@stevenroose I believe Signal wrote a blog post discussing why they are not going to implement a federation structure but can't find it off-hand.
> I understand that federation and defined protocols that third parties can develop clients for are great and important ideas, but unfortunately they no longer have a place in the modern world.
@stevenroose Wouldn't count on signal being cooperative. Moxie has a history of threatening legal action against forks of the client.
@stevenroose The most important thing is that people started taking their privacy a bit more seriously
@fatboy Yeah that's the upside of this all. Some awareness is good. But some actual progress would not be bad either :)
@stevenroose I think xmpp would be ready for mainstream when our grandmas can create an account with an app...
@fatboy Well XMPP is a federation protocol. Its meant to be implemented by services to communicate together. WhatsApp, Signal, Telegram and all the others could support the protocol and be compatible with each other. Instead they refuse and try to hoard as many users as possible. Which IMO is a bit suspicious for supposedly nonprofit organisations.
@techit @fatboy Hosting a server for a small community is basically costless. Maintaining a Signal-scale service + building all the clients is costly. So the Signal money needs to come from somewhere. It's a lot easier to trust small communities to have your privacy in mind. Also, its way easier to leave one service and move to the other. So service providers that want to exploit user data know they'll lose all their users once there any suspicion. Also, no phone numbers!
basicaly signal is designed to run on evil cloud servers, it means that most of your meta data is encrypted,which is super important.
XMPP isn't good with that, all metadata, including who and how much your talking is available to the server owner.
added with spam, it seems like a bad option for normal people.
you're right about the scaling cost, but they have good funding and whatever else,xmpp small servers shut down all times.
most normies like the phone number thing.
@bazurk They're identical on a conceptual level. They all have E2EE for both private chats and group chats (Telegram perhaps might not even have group chat encryption yet, not sure).
Apps being "open-source" is only a real guarantee of E2EE if you compile your own software or if someone did some research on reverse-engineering the apps to see if they don't leak more data.
@bazurk @stevenroose Hoarding users does not equate to bad security. A pure nonprofit's aim is to reinvest into it's community regardless of how much it makes. Signal is non-profit and mostly free software -- sophiscated guise, if one.
I approve of Matrix's decentral strategy, yet there still inlies the issue of Matrix.org (space offered by founders) being the number one populated server by a significant margin, central-like. Although, there are ways to remedy this.
#Encryption is (by and large) a red herring in the context of IM communications.
Unless you know exactly what you're doing, it's going to do you more harm than good.
Because it gives, and is intended to give, a false sense of #security. It is basically only useful where you don't actually need it.
Even normal people benefit from better opsec.
I'm sure an infosec professional could make better use of certain tools. I'm also sure a chef makes better use of his knife. Does that mean we should advocate for people to stay away from those tools?
Acton had some LOL money to throw at moxie. The #Signal protocol is public and audited for anyone to use. No bullshit, no FUD.
but yeah #xmpp is cool. Would rather someone use signal than mess up setting it up themselves.
Do you realise that their much hyped foundation does not *own* the IP? An LLC does.
The lot will be sold in 3–5 years time thanks to gullible idiots who bought into the hype
@stevenroose OPERATED and IMPLEMENTED by FaceBook are totally different concepts. More than a few messaging apps use the Signal protocol but that's where it stops.
@stevenroose though I agree that Signal has many flaws, I think it is good to keep a level head about things.
These apps are not equivalent.
Signal's business model relies on donations and grants.
It's apps and servers are open-source (sure, that does garanty everything but it's already way better than the others)
Signal is E2EE by default, also for group and does not allow some users to store all messages in clear on a google drive.
Please don't tell random people that they are equivalent.
@silmathoron WhatsApp is also E2EE by default. The argument you make about donations is exactly mine: its not operated by Facebook. Telegram is the only one that allows third-party clients, which arguably is a difference.
@stevenroose but as I said, Whatsapp allows users to save all the data in clear on a Google drive ("not great" privacy-wise since it negates E2EE).
For both Whatsapp and Telegram, we can only hope that E2EE is indeed applied (there no way to check ).
As for the donations, it means that at least the business model is not selling your data.
You may consider these negligible differences, but I (and many others) don't.
@silmathoron Well I said exactly in my OP that the difference was that they're not operated by Fb. The only other difference you mentioned is that WA fives you the *option* to backup unencrypted. Which sounds to me like a feature, not a flaw.
For every app downloaded from the Play or iOS store is trusted to not leak any data
@kekcoin @moparisthebest @stevenroose I do not think they can really forbid people from compiling given the license... (but I may be wrong)
There is at least Langis (a degoogled binary for Signal) that you can get on F-droid: https://langis.cloudfrancois.fr/
And there are 3rd party apps for Signal such as Axolotl: https://axolotl.chat/
That being said, I'll say it again: Signal has many flaws, it should not be the alpha and omega of chat, that's a fact.
But Telegram and WhatsApp have way more issues.
I am using Conversation and Snikket.
But they just won't cut it for my family, they miss features they want, are more complicated (the need for a password for XMPP is already too much for some).
I'll look into Quicksy as soon as I can but I have little hope ATM.
They want stickers, group calls, something that's simple and just works.
And I can't afford to advise something they may not like or they won't trust me to try something else later.
So Signal it is.
@moparisthebest I know how Snikket works, I mentioned password for regular XMPP.
Anyway, since most people care about privacy and not anonymity, they don't mind (they even expect) to use phone numbers so that they can easily reuse their current social graphs without the need for invites or the like.
This is an additional reason why XMPP is just not what they are looking for to replace WhatsApp...
As I said, it's complicated, and Signal currently provides the best balance
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!