• AceKat
    link
    fedilink
    arrow-up
    20
    ·
    edit-2
    3 years ago

    Since it doesn’t have any encryption the only advantage I see is the fact that it’s open source and that there won’t be (hopefully) any data collection, but conversations will still be completely unencrypted, which is not that great. Nothing tells me that whenever this revolt’s userbase grows in size, they won’t start collecting data, including every message previously sent. Encryption exists so you don’t have to trust anyone to keep your messages safe, I hope they implement some sort of e2ee protocol at least for DMs

      • AceKat
        link
        fedilink
        arrow-up
        8
        ·
        edit-2
        3 years ago

        For the same reason facebook is one of the biggest companies in the world. Having access to thousands of users’ chat history is very useful for ad personalization and could be worth a lot of money. To fight this decentalization and encryption are crucial, you can’t trust that they will never use that data for advertisement purposes, maybe introduced in a privacy police change. Solid encryption algorithms are feasable for smaller groups, but as I said, at least DMs could be encrypted

          • adrianmalacoda
            link
            fedilink
            arrow-up
            7
            ·
            edit-2
            3 years ago

            The only issue is that it’s not open source so they might get bought in the future by someone that changes that.

            A proprietary centralized chat service is a bad thing, regardless of privacy policy. Revolt is already superior to Discord on that front.

              • adrianmalacoda
                link
                fedilink
                arrow-up
                3
                ·
                edit-2
                3 years ago

                I said in my comment that the fact that they’re not FLOSS is an issue.

                I think we may be on the same page, then.

                Not everything that isn’t FLOSS is a conspiracy to get your data

                This is why I think framing free software as a privacy issue is inherently flawed. Free software is a good thing because it gives you control over your technology. The fact that free software is generally more privacy respecting is probably a side effect of that, but some proprietary software companies at least nominally claim to respect privacy too. Discord can have the best privacy policy in the world, and actually stand by it, and I would still denounce it because it is a locked-down proprietary silo platform.

                similarly not everything that is FLOSS takes proper care of your data

                This is technically true, in that a free software license is not a magical ward against bugs or spyware, but in cases where a free software project becomes spyware - such as Audacity - a spyware-free fork often pops up soon after. This is why I value the four freedoms of the free software movement.

                  • AceKat
                    link
                    fedilink
                    arrow-up
                    4
                    ·
                    edit-2
                    3 years ago

                    I agree with you that FLOSS doesn’t mean automatically better and there is no reason to wear a tinfoil hat. You ultimately have to trust someone if you don’t inspect the source code yourself. I was just saying that being revolt centralized and having access to every information isn’t the best design for a discord privacy-respecting alternative, but they do have a good privacy policy, so if you trust they respect it (atm no reason to doubt that) then it will be surely better than discord. Discord does collect chat history though. On discord privacy policy:

                    Information You Provide: We collect information from you when you voluntarily provide such information, such as when you register for access to the Services or use certain Services. Information we collect may include but not be limited to username, email address, and any messages, images, transient VOIP data (to enable communication delivery only) or other content you send via the chat feature.

                    They don’t say that they sell said information to advertisers (even if they send some data to third parties) and I don’t have seen any report about them getting caught doing that, I’m sorry I assumed. But I admit I get a bit carried away with doubts about companies who offer closed source software to a very large userbase. If there is a chance of making more money, they usually take it.

      • Bilb!
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        3 years ago

        I agree that encrypting a group chat beyond a small group of trusted individuals is pointless. It’s nice to have the option, though.

          • Helix 🧬@feddit.de
            link
            fedilink
            arrow-up
            4
            ·
            3 years ago

            That blog post is not about Element and doesn’t include any of the ways Element stores data and sets up encryption. Basically they’re just saying ‘there’s no sane defaults and websites want to spy on you’, which I totally agree to, but which still misses the point. It is doable, it’s just not done well. To just send everything in plaintext is definitely not the solution here.

              • Helix 🧬@feddit.de
                link
                fedilink
                arrow-up
                1
                ·
                3 years ago

                it’s about the fact that you’re doing crypto to protect yourself from the server, using code that the server just sent you

                Ah, yes, makes sense. Solutions to this may be to use client applications, local storage in browsers or checksumming.

              • Helix 🧬@feddit.de
                link
                fedilink
                arrow-up
                2
                ·
                3 years ago

                I guess very few people self-host their email or Matrix or XMPP.

                You don’t need to self host email, Matrix or XMPP to use E2EE. I meant self hosting the web clients.

                And it still doesn’t protect you against someone breaking the TLS connection between you and your server.

                HSTS, Certificate Pinning, …

                Every communication method suffers from this, it’s not exclusive to web-based communication.

                proprietary, windows only apps are not generally designed with security as the number 1 concern

                Yeah, Open Source software down to the OS itself is important for security. But even then, who audits their own software? It’s probably 0.01% of the 0.01% of the general population you mentioned.

                  • Helix 🧬@feddit.de
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    3 years ago

                    That’s why you stick to software under high scrutiny and highly visible for security sensible stuff

                    So, like Element? scnr