The Signal Server repository hasn’t been updated since April 2020. There are a bunch of links about this here but I found this thread the most interesting.

To me, this is unforgivable behaviour. Signal always positioned themselves as “open source”, and the Server itself is under the best license for server software (AGPLv3 – which raises questions about the legality of this situation).

Signal’s whole approach to open source has constantly been underwhelming to say the least. Their budget-Apple attitude (secrecy, i.e. “we can never engage the community directly”, “we will never merge/accept PRs”, etc) has lead to its logical conclusion here, I guess. I have been somewhat of a “Signal apologist” thus far (I almost always defend them & I think a lot of criticism they get it very unfair) but yeah I’m over Signal now.

@yogthos
link
341Y

Another big problem with Signal is the fact that it’s centralized with the server being located in US. Even if the protocol itself is secure with the server not having access user data, this presents a huge risk since US government can simply force Signal to shut down the service at any time. The server can also potentially collect metadata about the users providing US security agencies with user connection graphs.

I think that Matrix approach is much more sound, and would always recommend it over Signal.

@Seirdy
link
410M

I wrote about both issues, and why Matrix isn’t a perfect solution, previously: part 1, part 2. Starring WhatsApp, Firefox, Signal, XMPP, Email, and Matrix.

Also discussed on Lemmy: part 1, part 2.

Signal’s problem is being a closed platform; Matrix suffers primarily from complexity. Both enable dependence on a single small group, and therefore enable user domestication. That being said, Matrix is considerably less bad than Signal.

For large public rooms, IRC continues to be the best option. All its issues are client-side; IRCv3 supports history, multiple devices, authentication without NickServ, and even typing notifications. All these features are supported on Oragono. For small, private E2EE rooms, all existing solutions have major trade-offs.

@yogthos
link
110M

yeah completely agree with all that

@roastpotatothief
link
-31Y

All these discussions tend to ignore Wire. It is similar to Signal but has none of these drawbacks and even some extra good features.

sseneca
creator
link
101Y

Wire was mentioned in this thread. It transferred ownership (which in itself was shady) and its new owners are shady too.

@roastpotatothief
link
29M

What do you mean about its new owners?

@lorabe
link
311Y

Let’s be honest, Signal was never an option.

Rather than being free software, signal is more like museum software, you can see, but you cannot touch.

sseneca
creator
link
161Y

A few years ago (2017?) I decided I would move messenger apps. The aim (and what I’ve achieved) was all my messaging going through a secure, private app.

Signal was never an option.

In 2017, Signal really was the only option. Element (Riot, back then) was really bad and didn’t feature e2ee (which only got enabled by default last year!). XMPP was and remains difficult to use (not even many people here use it, how could I expect “normal people” to use it?)

I made the choice to use Signal, and I don’t regret it. I only regret that it has taken until now that we are starting to see a glimmer of a real competitor, in the form of Matrix. But a really competitor to Whatsapp and the like, back in 2017, just didn’t exist outside of Signal.

poVoq
link
5
edit-2
1Y

I don’t quite get why you think XMPP is harder to use than Matrix. The only way this seems true is if you use the main matrix.org instance and then you are pretty much back at a centralized service based in a five eyes country (UK).

sseneca
creator
link
71Y

It’s not about instances, they’re pretty much equal in that regard. There are two main issues with XMPP:

  1. Clients. There is no “default” or “reference” client for XMPP, whereas there is a cross-platform one for Matrix (in the form of Element). This has several implications, but the most important is that for the non-technically aware (which is the vast majority of people I talk to), it is easier and reassuring to use “the” Matrix client. The more important implication to me is on e2ee. Conversations started in Element now enable e2ee by default. In contrast, every XMPP client I’ve tried (on Linux & iOS) does not.
  2. Message history. Matrix and XMPP differ a lot here, and it’s why the Matrix homeservers are much more resource hungry than XMPP servers. When I use Matrix, I get message history on each device. This is a critical feature for those I want to move from Whatsapp and the like. This is not the case with XMPP.
poVoq
link
5
edit-2
1Y

I disagree on the default client idea, especially if it is such a badly done web-based one as element/riot. In the end clients are always platform specific, and there are easy to find “best” XMPP clients for each platform. At most it is a branding/marketing problem (see Snikket.org for that).

