actual effective end-to-end communication is only possible if alice and bob exchange public keys in real life
You can’t always meet all your peers in real life. Some other trusted channel may have to do in some cases.
Main: @gnufuu@lemmy.ca, Backup: @gnufuu@infosec.pub
actual effective end-to-end communication is only possible if alice and bob exchange public keys in real life
You can’t always meet all your peers in real life. Some other trusted channel may have to do in some cases.


You sure you didn’t misread? To me it looks like they allow sideloading Email apps but disallow sideloading web browsers.


From their FAQ:
Can I install my own apps?
Web browsers and social media apps are blocked at the system level. Email and work apps are not offered through the Commostore app store, keeping Callback focused on life outside work and feeds.
Users are still be able to sideload apps outside those that are blocked, using APK installer files, but Callback is designed first and foremost as a calmer, more intentional phone.
So I can receive an Email but if it has a link to a website I can’t click it? That’s just silly, Commodore. You’re doing a fine job being memeable and appealing to our nostalgia. Trying to “protect us from ourselves” like that kinda destroys that vibe. And no, the inevitable custom ROM circumventing your blocks won’t make up for it.


That one wasn’t on my bingo card lol


Liechtenstein: “Am I a joke to you?”


Can’t load the article but I assume Arch’s rolling release way of doing updates makes this quite the disaster.
I agree that public keys need to be verified over a separate, secure channel. I also agree that meeting irl is to be preferred. My point is that using other channels for verification is still better than not verifying the keys at all.