i made my comment pretty early before getting up to go vote in our election. i’ll admit i was premature on having an opinion as i just skimmed the content here and didn’t look into things much.

this project is definitely interesting. i suppose my sentiment initially was less that i don’t trust the cryptography, and more a general weariness of new open source projects. after reading more about the implementation there isn’t anything that jumps out at me as particularly egregious.

i support FOSS and the related philosophies a whole lot, i believe it to be one of the only ways to take our lives and communities back these days.

however, with that said, i have to disagree with this sentiment:

Nobody will be justifying their existence in front of a random internet user.

random internet users are the open source movement. new projects must justify their existence and trustworthy nature to the community. not that these people haven’t, obviously they haven’t had the chance yet.

an open mind, absolutely. but history has shown bad actors are abound, as well. i’m not sure what the proper solution here is, and i don’t think anyone else is absolutely 100% certain either. removing trust from the equation isn’t easy.

idk i’m kind of just babbling at this point tho. thanks for the civil discussion

that still isn’t an explanation of how the server supposedly “does not have the means to decrypt them [the messages]”, which isn’t me saying it’s impossible. i’m well aware of possible cryptographic solutions here. but, it isn’t wrong to be sus of this application until the organization/developers have demonstrated a degree of trustworthiness. i honestly don’t see why you would use this over just encrypting and transfering the data yourself using more traditional methods that involve the minimum number of parties. i might just be ignorant of this project, but i’m weary of it until i have a chance for further investigation