Post A38rgu83IAb5DWS4mG by skypage@noagendasocial.com
(DIR) More posts by skypage@noagendasocial.com
(DIR) Post #A38QAPDnyHuLKaQD6e by stevenroose@x0f.org
2021-01-11T17:29:51Z
4 likes, 4 repeats
This whole drama with people leaving #WhatsApp for #Signal or #Telegram doesn't make much sense IMO. These apps are literally identical with the only difference that they're not operated by #Facebook.What would be different is if these apps would implement federation (fe #XMPP).
(DIR) Post #A38QEJ28v8N5IUpJWi by fatboy@fosstodon.org
2021-01-11T17:30:30Z
0 likes, 0 repeats
@stevenroose I agree, but Rome wasn't built in one day
(DIR) Post #A38QK5X225nT9y22NM by kekcoin@bitcoinhackers.org
2021-01-11T17:31:34Z
0 likes, 0 repeats
@stevenroose Signal has a bit stronger guarantees wrt. e2ee.
(DIR) Post #A38Qa8L3MgQWUx51LU by stevenroose@x0f.org
2021-01-11T17:34:32Z
0 likes, 0 repeats
@signalapp@twitter.com @telegram@twitter.com What do you think? Implementing #Jabber/#XMPP #federation would make a real difference compared to WhatsApp.@ThreemaApp@twitter.com @WireAppOfficial@twitter.com Joining the effort?
(DIR) Post #A38QaorRGfHuNYYTei by fatboy@fosstodon.org
2021-01-11T17:34:38Z
0 likes, 0 repeats
@stevenroose The most important thing is that people started taking their privacy a bit more seriously
(DIR) Post #A38R5U6kTe4izXL2wa by bazurk@mastodon.online
2021-01-11T17:40:12Z
0 likes, 0 repeats
@stevenroose Um no. Not exactly sure where your getting your info from and I don't mean to be a troll but they are fundamental differences in how they handle encryption. I am a big fan of #xmpp though but spreading misinformation is kinda dangerous in politically charged times. Use Signal.
(DIR) Post #A38RCy3xVHXnvFbN0y by koolaidwithkaran@mastodon.technology
2021-01-11T17:41:31Z
0 likes, 0 repeats
@stevenroose I believe Signal wrote a blog post discussing why they are not going to implement a federation structure but can't find it off-hand.
(DIR) Post #A38RIEarTDZCdhVFYm by stevenroose@x0f.org
2021-01-11T17:42:32Z
0 likes, 0 repeats
@fatboy Yeah that's the upside of this all. Some awareness is good. But some actual progress would not be bad either :)
(DIR) Post #A38RSvPn7FeeLMQGqu by stevenroose@x0f.org
2021-01-11T17:44:28Z
0 likes, 0 repeats
@bazurk They're identical on a conceptual level. They all have E2EE for both private chats and group chats (Telegram perhaps might not even have group chat encryption yet, not sure).Apps being "open-source" is only a real guarantee of E2EE if you compile your own software or if someone did some research on reverse-engineering the apps to see if they don't leak more data.
(DIR) Post #A38RWJGqsRHZCRr64e by kekcoin@bitcoinhackers.org
2021-01-11T17:45:04Z
0 likes, 0 repeats
@stevenroose Wouldn't count on signal being cooperative. Moxie has a history of threatening legal action against forks of the client.
(DIR) Post #A38RY0c5DTeduhb2FE by kaputse@habitat.zelle.one
2021-01-11T17:41:23.072724Z
0 likes, 0 repeats
@stevenrooseTrue, true. I am slowly dragging my peers to Matrix. Let's see how that goes 😁
(DIR) Post #A38RY0yPsRWF1y2s3U by stevenroose@x0f.org
2021-01-11T17:45:19Z
0 likes, 0 repeats
@kaputse I'm trying to do the same with #Jabber/#XMPP, but I just don't feel as comfortable inviting my non-techy friends that are not used to not-100%-smooth experiences :/
(DIR) Post #A38S0mHBbGxbqVXXM0 by fatboy@fosstodon.org
2021-01-11T17:50:35Z
0 likes, 0 repeats
@stevenroose I think xmpp would be ready for mainstream when our grandmas can create an account with an app...
(DIR) Post #A38SDJWdo20ERRkLom by bufordk@noagendasocial.com
2021-01-11T17:52:48Z
0 likes, 0 repeats
@stevenroose OPERATED and IMPLEMENTED by FaceBook are totally different concepts. More than a few messaging apps use the Signal protocol but that's where it stops.
