Sign in with Twitter

Username:

Moxie Marlinspike @moxie California, USA

146 Following   61,836 Followers   5,478 Tweets

Joined Twitter 9/24/09


@MartuhaLo I agreeWatching the intense videos of brave people taking to the the streets in Belarus, it's also chilling to notice that… https://t.co/I4aVJk1xMu
8/12
2020
@c4i @csf_333 @notdan Is there something you don’t like about that? You’re sending a message to yourself, and the m… https://t.co/RS4JZfmsIo
8/2
2020
@csf_333 @c4i @notdan Wait sorry I don’t get it, what is it you don’t like here?
8/1
2020
@monsterlemon @withzombies @computerality More here: https://t.co/HCHx0uPK5B
7/24
2020
@paul66766 Looks like SMS spam, not going through signal. If you tap the avatar icon for the sender in that chat, y… https://t.co/fv54RaH0tl
7/23
2020
In the US right now, people are not wearing masks while committing crimes. That's the situation we're in.
7/17
2020
https://t.co/GYQc7ndPqp https://t.co/eToEMScDwQ
7/16
2020
@mrkit2u The prompt is designed to be unobtrusive and easily dismissable, but do you have feedback on better ways to solve the same problem? @mrkit2u People will unknowingly disable notifications (or reflexively on install), and are then very frustrated wh… https://t.co/Zeg7tysA3A @aesdeluca @rainhardF @the_mullinator The purpose of this work is to enable non-phone number based identifiers. In… https://t.co/Pwr7q17xKO @ScPowell7 @eschipul We can say "it's your fault, you should understand the complexities of how all this works," bu… https://t.co/glOFEkLbW7 @ScPowell7 @eschipul To give you an example: if we have a 60 second outage, roughly 10-30k people reinstall in 60 s… https://t.co/QfyIYWFmHO
7/14
2020
@VTeagueAus But with all the reflexive SVR critique here, it will probably be harder to get other organizations to… https://t.co/zmhvV7IlmM @VTeagueAus If you check out the plans for future work we outline in the SVR post, MPC is a part of that. First we… https://t.co/1Ms8rHCSAN @VTeagueAus Problem with MPC is that there would have to be several other organizations that have the same resource… https://t.co/cKETDFSN7Y @Gustav_Fring @maettig Honestly I just don't think Signal is what you want. There are a bunch of ways in which Sign… https://t.co/6NcyQIHwhD @Gustav_Fring @maettig Just toggle the address book permission on Android or iOS. Or when you first install and it… https://t.co/Ia8yUKZV3x @Gustav_Fring @maettig There is no "partial access" API supported by Android or iOS that I know of. You can use Sig… https://t.co/rYo3wbwD1o @Gustav_Fring @maettig Will be interested to hear if you find something that works well for you which does not invo… https://t.co/Dzn3K8nBS3 @Gustav_Fring @maettig You can also use Signal without giving it access to your address book, in which case it won'… https://t.co/4ejVO4Zhx8 @Gustav_Fring @maettig If you grant Signal access to your address book, it will use those contacts for private cont… https://t.co/rnKo2qW2np @Gustav_Fring @maettig You seem to consider encryption of no value, in which case I can appreciate your position. W… https://t.co/HqDdTqTTEz @Gustav_Fring @maettig If you don't want Signal servers to have access to your ciphertext, even when encrypted usin… https://t.co/aTkFkP6Atr @Gustav_Fring @maettig I think the reason it's confusing for me is that you apparently consider encrypted data to b… https://t.co/mtEVetXEYW @VTeagueAus Do you have suggestions for a better way to implement SVR without replication? @Gustav_Fring @maettig Signal servers process and store encrypted data for a lot of different functionality. Device… https://t.co/ViOzgWiFK4 @Gustav_Fring @maettig I don't understand what you mean. If you disable PINs, SVR won't be used for anything. If y… https://t.co/cNBQCt7fK7 @Gustav_Fring @maettig What is the question? Last thing I heard was that I "don't understand encryption," which I d… https://t.co/8febKOt0QY @geofurb If you disable PINs, you're disabling SVR. It won't be used for anything. @bajabanjo You can turn off reminders in settings if you don't want them. @MaxFactsB I think all the attention SGX is getting is great. Unlike other TEEs, a lot of people are looking at it… https://t.co/DmsLPScJH4 @AussieSamizdat Not sure I understand what you're asking. Signal doesn't have access to user data in either case. E… https://t.co/mMh5mMyn1P @eschipul That's the problem we're trying to solve, in addition to improving security for the majority of people wh… https://t.co/v9ywyVA0Nn @eschipul This work is to enable non-phone # identifiers. Right now if you reinstall Signal for any reason, your me… https://t.co/cljpSvcGCr @XwCypher Nah, there are no analytics or trackers in Signal of any kind. And since it's OSS, you don't have to rely… https://t.co/NPatAP4ONS
