Dear House Democrats,

Fascism is currently destroying the US system of government that you like to call democracy.
Given the influence on the world held by the US, this is a major threat not only to the people you were trusted to represent, but to practically everyone.
If it succeeds in taking over the United States, it will be in no small part your fault.

Kindly do you fucking jobs.
Now.
Before it’s too late.

https://en.wikipedia.org/wiki/Tulsi_Gabbard#Opposition

Isn’t California’s GDP about ten times that of Denmark?

I guess that purchase would be quite a bargain.

Good luck. You’ll find that your farmed accounts can’t do much of anything, and will be quickly and automatically deleted.

What will be effective depends on the nature of the site and that of the bots causing trouble. For example, a forum can limit posting privileges until an account builds a reputation, a paid goods/services site can restrict access until a purchase is made, a web service can use revocable credentials, and a data download site can use rate limits. (That last one is actually useful in a variety of situations, and can be done at the network level instead of or in addition to the application level.)

There is no silver bullet, but there are lots of small measures that can be very effective when applied thoughtfully, without turning a site into a frustrating-to-use surveillance tool for Google at the expense of the humans who want to or have to use it.

Even a small, locally hosted, activate-only-once, simple image or text-based CAPTCHA would be preferable to the ones operated by third parties.

There’s no point in arguing what once was. Things have changed. CAPTCHAs are now less effective, far more invasive, and for many people, far more troublesome.

Cling to them if you like. I no longer use them on any of my sites, because I care about my users.

CAPTCHAs make web sites awful to use, and waste the limited lifespans of billions of people.

There are other ways to manage bots.

Indeed. Tucked away in a corner of their web site, where it isn’t easy to find unless someone else guides you to it, below a large bold warning that discourages people from actually using it:

Danger zone

Advanced users with special needs can download the Signal APK directly. Most users should not do this under normal circumstances.

This ensures that nearly nobody uses that build. Consequently, almost all chats on Signal will have an app store build running on at least one endpoint.

It’s not false.

Signal’s default, well-supported installations use Google services, so unless you’re an extremely atypical user, those services are present on most of your contacts’ devices. You might have the knowledge, skill, and motivation to remove those services from your own device, but since they’re still present at the other end of most chats, you haven’t escaped them.

Let’s also remember that E2EE doesn’t protect the endpionts, and that Google Play Services run with system-level privileges.

Claburn’s article seems biased toward Martin’s position in the disagreement, using the most forgiving language possible for his behavior while describing the opposing side with obviously critical language and insufficiently covering the reasons for it. Linus’s response might be mildly interesting, but the article is disappointingly poor journalism.

It’s been recently added to FDroid.

No, it has not. A third party published it in an f-droid compatible repository. That might be convenient for someone who happens to trust that third party and manually add it to their F-Droid client, but it is not at all like it being added it to F-Droid.

You can use NTFY with Molly (which has been on FDroid for some time).

This does not refute what I wrote. Unless you only communicate with people who get their Signal app from some non-Google source and they all rig up alternative push notification channels, or every one of them uses Signal exclusively on iOS, your conversations are still tied to Google. Perhaps you have so few contacts that you could achieve that, but most people are not in that position.

network-level metadata monitoring by anyone with sufficient access/influence at Signal or their data center provider (such as a government who doesn’t like encrypted messaging).

This one is just a straight-up lie. Everything on the server is encrypted and no one has the keys except the participants.

Encryption doesn’t hide network traffic. Signal’s centralised design means there is a single point where that traffic can be monitored and traced to reveal which endpoints are talking to each other, and where, and when.

What I wrote is not a lie, which you would know if you actually understood these issues. Please stop making baseless accusations. You are wrong, and you are being very rude.

If you’re interested in correcting your ignorance, I suggest starting with this paper, which touches on some of the issues:

https://www.ndss-symposium.org/ndss-paper/improving-signals-sealed-sender/

If the paper is too much for you, the linked video does a pretty good job of explaining.

Thankfully, it’s not that simple.

A centralised service is an easy target for a government. (This is where Signal stands.) A decentralised one is significantly harder, because the government would have to be constantly discovering and processing every node in the network as new ones appear. (This is where Matrix stands, although it doesn’t have many public servers yet.) Fully peer-to-peer decentralisation makes it harder still, because there are as many nodes as there are users, with network addresses that often change. (Some of these exist today, but are mostly experimental with few users. Matrix has done some proof-of-concept work in this area as well.)

On top of decentralisation, tunnels like VPN and Tor can be helpful in avoiding ISP-imposed blocks.

There are a few messaging systems that don’t rely on internet service. That usually means a peer-to-peer design using some form of radio link, which can work well for local gatherings (like protests), but these tend to be impractical for general use.

Note that I said the network can withstand such things, not that it guarantees your connectivity to it when using a hostile ISP. No internet messaging service can do that.

Signal is easier to use, more private, and faster.

Unfortunately, it is also effectively tied to Google services due its app distribution and push notification channels on Android (which most people on Signal use), and as a centralised service, it is vulnerable to shutdown or network-level metadata monitoring by anyone with sufficient access/influence at Signal or their data center provider (such as a government who doesn’t like encrypted messaging).

_{(Edit: rephrased for clarity)}

Matrix is good for private general messaging. The fact that it’s decentralised means it can also withstand things like government-ordered shutdowns or back doors, since there is no central point that controls the whole network.

Two things to be aware of:

• Some non-message bits (e.g. room topic text and membership) have not yet been moved to the encrypted channel, so those could be read by the administrator of a homeserver that participates in your chat room. Since most people care primarily about keeping the message content private, this is an acceptable trade-off to get all the things that Matrix offers.
• The upcoming Matrix 2.0 features and design choices simplify the UI and fix some occasional errors. It might be worth waiting until this stuff officially lands in the client apps before bringing your contacts to Matrix, for a better experience all around.

Facebook: I’ll just torrent what I need burden your underfunded project and volunteers with over 81 TB of bandwidth costs without contributing anything in return, see yaa

FTFY