(DIR) Post #A38SteX65j63l19HTE by bazurk@mastodon.online
2021-01-11T18:00:28Z
0 likes, 0 repeats
@stevenroose https://beebom.com/whatsapp-vs-telegram-vs-signal/
(DIR) Post #A38T7gnqRpQqqtfwMS by silmathoron@floss.social
2021-01-11T18:02:59Z
0 likes, 0 repeats
@stevenroose though I agree that Signal has many flaws, I think it is good to keep a level head about things.These apps are not equivalent.Signal's business model relies on donations and grants.It's apps and servers are open-source (sure, that does garanty everything but it's already way better than the others)Signal is E2EE by default, also for group and does not allow some users to store all messages in clear on a google drive.Please don't tell random people that they are equivalent.
(DIR) Post #A38Tql1bb6aKyfbNiK by techit@linuxrocks.online
2021-01-11T18:10:54Z
0 likes, 0 repeats
@fatboy @stevenroose agree
(DIR) Post #A38U9ahSD4TGSP9mSm by alanturing@bitcoinhackers.org
2021-01-11T18:14:32Z
0 likes, 0 repeats
@stevenroose @kaputse Matrix seems to have a good selection of clients.https://matrix.org/clients/
(DIR) Post #A38VxLaGmgoa0e5Nke by Talkless@fosstodon.org
2021-01-11T18:34:42Z
0 likes, 0 repeats
@stevenroose What about #matrix protocol? I haven't tried it, but Wikipedia states it's #federted.
(DIR) Post #A38a51sSKwLL1WVjuK by skypage@noagendasocial.com
2021-01-11T19:21:02Z
0 likes, 0 repeats
@stevenrooseSignal is open source, audited, and proven to preserve privacy, unlike the other two, and something I'd actually trust for privacy, unlike the other two options
(DIR) Post #A38gLVZoHauLUb1woq by stevenroose@x0f.org
2021-01-11T20:31:08Z
0 likes, 0 repeats
@silmathoron WhatsApp is also E2EE by default. The argument you make about donations is exactly mine: its not operated by Facebook. Telegram is the only one that allows third-party clients, which arguably is a difference.
(DIR) Post #A38gocniVBX0IQQ2am by stevenroose@x0f.org
2021-01-11T20:36:27Z
0 likes, 0 repeats
@fatboy Well XMPP is a federation protocol. Its meant to be implemented by services to communicate together. WhatsApp, Signal, Telegram and all the others could support the protocol and be compatible with each other. Instead they refuse and try to hoard as many users as possible. Which IMO is a bit suspicious for supposedly nonprofit organisations.
(DIR) Post #A38hDutyLADHftPB2G by life@burn.capital
2021-01-11T20:41:00Z
0 likes, 0 repeats
@stevenroose positioning those apps as identical just because none support xmpp federation feels a bit disingenuous to me. Only one is owned and operated by a nonprofit entity with no financial incentive to break their privacy promises, for example. I agree things would be better if they federated, but I think there are differences between trusting your data to fb (who you know is selling you out), the uae (who knows what they're doing), and a nonprofit with a pretty good track record.
(DIR) Post #A38idE4mHuAOKv5jtI by silkevicious@libranet.de
2021-01-11T20:56:08Z
0 likes, 0 repeats
@stevenroose amen
(DIR) Post #A38jBdRCV4Ugq8zGTY by roundy@noagendasocial.com
2021-01-11T21:02:49Z
0 likes, 0 repeats
@stevenroose Because Signal is “secure”...
(DIR) Post #A38n14kh0O2wBYKC92 by spongycake@mastodon.online
2021-01-11T21:45:50Z
0 likes, 0 repeats
@stevenroose @fatboy Hoarding users does not equate to bad security. A pure nonprofit's aim is to reinvest into it's community regardless of how much it makes. Signal is non-profit and mostly free software -- sophiscated guise, if one. I approve of Matrix's decentral strategy, yet there still inlies the issue of Matrix.org (space offered by founders) being the number one populated server by a significant margin, central-like. Although, there are ways to remedy this.
(DIR) Post #A38n5CbfkCwRhi4bcu by kaputse@habitat.zelle.one
2021-01-11T19:01:17.562961Z
0 likes, 0 repeats
@koolaidwithkaranThere are legends about a talk Moxie gave at the c3 some years ago that is not allowed to be on the internet. Try to dig it up, very entertaining.They are against federation because it makes feature deployment harder ¯\_(ツ)_/¯@stevenroose
(DIR) Post #A38n5Cy0PAo2oyWRRA by stevenroose@x0f.org
2021-01-11T21:46:41Z
0 likes, 0 repeats
@kaputse @koolaidwithkaran Yeah I saw the talk. It does make it harder. But I think operability is worth the effort.