As for the other two points: that is both false and outdated. e2ee has been supported and the default in XMPP for longer than in Matrix and message history (as much as the e2ee double ratchet algorithm used both in OMEMO and OLM permits) is working perfectly in XMPP across clients if the server has MAM enabled (pretty much all have).

sseneca
creator
link
21Y

You say you disagree with the default clients idea, but why?

At most it is a branding/marketing problem

I don’t know why you’re so dismissive of this issue. I feel like you’re framing me as if I’m anti-XMPP when that isn’t the case; on the contrary I use XMPP and am a Prosody server admin. The reality of the situation though, like I’ve said above, is that next to nobody uses XMPP, even in tech communities. At this point “branding/marketing” could end up being the be-all and end-all of the entire protocol.

As for the other two points: that is both false and outdated.

You’ve misinterpreted my comment. I am very well aware XMPP has and has had e2ee support, the issue is that XMPP clients never have this switched on by default, in my experience (which was testing every XMPP iOS client there is, the platform most my friends use).

poVoq
link
61Y

The situation on iOS for XMPP is uniquely bad (but actually Siskin and Monal are improving a lot lately). It simply is unfair to look at only one tiny and for most people irrelevant (and uniquely bad) platform and extrapolate from that. On all other platforms XMPP works great and most clients have e2ee enabled by default for 1:1 chats (where it makes the most sense).

As for the other topic, sorry I didn’t want to sound so confrontational, but the same argument comes up all the time inside and outside of the XMPP ecosystem and I think it is simply false. There are other problems why XMPP isn’t adopted. Network adoption is driven by network effects. People invite other people to the network and when doing that they typically also recommend a client (& server). The case of a lone person looking for a new messaging system without any network is the rare exception and one that only comes up in the bubble where this discussion usually takes place.

riccardo
link
4
edit-2
1Y

Well there was Wire, which offered e2e encryption, an open protocol and opensource clients and backend, it has been audited, and it was based in Swiss which is times better than the US. I tried to move a lot of people there, but luckily I failed, considering it has been bought by an advertisement company recently

@Ghast
link
31Y

Wire looked nice, but I stopped using it after they persistently dragged their feet on federation.

Git discussion

Once something with federation gains popularity, the discussion may be over, as we won’t have to talk about jumping ship every year. I’m not sure it’s doable yet, but I’m sure that once it takes hold it’ll last, just like email.

sseneca
creator
link
31Y

Wire was pretty good, true. I used it a bit, but chose Signal because Wire (similarly to Matrix, for now) doesn’t encrypt any/most metadata, whereas Signal encrypts everything and always has.

And like you said, it’s since been sold to an advertising company. Not sure if that’d even be possible with Signal since it’s owned by a non-profit (admittedly not always the case, I guess it could have been possible when they were still OWS).

In both cases, their centralised nature means changing ownership can be devastating (like in the case of Wire). This is why I believe Matrix is the future. Its community is much healthier and active in the development of the ecosystem (3rd party clients, bridges, they actually accept PRs, etc…)

@southerntofu
link
81Y

Signal encrypts everything and always has.

This is not exactly true. Encrypting metadata is most times impossible due to the server needing to know who to deliver messages to (at the very least). “Sealed sender” is now a thing (though i don’t know how strong a protection that is), but to my knowledge Signal continues to aggressively expose users’ phone numbers both to the server (in a hashed formed, for contact discovery) and to other users in public chatrooms. Please correct me if wrong.

it’s owned by a non-profit

A non-profit doesn’t mean you need to do good. Also, it can turn into a for-profit over the years. It’s in fact a conscious strategy of startups in the field of “sharing economy” (remember couchsurfing?)

This is why I believe Matrix is the future.

Matrix is one among others, but i’m not convinced a single solution is going to be the best:

  • Matrix really has a startup vibe and introduces a lot of complexity (reinventing quite a few wheels along the way), to the point the current situation is there’s only one bad client/server implementation (really resource-hungry)
  • Jabber/XMPP has a much slower but dedicated non-profit ecosystem (let’s not even talk about the commercial branches) and lots of client/server options for all hardware/systems, but the clients don’t have good UX/polishing
  • ActivityPub has a vibrant ecosystem but most clients are web-oriented (such a shame) and tailored to a specific use-case (peertube/mastodon/pixelfed)

They all have strong arguments going for/against them. I believe interoperability is the only way to go. These network are doing mostly the same thing, and there’s no reason we can’t talk across networks.

