This whole drama with people leaving for or doesn't make much sense IMO. These apps are literally identical with the only difference that they're not operated by .
What would be different is if these apps would implement federation (fe ). What do you think? Implementing /#XMPP would make a real difference compared to WhatsApp. Joining the effort?

@stevenroose I believe Signal wrote a blog post discussing why they are not going to implement a federation structure but can't find it off-hand.

There are legends about a talk Moxie gave at the c3 some years ago that is not allowed to be on the internet. Try to dig it up, very entertaining.

They are against federation because it makes feature deployment harder ¯\_(ツ)_/¯


@kaputse @koolaidwithkaran Yeah I saw the talk. It does make it harder. But I think operability is worth the effort.

@stevenroose @kaputse @koolaidwithkaran Moxie disagrees:

> I understand that federation and defined protocols that third parties can develop clients for are great and important ideas, but unfortunately they no longer have a place in the modern world.

@stevenroose Wouldn't count on signal being cooperative. Moxie has a history of threatening legal action against forks of the client.

@stevenroose What about #matrix protocol? I haven't tried it, but Wikipedia states it's #federted.

@stevenroose The most important thing is that people started taking their privacy a bit more seriously

@fatboy Yeah that's the upside of this all. Some awareness is good. But some actual progress would not be bad either :)

@stevenroose I think xmpp would be ready for mainstream when our grandmas can create an account with an app...

@fatboy Well XMPP is a federation protocol. Its meant to be implemented by services to communicate together. WhatsApp, Signal, Telegram and all the others could support the protocol and be compatible with each other. Instead they refuse and try to hoard as many users as possible. Which IMO is a bit suspicious for supposedly nonprofit organisations.


The funny thing is, all the major mainstream chat services from Facebook, Google, etc had Xmpp support in the beginning. They closed it down after reaching critical mass.

@fatboy @stevenroose
btw, just checked app, and it pretty straightforward.
after making friends go to signal, I'll test it with one of my friends

@fatboy @stevenroose
rethinking, what would be the security benefits for using xmpp on public servers vs using signal?

@techit @fatboy Hosting a server for a small community is basically costless. Maintaining a Signal-scale service + building all the clients is costly. So the Signal money needs to come from somewhere. It's a lot easier to trust small communities to have your privacy in mind. Also, its way easier to leave one service and move to the other. So service providers that want to exploit user data know they'll lose all their users once there any suspicion. Also, no phone numbers!

@stevenroose @fatboy
basicaly signal is designed to run on evil cloud servers, it means that most of your meta data is encrypted,which is super important.
XMPP isn't good with that, all metadata, including who and how much your talking is available to the server owner.
added with spam, it seems like a bad option for normal people.
you're right about the scaling cost, but they have good funding and whatever else,xmpp small servers shut down all times.
most normies like the phone number thing.

@stevenroose @fatboy
xmpp is good, for power users with the ability and willing to run servers by their own.

@stevenroose Um no. Not exactly sure where your getting your info from and I don't mean to be a troll but they are fundamental differences in how they handle encryption. I am a big fan of #xmpp though but spreading misinformation is kinda dangerous in politically charged times. Use Signal.

@bazurk They're identical on a conceptual level. They all have E2EE for both private chats and group chats (Telegram perhaps might not even have group chat encryption yet, not sure).
Apps being "open-source" is only a real guarantee of E2EE if you compile your own software or if someone did some research on reverse-engineering the apps to see if they don't leak more data.

@bazurk @stevenroose Hoarding users does not equate to bad security. A pure nonprofit's aim is to reinvest into it's community regardless of how much it makes. Signal is non-profit and mostly free software -- sophiscated guise, if one.

I approve of Matrix's decentral strategy, yet there still inlies the issue of (space offered by founders) being the number one populated server by a significant margin, central-like. Although, there are ways to remedy this.


#Encryption is (by and large) a red herring in the context of IM communications.

Unless you know exactly what you're doing, it's going to do you more harm than good.

@stevenroose is correct. #Signal is Mr Acton's baby and very much a commercial venture just like #Whatsapp , with Acton on the record saying as much (search #Forbes, IIRC).

Nothing wrong with commercial venture except when they rely on bullshit, #FUD and deception, as the #Signal gang do.


Because it gives, and is intended to give, a false sense of #security. It is basically only useful where you don't actually need it.

Yes, do use it for some basic #privacy protection, but never in a #security context unless you know exactly what you're doing (e.g. #infosec is what pays your bills)

@bazurk @stevenroose

@0 @bazurk @stevenroose

Even normal people benefit from better opsec.

