to trust random maintainers. Absolutely no.
>It doesn't matter, they can come up with plenty of bullshit excuses claiming child porn or whatever.
>The important thing is you have to trust Signal the company
The literal point of the ubiquitous E2EE, FOSS codebase with reproducible builds is to eliminate the need to trust them. The FUD you're spreading is incredibly damaging.
Again, that whole point of end-to-end encryption that allows it to eliminate the need to trust the vendor only works if the vendor isn't the one supplying said end-to-end encryption. Please don't make arguments that "Signal does this or that you can trust them", you do not eliminate the need to trust them this way at all. If you do have to trust them not to spy on you, it's not a proper "end-to-end" encryption, simple as that, it's effectively the same thing as a regular TLS encryption to the servers, where you have to trust them not to spy on you on the servers. And in either case that trust will be eventually violated, because there is no incentive not to, but plenty of pressure and incentives to violate it.
I don't know what's so confusing about it. You like Signal and trust them, that's fine, but I don't trust them or anything coming from the US, I really would like to eliminate such trust. Claiming that I don't have to trust them is unproductive and a lie.
>Again, that whole point of end-to-end encryption that allows it to eliminate the need to trust the vendor only works if the vendor isn't the one supplying said end-to-end encryption.
That doesn't make any sense whatsoever. Vendor supplies the E2EE, users and experts review it, and then if it changes, review changes. Third parties can trivially make edits to their forks and that's the easiest backdoor possible. How can you not see that.
>Please don't make arguments that "Signal does this or that you can trust them", you do not eliminate the need to trust them this way at all.
I already explained there are technical measures in place that allow you to verify the build you're using yourself. You're clearly not a subject matter expert here so I suggest you move on.
> If you do have to trust them not to spy on you, it's not a proper "end-to-end" encryption, simple as that
You're arguing from the wrong premise. You don't have to trust them.
>it's effectively the same thing as a regular TLS encryption to the servers, where you have to trust them not to spy on you on the servers.
if Signal was doing an active MITM attack against their own encryption, that would be eavesdropping which is a felony in the US.
>And in either case that trust will be eventually violated, because there is no incentive not to, but plenty of pressure and incentives to violate it.
And somehow random repository maintainers are immune to pressure and incentives. I get it, you're trolling.
>I don't know what's so confusing about it.
If you really stretch those brain cells of yours you might understand it one day.
>You like Signal and trust them, that's fine, but I don't trust them or anything coming from the US, I really would like to eliminate such trust.
Again, you don't have to trust Signal.
>Claiming that I don't have to trust them is unproductive and a lie.
So you ignore the concept of reproducible builds and just establish an opinion with average-joe level reasoning.
> there are technical measures in place that allow you to verify the build you're using yourself.
There are no technical measures for Signal in place that allow anyone to verify the build all ends of said end-to-end encryption are running nor any technical measures to ensure the software they are running won't be updated with compromised end-to-end encryption by the vendor in the future. The measures I talk about address both points by removing trust from the vendor and distributing it across many independent entities.
> if Signal was doing an active MITM attack against their own encryption, that would be eavesdropping which is a felony in the US.
It's not just legal anywhere in the world, it's what a lot of software already does.
Anyway, if end-to-end encryption requires the exact same level of trust as TLS, there is no point in it. It's only useful in truly open source messengers, not Signal, Whatsapp or other binary blob centralizedly controlled messengers.
>There are no technical measures for Signal in place that allow anyone to verify the build all ends of said end-to-end encryption
There is no technical measure in existence that allows that for any application. This is called a nirvana fallacy.
> nor any technical measures to ensure the software they are running won't be updated with compromised end-to-end encryption by the vendor in the future.
That applies to all software that requires automatic software updates, i.e. networked TCBs. You want something that doesn't require updating, you use stronger model like TFC.
>The measures I talk about address both points by removing trust from the vendor and distributing it across many independent entities.
And users are going to compare diffs of multiple vendors for every update to see nothing malicious was added? Give me a break.
>It's not just legal anywhere in the world, it's what a lot of software already does.
You are conveniently forgetting Durov never was the owner of Vk. Nor does his person constitute the entire "board of directors" or whatever management they had.