(DIR) Post #A38o9W0HfWJSyWCoEq by raucao@kosmos.social
2021-01-11T21:58:36Z
0 likes, 0 repeats
@stevenroose @kaputse @koolaidwithkaran Moxie disagrees:> I understand that federation and defined protocols that third parties can develop clients for are great and important ideas, but unfortunately they no longer have a place in the modern world.https://github.com/libresignal/libresignal/issues/37#issuecomment-217339450
(DIR) Post #A38oH4JcUprDQ0qrLs by silmathoron@floss.social
2021-01-11T22:00:01Z
0 likes, 0 repeats
@stevenroose but as I said, Whatsapp allows users to save all the data in clear on a Google drive ("not great" privacy-wise since it negates E2EE).For both Whatsapp and Telegram, we can only hope that E2EE is indeed applied (there no way to check ).As for the donations, it means that at least the business model is not selling your data.You may consider these negligible differences, but I (and many others) don't.
(DIR) Post #A38p9u8s1RTlnFyHdQ by stevenroose@x0f.org
2021-01-11T22:09:56Z
0 likes, 0 repeats
@life They are functionally almost identical. E2EE, phone number for signup. Like I said the only difference is the entity that operates it. Unlike Facebook, which has other revenue sources than WhatsApp, both Signal and Telegram run their service at a loss. Money needs to come from somewhere.
(DIR) Post #A38pPqRTXvPix4H5ns by raucao@kosmos.social
2021-01-11T22:11:33Z
0 likes, 0 repeats
@skypage @stevenroose Cool, so please show me the proven server code that the Signal company is running right now, without you having to trust their say-so.
(DIR) Post #A38rWqmYscENwSbcHo by life@burn.capital
2021-01-11T22:36:29Z
0 likes, 0 repeats
@stevenroose it's totally fair that they're functionally very similar!Does federation solve the problem of the entities running nodes needing money? It explodes trust issues because now you have to trust every endpoint & intermediary instead of just the one service.Maybe I'm just confused as to what problems you think federation would solve?
(DIR) Post #A38rgu83IAb5DWS4mG by skypage@noagendasocial.com
2021-01-11T22:38:22Z
0 likes, 0 repeats
@raucaoBy that logic, you wouldn't trust any software running on a computer you don't control, regardless of whether they use a proven trust-no-one privacy model. The server code is open sourced as well if you don't want to take their word for it. Are you running Libre hardware? If not, how can you trust the firmware you're depending on? https://github.com/signalapp@stevenroose
(DIR) Post #A38rppvSHxhKmsoq3c by raucao@kosmos.social
2021-01-11T22:39:58Z
0 likes, 0 repeats
@skypage @stevenroose You're missing the point. I can fully control which XMPP server I use and who I trust to run it. And it's sure-as-fuck not a U.S. corporation.> The server code is open sourced as well if you don't want to take their word for it.Just because there's code published on the Internet doesn't prove that they run that code unmodified. You *must* take their word for it as a user.
(DIR) Post #A38w85wdrtPbV0KsnA by stevenroose@x0f.org
2021-01-11T23:28:02Z
0 likes, 0 repeats
@silmathoron Well I said exactly in my OP that the difference was that they're not operated by Fb. The only other difference you mentioned is that WA fives you the *option* to backup unencrypted. Which sounds to me like a feature, not a flaw.For every app downloaded from the Play or iOS store is trusted to not leak any data
(DIR) Post #A390UuIpidUFrvqgPw by Casuallynoted@casually.cat
2021-01-12T00:16:57Z
0 likes, 0 repeats
@stevenroose My experience with both XMPP and Matrix have been that they're really annoying to set up and feel kind of outdated. I wish there was a better federated chat alternative but after trying both it feels like neither is especially feasible.
(DIR) Post #A392D5wpspzMgKC5Dc by stevenroose@x0f.org
2021-01-12T00:36:09Z
0 likes, 0 repeats
@life It solves the lock-in problem. And the fact that you *have* to trust the single organization in order to use the service. When federating, you don't have to do anything, you can run your own service while still being able to communicate with people that decide to trust a service provider.
(DIR) Post #A392X2fDnru2HuSz0C by stevenroose@x0f.org
2021-01-12T00:39:47Z
0 likes, 0 repeats
@skypage @raucao Server and client are different things. But then again, its about incentives. I use a char client that is a paid software without a service attached. The incentive is for the dev to get as many installs as possible. Signal gives the app for free and the service as well. One could argue they hope for you to start donating, but I'd be surprised if 1% of Signal users actually contribute.
