In XChat, once a user clicks on “Set up now,” X prompts them to create a four-digit PIN, which will be used to encrypt the user’s private key. This key is then stored on X’s servers. The private key is essentially a secret cryptographic key assigned to each user, serving the purpose of decrypting messages. As in many end-to-end encrypted services, a private key is paired with a public key, which is what a sender uses to encrypt messages to the receiver.
So they’re storing the private key on their servers, but not on-device like Signal? What a terrible mistake…
I think this is by design. No social media platform prioritizes its users. Folks who don’t know any better and use this are in for a reckoning, eventually.
Those ignorant people would have done it either way - maybe not with this one but something else I’m sure. Spreading awareness, tech literacy that’s accessible and easy to understand is the key (among others I’m sure that exist).
Proprietary, in-browser cryptography means no audit trails for clients, that is you’ll never know which day you’re served a malicious client that steals your passwords and keys.
This part is true though. X Chat is garbage from what I’ve seen so far and what I would expect from Elon, but security is relative. A broken clock is right twice a day.
I wouldn’t trust privacy claims from someone who acts like a real life supervillain…or someone who is super invested in ai. The man wants that training data, real bad.
I wouldn’t say security is relative, but rather functional. “Relative” is a term can be abused by those technically knowledgeable against lay people. “Functional” is much more direct and revealing of its nature.
For example, it’s very abstract to say that Alice’s laptop is secure “relative” to her threat model, but it’s another to say that the features and functionalities of Alice’s laptop functions to make it secure against certain threats, like attacks from evil maids.
Is security relative? Yes, sure, but that is confusing to lay people and doesn’t reveal the actual reasons why something would be secure. “Functional” does this job. A house’s being secure is not relative to me, because that would imply some level of subjectivity. It’s secure is because it functions well in keeping intruders out. Security is not subjective, but objectively functional to a goal. “Relative” muddies the water. I think that’s why @nonina was critical of it, because the term is vague and can be interpreted in many ways. “Functional”, on the other hand, is an analogy that we can understand easily.
Security is always relative because there is no such thing as absolute security, it is a spectrum and not a binary. Something is not “secure” or “unsecure”, it can only be more or less secure than something else and in relation to a given threat. You can also say it’s functional, sure, but these are not the same topic, and both can be true.
Not really, relative means it is used in relation to something else, which is exactly true. If you don’t think of security as relative, you are not going to be securing anything successfully.
Yes. My point is precisely this, as I expressed in the post you replied to. I was agreeing with you that it is relative, but disagreeing with you that “relative” was good term to use and spread around. People will mistake what that means, as evidenced by the fact that nonina seems to have disagreed with that sentiment only to agree with it once its meaning was clarified.
I would still say it’s confusing. You’d have to explain why it’s not confusing, because it certainly seems confusing relative to me. And relative to lay people, it can be confusing as well! Notice how this term is used differently here than in the context of security. The definition is inherently abstract to cover various contexts, whereas “functional” is a subset of “relative” and therefore narrows down the range of contexts. A painting can be good “relative” to me. Music can be loud “relative” to me. A dress can black and blue “relative” to me. These are all the ways lay people use the term. But A being functional to B has a smaller range of contexts.
My point is not that security should be identified as relative, only that lay people will likely find it easier to analogize security as being functional. “Functional” inherently means something works in relation to something else, but without all the fuzzy definitions that “relative” has. If you want to say that “relative” is a term of art in the cybersecurity space, go ahead. I’m not from that field anyway so I wouldn’t know. My only point is that “functional” is a better term to picture what security really is for those not in-the-know.
