Post
#Signal’s reliance on #AWS can and should be fixed. I am sure they will do so. I am not willing to throw away world-class, diverse, international expertise in the field of #cryptography and #privacy over a 3-hour outage.
I think it is rather dangerous and counterproductive of folks to be advocating for self-hosting Delta, Matrix, or other platforms when we know, demonstrably so, that it’s incredibly easy to accidentally misconfigure software, the OS they are hosted on, or firewall rules etc.
I consider myself a very technically competent individual, and I would not trust myself to have the time and bandwidth to keep my entire stack up to date, with high-reliability, hosted on my own infrastructure to the degree #Signal can do.
I certainly trust Signal’s ability to audit their code, cryptographic implementations, respond to sudden changes in those landscapes, new threats beyond what I could ever do on my own. To assume I could do better than Signal’s team at these tasks is insane.
Also, I am sad to read replies to threads where folks are implying that Signal being a US-based organization means it cannot be trusted, though I understand why folks think that these days.
To think that #Signal’s staff cannot be trusted after everything Signal and Meredith have done, all the public statements, demonstrably putting people and privacy above all else, even willing to pull out of the EU if they passed their anti-privacy and messaging backdoor policies, is extremely absurd.
Finally, sowing this kind of distrust of organizations and services like #Signal to less sophisticated users is extremely irresponsible.
At a time where trust in organizations and institutions is at an all-time low, it’s dangerous to imply an organization like Signal that does not waver in its mission, values, and principles cannot be trusted.
I trust Signal.
I will continue to use Signal.
A space for Bonfire maintainers and contributors to communicate