Maybe it's just a matter of what I'm familiar with, but this feels eerily similar to Telegram. Both the feature set and the UI are extremely similar.
I wonder how much of this is intentional, or if it's just a case of convergent evolution? The adversarial relationship between ICQ (with connections to Russian oligarchs) and Telegram (with connections to Russian dissidents) makes this feel unlikely to be coincidence.
Haha. The entire Russian tech scene is about copying western products. Pavel copied VKontakte back when Facebook was starting. When he released Telegram it was the spitting image of WhatsApp. You might be right but Telegram's not on a high horse here.
it's incredible to me that ICQ still going. Obviously it died down in worldwide/western popularity early 2000s but I do know it continued to be used in Russia and some other places. Kinda amazing and I'll always respect the original development coming out of Israel. Fond memories of those late 90s days when it was the standard.
With the random chance of any app with the right timing/reach and features to gain some traction (see whatsapp) etc, guess they figure why not put ourselves out there again hehe
I'm very nostalgic too. It was the beginnings of the Internet in France and this is the first app my brother installed on my computer, he told me "with this you can make a lot of new friends around the world" I was so glad everytime I heard this sound.
Deeper down in the comments you get a story about how this sound came to be. Who knows if it's true, but it's more fun to give the benefit of the doubt.
Scott Chapman:
> The actual origin of the Uh Oh sound: My ex wife and I used to talk in Squeaky Voice a lot and were quite good at it. I used both WS_FTP and ICQ back in the day and I made the original recording of this sound and sent it to one or both of those companies. I think I sent it to WS_FTP first where it was used to indicate an error in connecting to a remote host. I don't recall if I sent it to ICQ or if they got it from WS_FTP. Someone below said it came from Gremlins. That is not the case. Happy Trails!
DJHEADPHONENINJA replies:
> Why would you just record your voice and send out to companies? Sounds pretty weird man. I'll go with Gremlins because I just watched the movie and heard this sound effect so I had to google the true origin of the ICQ sound.
Scott returns:
> Go with gremlins if you like but the sound is not the same. Back in those days it was not about remuneration.
After installing ICQ for the first time, I distinctly remember thinking that ICQ straight up copied the sound from WS_FTP, which I had already been using for a while and where it was used as an error sound. They are definitely the exact same samples. Interesting to hear the story.
Yup. It also had random chat feature which i enjoyed quite a lot. Made my first online friends (whom i ended up meeting in real life, and are still friends with to date).
The ICQ “uh-oh!” sound is still the iMessage custom sound for my best friend’s contact, because I remember spending sleepless muddy summer nights of 1999 chatting with him on the crazy realtime chat feature.
The killer feature for me would be sending photos in original quality cross platform, but not sure if it's enough to warrant installing yet another IM app.
Seems like you'd already be aware if you're in Hong Kong, but Wechat will send images in original quality with zero extra screens and one extra click, and the images appear in the chat.
It also helpfully censors any messages that the Chinese government deems inappropriate. Perhaps not a good suggestion, especially as alternatives have already been suggested.
Yeah, reading the articles back, it seems I've misremembered. Sorry, I'll edit that part out. Also, sorry for piquing your interest and leaving you out to dry, should have re-read the articles for proof beforehand.
I can only go by personal experience but it seems that there are two WeChats; a mainland China and an international one. They can communicate with each other but the mainland version blocks content that violates Chinese laws.
My friends from the mainland (but who live in HK) were sending me plenty of photos of the protests and none of them seemed to be blocked.
What's the differentiating factor? Cursory look at it - I don't see strong E2E encryption or anything besides a bog standard messaging app. We have many - whatsapp, facebook messenger, imessage, hangouts, telegram, signal, wechat, etc.
> Convert audio messages to text,
use smart replies, stay online
even with bad internet connection
That doesn't cut it, IMO. In fact it is repulsing me (offline apps are great) but I don't want to convert audio messages to text unless that happens locally. Fuck smart replies, no thanks.
Yeah, that's weird. If you're going to announce a new instant messaging system, you will of course provide some reason why people should go through the effort to switch. The front page should be brimming with the pitch. "Unlike WhatsApp, with New ICQ, you can _____." What goes in the blank? Why haven't you told me?
