Generally seems an okay idea to me because it allows you to use the rust tool-chain and you can more easily achieve compatibility with other rust code. In fact, there’s other languages which do something similar. I remember F* (f-star) which compiles to OCaml.

In thie fesiverse graphic each person has exactly 1 connection to a fediverse thing. But in reality, there can be more. I guess in practice there are often more than one.

That’s me most of the time. Does it mean I’m ADHD?

There’s nothing stopping you from using GPL.

But there is a culture - I think even explicit - of using MIT or APACHE licensing. In some sense is okay, because it simplifies crate compatibility. But it comes at the cost of feeding the usual suspects who now obviously turn against humanity.

My unconfirmed suspicion is that there are forces behind (Google, Microsoft, Amazon, Meta) who like permissive licenses because this makes it easier for them to exploit the work of the public.

Maybe you could also consider to extend an existing good PQC protocol (for example https://signal.org/docs/specifications/pqxdh/) by adding a shared secret. The shared secret could flow into the key derivation functions which are used to derive the symmetric encryption keys. This way you would have quite strong guarantees (forward secrecy) as long as nobody can break the PQC algorithm and still some guarantee of confidentiality when somebody breaks asymmetric primitives. In the protocol you outlined now, there’s no forward secrecy. Meaning that once a key is compromised, all past and future messages can be decrypted.

Interesting :)

A few quick questions & comments:

1. I don’t quite understand “If all users accept the introduction, a list of contacts is sent for each contact pair. These contacts are not used for messaging to prevent more than two parties from having encryption keys.” (line 66) What exactly are the “contacts”? Is it the same data as defined on line 8? Where do the encryption keys come from? Do initiators of introduction reveal encryption keys of their existing contacts?

2. After an introduction there’s the problem that newly introduced people cannot setup secret keys in a very clean way. Because this secret keys can be computed if an attacker gets hold of the introducer, has recorded traffic and is in possession of a large enough quantum computer (which you assume in your threat model). You therefore would need some sort of ‘upgrade’ mechanism which would allow either two people to meet in person to ‘upgrade’ their secure channel. Or you could add a asymmetric key-agreement or key-exchange on top (probably post-quantum algorithm).

3. I don’t quite get the combination of “HTTPS”, “Tor”, “symmetric crypto because of quantum computers”. Why HTTPS if Tor already provides confidentiality? HTTPS implies certificates, no? What about them?

4. What about nonces for GCM? How do you prevent replay attacks?

5. If you want to truly understand your protocol and get confident about it, I recommend studying something like this: https://tamarin-prover.com/ This allows you to model your protocol more formally, state your security claims and check if the protocol satisfies this claims :)

GNU Taler seems to be a good thing to look into. Not a crypto currency but a payment system which preserves anonymity of the buyer.

“Could lose”? We are long past this point. When you can chose between two parties and they try to manipulate the election as hard as they can, then that’s a zombie democracy at best. And now? The president stands above the law. He can fire people illegally. He can disable law enforcement. Democracy in the US is gone. Hopefully only temporarily. Now it’s up to people to act, take their rogue government down and repair what can be repaired.

Is tempting to check if it’s still down. But wom’t touch this ugly domain.

Happy to be inspiring :)

TL; DR you just made my day :*

For self-defense it’s actually okay.

I’m vegan - I compost the rich.

What a strange universe we live in. The old US: pushing surveillance and police laws to fight terrorism, drug dealers, and pedophiles. The new US: has a president who is of open to terrorism by supporting far right groups and storming the capitol, has a billionaire on his side who really seems to be on some psychoactive substances, and now this.

Windows also used to show me the ugly face of Trump in the start menu even if I didn’t ask for it. That was more than 4 years ago. Recently was accidentally hovering over some ‘copilot’ button in Edge of a friend. And again - pop-up with Trump. So yes: fuck Windows, fuck Microsoft

deleted by creator

I bet that what we see here is partly the work of the worlds largest propaganda machine. I’d like to believe that misinformation was the reason for them supporting Trump. So yes, properly informing people could help. But I’m worried that the Trumpian shit-show clogged some brains. What to believe in a world made of “fake news”?

I simply wonder what’s happening and expressing my frustration.

No question - it’s good he is mobilizing people. Organization is key, and to me it looks like it’s currently lacking. I really hope Sanders can change this.

It has been damn obvious and yet way too many people voted Trump. And, come on, it was clear Elon would be there as well. From outside the US it’s hard to understand why. It leaves me with two explanations, both of which I don’t like: either people were misinformed and/or did not understand what is going on, or they did really want it.

Maybe you can help me understand.

Wasn’t that obvious at very latest 4 years ago?

Google has always been fuckers, they are still fuckers and going with the fascist flow they’ve proven that they will remain fuckers. Even if they switch side once the Trumpian monster stumbles, the can never be trusted.

This days it’s plain obvious. Before was slightly better hidden.

They could decide not to give 1M to Trump, but they did: https://www.theguardian.com/technology/2025/jan/09/google-microsoft-donate-trump-inaugural-fund They could use their reach and make a clear public statement: “we don’t support this”. But I’ve never seen any. They could give higher rating to actual useful information and try to show less fascist propaganda to people. I have to assume that’s going wrong as well.

Because of their giant impact, they send a message to all others. “We go with the fascists, we are not on the side of humanity but on the side of profit”. That creates dangerous dynamics.