The thing is, Infinity War felt like a complete film. They could have just stopped there since the ending was satisfying enough on its own.
In contrast, Spiderverse's "ending" was just an abrupt roll-credits in the middle of the movie. It doesn't feel anywhere close to a complete film on its own. It's more like if someone was talking and
Yeah, it felt like half of a movie. Just kinda ends abruptly. Which is a shame, because the rest of the movie was quite good but the ending takes it down a few notches. Should be remedied once the sequel/part 2 comes out, but for now that non-ending is a blight on an otherwise great film.
Not to be an ultra-hardened messafing platform to avoid state-level targeted attacks
I think Signal likely could be used to avoid state-level hacks and to be ultra-anonymous, but in that case you'd want to take extra precautions like using a burner and, to your point about metadata, there are other ways to identify who you are than your phone number, especially if you're an organization comprised of many people. Realistically, anyone that has a real need to protect themselves against state-level threats either has the resources available to do so properly with their own tech, or is so hopelessly outmatched that it doesn't matter regardless.
Imo encryption is more about being a roadblock than an impenetrable shield. Even for organizations with infinite money and technological expertise, there are easier ways to identify you and get your data than breaking even moderately good security implementations. News stories of feds getting access to Signal convos are all about getting access to a phone and simply reading the messages, not breaking encryption or setting up honeypots on Signal servers.
It's a design decision, not a security flaw.
The beauty of E2EE is that you don't need to trust the servers at all, once you verify that you're actually connected to the person you intend to be. Doesn't matter if the server is trying to con you, keys are generated locally and everything is signed and encrypted locally before being sent off-device. As long as you can verify that the app you're running matches the published source code, and that the source code isn't duping you, you should be good to go. I haven't reviewed the Signal protocol in a few years, but I don't believe there are any servers that require trust, like say SSL has.
As for hostility towards 3rd party apps, it's pretty common for orgs to want everyone to only use first-party software when interacting with their service. It's nearly ubiquitous today. I think probably all of us on Lemmy prefer platforms that allow for 3rd party apps, but there are legitimate reasons not to and I wouldn't say it's a security flaw.
I'm glad they finally added usernames and stuff but I don't think we should necessarily trust it either... I would not use it for serious organizing
I think this ties back to the encryption vs wrench scenario. If you're organizing a protest, you're screwed no matter what you use because the cops just need to join the group themselves or take someone's phone. Self-destructing messages can prevent this, and hostility towards 3rd party apps help in that case since you can be more certain that nobody is using some shoddy implementation that ignores self-destruction or improperly deletes things.
If you're organizing a military operation, you shouldn't be using civilian messaging apps full stop.
If you're somewhere in between like a cartel or terrorist organization, please stay off any app I use to send memes to friends.
Metadata is absolutely useful info, and while signal does protect metadata more than the average bear, I don't think I'd confidently claim they have nothing to hand over if the NSA comes knocking.
100%, but it's a hell of a lot less useful than Facebook Messenger, my grandma can set it up in 5 minutes without any trouble, I don't have to maintain any servers, and know that it's supported by well funded top-notch engineers that aren't going anywhere anytime soon.
I use it for day to day chatting. it's at least not getting read by advertisers which is a feature on its own.
It's dumb, but it's also not really marketed and is easy to forget that it exists even when using the app daily.
Denigrating warrant canaries
He consulted with lawyers and they said that removing/not updating a warrant canary would likely have the same legal consequences as violating the court order by simply announcing the subpoena. Also, a warrant canary is nearly useless even in the ideal case because it just says that they got a secret warrant, not what the subpoena was for or any other details. You wouldn't know the exact date, what was requested, or even what country made the request. And it becomes even less useful after receiving the first secret warrant.
Also, not all subpoenas are secret. Signal posts all government requests, including the full documents of all communication between Signal and the government, at https://signal.org/bigbrother
And, since Signal is E2EE, they don't have any useful data to share when they receive a warrant anyway.
Refusing to allow non-signal servers
Signal isn't federated and it's not intended to be. If you're using a private server, you'd only be able to talk to people also on your servers. If that's a feature you want, you can simply choose a different messaging solution. It's a design decision, not a security flaw.
Only allowing Google and Apple app stores
Here's an official apk download: https://signal.org/android/apk
Requiring phone numbers for account creation
Yeah, it's kinda weird. They started as an SMS app which obviously requires a phone number and just haven't got rid of the requirement. They added usernames and hide your phone number by default, so you can at least message others without sharing your phone number.
In the end, phone numbers streamline signup and account management and Signal is meant as a texting replacement, not a social media/texting hybrid like Telegram or Discord, so phone numbers help the less tech-literate to use the app. As long as the encryption is sound, phone numbers don't really add that much security risk and the point is to bring high-grade encrypted messaging to everyone, not to be an ultra-anonymous hardened messaging platform to avoid state-level targeted attacks.
I'm still stuck on the part where we convict people due to their emotions and not due to evidence that they committed the crime. Smiling during a robbery is not conducive to actually performing said robbery, so why is it admissible in court? The judge shouldn't need to make a call on this at all.
Cloudflare tunnel (aka a reverse proxy, like ngrok) will also likely work for your mystery project, and it’s free. VPN is more secure, but as always, it's a trade-off between the security of a vpn and the convinence of a reverse proxy that's available on the open internet.
There are services that'll sell you a brand-new modded oled switch for less than £500. It's not exactly rare, any switch can be modded and a modchip is better than the OG joycon exploit since modchips are untethered.
They came to their “hugely alarming” conclusions after analysing the nutritional content of the 10 top-selling items bought at 19 of the UK’s biggest “out of home” outlets, including chains such as Subway, Pizza Express, McDonald’s, Greggs, Starbucks and Pret a Manger.
They only reviewed the 10 top-selling items at each chain. Headline could have read: "Breaking News: People Like Buying Comfort Food and Sugar"
An I going crazy? I vaguely remember running up there without a boost, but it was years ago and I'm probably misremembering. Was it ever possible without a boost?
For sharing it with someone specific? Just about anywhere you want. Most commonly Google Drive. I like Send as an alternative for file sharing. catbox.moe is popular on lemmy.
When new, you really have to put some effort in to break them. Over time and with sufficient use, they wear out and break down. They are super cheap though. $1 each if you buy 30 and shipping is free.
It's satisfying to squish and stretch and fold. Very rubbery/elastic and difficult (though not impossible) to break. I use one as a wrist rest too, lol.
Isn't it a requirement in any Alien movie that only a single person on the entire crew isn'd dumb as a rock?