Which brings me to the fact matrix folks really don’t seem to care about interoperability though i hope i’m wrong about this.

@michel
link
31Y

FluffyChat is a decent alternative client (with E2EE support). If you don’t need e2ee there’s actually a healthy number of clients, and some of them do seem to have it on their roadmap

https://matrix.org/clients/

Point taken on server implementations though

@southerntofu
link
21Y

FluffyChat is not an option because it doesn’t support proxies including Tor. If you’re using fluffychat please open an issue there for integrated tor support like Conversations/Gajim does in the Jabber/XMPP world :)

sseneca
creator
link
31Y

I have a lot of thoughts about this but don’t really have the time to reply.

All I’ll say is that I hope you’re following Element’s progress with Dendrite closely. I host my own Dendrite server and it is much more reasonable in terms of resource usage versus Synapse, and it hasn’t even had any resource optimisation features implemented yet.

poVoq
link
41Y

While Dendrite is better in many ways, AFAIK it does not solve the fundamental architectural problem of immutable and permanent history room metadata. As a result of that, database storage use is growing indefinitely (easily into the hundreds of gigabytes) and there is no real solution to that anywhere in sight. In addition I think it also is a massive privacy issue, as this immutable and permanent history room state data is synchronized across any server that has a member joining a chat. Yes I am aware that this is a “feature” of matrix, but IMHO a really bad one and resilient federated rooms can also be implemented in different, less over-engineered ways.

@federico3
link
-31Y

massive privacy issue, as this immutable and permanent history room state data is synchronized across any server that has a member joining

This is terrible.

Matrix evolved evolved in a very messy way, starting without encryption and hacking it in later on, and now it’s even trying to become P2P. I expect more serious privacy-breaching “features” to come out over time.

poVoq
link
3
edit-2
1Y

Not really, that was a feature that was there from the very beginning and Matrix also openly advertised this. The problem mainly comes from people projecting their wishes onto them and the Matrix team (for commercial interests/ego I guess) not vehemently denying that privacy is mostly an afterthought in the system’s design.

@southerntofu
link
31Y

Element’s progress with Dendrite

I’m keeping an eye on Dendrite. I’m not convinced go is the best language for server software, as it suffers many same pain points as Python (eg. GC pauses), but it looks like a neat progress. In fact i’m going to try dendrite very soon when i have some time.

Element on the other hand i would just put in the dumpster because it’s full of everything that’s wrong with web applications. 9MB initial loading just for a simple chat application, seriously? Several seconds of latency just to switch chatrooms? Seriously it’s 2021 folks, how can anyone be happy with such mediocrity and then complain why noone is using Element…

Just found gomuks which appears to be a lot better for desktop/laptops (not mobile). I will try it out and see…

sseneca
creator
link
21Y

Element the client is garbage, I was talking about Element the organisation formally known as New Vector, who develop and maintain the Dendrite homeserver

@southerntofu
link
31Y

New Vec

thanks i had no clue they were renamed

@southerntofu
link
21Y

gomuks

So i just tried gomuks and it’s a pleasure to use! Room switching is instant (compared to 5-15s on Element) and it took just a few seconds to compile. Only downside is it was designed for dark theme so contrast is really bad on light background.

poVoq
link
2
edit-2
1Y

That pretty much sums it up. Matrix isn’t bad, but basically over-hyped and reinvents the wheel for most stuff.

As for sealed-sender in Signal: That is in theory a good idea (and should be implemented in XMPP at some point), but in a walled garden with a single server it is snake-oil as the central server can still easily correlate sender based on other metadata.

@Echedenyan
link
2
edit-2
1Y

Not only sold, I used to report bugs to Wire by e-mail and GitHub before of the change.

One day, they just sent me an automated message in which they said they would not going to provide support to the personal edition at all during a time because of the lack of staff while providing support to the business edition.

It passed more than a year and was maintained, I don’t know today but I expect the same.

Edited: I don’t know why I put Signal instead of Wire jajajajajajajaja.

@kitsunekun
link
31Y

This. I sounded the alarm on signal a few months ago: https://lemmy.ml/post/47340

@cvieira
link
241Y

Whenever I question Signal on Reddit, I get downvoted to hell.

In terms of privacy, I still vastly trust Signal over WhatsApp, Snapchat, etc. But they’ve been sketching me out more and more lately. First was them making Signal dependent on Google services. Then there was them threatening to sue projects that attempted to create forks of the project without said Google dependencies. Now it’s them not disclosing the source code for their server side software.

