If only your distro would support more than one desktop.

I will say though, Gnome dropping support for other window managers does suck. That is them removing infrastructure that non-(or semi) Gnome users depend on.

Also the idea that NATO caused the Bosnian Genocide is laughable. The bombing is the only reason it stopped.

https://thegrayzone.com/2025/08/04/us-ethnic-cleansing-serbs-croat/

Though he was named directly and is still just an economist.

Well he’s a famous guy and knows a lot of important people, directly worked with the CIA and USA government before. And Davel wasn’t saying “The Lancet published this conspiracy” but that the guy that the Lancet - who is very trustworthy - trusts and says is qualified to weigh in, is independently pushing it. So Jeremy was borrowing his authority from having been associated with The Lancet, and he has some authority already from his celebrity-status and previous work, not necessarily from his hard skills (economics).

That’s a far cry from “CIA bioweapon” like the OOP believes.

Okay. I believe that. I haven’t read the article and don’t want to weigh in. I haven’t investigated the claim, anything I add can only be nonsense. I wasn’t pushing a Fort Detrick bioweapon conspiracy, I just wanted to clarify Davel’s comment because I didn’t feel your objection to it was fair, or if it was just a question with no position then I answered the question. Feel free to discuss the article with Davel since you have both read the article.

The authority being highlighted wasn’t Jeffrey Sachs on his own, but The Lancet.

I’d think there’d be at least as much pro-China content on a Chinese platform.

There is a lot of Chinese state-sponsored propaganda on TikTok, as well as pro-China speech by unaffiliated users. This is true of TikTok and of YouTube and Twitter. (The state-sponsored propaganda I’m highlighting isn’t particularly insidious, it’s things like student exchange or paid travel bloggers, Chinese news spending budget to create English language content). But you aren’t more likely to come across it on TikTok than western platforms, because China doesn’t control the algorithm. TikTok was forked off a Chinese product, but it’s controlled by Oracle and the USA in terms of tuning and moderation. The Chinese just collect rent.

Now if your angle isn’t that TikTok pushes those things, but just that kids use it and kids are impressionable, then I don’t have any objections with what you’re saying. I haven’t seen any Chinese state-sponsored content that plays well with kids, but I wouldn’t expect to either since my recommendation feed looks different (and I don’t use TikTok).

Would it really be a shock to anyone if a global superpower spread propaganda to be viewed more positively by people around the world? Russia and the USA do it all the time. Why wouldn’t China?

Completely reasonable.

I’d say it’s quite likely.

But this isn’t reasonable at all, and it’s what you’re trying to defend.

Lemmy has no value. It’s a waste of resources. Your assertion wasn’t that China is has propaganda. I know they do, there are hundreds of officially disclosed initiatives. Your assertion is that Lemmy users aren’t genuine.

You also implied that TikTok - A platform globally moderated by the the USA - is a hotbed for PR Chinese propaganda, which isn’t reasonable either.

Which Zionism apologists are you seeing on .ml? Moderators remove that. I also don’t really believe you’ve seen popular pro-Russia stances, I’d sooner think you’re conflating Russia-neutral stances.

1. The question has accusations in it.
2. The user wasn’t banned over this post, but for saying COVID was a Chinese bio-weapon in another thread. In that same post they also wished slavery on the people of Tibet.

Very good

There likely isn’t a public domain photo depicting the same thing.

The first sentence was a response to you asserting voting is essential to democracy, which is false. The rest of the comment was a response to you not accepting Nemo@slrpnk.net’s argument.

If you can’t find an instance you agree with, and you have a mass of people who agree with you but are collectively too lazy to create a new instance, you would communicate your stance with words. Lemmy has a system for leaving text statements. You seem to be familiar. But there’s no mechanism to force the instance operator to obey you.

In a democracy, the community determines policy. Votes are orthogonal. If the community leaves when they disagree, by definition everyone that is remains agrees with the policy, making it a democratic policy. The friction to changing instance is very minimal, so it’s a good indicator of people’s opinions.

No, that’s just an assumption. It’s very standard. But they do, this is the code for it. https://github.com/signalapp/Signal-Android/blob/main/app/src/main/java/org/conscrypt/ConscryptSignal.java
That doesn’t confirm they send anything extra about your device, that’s an assumption as well.

If I share an IP with 100 million other Signal users

That’s already not very likely, but ignoring IP, you’re the only one with your SSL keys. As part of authentication, you are identified. All the information about your device is transmitted. Then you stop identifying yourself in future messages, but your SSL keys tie your messages together. They are discarded once the message is decrypted by the server, so your messages should in theory be anonymised in the case of a leak to a third party. That seems to be what sealed sender is designed for, but it isn’t what I’m concerned about.

daniel sent a user an image…

Right, but it’s not other users I’m scared of. Signal also has my exit node.

