Ignas Kiela is kind of an idiot online. This, by itself, is a forgiveable condition--even on social media. Everyone has off days. Everyone has silly moments.
Unfortunately, Ignas Kiela is the kind of idiot that doubles, triples, and quadruples down on talking out of their ass.
Today, we're talking about this Fediverse thread.
I posted two threads earlier this week, after being tagged into someone else's argument and subsequently getting a headache. You can read them here:
Ignas replied to the first thread, but for the peanut gallery, it's worth reading both.
In May 2024, Telegram's CEO was doing some sketchy shit, so I urged furries to stop using Telegram. This was a self-contained bit of advice from me (a furry that specializes in applied cryptography) to fellow furries (a community that, for whatever reason, has network-effected itself into Pavel Durov's personal hell). But Internet strangers cannot leave well enough alone, and I was inundated with bullshit assertions that other apps are better than Signal.
Naturally, I did what anyone with security chops would do to such a slap in the face: I scrolled through the other apps' source code and dropped vulnerabilities on my blog. Get rekt!
This had one annoying downside: Hundreds of people suddenly thought they could get free labor out of me if they asked "what about [other app nobody heard of]?" so I had to tell people to shut up and stop doing that.
I still get random DMs and emails from strangers asking me "what about [other app]?" as if I'm going to spend my precious free time outside of work doing free security checks at the beck and call of people I have no prior relationship with.
I might be a weirdo furry, but I'm not exactly clicker-trained. Don't try to order me around.
Outside of all this, I have a blog where I write about the furry fandom, cryptography, software security, and sometimes all three at once.
Earlier this week, I posted the aforementioned threads. The first one was my attempt to respond to an entire genre of cognitive error that I saw in a discussion I never asked to be part of, without shaming the participants. (Despite the fact that you're reading this gist now, know that I don't put people on blast lightly. It takes a certain kind of arrogance or dipshitery to provoke this.)
In response to the first post of my first thread this week, Ignas Kiela pipes in with their opinion.
@[email protected] It may not be a security issue, but it's a usability issue (no, it does not "improve" stuff over usernames or some shit)
I do not want a SMS replacement because I don't use SMS, nor does anyone in my circles use SMS, and honestly this whole country barely uses SMS. When the target to replace is social media DMs (Facebook, Instagram, Snapchat), going with "SMS but secure" misses out on large swaths of expectations people have for messaging. People change their numbers, lose their phones, etc. - there is an expectation that their communication will survive all of that without any major issues. Saying "but that would lead to lower security" is not a solution.
Signal is great as a security app, but quite shit as a communications one, and it's mostly because it goes after an antiquated protocol that nobody even thinks about using anymore.
Security is not a requirement for 99% of people, it's just a bonus. But not requiring a phone number is a requirement for a fairly large part of potential users, and small security bonuses over other tools change nothing about that.
I had already addressed the framing of their opinion in the other thread, so I linked them to this post instead of repeating myself.
They sent another wall of text:
security is not even a 3rd level concern
I know you're doing security every day and that may seem wrong, but regular people don't care, and don't need to care, because they haven't ever heard the dreaded words of "threat model", nor they ever needed to.
But there are plenitude of reasons why people are using everything but Signal for their communications, and none of them relate anywhere close to security. Competing with Signal means nothing when Signal itself is competing on a single aspect that's irrelevant for most people when major, important features are absent.
The strict focus on security is honestly reminding me of FSF people, repeating that you should use something because it's "more free", completely disconnected from the reality that most people choose software because it's useful for them, not because of some moral grounds.
The same is for security - most people don't choose software/services because of security, they choose stuff that's useful for them first, with the security being a nice bonus, and yelling "but it's less secure!" is not going to change that. Stuff needs to be better on functionality, security alone doesn't build a product.
Security blogger expresses opinion about the security of so-called encrypted messaging products. Film at 11.
Like, yes, obviously security isn't the reason most people choose messaging apps. If that were the case, furries wouldn't use Telegram!
But this was Ignas's response to my thread about bad arguments other people make about Signal's security posture.
There are "privacy checklist" websites that opine that Signal is "less private" than products that let you utterly fail to encrypt at all, simply because they ask for an email address instead of a phone number. (Do they realize the NSA can use either value as a selector?)
There are dipshits who try to talk over me to say not to use Signal:
Edit: Oh yeah, DON’T USE SIGNAL. Use Matrix instead,
With that in mind, I replied with this.
Need I remind you that you, a stranger, commented on a post I made about why I, a security blogger, make specific recommendations and don't make other recommendations?
Ignas Kiela wrote:
You're putting other stuff down because they try to solve problems most people want solved instead of going hard on your special interest. I just find it disconnected from the real world and commenting on exactly that.
And, no. Obviously not. There's over a year of history behind this thread.
Shortly after in this thread, Ignas sealed the deal on their status as an uninformed dipshit in a way that is truly breathtaking to anyone that's paid attention to this Gist thus far.
Matrix is not competing with Signal. XMPP is not competing with Signal. Stop comparing them as if they were. They are solving human problems that Signal plainly ignores, so they may as well ignore the cryptographic wankery that Signal prides itself on.
Tell that to the Matrix evangelists, Ignas.
Or the goddamn XMPP evangelists.
Complete fucking strangers have been lighting up my mentions for over a year to tell me I'm wrong for recommending Signal but not whatever bullshit they personally like.
If you think that comparing these apps to Signal is bad, you should be telling them to stop doing that.
You cannot fathom how fucking annoying all this is.