In their defense, the client is still mostly open source, but they need to stop acting like some savior for privacy when they are so hostile to open source.

Dessalines
admin
link
231Y

Same, /r/privacy and /r/privacytoolsio are so completely watered down that I’ve even seen a lot of pro-microsoft / vscode apologia there. The red flags with signal have been there for years, but they choose to ignore it.

I feel like lots of “privacy-oriented” mainstream tech discourse is a psyop designed to direct people to honeypots or even just inferior solutions.

Dessalines
admin
link
71Y

Pro US all the way down. It’s why all the reddit “privacy” subs praise microsoft, apple, signal, etc.

Ravn
link
51Y

Off-topic, but the US-centrism is what put me off reddit entirely. I just can’t go there anymore because it makes me immediately feel like a foreigner in another country. I sometimes wish there was an internet-wide filter for anything US.

Dessalines
admin
link
31Y

Same.

@kitsunekun
link
11Y

Unfortunately, you will also find it here, but it manifests to a lesser degree.

@southerntofu
link
71Y

Yes it’s called advertisement and it’s the byproduct of an ego/profit-driven society ;)

@federico3
link
31Y

Never underestimate how many people are paid to influence product reviews, social media, message boards and so on.

manemjeff
link
310M

vscode is a meh software. Vscodium on the other hand…

@someone
link
-2
edit-2
3M

deleted by creator

poVoq
link
16
edit-2
1Y

We had huge discussions about it here on lemmy.ml a few weeks back. In the end I think the main problem with Signal is that (while surely better than WhatsApp) it does not fundamentally change anything about the dependency on a walled garden with servers and developers based in the US. No amount of Signal apologizing can change that, and we should really strive for something better than such a gradual improvement at best.

@cvieira
link
91Y

Thats the other thing. Right now I use Matrix as my primary chat program, mainly for this reason. Even if Signal released all of their source code for the next year, at the end of that year, they could simply revoke the source code, and force you to either continue using their service, or stop talking to your contacts.

@southerntofu
link
11Y

Do you know of a good lightweight client that works well with tor? I’d like to be able to use matrix but Element is just super heavy (and works really bad over tor because of latency).

sseneca
creator
link
21Y

Hydrogen, while not stable yet, will hopefully be much more useable over slower networks including Tor: https://github.com/vector-im/hydrogen-web

@Echedenyan
link
2
edit-2
10M

Ohhhh. Seems better than other ones.

@southerntofu
link
11Y

I hope for the best, but considering it’s yet another Javascript webapp, i find it hard to trust it’ll do anything better. By design it will force me to drop privacy/security features from my browser, and will use considerable resources.

@Nevar
link
2
edit-2
8M

deleted by creator

@someone
link
-3
edit-2
3M

deleted by creator

@federico3
link
01Y

Tox has a terrible security track record. At the same time, developers are still making wild claims that Tox can protect your from nation-state sponsored attacks:

Whether it’s corporations or governments, digital surveillance today is widespread. Tox is easy-to-use software that connects you with friends and family without anyone else listening in.

This is not a code problem.

@je_vv
link
4
edit-2
3M

deleted by creator

@Danrobi
banned
link
01Y
@je_vv
link
2
edit-2
3M

deleted by creator

@someone
link
-2
edit-2
3M

deleted by creator

@k_o_t
mod
admin
link
15
edit-2
1Y

edit: i didn’t mean to say that this post is unimportant, rather that this course of events for signal was somewhat predictable and i’m not terribly surprised that this happened…

Jama
link
51Y

Then you should have used this https://en.meming.world/wiki/File:Surprised_Pikachu.jpg (yes, I’m fun at parties)

I can’t tell y’all how many friends, family and other peers would just chat with me with WhatsApp if signal didn’t exist. Let’s be real for a moment, these people wouldn’t use Matrix or Jabber instead, because these can seem a little bit unreliable from time to time.

I know the weaknesses of signal, but I don’t think a better solution exists as of today.

poVoq
link
6
edit-2
1Y

You mean like the centralized Signal servers that recently went down half a day? Not a blip on XMPP despite also higher number of users the same time due to the federated nature of the network.

I get that people are annoyed by the latency of the main matrix.org server, but even that improved lately.

yes like that, but my private xmpp groups all have issues with people turning OMEMO off because they can’t get some messages of each other.

