Jonah @jonah@social.privacytools.io

@russell it's kind of annoying but nothing I can do about it. It should only affect system apps, not user apps.

@jj presumably that’s 45% of the manually approved users, so no spammers.

@jj we could, but that is the same issue as approving new accounts. i.e. the waiting period makes people want to not participate. See: https://mastodon.social/@Gargron/102322621491229802

@herkbk@mastodon.social yeah, it’s doing exactly what I need it to so far. Very good experience.

@darylsun you need to give them your keys to do account proofs *in-browser*. If you do everything in their apps your keys stay on your devices.

@darylsun you need the program to chat. You can use some things in the browser if you give them your keys, but I highly, highly recommend not doing that and just downloading their apps because then your private keys are only on your devices.

@croqaz no. If someone wanted to join they'd have to know someone on here already. So like you could give an invite link to your friends/family if they wanted in.

If they really don't know anyone on here they would also have the option to shoot me an email which I'd list on the homepage, and then I'd send them an invite myself. Sort of the way Riseup does it but less strict.

@croqaz Yes. Go to https://social.privacytools.io/invites (or open your preferences and click "Invite people" in the sidebar).

I can tolerate receiving email spam (email is already listed at https://social.privacytools.io/about/more anyways), I just don't want spam in the timelines lol

@joey @darylsun Keybase and Signal are both built on standard encryption platforms though, so security-wise it's fine. Wire, Signal, and Keybase are probably equally secure and significantly better than something like Telegram.

Signal is certainly easier (at least on Android) because you can set it as your default SMS app, which is sweet for getting less technical friends/family on Signal.

@darylsun ...But you can still use a Keybase account with no proofs added if you wanted to securely message someone else who has a Keybase account, and you aren't aware of any other forms of E2EE communication to get in touch with them over. Because at least you know that Keybase is E2EE.

Otherwise, no better than Wire or Signal or whatever.

@darylsun the main benefit is you can securely message someone you only know by their online accounts or websites. It also lets you prove your account is associated with a website or another account officially. For example, my Keybase account proves cryptographically that I run the privacytools.io site and my Reddit username is /r/JonahAragon.

If you aren't like, even a semi-public figure the proofs probably don't make sense.

@croqaz that is (IIRC) what we currently do, but we still get spambots and fake accounts fairly often 🤔

@MasTorDon why a v2 instead of v3 address out of curiosity?

@MasTorDon maybe. The issue with that is after registering you'd have to wait to be approved AFTER registration, which I think will discourage people from using the accounts (so we'll end up with lots of unused accounts). Whereas with invites you'd have to wait BEFORE registration, but then have instant access with the invite. So the people that actually use the invite are more likely to then also use the account.

@OneSubtractOne so far it's fantastic! I'm very jealous of Riot X on Android compared to the app on my primary iPhone :(

I'll have to use it a bit more and write a longer blog post or something.

Regarding spam: Should we make this Mastodon instance invite-only (with invites available from any existing user or from me if you email me directly)?

Finally got a Pixel 3 and #GrapheneOS installed 🎉🎉

@MasTorDon this is why I really want Let's Encrypt to start supporting .onion domains. Not Mastodon only necessarily, but there's a lot of use-cases where HTTPS is required.