This post is very oblique in a way that makes me suspicious.
1. Is Keybase still a for-profit corporation?
2. No actual technology is announced here. Is the purpose of this post to announce funding? If so, how much funding is it and what are the conditions under which it is provided?
3. How is Stellar compatible with privacy? Keybase mentions MobileCoin in this blog post, but they are only using Stellar's consensus protocol, not the full Stellar protocol. I think that is because Stellar isn't private. What is Keybase doing to solve that if they are using the Stellar network?
The title for this post should be changed to "a piece of the wire messenger server code open sourced." Most of the source is not open source, you can't run your own.
Also, holy shit they're storing a lot of information about their users:
* All of your contacts.
* Unencrypted profile information for everyone.
* Every active conversation you have.
* Every archived conversation you have.
* The frequency that you communicate with your contacts ('top contacts').
* Every group that you're in.
* The unencrypted titles and avatars of everyone's groups.
Wonder what will be in the rest of the database schema if they open source it.
So I checked if this matches their privacy whitepaper [0] that claims to list what they store. It almost does, with one notable exception and one minor one.
* All of your contacts.
Wire contacts, they only store non-wire contacts in a hashed form, and there's an opt out for non-wire contacts.
* Unencrypted profile
(Isn't this just profile picture (which is shown to people you haven't connected with), and name anyways?) They do say so in the privacy policy.
* Every active conversation you have.
Specifically they claim to store:
Who/when it was created, who is involved (which seems critical to be able to route messages), and conversation name
* Every archived conversation you have.
I assume they store the same as for non-archived conversations, seems necessary to be able to add new devices.
* The frequency that you communicate with your contacts ('top contacts').
Ya... that's not listed as far as I can tell. Arguably "aggregated usage statistics"... but it's not really aggregated.
* Every group that you're in.
This is the same as conversations... they clearly need to know this to route messages.
* The unencrypted titles and avatars of everyone's groups.
Titles is listed. Avatars of groups isn't... seems like a minor oversight though given that they're like a profile picture, and profile pictures are publicly available.
> So I checked if this matches their privacy whitepaper [0] that claims to list what they store. It almost does, with one notable exception and one minor one.
Maybe it's good that they've documented this somewhere, but I don't think most Wire users read white papers. I'm a dev and I was surprised. Their outward facing marketing didn't lead me to think they track all my contacts and the state of every conversation I am having. It very clearly suggests the total opposite.
They need to do much better than this if they want people to think they take security/privacy seriously.
>> * Every group that you're in.
> This is the same as conversations... they clearly need to know this to route messages.
Why? That's not true for Signal from what I can tell.
> Maybe it's good that they've documented this somewhere, but I don't think most Wire users read white papers.
In the sense of "most users don't read privacy policies", sure.
It's pretty clearly linked in their privacy policy as "this is where you should go for information", I know I'm not the only wire user who read it before installing it.
> Why? That's not true for Signal from what I can tell.
Ya... I think I overstated it. It's the easiest way to route messages but it's not the only way.
Sounds like the amount of information a typical web forum stores about its users private messages.
I am not saying if this is good or bad in general, but just... I could live with it in 2005 when Vbulletin was all the rage, and I can live with it now.
Also, other chat clients like Skype, Paltalk, Yahoo Messenger, Facebook Messenger also store this information---its kind of a requirement to do any kind of search over previous messages, and allow people to find their contacts or talk to random unacquainted individuals.
Maybe this is a big negative for Wire if their PR basically touts "security" and "encryption", when the reality is they want to be secure against middlemen only.
I don't know much about security so I really have no constructive criticism, obviously, one can easily make lots of investigative inferences from the information Wire collects and that is troubling enough.
If I understand correctly signal stores only metadata. My question whats the format of the metadata what kind of information does it retain. Is it anywhere close to what Wire is storing?
Signal service doesn't store message routing meta data nor what groups you are in.
In response to a subpoena for specific user's data:
"the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user's connectivity to the Signal service."
You can only configure a single SSL listener per load balancer, and that listener can only use a single certificate. That means you do indeed still need to use either wildcard certs or certs with multiple hostnames. Luckily you can very easily create those through the AWS certificate manager for free.
Think ALB already supported only SNI. Cloudfront has an offering that supports the older standard, but that's really expensive because of the need for all the static IPs.
Think the load balancers never had the possibility of static IPs, so SNI from the start.
But yeah, like another comment said, with the built in ACM managing certs is a non issue. It's like having an AWS specific Lets Encrypt for any service you want.
Safeway has changed a lot over the past five years. I used to be a kind of reluctant Whole Foods shopper, but have just recently been surprised by how comparable Safeway has become at a much more affordable price point.
I think there are probably a lot of people like you and me who were never part of the whole foods cult but still appreciated the product, and are realizing that now we can get the same stuff for less elsewhere.
http://www.defmacro.org/2017/01/18/why-rethinkdb-failed.html
He does a great job describing how the "worse is better" essay plays out in the modern world, and how it played out for them in the OSS DB market.