Like I wish it was better and I’d totally advertise it to non-technical people over signal, but that’s not the case today. I hope that projects like https://snikket.org/ take off and solve these issues.

tldr: Signal sucks, but it’s the best we have for some scenarios for now.

poVoq
link
-4
edit-2
1Y

I doubt it. OMEMO issues basically only come up when some people use some obscure clients on obscure and developer hostile OS (like iOS), and there is really no way around that. People even still insist to use Pidgin which really drives me mad.

But that is a problem between XMPP nerds and not “normal” users that simply all user Conversations and 100% compatible clients and it works great (and is quite comparable to all users using the official Signal client).

@TheAnonymouseJoker
mod
link
71Y

I have Conversations, blabber.im, Xabber and Dino (desktop). I use them daily. Turning on encryption is a problem. Conversations is the only decent XMPP client at all, and it has a UI on par with 90s IRC web clients. Not even its own fork blabber.im works with E2EE.

The protocol may be supreme, but polishing UX goes a big longer way than things like privacy, security or anonymity. Normal people treat these secure programs as mission critical, and this (features) is also why Telegram became so popular.

People value UX and features more and rely on obscurity for privacy, security or anonymity.

poVoq
link
01Y

Hmm, It is true that e2ee works best in Conversations and that turning it on in group-chats is not super intuitive in most other clients (as it has some special requirements).

But I really don’t get the complaints about the Conversations UI. Except for that annoying background image in Telegram/WhatsApp, Conversations is pretty much looking exactly the same, no? In fact I find it quite a bit more usable than WhatsApp for example, which has really horrible work-flow in some details.

@TheAnonymouseJoker
mod
link
1
edit-2
1Y

Conversations has this super dingy UI that even an old school folk like me has trouble accepting. Atleast make the chat bubble colour and background colour customisable. Let us use any solid colours.

Also even for one to one chats, if both use Conversations for E2EE, then only it works properly. It is ridiculous and the whole point of federation is protocol compatibility across clients.

poVoq
link
21Y

Conversation UI seems to fall a bit into the uncanny valley of being too modern for old school users and the same time too sober and down to basics for the snap-chat crowd ;)

As for e2ee chats, somehow I don’t have nearly as many problems with it. It mostly just works… no idea why it is different for you.

@TheAnonymouseJoker
mod
link
21Y

The UI honestly is just in a weird spot. Make it old school, or make colours customisable for chat bubbles and background. blabber.im, its fork, is beautiful to use, and is definitely not too Snapchatty.

E2EE chats are a pain in the rear across XMPP clients, be it one to one or group. And it has not changed in 20 years of XMPP. This has to be understood that basics like this need to be done right, maybe as a reference client or handful clients taking it upon themselves. Conversations is in the best spot to do it, and TailsOS is picking up Dino or Gajim as its default XMPP Torified client, so one of them, likely Dino, will become great as well.

obscure and developer hostile OS (that 1/3 of people use). I don’t like iOS but I wanna chat with my friends who use it?!

Like what even are you saying? That we didn’t have this problem (we did)? That it doesn’t matter (it does)?

@southerntofu
link
4
edit-2
1Y

Yes iOS and Apple are incredibly user-hostile and developer-hostile:

  • you can’t install applications that are not approved by Apple, so obviously you can’t install a user-friendly app store like F-Droid (i say like because of course F-Droid is specifically for Android, but the fact is something like that cannot exist for iOS without jailbreaking your phone)
  • you can’t change your operating system (remove iOS)
  • Apple makes it pretty hard for users to interoperate with anything else, by requiring non-standard protocols everywhere (airplay, etc…) to the point where for years iTunes was (maybe still is?) the only way to interact with an iDevice
  • you can’t develop for iOS without an iOS device
  • you can’t develop for iOS without official, non-free Apple software
  • you can’t publish an application on iOS without an official Apple developer certificate
  • even if you got all this, you can’t push information to your users without going through Apple’s centralized push notification gateway (they actively suspend background network connections, so you can’t build anything useful on iOS)
  • you can’t tear apart your phone without specific tooling
  • you can’t even remove the battery without specific tooling (<-- seriously this is fucked up)
  • you can’t use a standard micro-USB/USB-C cable because Apple is the only brand going strongly against any form of standard
  • you can’t use a standard micro-jack cable for audio because Apple is the only brand going strongly against any form of standard

Should i go on? Seriously if prisons were in fact designed to protect people not businesses, all Apple execs would be rotting in jail by now, along with the collaborating engineers who let that happen. To be clear, i don’t think prison is a solution for anything/anyone, just pointing out that the worst crime-doers in society are also those kept further away from prison.

poVoq
link
0
edit-2
1Y

1/3? Maybe in the US and Japan, more or less everywhere else it is close to non-existent and the few that do use it are complete fools (that only bought it because they think it is an expensive status symbol like a Rolex watch).