7/13
2020
@kuschku This past winter, a stranger on a flight asked for help enabling "airplane mode" on their phone. When they… https://t.co/vwSNzzSw98 @maettig @nonformality Signal can provide encryption, but if what you want is "no servers" or servers that don't ev… https://t.co/YU2bWOnzFx @maettig @nonformality Encrypted data is stored and transmitted through Signal servers, even without SVR, as I ment… https://t.co/mJNSftQLaA @maettig @nonformality If you don't like SVR you can disable PINs in settings, but it sounds like you want somethin… https://t.co/HxZaYCK0Qa @maettig @nonformality I see, unfortunately Signal needs to encrypt and transmit data in order to function. Your en… https://t.co/DO7vAxSVOK @maettig @nonformality Can you help me understand what it is that you're concerned about, and maybe I can answer yo… https://t.co/6T0MRsvtQu @maettig @nonformality If not then it'll use a local key on device for the sync process instead. @maettig @nonformality The attributes of contacts you communicate with on Signal are encrypted & synchronized acros… https://t.co/mOTb75SN3H @Gustav_Fring Key management for which keys? Maybe I can point you in the right direction. All the protocol specs… https://t.co/A5iQl39gLe @maettig @nonformality I'm not sure I understand. Private contact discovery has always been a part of Signal (eg.… https://t.co/vqcxfDHROn @Gustav_Fring You don't have to trust me - everything is documented online, and the software itself is also open so… https://t.co/xV0grZDUO3 @SteBjoerne Can you help me understand exactly what your concern is or what you're trying to solve for? Private con… https://t.co/4cnxlNwz0J @Gustav_Fring I'm not sure what you mean. A 501(c)(3) has no equity, there is nothing to invest in. If you or anyon… https://t.co/FysfB5B3yp @Gustav_Fring It's encrypted data, as with your messages, profile, groups, etc. But if you don't want it you can disable it. @SteBjoerne Not very well unfortunately! Tons of problems with multi-device consistency. @maettig @nonformality Signal is a free app developed as a 501(c)(3) non-profit, so we don't have customers. Our mo… https://t.co/YYCdwAsRYk @Gustav_Fring As of yesterday's betas you can disable a PIN if you don't want to have one. Give it a shot and let u… https://t.co/UgvA6YgdEi @Gustav_Fring Signal is a 501(c)(3) non-profit, so we have no investors. Our only responsibility is to build someth… https://t.co/fPzWiiiDF8 @tavianator To link a new device you scan a QR, which includes the public portion of an ephemeral key pair. This is… https://t.co/FDkN3KVaSZ @SteBjoerne The same data still needs to be sync'd across your devices, but if you remove a PIN it does that with a… https://t.co/mlq9fFk9hm @dncosta @signalapp We try to be as communicative as possible about technology we build for Signal. You can read mo… https://t.co/EwKM7CIArz @kapsi_r Not messages, we're using SVR for synchronizing encrypted Signal contacts, block lists, settings between d… https://t.co/8X1b385hbh @Natanael_L @mlarkin2012 We mention that direction in the SVR post, but hard to find N other parties willing to spe… https://t.co/XmDVcmnoa2 @mcflyhh Do you have other suggestions for how we should support non phone number based addressing, or are you sayi… https://t.co/UzLXQGHN9O @kuschku Hmm, honestly I feel the opposite. It would be the easiest thing in the world to make everything an option… https://t.co/MViBgxft0O @miketanderson You mean by trying to enable non-phone number based addressing? I think a lot of people just want to… https://t.co/Hn1Gp5Sz2r @Megagator Seems like there could be something there! But the low hanging fruit (from what I've seen) does not seem… https://t.co/e8Ehayghrb @tavianator The same data still needs to be sync'd across your devices, but if you remove a PIN it does that with a… https://t.co/zxOlefkaAO @SteBjoerne If you don't want a PIN, though, you can remove it as of yesterday's betas. Please give it a shot if you want to help test. @SteBjoerne Technology has developed such that mobile devices need servers in order to function. Many actions withi… https://t.co/iedTtd8DS5 @Daniel_J_Stern You can disable PINs as of yesterday's betas. Give it a shot and