[deleted]
link
106M

We really need to stop recommending Keybase to people, the codebase is not maintained at all (the github activity is a flat line) so the crypto should be considered obsolete. From what I can tell, it was designed to show off the skills of the devs for acquisition/hiring and now it has been acquired.

poVoq
link
56M

As if XMPP does not even exist… doesn’t give me much confidence in how well this is researched.

[deleted]
link
56M

I think they’re aiming at a more general market, that needs a nice UI to use the product. Also, XMPP is not encrypted by default.

poVoq
link
-3
edit-2
6M

XMPP is very much e2e encrypted by default. It uses the same system as Signal in their OMEMO implementation, which is widely supported by XMPP clients.

And clients like Conversations also have a really nice and mass market compatible UI.

[deleted]
link
46M

OMEMO is not default. Even in the list you linked, half of the clients do not fully support it.

poVoq
link
2
edit-2
6M

It is the default in the clients that cover like 95% of the user-base.

Dessalines
admin
link
36M

I think it’s supported but not turned on by default. At least when I tried conversations recently it was not default in one on ones, and not available at all in group chats.

poVoq
link
16M

Odd, for me it defaults in 1:1 chats, when was the last time you tried?

For group chats it AFAIK is enabled automatically if the group-chat creator has made the right settings for it to work (OMEMO can not work with pseudonymous chats and history disabled).

@linkpop
link
1
edit-2
6M

OMEMO can not work with pseudonymous chats and history disabled

OMEMO works fine in a private group chat, it’s disabled in public channels as there’s no point doing encryption there (when anyone can join and it’s impossible for verify everyone’s fingerprints).

poVoq
link
16M

Yes, that is what I wrote ;)

Dessalines
admin
link
16M

I think it was maybe a month ago or so.

poVoq
link
1
edit-2
6M

If the other side of the 1:1 chat uses a client that does not support OMEMO by default, then something like that can happen I guess. Did you at least get the big red warning sign that the 1:1 chat isn’t encrypted?

Metawish
link
26M

Conversations UI can be MUCH improved to compete with the looks of some other common chat apps like messenger and imessage imho.

@linkpop
link
26M

Conversations actually follows the Material guidelines from Google. Which puts it in an odd spot in that It looks “too new” for those that want a classic look, and “too old-fashion” for those that want a flashier look.

For me personally, it doesn’t look horrendous and it works, so I’m happy with it.

@linkpop
link
1
edit-2
6M

XMPP is very much e2e encrypted by default

Please do some research and stop perpetuating this myth.

  1. XMPP is not E2E encrypted by default.
  2. Conversations does OMEMO by default.
  3. There isn’t a single other XMPP client out there that does OMEMO by default, not one. They have support for it, but they very much do not enable it by default.
  4. Every time a friend of mine uses a different messenger, I have to remind after getting a load of unencrypted messages to hit the damn padlock icon in their new client.
poVoq
link
16M

So compared to other messengers that have only one single official client, how is this any worse? If you use Conversations it is the same but better.

@linkpop
link
16M

Easy, it doesn’t help if your friend goes onto discover another XMPP messenger (cause they want their messages on their laptop/iOS or something else).

There’s no global OMEMO option for these either, you have to remember to enable OMEMO for every single conversation. The community has been asking for this for years on github, but the developers just never bother to enable it.

poVoq
link
16M

How is that worse than Signal, Threema or Whatsapp where no such clients even exist?

poVoq
link
06M

All of which have a single client, similar to using Conversations only on XMPP.

@linkpop
link
16M

Please show me how I can run Conversations on:

  • a desktop PC
  • an iPhone

Once you’ve done that, feel free to join us at https://github.com/privacytools/privacytools.io/issues/1838 where people are actually trying to fix the issue.

poVoq
link
1
edit-2
6M

Please show me how to run Signal or Whatsapp on a Desktop PC (edit: without relying on a linked Android or iOS app). Threema only has an unofficial and not very well working Desktop client (OpenMittsu).

iPhone is total crap, so I don’t care about that, but apparently there are some similar XMPP clients for it.

@linkpop
link
1
edit-2
6M

OK, I have signal-desktop open over here (you can download yourself from the link I gave you above as well - here’s a help guide that should take you 2 minutes to go through), and I can see all my chats with my contacts, and I can send them a message, and look; it’s end-to-end encrypted - WhatsApp works the exact same way.

Let’s try that with my XMPP account, I can send a message to a friend of mine on Conversations, and it’s OMEMO encrypted by default, great.

Now let’s try using dino.im, same contact… oh, it didn’t use OMEMO - I thought some dude on Lemmy said that all of XMPP was end-to-end encrypted by default?

iPhone is total crap … apparently there are some similar XMPP clients for it.

Unfortunately, a significant chunk of the world population disagrees with you, and they need a good XMPP client if you’re going to take XMPP mainstream. Here’s a spoiler for you: all the XMPP iOS clients suck (I have actually tried them all) and Signal/WhatsApp of course have apps on iOS that work. By the way, did you know all of Apple’s pushes are powered by XMPP?

Anyway, I’m done with this thread, not only have you shown that you are ignorant of how the platform you are espousing works and its limitations, you also have this arrogant “it works for me, therefore it has to work for everyone else” attitude - which just isn’t how the world works.