Last time I heard about them (about 2-3 years ago) they were promoting fancy whistles like AI-powered masks on video, voice-changing audio filters, stuff like that.
319 comments
[ 5.5 ms ] story [ 262 ms ] threadI don't want to make a new one tied to my phone number.
Unneeded permissions are practically a cliche by now and the permissions that apps get are routinely abused. Give an app notifications and they will spam you while the app interface isn't running.
Some software doesn't even need to be native or connected. Word processors, calculator apps, many lower definition games and even image manipulation could be done with one fat webpage.html file.
I'd personally suggest setting up a virtual machine with some sort of "checkpointing" feature, where you can rewind the machine to an earlier state if you don't like what an app did to it.
Certainly I can't see a way of logging in with my icq number from back then
I get a "you cannot recover the password", maybe my account was too unused for too long
I always liked ICQ, but there was always a tad bit of friction remembering huge strings of numbers as practical IDs, and the naming schemes came way later.
11984431 or whatever doesn't roll off the tongue very well.
But Mail.ru deleted old accounts. So...
They even tell you that you can't restore in anymore.
So I know my first library card number was 1000102772901. I had to replace the card a few times, getting new numbers, but I only ever remembered the first one.
On the topic of New ICQ, it looks like all those other multi-user messengers. I wish everyone would switch to Jabber were there are clients for people who don’t have group messaging as their primary use case.
"(2010) AOL has sold ICQ to Digital Sky Technologies (DST), Russia's largest Internet company, for US$187.5 million. DST's offer was apparently more attractive than those of Russia's ProfMedia and China's Tencent. ICQ, originally released in 1996 and bought by AOL in 1998 for US$407 million, was one of the world's first major instant messaging systems. Although largely forgotten in English-speaking countries, it remains widely popular in Central Europe, Russia, and Israel. Moscow News has additional coverage of the deal."
(https://tech.slashdot.org/story/10/05/01/1516234/russian-com...)
Same here... I haven't even thought about it since the turn of the century!
I only used it a couple times. A colleague asked me to install it so we could work together on a project. If I recall right I started getting messages from people I didn't know so I deleted it shortly after installing it.
There was a great acquired episode on Tencent. https://www.acquired.fm/episodes/season-3-episode-10-tencent
They have like 200k users now, lol
Cooler for some. Infuriating for others.
Do you remember that feature that you could use to "call someone's attention"? It would make a lot of noise and the window would shake like crazy in your face.
Found it. The "nudge" feature.
https://youtu.be/9QrS2cEyNrA?t=70
Back in the day nicknames were still pretty unique.
There were no programming classes back then at my school and I found someone, half way across the world, who patiently taught me programming everyday.
Adium.im
It used to be popular in Russia to the point of being synonymous to instant messaging, but it's since been largely forgotten. My current circles use VK and Telegram. WhatsApp is also somewhat popular apparently but not so much around me. If ICQ ever pops up in conversations these days, it's always something nostalgic (also, back then no one used the atrocious official client).
But I could see not avoiding games, but very much wanting to avoid communications software.
https://twitter.com/TimSweeneyEpic/status/118194495168648806...
Last time I logged into my account a couple of years back, it still showed the last profiled update I filled in the 2000s.
Heck ... not sure I even have it anymore.
I have to scroll right to see the other ~60%+ of its content, and there’s no way to zoom out to fit it all in, even at a smaller scale.
"Why test the website on phones? Who uses messaging apps on their phone anyway?"
Please take a moment to review this privacy policy before signing up; for example, it does not indicate any intention to comply with EU, GDPR, CCPA, etc. privacy laws or guarantees in any respect whatsoever.
Still a centralized messaging service though. I'm sticking with Signal I think.
Basically, it's company in the pocket of russian government, and you should use any of it's product if you completely disregard your privacy.
> Always use apps that are E2EE by default (e.g. Signal)
You are contradicting yourself here. You are required to trust Signal the company to respect your privacy, to trust that it's actually doing end-to-end encryption, doing it properly and doesn't issue an update breaking it because of some secret US government order. Because Signal controls software distribution, it's pretty much just a binary blob that some guy from Signal can update any time.
