FBXL Social

@Hyolobrika
Impossible! I suppose that's the whole point of his blog.
I highly doubt that the side-channel he mentions is exploitable in real-world conditions on a server with dozens of users where each request might be handled by a different processor core — and that's exactly what Matrix dev told him.

@Hyolobrika
He can always prove us wrong by making a proof of concept exploit, but no… "I did look into this, but I didn't spend too much time on it… but this is a HORRIBLE vulnerability, a GAPING HOLE even — just use Signal" 🤦

@Hyolobrika
Well, in that case it would most probably be hosted on a VPS blurring the concept of what CPU is and rendering such side channel attacks inefficient.
People are too much into timed cache attacks ever since Spectre made it a hot topic, despite this type of attacks existing since the Pentium Pro days.

@Hyolobrika
I'm fairly certain that a lot of hardware is still running without any mitigations at all to achieve higher performance, and yet… No real world consequences, nothing big enough to make the news 🤷

@romin
Exactly! But that's what I was expecting from such a hyped-up announcement TBH: "Okay, this part looks weak, Signal does it better",— so what? Give up a proof of concept exploit or go home!
It's not a question of "being an alternative to Signal" — for me and for anyone living in a non-free country Signal itself with phone number registration was never a viable choice.
@Hyolobrika

@romin
True, it's kinda beyond the whole infosec scope, but no cryptographic strength can withstand the pliers and the blowtorch 🤷
Being decentralised and staying below the radar is way more important.
@Hyolobrika