Even though I’m a fan of XMPP myself, if you ever wonder why security-conscious people (for example here) recommend Signal instead of it - it’s precisely because they know that E2EE Just Works over there.

poVoq
link
1
edit-2
6M

Neither the Signal deskop client or the WhatsApp web client are true stand-alone clients. They are remote access band-aids that only work together with a running Android or iOS client and in fact break e2ee (spoiler: that’s a build in backdoor to the e2ee). You can pretty much do the same with Conversations and a remote access system like Scrcpy to get a “full Desktop experience” of Conversations.

As for the Dino example… well it shows it prominently enough that the connection is not excrypted, especially on the Conversation side (where you would expect the default e2ee) there is a big red warning asking you to enable it. Which can be done very easily.

I am honestly getting a bit tired of people having higher expectations of XMPP then even what the systems people compare it to do, just because XMPP is more explicit about certain technical limitations and on other systems with actually less capability, this is hidden from the user and in the end the user ends up less safe on the supposedly safer platform.

As for iOS… maybe. I don’t really care as iOS is insecure by default and due to the software mono-culture is trivial to exploit. So it really doesn’t make any difference.

@linkpop
link
1
edit-2
6M

Neither the Signal deskop client, not the WhatsApp web client are true clients

You’re wrong on the Signal desktop point, it is a full fledged client on it’s own and can work without the mobile app.

As for the Dino example… well it shows it prominently enough that the connection is not excrypted,

No, it doesn’t. Dino just shows you a tiny padlock after the fact. There’s even a Github issue complaining that it’s not obvious: https://github.com/dino/dino/issues/971

I am honestly getting a bit tired of people having higher expectations of XMPP then even what the systems people compare it to do

Well, until these issues are fixed, noone, absolutely noone is going to recommend XMPP to anyone.

And we haven’t even started talking about all the other flaws: https://infosec-handbook.eu/blog/xmpp-aitm/

I don’t really care as iOS is insecure by default and due to the software mono-culture is trivial to exploit

Yet again, wrong; iOS is both significantly more secure and more user friendly than any Android/Linux phone out there with maybe the exception of GrapheneOS.

poVoq
link
1
edit-2
6M

AFAIK you are incorrect about everything above. It might be that the Signal client runs standalone, but it still requires the Android or iOS client as stated on their website:

Signal Desktop must be linked with either Signal Android or Signal iOS to send and receive messages.

Dino doesn’t claim to be a finished client and thus isn’t intended for “productive” use. What I wrote was specifically about the Conversations side, which as a fall-back to the default e2ee offers a non-encrypted connection with a HUGE red warning.

The info-sec handbook stuff is FUD and applies just the same way, and in fact even more so (due to the centralized and likely NSA compromised nature of it’s servers) to Signal and the like.

As for iOS, I suggest you actually read up on that stuff before believing Apple’s marketing BS.

@linkpop
link
16M

Yes, you link it once with your Android phone and then it’s a client on its own with its on messaging queue on the server. So no, you are wrong and don’t actually know what you are talking about.

Anyway, I’m not an iOS user in any shape or form, but I recognize that it’s a good platform, and far better suited for normal people than the fragmented mess that Android is.

Oh, and just to show you more ignorance on your part: gajim.org is another desktop XMPP client that has existed since… 2004, and also doesn’t do OMEMO by default and also doesn’t make it obvious that you’re not doing OMEMO. If a 17 year old app isn’t production ready, what is?

poVoq
link
16M

Again, I am talking about Conversations. This is the same as with Signal or any other such chat service that only offers a single app. You are arguing as if the additional capabilities of XMPP make it worse, when in fact those make it better.

@SineNomineAnonymous
link
16M

Nobody in my family is going to configure their chat app to use XMPP. So yes, it exists. But no one is using it.

poVoq
link
1
edit-2
6M

Ask them to try https://quicksy.im/ Super easy and with phone-number discovery as well.

P.S.: There are using XMPP already, if they use WhatsApp. Switching to a proper XMPP client will be an even better experience.

@SineNomineAnonymous
link
16M

Will definitely have a look. And of course, I meant “using XMPP on my own, secure server”. WhatsApp requires no configuration, the XMPP server I use is a different story. It was hard enough to get them to move away from WhatsApp, imagine asking them now to use yet another one. But thanks for the link, will definitely be looking into it.

@DonutVeteran
link
26M

Although Matrix might have a few kinks in it, I still think it’s the best choice for privacy-concious messaging. They seem to be coming up with good ideas; bridging for one is kind of functional, and I like the concept of federated systems. There also seems to be a good community around it, with lots of good libre clients in particular popping up.

poVoq
link
26M

Matrix is ok from a decentralization point of view, but privacy isn’t a strong point of it and if fact seems more of an afterthought conflicting with many early protocol design decisions.

@cvieira
link
26M

The fact that they recommend several proprietary programs, as well as Signal and a Zoom owned project. I’d understand compromising on Signal since its easy to use, but how could a service geared towards hardcore privacy enthusiast promote proprietary software.

riccardo
link
16M

What’s the Zoom-owned one?

@cvieira
link
16M

Keybase

sseneca
link
16M

Keybase

@Nevar
link
2
edit-2
5M

deleted by creator

@BrownNote
creator
link
16M

Can you provide some resources for your claims?

@Nevar
link
1
edit-2
5M

deleted by creator

manemjeff
link
-26M

just use session

@leonard
link
1
edit-2
6M

deleted by creator

@leonard
link
1
edit-2
6M

deleted by creator

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 user online
  • 21 user / day
  • 79 user / week
  • 201 user / month
  • 599 user / 6 month
  • 3.6K subscriber
  • 1.95K Post
  • 8.81K Comment
  • Modlog