(DIR) Post #A392b3e65vxGUWr6Js by moparisthebest@moparisthe.best
2021-01-11T23:00:49.070531Z
0 likes, 1 repeats
@silmathoron @fatboy @stevenroose Quicksy is secure, e2e by default, your grandma can install/use it, AND it's actually open source and federated, unlike Signal and other walled gardens.
(DIR) Post #A392kwXDO7gRKhLlCK by kekcoin@bitcoinhackers.org
2021-01-12T00:42:18Z
0 likes, 0 repeats
@stevenroose @silmathoron Signal and telegram can be downloaded from F-Droid, WA can't.
(DIR) Post #A39M0av9Pjts3pir7A by life@burn.capital
2021-01-12T04:17:59Z
0 likes, 0 repeats
@stevenroose Even if you run your own instance, it's only true that you don't have to trust other providers if you talk only to people on your instance. As soon as you want to talk to someone on a different instance, you're forced to trust that instance to a degree. Sure, the trust is distributed around, so you aren't exactly forced to trust just one provider, but frankly having to trust a bunch of random providers just to have real conversations doesn't seem like a big improvement to me.
(DIR) Post #A3C0xstqb5EBODrK7M by techit@linuxrocks.online
2021-01-13T11:06:16Z
0 likes, 0 repeats
@fatboy @stevenroose btw, just checked blabber.im app, and it pretty straightforward.after making friends go to signal, I'll test it with one of my friends
(DIR) Post #A3CVo5yiDKc7dQwl2O by Atlas@atlas.fedi.live
2021-01-13T16:52:00.463630Z
0 likes, 0 repeats
@stevenroose Are there xmpp alternatives?
(DIR) Post #A3CXA2UXxQCj99rf9c by techit@linuxrocks.online
2021-01-13T15:27:11Z
0 likes, 0 repeats
@fatboy @stevenroose rethinking, what would be the security benefits for using xmpp on public servers vs using signal?
(DIR) Post #A3CXA2wYHIbcY0y1o0 by stevenroose@x0f.org
2021-01-13T17:07:05Z
0 likes, 0 repeats
@techit @fatboy Hosting a server for a small community is basically costless. Maintaining a Signal-scale service + building all the clients is costly. So the Signal money needs to come from somewhere. It's a lot easier to trust small communities to have your privacy in mind. Also, its way easier to leave one service and move to the other. So service providers that want to exploit user data know they'll lose all their users once there any suspicion. Also, no phone numbers!
(DIR) Post #A3CXEoWZJbhRH95SOu by stevenroose@x0f.org
2021-01-13T17:08:00Z
1 likes, 0 repeats
@Atlas I think the only one is #Matrix. #Matrix and #XMPP are quite equivalent feature-wise.
(DIR) Post #A3CiNjM50DIzLUdRom by techit@linuxrocks.online
2021-01-13T18:35:08Z
0 likes, 0 repeats
@stevenroose @fatboy basicaly signal is designed to run on evil cloud servers, it means that most of your meta data is encrypted,which is super important.XMPP isn't good with that, all metadata, including who and how much your talking is available to the server owner.added with spam, it seems like a bad option for normal people.you're right about the scaling cost, but they have good funding and whatever else,xmpp small servers shut down all times.most normies like the phone number thing.
(DIR) Post #A3CiRSt2ApvDQapWkq by techit@linuxrocks.online
2021-01-13T18:47:04Z
0 likes, 0 repeats
@stevenroose I understand your intention, and federation would be a good step(signal's developer moxie declared he won't do it).it is some kind of way to turn off the fire for some time.most ideal is a secure p2p messenger which would scale, work all time won't eat your battery.
(DIR) Post #A3ED1Npp4ms7zTi8oq by stevenroose@x0f.org
2021-01-14T12:30:51Z
0 likes, 0 repeats
@techit Yeah I'm playing with that idea. #Briar seems like a good starting point, but it could use some UX improvements to make it more user-friendly for normies.
(DIR) Post #A3EDIE6EWcKEihPzLE by techit@linuxrocks.online
2021-01-14T12:33:52Z
0 likes, 0 repeats
@stevenroose it is a nice starting point, but I can't see this app, even in future replaces mainstream messenger,it is slow, eats your battery, and features like voice and video calls won't probably be possible because it uses tor.it is mainly for special extreme use cases
(DIR) Post #A3EDJTdYF7jFCKbBSq by techit@linuxrocks.online
2021-01-13T18:41:40Z
0 likes, 0 repeats
@moparisthebest @stevenroose @fatboy @silmathoron they don't encrypt your meta datayou would need to pay in order to put other xmpp addresses so newbs will see you.signal seems better when you don't have close friends to run a server for you...