What you’re describing is (not) alarming (…) Signal’s security team wrote.

I mean if strangers can find my city on the secret chat app I find that quite alarming. The example isn’t that coarse, and Signal, being a centralised platform with 100% locked down strict access, they well could defend users against this.

What do you mean when you say “conversation” here?

When their keys are refreshed. I don’t know how often. I meant a conversation as people understand it, not first time contact. My quick internet search says that the maximum age for profile keys is 30 days, but I would imagine in practice it’s more often.

Even if we trust Signal, with Sealed Sender, without any sort of random delay in message delivery, a nation-state level adversary could observe inbound and outbound network activity and derive high confidence information about who’s contacting whom.

That is true, but no reason to cut Signal slack. If either party is in another country or on a VPN, then that’s a mitigating factor against monitoring the whole network. But then if Signal is sharing their data with that adversary, then the VPN or being in a different country factors has been defeated.

Here’s the blog post from 2017

I appreciate the blog post and information. I don’t trust them to only run the published server code. It’s too juicy of an honeypot.

I don’t have any comment on SGX here. It’s one of those things where there’s so many moving parts and so much secret information, and so much you have to understand and trust that it basically becomes impossible to verify or even put trust in someone who claims to have verified it. Sometimes it’s an inappropriate position, but I think it’s fine here: Signal doesn’t offer me anything, I have no reason to put so much effort into understanding what can be verified with SGX.

And thanks for the audits archive.

Okay. But this method doesn’t address that the service doesn’t need the message to include the sender to know who the sender is. The sender ('s unique device) can with 100% accuracy be appended to the message by the server after it’s received. Even if we trust them on the parts that require trust, the setup as described by the blog doesn’t do anything to prevent social graphs from being derived, since the sender is identified at the start of every conversation.

If we trust them not to store any logs (unverifiable), then this method means they can’t precisely know how long a conversation was or how many messages were exchanged. But you can still know precisely when and how many messages both participants received, there’s just a chance that they’re talking to multiple people. Though if we’re trusting them not to store logs (unverifiable), then there shouldn’t be any data to cross reference to begin with. So if we can’t trust them, then why are we trusting them not to take note of the sender?

The upside is that if the message is leaked to a third-party, there’s less info in it now. I’m ignoring the Github link, not because I don’t appreciate you finding it, but because I take the blog-post to be the mission statement for the code, and the blog doesn’t promise a system that comprehensively hides the sender’s identity. I trust their code to do what is described.

I think Dessalines most recent comment is fair even if it’s harsh. You should understand the nature of a “national security letter” to have the context. The vast majority of (USA) government requests are NSLs because they require the least red tape. When you receive one, it’s illegal to disclose that you have, and not to comply. It requires you to share all metadata you have, but they routinely ask for more.

Here’s an article that details the CIA connection https://www.kitklarenberg.com/p/signal-facing-collapse-after-cia

The concern doesn’t stem from the CIA funding. It’s inherit to all services operating in or hosted in the USA. They should be assumed compromised by default, since the laws of that country require them to be. Therefore, any app you trust has to be completely unable to spy on you. Signal understands this, and uses it in their marketing. But it isn’t true, they’ve made decisions that allow them to spy on you, and ask that you trust them not to. Matrix, XMPP and SimpleX cannot spy on you by design. (It’s possible those apps were made wrong, and therefore allow spying, but that’s a different argument).

How does that work? I wasn’t able to find this. Can you find documentation or code that explains how the client can obscure where it came from?

Yes.

Your client talks to their server, their server talks to your friend’s client. They don’t accept third party apps. The server code is open source, not a secret. But that doesn’t mean it isn’t 99% the open source code, with a few privacy breaking changes. Or that the server software runs exactly as implied, but that that is moot since other software also runs on the same servers and intercepts the data.

We can’t verify that. They have a vested interest in lying, and occasionally are barred from disclosing government requests. However, using this as evidence, as I suggested in my previous comment, we can use it to make informed guesses as to what data they can share. They can’t share the content of the message or calls – This is believable and assumed. But they don’t mention anything surrounding the message, such as whom they sent it to (and it is them who receives and sends the messages), when, how big it was, etc. They say they don’t have access to your contact book – This is also very likely true. But that isn’t the same as not being able to provide a social graph, since they know everyone you’ve spoken to, even if they don’t know what you’ve saved about those people on your device. They also don’t mention anything about the connection they might collect that isn’t directly relevant to providing the service, like device info.

Think about the feasibility of interacting with feds in the manner they imply. No extra communication to explain that they can’t provide info they don’t have? Even though they feel the need to communicate that to their customers. Of course this isn’t the extent of the communication, or they’d be in jail. But they’re comfortable spinning narratives. Consider their whole business is dependant on how they react to these requests. Do you think it’s likely their communication of how they handled it is half-truths?