I am saying that your problem is very rare and based on special circumstances and that can happen pretty much with any solution. For example Signal is banned in Iran, so if you have some members that live in Iran you can’t really have a group-chat over Signal with them. Not a common issue, but real never the less.

You are arguing in bad faith, I won’t answer any further.

poVoq
link
51Y

Yes, friends don’t let friends use iOS :p

@adhoc
link
31Y

<3

sseneca
creator
link
51Y

recently went down half a day

It was more like ~3 days

@Nevar
link
-8
edit-2
8M

deleted by creator

@Metallinatus
link
71Y

Not even close, Telegram is worse than even WhatsApp when it comes to cryptography. In fact, years ago a corrupt politician got his schemes to put Brazil’s ex-president Lula in jail exposed because his messages weren’t E2EE.

Kinda crazy to think, but if he was using the dominant app in the country, WhatsApp, that wouldn’t have happened.

@ihaphleas
link
91Y

Signal is the easiest alternative to WhatsApp for now. But we need to be moving to something like Jami.

@marmulak
link
111Y

Try Conversations or Element

@adhoc
link
21Y

Conversations

@ihaphleas
link
110M

I like those too, still mostly centralized at the moment though…and no one I know uses them

@Nevar
link
4
edit-2
8M

deleted by creator

@ihaphleas
link
110M

Oh, I like Jami, but no one I know uses it

@kitsunekun
link
91Y

I warned you guys about this: https://lemmy.ml/post/47340

@southerntofu
link
21Y

Don’t trust computers, sure. But specifically apps from the US? come on… Most governments have got people on the payroll to defeat cryptography, not just the US. China, Russia, France are not doing ANY better than the USA in this regard.

All governments are psychopaths by nature, and the only way to protect ourselves is to never ever trust a government. (Better yet, burn down all governments and start to live free)

Halce
link
61Y

People seem to float https://getsession.org as an alternative. Are there any details on who’s actually behind that? Personally, I really hope p2p solutions like https://jami.net get better soon.

@Echedenyan
link
11
edit-2
1Y

I won’t promote Session again because of this point:

Convenience again instead of doing something which is in their hand. They are just sold.

Better Jami.

@lps
link
11Y

session is recently released on fdroid but you need to add their repository… https://fdroid.getsession.org/fdroid/repo?fingerprint=DB0E5297EB65CC22D6BD93C869943BDCFCB6A07DC69A48A0DD8C7BA698EC04E6

@Echedenyan
link
1
edit-2
1Y

Then is not in “F-Droid” (main repo) itself which is what I meant. The repo was mentioned in the thread as is the way to not cleaning the code but allow people using F-Droid client to install it easily.

@AlmaemberTheGreat
link
3
edit-2
6M

deleted by creator

sseneca
creator
link
41Y

Last time I looked into Session, my conclusion was that its background was shady enough that I’d never use it.

p2p solutions would be great. The team at Matrix have demonstrated p2p over Matrix (using the Dendrite homeserver) so hopefully that also becomes more accessible at some point.

@someone
link
6
edit-2
3M

deleted by creator

@kevincox
link
31Y

Jami does look nice but personally I really like having partial sync. So that only recent data is on my mobile device and the majority of the data can be saved somewhere with more storage available. I think this could be added to Jami by adding per-device automatic deletion of old data and having one device serving as an archive (with the ability to resend messages to other devices if they scroll back or search) but this would be a huge feature and doesn’t really match the current architecture IIUC.

@AlmaemberTheGreat
link
1
edit-2
6M

deleted by creator

@dragonX
link
5
edit-2
5M

deleted by creator

noflags no borders
link
29M

+1 i got all my friends on matrix anyways now.

