I didn’t know my city was cool enough to put signal flyers.

    • my_hat_stinks
      link
      fedilink
      arrow-up
      97
      arrow-down
      7
      ·
      6 months ago

      QR codes essentially just encode text, as long as you’re using a sensible QR code reader and check any URLs before opening them there’s minimal risk to scanning a QR code.

        • hash@lemmy.world
          link
          fedilink
          arrow-up
          34
          arrow-down
          4
          ·
          6 months ago

          Respectfully I think this is a minimal attack vector in this case due to the limited character set of urls. But thanks for the callout, I didn’t know there was a name for this sort of attack.

          • Lichtblitz@discuss.tchncs.de
            link
            fedilink
            arrow-up
            22
            ·
            edit-2
            6 months ago

            Modern browsers happily show you the actual characters, while sending their encoded entities to the server. So, from a user perspective there is no ASCII limitation. Case in point: söhne.at (just some random website, I have no idea what they are or if they are legitimate)

            • gila@lemm.ee
              link
              fedilink
              English
              arrow-up
              6
              ·
              6 months ago

              They’d still resolve via DNS to an address in ASCII though, right? Wouldn’t that only be an issue if ICANN didn’t have a monopoly on DNS registration? i.e what we already depend on for a semblance of convenience without totally compromising opsec

          • 4stringscooter@lemmy.ml
            link
            fedilink
            arrow-up
            14
            ·
            6 months ago

            Or maybe a fraudulent signal app.

            I mean, generally speaking, just don’t click on random links. This is a random link. Qr codes are valuable but we’re conditioning society to just be cool with clicking on random shit without putting much thought into it.

        • Captain Aggravated@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          6
          ·
          edit-2
          6 months ago

          Oh is that like bankofarnerica.com or whatever, hoping the r and n look enough like an m for at least some people to click?

          edit: under absolutely no circumstances click on the above link. Your bank will be robbed and your foreskin soldered shut. To very don’t.

    • jqubed@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      6 months ago

      I may have in the past put lyrics from “Never Gonna You Up” or links to the music video on YouTube in QR codes I printed on blank business cards and left them in public places around town.

  • toastal@lemmy.ml
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    17
    ·
    6 months ago

    Okay, but who’s is doing guerrilla advertising for a centralized service that requires a SIM card & an Android/iOS primary device or no account for thee. …At least in the past I convinced grandma this is the new SMS app you can use as I knew she would treat it as such, but now I wish I hadn’t since even that useful feature was lost. I want to drop Android entirely, but I need access to my contacts locked in the Signal system–which centralized system lock-in is one of the things we privacy-concerned folks want to avoid.

    • qaz@lemmy.world
      link
      fedilink
      arrow-up
      37
      arrow-down
      1
      ·
      edit-2
      6 months ago

      Signal isn’t perfect but it’s still one of the best options.

      • toastal@lemmy.ml
        link
        fedilink
        English
        arrow-up
        17
        arrow-down
        3
        ·
        6 months ago

        It’s the bare minimum for passable due to E2EE, not being owned by a corporation, & mostly open source–not “best”. We have better.

          • toastal@lemmy.ml
            link
            fedilink
            arrow-up
            15
            arrow-down
            3
            ·
            edit-2
            6 months ago

            XMPP is an extensible protocol that has over a decade of battle testing from the casual chat to massive industrial communications applications (Zoom, Jitsi, almost certainly any online game you’ve played). It has E2EE in modern clients. It’s decentralized by nature & relatively easy to self-host. Both servers & clients use very few resources like bandwidth, storage, processing, memory (consider conditions of the time of invention). It doesn’t take minutes to join & sync chatrooms (MUCs). Gateways allow folks to talk across non-XMPP platforms. Governance is distributed in the open & not tied to a single entity. There are even projects like Snikket that can be rolled out for a family that is close to turn-key for set up. Along with something like Movim can create a self-hosted social network built atop an XMPP server for posts to share stories & media for a longer-term storage.

            If E2EE encryption isn’t seen as a must relying on TLS + self-hosting: lighter, simpler IRC (good feature set with v3) which has been around since the ’80s can be a good choice. Zulip which is a forum/chat platform that has the most usable UX for trying to actually hybridize both (it’s not amazing UX, but better than the rest); this can work for a great for certain communities that desire this behavior.

            Distributed (not to be confused with decentralized) encrypted chat there is Briar with a mesh network not even requiring internet, but has limited platform support & last I used years ago had massive battery drain issues.


            If you must, there is Matrix which decentralized & offers E2EE but is relatively expensive to run from the clients, to servers, to the design generally being that it replicates the room messages & attachments & state across all servers for all users. While that duplicated data is great for resilience, can be expensive to store & is what takes minutes to join any room. I think it was a design decision ‘miss’ to try copy Slack/Discord/Telegram-but-FOSS as doing too much & none of it that well–where I think chat is better to be a bit simpler + expected to be ephemeral & a different service like a forum for important, permanent discussions & FAQs. Mastodon suffers similar issues with replication that makes some have to shutdown their self-host due to cost–which has led to Matrix in practice centralizing around Matrix[dot]org (who has a history of Israeli intelligence funding) & the servers they provide to others funneling all the metadata thru their org since they offer free accounts, are big enough to scale, & have most of the users. Folks act like Matrix is great just for being newer, but the aforementioned already cover its uses while being more mature.

      • anti-idpol action
        link
        fedilink
        arrow-up
        3
        arrow-down
        2
        ·
        6 months ago

        one of the best

        (link in alt text) https://github.com/signalapp/Signal-iOS/issues/641

        And then for no good reason a “FOSS” app’s binary grows by a couple MB…

        • bamboo@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          9
          ·
          6 months ago

          This argument implies there’s an easy way for you to perform the reproducible builds on iOS, but it’s quite involved and requires a jailbroken iPhone. Overall this is more a limitation of apple and not signal.

          Even if you were able to perform a reproducible build of Signal on a jailbroken iPhone, there’s no way to confirm that the stock iOS Signal app will match, or has a backdoor that got added in a supply chain attack that only is delivered to non jailbroken phones. You could use a jailbroken iOS device, but then it could be lagging behind updates and be even more vulnerable from zero days.

          The real pressure here should be on Apple to provide a way to verify a build of an open source app matches what is being installed via the app store, but for some reason this is being framed as a Signal issue, which is disingenuous.

          • hash0772@sh.itjust.works
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            edit-2
            6 months ago

            Don’t hate them because they are a communist, hate them because they are a tankie.
            Also, even if he is a tankie, this has nothing to do with it.

            • Possibly linux@lemmy.zip
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              3
              ·
              6 months ago

              In this case it does. He is prejudice against the US and anything but Russia maybe China. He has repeated cited cold war rhetoric such as East vs West.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      What should people use? Many of the apps have gottas or are complex to use. Signal has the benefit of being easy. It can even be Foss if you use Molly