help test it out if you can. @seanodiggity I still feel like we might be talking about different things. This work has nothing to do with message history. @RaphMim @tenacioustek Signal team members create a thread in the forum for every beta release, including changes /… https://t.co/DzK9kBL1mT @supersat Looked at it a little, but it seems like it would take a lot of work to productionize still, and that the… https://t.co/XqfGXnU2aX @seanodiggity Sure, maybe we can live with losing your message history, although plenty of people don't like that e… https://t.co/oAjDfn7rBI @seanodiggity If we're going to implement a feature, we have to anticipate what happens when people use it. The con… https://t.co/kkqGx3HYQ8 @mlarkin2012 @Magic_CAD Only one has affected our use of SGX. Another way to look at it is that all tech has bugs,… https://t.co/fc4ntZeMD7 @mlarkin2012 We've tried to document things in a digestable format along the way: https://t.co/QDqur5MybW Lots of… https://t.co/vwQMPNOKom @chr1xzy @axi0mX It does spaced repetition. The more often you correctly enter, the less often it asks. You can als… https://t.co/HDE2vijluM @seanodiggity You think every time someone reinstalls Signal, they should lose all of their contacts? The reinstall… https://t.co/PuAxqb8z6Y @seanodiggity Hmm I think we might be talking about different things. We can make the transition so that people can… https://t.co/1unwiTO1f7 @okdistribute You can read more about how SVR works here: https://t.co/QDqur5MybW https://t.co/8bGYYh1n2G @mlarkin2012 SGX is only used for rate limiting in SVR. What are your suggestions for an alternate approach? @buffermet @andywingo @taviso I'm not sure I understand. What I heard from you is that you want this to be optional… https://t.co/IlU1NNS6jw @seanodiggity Your recommendation is that we continue to require phone number based addressing? @buffermet @andywingo @taviso First comment from me in this thread is that we're making encrypted storage of your s… https://t.co/mk2hnBTqd7
7/10
2020
@jasongreen We've tried to detail the project as much as we can online, but it's difficult to convey complex concep… https://t.co/CeM0j18RPq @EdgarArout For sure, and we've done a bunch of iterations around that: timing on spaced repetition, making the rem… https://t.co/hOvPfORdtT @haroldsmith3rd Technology has developed such that mobile clients need servers in order to function. We can't chang… https://t.co/nwFjDs1Q1L @iximeow It's often difficult to convey complex concepts in the five words of copy you can put into an app. We try… https://t.co/lUeBq0GHLk @seanodiggity SVR uses SGX for a rate limiter. It's additive: if you don't trust the rate limiter, you can set a BI… https://t.co/KBdIfuMtXm @danielgross Have you started making VPN investments yet? 😂...into a common basis for discussion. I almost wish there were some way that we could open up Signal user support… https://t.co/JvB2ZlUfC73) It is sometimes difficult for me to have design discussions with people who work in infosec, in part because of… https://t.co/jFyicRTyWQWe can do that, and folks can take comfort that there are no analytics/trackers in Signal, but it can periodically… https://t.co/W2A754n9plWhen we got to the end of the rollout and it became a blocking flow, that's when we realized some people have been… https://t.co/gBUuNA6ZfJ...if there's copy we can A/B to make things less confusing, or how often people are looking at it, or what people'… https://t.co/zeAR8KlDTbThe whole project was a long rollout. To get everyone a PIN, we had a non-blocking "create PIN" flow that everyone… https://t.co/Tr2HwV8OK8In addition to being the basis for non-phone # based addressing, the other big benefit for most users is that rathe… https://t.co/UR7rrrwTqEOur goal with PINs is to enable non-phone # based addressing. Since that will mean your Signal contacts can't live… https://t.co/hRbXu8KKqq2) Building apps without analytics can be a challenge, and if we want developers to do that, we need to figure out… https://t.co/wXrqH9YmDTThe latter is obviously important, but it seems to me that we need to think about ways to contextualize those discu… https://t.co/YRDPpr0X8OThis is similar to a larger pattern I've seen where projects that make no attempt to provide privacy will never hav… https://t.co/WU8GKdrtDvIts interesting that some folks who see discussion around PINs conclude "switch to app X!" where X invisibly stores… https://t.co/B313dtwHWP
7/9
2020

0