(DIR) Post #A3EDJTrNPimttD4E0u by moparisthebest@moparisthe.best
2021-01-13T22:39:27.201712Z
0 likes, 0 repeats
@techit @stevenroose @fatboy @silmathoron Signal only pinky promises to encrypt your metadata, they still have your entire social graph and know when you talk to who. Quicksy doesn't involve paying so I don't know what you mean there. I agree running your own server or having a friend or family do it is best, but using Quicksy is still better than Signal, because it's open and it's federated.
(DIR) Post #A3EDJU5CaJqYa5XGYy by techit@linuxrocks.online
2021-01-14T09:21:15Z
0 likes, 0 repeats
@moparisthebest @stevenroose @fatboy @silmathoron well, lets say they just promised,its still better then nothing.https://quicksy.im/#get-listedthis is for the paying, it could federate, but non tech savvies won't do it.
(DIR) Post #A3EDJUKRfe2XLMfRK4 by stevenroose@x0f.org
2021-01-14T12:34:06Z
0 likes, 0 repeats
@techit @moparisthebest @fatboy @silmathoron Why not? I will tell a normie to add me using my regular JID.. That's what federation is..
(DIR) Post #A3EDds8QrxTey8lh5M by techit@linuxrocks.online
2021-01-14T12:37:48Z
0 likes, 0 repeats
@stevenroose @moparisthebest @fatboy @silmathoron he is used to just see the person out of his contacts, if not, the whole point of phone numbers is useless...would he know or have the willing to know what is jid?I'm not sure...
(DIR) Post #A3EDkypCOZ7vkCA3pg by stevenroose@x0f.org
2021-01-14T12:39:07Z
0 likes, 0 repeats
@techit Well with some trade-offs you can make it work better. For voice and video you can use public or self-hosted STUN/TURN servers and connect encrypted. Tor is practical to establish long-lived connections with changing IPs. But IMO it's fair to reveal IPs if you want to do A/V. Battery consumption is a consideration though.In principle one could use a push server that just sends signals.I think it's fine to make those trade-offs though.
(DIR) Post #A3EE7B4hWx7e6jzs24 by techit@linuxrocks.online
2021-01-14T12:43:05Z
0 likes, 0 repeats
@stevenroose sounds great, still, I don't see anybody starting taking those trade offs, I wish it would be possible with xmpp threw,if it would be that easy I would just host my own tor xmpp server, and the calls will go threw the public stun/turn.this would be enough for me and lots of normies...having tor behind a firewall seems super easy
(DIR) Post #A3EIDljYXuNZMEVN56 by techit@linuxrocks.online
2021-01-14T13:29:05Z
0 likes, 0 repeats
@stevenroose continuing this unending discusssion, just downloaded delta chat and it also seems very straitforward, the remainng question is if this is beteer thn signal and xmpp when gmail is being used by most people.it has very good encryption.how important is the metadata here?
(DIR) Post #A3GPqaH2Axg76VXVVQ by EvanHahn@bigshoulders.city
2021-01-15T14:03:53Z
0 likes, 0 repeats
@stevenroose I work at Signal and here are my two cents: Signal is incrementally better than the incumbents, but it's not perfect.I think more people realize that corporations don't have users' best interests in mind. Switching to Signal is a big step in that regard even if our underlying technology is similar.A decentralized or federated Signal (Matrix? Berty? Briar?) is my dream, but...baby steps!(Note that I'm not speaking for Signal here; just my opinion.)
(DIR) Post #A3MyVfvYchiLtw1EFk by stevenroose@x0f.org
2021-01-18T18:00:38Z
0 likes, 0 repeats
@EvanHahn Berty looks cool, thanks for the mention, I've been playing with some ideas the past weeks. I do recognize that XMPP currently makes for horrible UX. I'm interested in something along the lines of Briar, but that seems about what Berty is doing.
(DIR) Post #A3WbD2pn9KUOayiLuy by Br0m3x@social.weho.st
2021-01-23T09:26:48Z
0 likes, 0 repeats
@stevenroose #Signal is not so far from #Whatsapp. It has simply different business model. That's it.Keep in mind, they do not work for free or a bowl of rice.#federation is their enemy. They need to show to investors, donators etc. “Look, we have this number of users and it's growing”. Have you heard that any popular newspaper has private #xmpp server or #onion address?They claim that they care about their sources because they have Signal. Bullshit#privacy #security