A proper end-to-end encryption at minimum requires an open source implementations and distribution to avoid trusting the company to respect your privacy, since this is the primary reason for end-to-end encryption to exist. Otherwise incentives are misaligned and it will be broken by the same company it is supposed to protect from as soon as they need your messages for something.
You can read the source, you can compile it yourself, and you can use it.
You can also do a reproducible build and check that it matches the hash of the APK served by the play store.
"Open source distribution?" What is that? If you can't trust the vendor, no F-Droid is going to help there. If you need to verify the source, you need to do it yourself.
>some secret US government order
Explain how that would work on legal level when compelled speech violates the constitution.
Your reasoning isn't exactly solid.
I can read some source code they provide, not necessarily what everyone has installed at any given moment. Even if I could review it and compile it and run it the other ends of end-to-end won't, so I still have to trust Signal the company to not violate the other ends.
Open source distribution means packages in various open source repositories, not controlled by software vendors.
> If you can't trust the vendor, no F-Droid is going to help there.
F-Droid model is exactly what's going to help with not having to trust the vendor. It's sort of an infrastructure to reduce trust in software vendors. Independent parties maintaining forks and packages are more likely to notice if vendor does something stupid, more likely to have people and tools to verify claims and implementations, provide a way for independent implementations.
> Explain how that would work on legal level when compelled speech violates the constitution.
It doesn't matter, they can come up with plenty of bullshit excuses claiming child porn or whatever. The important thing is you have to trust Signal the company, the US government, the legal system, etc.
That applies to any distribution mechanism.
>I still have to trust Signal the company to not violate the other ends.
99% of people are going to download the app from Play store, even if F-Droid was available. You're screwed.
>It's sort of an infrastructure to reduce trust in software vendors.
Oh dear god. No. It's just more steps into distribution chain the user needs to trust.
>Independent parties maintaining forks and packages are more likely to notice if vendor does something stupid,
The same people might look at Signal's main repository for the same concern, and notice the same things. Furthermore, Signal is the entity innovating on secure messaging protocols, so I wouldn't say the chances are they're doing stupid things.
>more likely to have people and tools to verify claims and implementations
No. Nobody's looking at some John Smith's Signal fork. Besides, using such fork is an incredibly dangerous weak point, from the maintainer's improper singing key storage and signing process, to just having to trust random maintainers. Absolutely no.
>It doesn't matter, they can come up with plenty of bullshit excuses claiming child porn or whatever.
So I take it you're not just clueless, you're also not following the news https://signal.org/blog/earn-it/
>The important thing is you have to trust Signal the company
The literal point of the ubiquitous E2EE, FOSS codebase with reproducible builds is to eliminate the need to trust them. The FUD you're spreading is incredibly damaging.
I don't know what's so confusing about it. You like Signal and trust them, that's fine, but I don't trust them or anything coming from the US, I really would like to eliminate such trust. Claiming that I don't have to trust them is unproductive and a lie.
That doesn't make any sense whatsoever. Vendor supplies the E2EE, users and experts review it, and then if it changes, review changes. Third parties can trivially make edits to their forks and that's the easiest backdoor possible. How can you not see that.
>Please don't make arguments that "Signal does this or that you can trust them", you do not eliminate the need to trust them this way at all.
I already explained there are technical measures in place that allow you to verify the build you're using yourself. You're clearly not a subject matter expert here so I suggest you move on.
> If you do have to trust them not to spy on you, it's not a proper "end-to-end" encryption, simple as that
You're arguing from the wrong premise. You don't have to trust them.
>it's effectively the same thing as a regular TLS encryption to the servers, where you have to trust them not to spy on you on the servers.
if Signal was doing an active MITM attack against their own encryption, that would be eavesdropping which is a felony in the US.
>And in either case that trust will be eventually violated, because there is no incentive not to, but plenty of pressure and incentives to violate it.
And somehow random repository maintainers are immune to pressure and incentives. I get it, you're trolling.
>I don't know what's so confusing about it.
If you really stretch those brain cells of yours you might understand it one day.