@adbenitez
link
4
edit-2
1Y

I recommend Delta Chat, it doesn’t needs to create an account since it is just an email client with a chat interface, it is not a replacement for your fancy chat app but for your email app, everyone have email, so will need an email app anyway, it makes email easy to use and encrypted out of the box without your friends having to know what encryption means.

I like XMPP but UI/UX is really poor, it is surprising that this email client has a much better UI/UX than Conversations, it has swipe to reply, etc. I found Conversations ridiculously “hard” to use, blabber.im improves a lot of small details that have an impact in the users every day workflow

https://delta.chat

sseneca
creator
link
21Y

Delta Chat does look really cool. Like you said, it’s client (testing on iOS) is nice. It’s a shame their desktop app is Electron though.

@adbenitez
link
21Y

I have tried it and it is fast, but I would also like to avoid Electron, I think they are considering to replace Electron in the future

@Echedenyan
link
11Y

Well, fast on your computer. I have got continued freezes with its desktop version. I hope it changes Electron by something native.

It is great on mobile.

@adbenitez
link
010M

when was that? I used to have freezes in the past but recent versions (prereleases, not stable releases) are faster

@Echedenyan
link
110M

Let’s wait the next stable release then but the freezes are not because of the core at all but because of Electron. Because of the core (or something in the “backend” side).

I have experienced it with other Electron apps too in a similar situation by the way it freezes, how did render the interface at all, how responsive it is, etc and comparing reports with other people both IRL and GitHub (Wire, Signal, etc).

manemjeff
link
310M

not trying to be rude, but uh, no shit? I think it’s malicious of them to say that they’re end to end open source to be honest.

@Danrobi
banned
link
2
edit-2
1Y

I never used Signal. I use P2P apps instead. I wonder why people still use centralized messengers. Theres a lot of P2P messengers available. Theres a few here

@dreeg_ocedam
link
9
edit-2
4M

deleted by creator

@kevincox
link
51Y

Have better UX than federated ones

This is definitely currently the case, and could be factual but I think the fundamental difference is minuscule. People are currently using QR codes or phone numbers to find each other (both supported my Matrix) and regularly use emails. You can probably argue that the @domain.example suffix to IDs is a hurdle to UX but I think it is incredibly minor.

So I hold out hope that UX of decentralized messengers will approach or surpass the centralized ones.

Are more reliable than P2P ones - less battery usage

Maybe for “pure-P2P” but for services that still use servers this isn’t the case. (Like Matrix, and IIUC there are XMPP extensions for using external push services that put battery usage on par with any of the centralized ones)

Are more reliable than P2P ones - messages can be sent without the need for both clients to be online at the same time)

This is also only a concern for “pure-P2P” services. Furthermore many pure-P2P services have solutions to this via distributed buffers and logs. In fact for optimal privacy you don’t want to directly connect to the recipient anyways.

Have been audited by third parties

Some of them. However some open-source ones have also be audited and have research done on them. I would love to see enough funding for some of the open-source messengers to get official audits.

Leak less metadata

citation needed. To be fair signal is very good in this regard. However there are better decentralized options and worse centralized options. I don’t think this claim can be applied to centralized or decentralized messengers in general.

@dreeg_ocedam
link
1
edit-2
4M

deleted by creator

@kevincox
link
21Y

decentralised protocol with audited implementations

There haven’t been many, funding for it would be great. But at least some XMPP OTR implementations have been audited: https://www.eff.org/pages/secure-messaging-scorecard. But this isn’t really different between centralized and decentralized, it is just individual. (And usually connected to how much money they have)

a few examples of what metadata Signal protects that Matrix doesn’t

For sure. As I said Signal is a very good protocol. But not because it is centralized, just because it was designed to be very privacy friendly.

Also for what it is worth a lot of that group metadata can be undone because they have some idea who is sending and receiving the messages along with timing. Of course it is still better that they have the sealed sender and encrypted group data but it definitely isn’t perfect.

And yes, Matrix does intentionally leave more of that in the open. Everything is tradeoffs.

@federico3
link
01Y

Leak less metadata

citation needed. On the contrary, any network observer can perform a timing attack by correlating messages being exchanged to/from clients and servers. Having centralized servers only makes it easier.

Briar, on the other hand, is P2P and uses Tor as transport network making such attack way more difficult.

@dreeg_ocedam
link
0
edit-2
4M

deleted by creator

@federico3
link
01Y

To protect users metadata including the type of application, protocol, and timing push notifications cannot be used. Equally, direct connections to centralized servers are not suitable. That’s a reason for Briar to use Tor.

