Bit of an odd intro: I'm a carpenter, 42 years at the bench. I'm the type who can't stand making the same thing everyone else makes, so I've always chased the technical side too - CNC, laser cutting, and lately building software to run my machines.
At some point I wanted to send my own designs to people without them leaking anywhere, and I went down the rabbit hole of how messaging actually works. What got me was realising how much of the "free" stuff is paid for with our privacy. That annoyed me enough that I decided to build my own messenger, mostly to learn. It grew from something simple into a real thing. I called it Sherlock.
Two things I cared about: proper encryption, and NOT tying it to a phone number - I built a different system for that.
I'm not going to pretend I reinvented cryptography. I'm a woodworker who got obsessed. So I'd rather hear it straight from people who actually know this stuff:
- How much does the "no phone number" approach really buy you if I get the rest wrong?
- For a small independent project, what's the bar before any of you would even consider trusting it - open source, audit, something else?
Genuinely here for the criticism, not the pats on the back.
Man, your writing here all reads like Claude after I've given it a list of "AI tells" to avoid in its writing. There's structural patterns that are pretty easy to see when there are so many samples right next to each other. I strongly suggest not trying to gloss over your use of AI in your projects when posting about them; some people will always hate, but most I think don't mind AI code as long as it's been tested properly and doesn't have any more bugs than you'd find in any other project.
Problem is, testing encryption properly is difficult, and there's a lot more to a messenger application than just sending encrypted messages. That's my criticism: you're reinventing the wheel for no good reason.
My best advice is to set up a Matrix server if you really don't trust Signal, rather than trying to roll your own. Its a lot less work, a lot more secure, and you can modify the source anyway if it doesn't do what you need.
Why engage, you are feeding this system corrections to build upon.
He absolutely sounds like an AI. There might be a another AI in the comments, but I'm not bothering to dig deeper. Time the bubble pops, so that we're not forced wading ankle deep through slop.
Agreed that op's post and replies all look like AI wrote them. Only talking through AI makes this whole thing feel very scammy, or at the very least dishonest.
This post piqued my interest because I'm a dev that changed careers to finish carpentry (still working on my own projects in my spare time of course).
You're right that you can tell, and I'm not hiding anything. English is not my language - I think in another one. I don't have a translator built into my head, so yes, I use AI to talk to you here. And I use AI to build the project too. I'm not ashamed of that. I'm a carpenter who can also write software and run my machines with code I made myself - AI is the tool that lets me do more than I could alone.
Honestly, the thing I feel most right now is just glad I can talk to you at all. You and I speak completely different languages, and here we are having a real conversation about something we both care about. I think that's valuable. People connecting and talking - that's a good thing, not something to apologize for.
I know the world is split between people who hate AI and people who use it. I don't think it's going to stop or go away. It will keep going, and it's on us - the humans - how we use it. I'm trying to use it for something positive. If the messenger is good enough to pass an independent audit one day, I'll be proud that a carpenter built it with AI and it still held up.
So - no hiding. Thank you for the honest criticism, and for talking with me.
You could prevent people from having this reaction by just putting a note at the top of your text saying:
"Note: i wrote this in a different language and translated it to english with ai. I apologize if anything is difficult to understand"
That's genuinely good advice, thank you - simple and honest, and it heads off the whole thing before it starts. I'll do exactly that from now on.
Note: English isn't my first language - I write in my own language and AI helps me translate. Apologies if anything reads oddly.
You + Ai are better at writing in English than 54% of native speakers. Well done!
Thank you, that really means a lot - because honestly, after that last comment I started to feel like an intruder here, like using AI made me unwelcome in this group. So your words landed well.
I'm not trying to fool anyone. I just use what AI knows to build my own dreams and to get through everyday things. That's all it is for me - a tool, the same way a laser or a chisel is a tool in my workshop.
I actually have more I'd like to say, but after that last comment I got a little afraid to say anything at all. Your message made it easier. Thank you for that.
(Note: English isn't my first language - I write in my own and AI helps me translate.)
I think you'll find I didn't accuse you of trying to deceive anyone, I just suggested that you not gloss over using AI in your projects. Because yes, in my experience people here take it very badly if it looks like you're trying to present AI generated work as your own (note: that doesn't have to be your intent, it just has to look like it was). I was trying to be helpful, and as far as I can see my wording and tone were mild, so I see no reason that my comment should have made you feel unwelcome. The more fool me for the attempt, I guess.
Consider they are almost certainly translating the comments here back to their language using AI which could lose nuance.
I considered it, and the point stands. I came here offering advice - good advice, grounded in two decades of IT career, because nobody who cares about security rolls their own app with encryption unless they know what they're doing. There's too much risk of a bad implementation and leaving holes for bad actors to find.
They can just do what I do and use AI to set up their Matrix server. I set it up before AI was a thing too, but it's so much faster now. That uses a lot less tokens, too. But they don't seem particularly interested in actually taking advice onboard, so I'm not holding my breath.
I won't argue with how you meant it. I had a feeling and I wrote it the way it sounded to me - if you say it was different, then fair enough, but the other side receives it the way they read it. That's just how it goes, and it's not an attack on you.
And if some people here don't like AI, I can't help that. I came for advice, for solutions. I'm constantly learning, and I'd say that to anyone who wants to show they can make something. I'm a man who keeps learning - and the fact that I mentioned my grey hair and that I'm a carpenter, I'm proud of that. Proud that I made something I never studied in school.
That's the whole point for me: I respect people who have no idea what they're walking into and end up doing it anyway - sometimes better than the experts who studied ten years. That person means more to me than someone with "engineer" in front of their name.
I'm not hiding the AI under the rug. Everything I made, I made with AI. My ideas, my visions - it just helped turn them into something real.
I don't know you. Maybe you're an engineer, a doctor, an astronaut - I've no idea. To me you're a person I'm talking to, maybe on the other side of the planet, and what made that possible? AI. That's the point. I'm not here to fight or wind people up. Let's just live, not pick at each other over who does or doesn't use a tool.
If you don't like it, that's OK - we just say hi, goodbye, and our paths part. No hard feelings, and I mean that with a smile.
One principle I hold: you never really know who you're talking to. I could be a craftsman, a teacher, or a director at a big company. You never know when you might need the other person. And if anyone thinks chats are just a place to hide behind - that's not my style.
(Note: English isn't my first language - I write in my own and AI helps me translate.)
You asked for criticism and advice, and that's exactly what I offered. It's based on my own experience here. I was offering it to be helpful. Just what exactly are you trying to achieve with this response? Because yeah, I'm not getting attacked, I'm getting lectured. For offering advice when it was solicited.
I'm certain you don't see the problem here, so I'm out. But for the love of Christ, just use AI to set up, harden, and manage a Matrix server instead of wasting tokens building your own application. You'll end up with something much more secure than an app with a possibly-bad crypto implementation that you don't have the experience to see, find, or fix.
You're right, and I owe you an apology. My frustration in that earlier reply wasn't aimed at you - it was about a pile of "you're a bot / fraud" comments, and you got caught in the blast. That wasn't fair. Your advice was genuine and useful, and you didn't deserve to be lumped in with that.
The Matrix-server point is well taken, honestly. You're right that I don't have the experience to find and fix a bad crypto implementation alone - that's exactly why an external review matters before I'd ever tell anyone to rely on it. I hear you.
Thanks for taking the time, twice. I mean that. Sorry it landed as a lecture - that's on me.
(English isn't my first language - AI helps me translate.) Sorry