>You like Signal and trust them, that's fine, but I don't trust them or anything coming from the US, I really would like to eliminate such trust.
Again, you don't have to trust Signal.
>Claiming that I don't have to trust them is unproductive and a lie.
So you ignore the concept of reproducible builds and just establish an opinion with average-joe level reasoning.
I won't waste my time further.
There are no technical measures for Signal in place that allow anyone to verify the build all ends of said end-to-end encryption are running nor any technical measures to ensure the software they are running won't be updated with compromised end-to-end encryption by the vendor in the future. The measures I talk about address both points by removing trust from the vendor and distributing it across many independent entities.
> if Signal was doing an active MITM attack against their own encryption, that would be eavesdropping which is a felony in the US.
It's not just legal anywhere in the world, it's what a lot of software already does.
Anyway, if end-to-end encryption requires the exact same level of trust as TLS, there is no point in it. It's only useful in truly open source messengers, not Signal, Whatsapp or other binary blob centralizedly controlled messengers.
There is no technical measure in existence that allows that for any application. This is called a nirvana fallacy.
> nor any technical measures to ensure the software they are running won't be updated with compromised end-to-end encryption by the vendor in the future.
That applies to all software that requires automatic software updates, i.e. networked TCBs. You want something that doesn't require updating, you use stronger model like TFC.
>The measures I talk about address both points by removing trust from the vendor and distributing it across many independent entities.
And users are going to compare diffs of multiple vendors for every update to see nothing malicious was added? Give me a break.
>It's not just legal anywhere in the world, it's what a lot of software already does.
Extraordinary claims require extraordinary proofs.
>Anyway, if end-to-end encryption requires the exact same level of trust as TLS, there is no point in it.
And this is the general whataboutism propaganda I run into all the time. "There is no perfect E2EE model, therefore using it doesn't matter".
Forward secrecy and risk of legal trouble are two perfectly valid reasons to use just opportunistic E2EE, even if you don't authenticate the keys.
May the rest of the community credit your "ideas" with the silence they deserve.
"hostile takeover" = bought with money
"hostile takeover n. An acquisition of a firm despite resistance by the target firm's management and board of directors"
it's an appropriate label considering the founder was openly against it and had to leave the country
I wonder how much of this is intentional, or if it's just a case of convergent evolution? The adversarial relationship between ICQ (with connections to Russian oligarchs) and Telegram (with connections to Russian dissidents) makes this feel unlikely to be coincidence.
With the random chance of any app with the right timing/reach and features to gain some traction (see whatsapp) etc, guess they figure why not put ourselves out there again hehe
Scott Chapman:
> The actual origin of the Uh Oh sound: My ex wife and I used to talk in Squeaky Voice a lot and were quite good at it. I used both WS_FTP and ICQ back in the day and I made the original recording of this sound and sent it to one or both of those companies. I think I sent it to WS_FTP first where it was used to indicate an error in connecting to a remote host. I don't recall if I sent it to ICQ or if they got it from WS_FTP. Someone below said it came from Gremlins. That is not the case. Happy Trails!
DJHEADPHONENINJA replies:
> Why would you just record your voice and send out to companies? Sounds pretty weird man. I'll go with Gremlins because I just watched the movie and heard this sound effect so I had to google the true origin of the ICQ sound.
Scott returns:
> Go with gremlins if you like but the sound is not the same. Back in those days it was not about remuneration.
To this day, this 'uh-oh!' sound makes me tingle all over.
[1]: https://qz.com/960948/what-happens-when-you-try-to-send-poli...
[2]: https://www.theverge.com/2020/3/3/21163844/wechat-yy-censori...
edited to remove an erroneous claim
Not to say it's something they wouldn't do, but that was by far the most interesting part of your comment.
My friends from the mainland (but who live in HK) were sending me plenty of photos of the protests and none of them seemed to be blocked.
> Convert audio messages to text, use smart replies, stay online even with bad internet connection
That doesn't cut it, IMO. In fact it is repulsing me (offline apps are great) but I don't want to convert audio messages to text unless that happens locally. Fuck smart replies, no thanks.
tl;dr - they don't encrypt anything, are owned by a russian company, and take no responsibility for the leaking of your data.