The thread is about centralized vs decentralized. Availability on OSes, polished UIs and so on are besides the point.

@dreeg_ocedam
link
-1
edit-2
4M

deleted by creator

@Danrobi
banned
link
-1
edit-2
1Y

Oh ya “conveniency” again ! 😂😂😂

@xarvos
link
01Y

The metadata part is kinda valid, no?

@dreeg_ocedam
link
11
edit-2
4M

deleted by creator

@Echedenyan
link
21Y

Then you must teach them ethics. If you see that, it is in your hand try it, so it is a moral obligation.

@Danrobi
banned
link
-51Y

Ya which is stupid

@someone
link
-3
edit-2
3M

deleted by creator

This is such a stupid take. Do you plant your food yourself? No, you buy your rice and potatoes washed without dirt on them?

Also your definition of lazy, lmao

@Echedenyan
link
-1
edit-2
1Y

If it is something in your hand and you don’t make it, yes, you are being lazy (in the case here). If not, you are not lazy but a victim.

@someone
link
-1
edit-2
3M

deleted by creator

@shepps
link
2
edit-2
9M

Related community discussion ongoing here

Edit: seems to have been answered and the server code was updated: https://github.com/signalapp/Signal-Android/issues/11101#issuecomment-815400676

sseneca
creator
link
41Y

I linked to that thread in my post

samuraikid
banned
link
01Y

if Snowden uses Signal why shouldnt i use it?

Cheers

@gaso
link
0
edit-2
1Y

Was that before Signal started exfiltrating your social graph via their “no opt out possible” contact discovery service, if so perhaps they’ve updated their opinion since then?


Warning, the rest of this is a wildly meandering rant against our modern privacy theater. Optional reading…

At least the old app permitted the user to deny access to the device address book. Shame they’re trying to solve a problem that doesn’t need solved: “Very few people want to install a communication app, open the compose screen for the first time, and be met by an empty list of who they can communicate with.”

That’s exactly what I want.

Stating “Clients that wish to perform contact discovery negotiate a secure connection over the network all the way through the remote OS to the enclave” is magic handwaving

Just don’t do it, and the problem is solved. It’s as though no one has ever implemented or used instant messengers before, or have been gaslit into thinking they weren’t an ideal base model (2015 and onwards with Google and Facebook realizing how “foolish” they had been.)

When Signal released the update to force this on users, I delete my address book, created a new one with only my own phone number in it, Erase-All’d Signal, reinstalled it, set it up once to use my new address book to upload that to The Cloud, then uninstalled Signal and never thought of using it again.

I totally get what they’re trying to do (or have been forced to do), but I’m fortunate enough to enjoy just the notion of privacy and I don’t require the protection that it may or may not provide for my personal safety (I assume and hope.) I’m certainly not going to endorse their mini-Apple "my way or the highway forced notion of privacy that they’re implementing with that approach to my social graph.

I get the same vibe from email these days from a lot of discussions. It’s some broken, useless thing when it’s the most useful, effective thing I’ve ever used in my life. 14 Eyes and everyone else endlessly scanning the metadata on email, that shame is firmly on them. No one is pretending that we have any actual privacy (except perhaps the Germany government on paper.) Signal is trying to have their cake and eat it to.

Regarding email being great, except for gmail: one of the most user hostile things I’ve ever used in my life. The spam UI buttons not whitelisting/blacklisting addresses is one of the most FU things I’ve ever experienced. And their spam filters will occasionally just blackhole some valid email without delivering it even into the spam folder (who knows why, the user has no input into that process as the one control surface they do provide, the ability to create filters that on paper whitelist a specific address, doesn’t override this process), in spite of delivering endless piles of obvious spam to my spam folder every day…further cementing the user’s recognition of the unreliability of delivery through the walls of their anti-federated garden…

samuraikid
banned
link
11Y

You can disable contacts permission on [settings - apps - signal - permissions] to send a message to contact you can use dialler and click message and send the message to the contact number

@dreeg_ocedam
link
4
edit-2
4M

deleted by creator

@dragonX
link
8
edit-2
5M

deleted by creator

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 26 users / day
  • 77 users / week
  • 183 users / month
  • 572 users / 6 months
  • 4.41K subscribers
  • 2.13K Posts
  • 10.2K Comments
  • Modlog