I'm sure an infosec professional could make better use of certain tools. I'm also sure a chef makes better use of his knife. Does that mean we should advocate for people to stay away from those tools?

Acton had some LOL money to throw at moxie. The #Signal protocol is public and audited for anyone to use. No bullshit, no FUD.

but yeah #xmpp is cool. Would rather someone use signal than mess up setting it up themselves.


Please do your homework first before wasting bandwidth. #Acton *made* that money by selling an IM app. Benham's trail of self-aggrandising deception follows him since his #Usenet days.

Do you realise that their much hyped foundation does not *own* the IP? An LLC does.

The code might be “open” (but “no #FDroid builds please”) but the service is closed. And not #anonymous

The lot will be sold in 3–5 years time thanks to gullible idiots who bought into the hype

@bazurk @stevenroose

True, true. I am slowly dragging my peers to Matrix. Let's see how that goes 😁

@kaputse I'm trying to do the same with /#XMPP, but I just don't feel as comfortable inviting my non-techy friends that are not used to not-100%-smooth experiences :/

Yeah a few years ago I had everyone on Xmpp, but that slowly went downwards. So I am riding the Hypetrain and trying to encourage users to use Matrix. Also the clients available have a more modern UX, afaik.

@stevenroose OPERATED and IMPLEMENTED by FaceBook are totally different concepts. More than a few messaging apps use the Signal protocol but that's where it stops.

@stevenroose though I agree that Signal has many flaws, I think it is good to keep a level head about things.
These apps are not equivalent.
Signal's business model relies on donations and grants.
It's apps and servers are open-source (sure, that does garanty everything but it's already way better than the others)
Signal is E2EE by default, also for group and does not allow some users to store all messages in clear on a google drive.
Please don't tell random people that they are equivalent.

@silmathoron WhatsApp is also E2EE by default. The argument you make about donations is exactly mine: its not operated by Facebook. Telegram is the only one that allows third-party clients, which arguably is a difference.

@stevenroose but as I said, Whatsapp allows users to save all the data in clear on a Google drive ("not great" privacy-wise since it negates E2EE).
For both Whatsapp and Telegram, we can only hope that E2EE is indeed applied (there no way to check ).
As for the donations, it means that at least the business model is not selling your data.
You may consider these negligible differences, but I (and many others) don't.

@silmathoron Well I said exactly in my OP that the difference was that they're not operated by Fb. The only other difference you mentioned is that WA fives you the *option* to backup unencrypted. Which sounds to me like a feature, not a flaw.
For every app downloaded from the Play or iOS store is trusted to not leak any data

@stevenroose @silmathoron Signal and telegram can be downloaded from F-Droid, WA can't.

@kekcoin @stevenroose @silmathoron Signal forbids anyone else from compiling and distributing it, so you can't get it from f-droid.

Quicksy is on both Google play store and f-droid, also you are free to compile and distribute it yourself.

@moparisthebest @stevenroose @silmathoron My bad, you're right. I was running it on my gapps-less phone but it was the only app I installed manually.

@kekcoin @moparisthebest @stevenroose I do not think they can really forbid people from compiling given the license... (but I may be wrong)
There is at least Langis (a degoogled binary for Signal) that you can get on F-droid:
And there are 3rd party apps for Signal such as Axolotl:
That being said, I'll say it again: Signal has many flaws, it should not be the alpha and omega of chat, that's a fact.
But Telegram and WhatsApp have way more issues.

@silmathoron @moparisthebest @stevenroose I hope moxie doesn't go after them like he's gone after other forks in the past...

@silmathoron @kekcoin @stevenroose It's impossible to compile it yourself and get push notifications, and moxie actively goes after forks that connect to his server.

No argument from me that Signal is the best of the bad silos, but why not just avoid them entirely?

Go Quicksy or Snikket instead!

I am using Conversation and Snikket.
But they just won't cut it for my family, they miss features they want, are more complicated (the need for a password for XMPP is already too much for some).
I'll look into Quicksy as soon as I can but I have little hope ATM.
They want stickers, group calls, something that's simple and just works.
And I can't afford to advise something they may not like or they won't trust me to try something else later.
So Signal it is.

@silmathoron I'm guessing you haven't used Snikket because it doesn't require any passwords from the user. You send them an invite link taking them to the app store, install it, and they are automagically logged in.

@moparisthebest I know how Snikket works, I mentioned password for regular XMPP.
Anyway, since most people care about privacy and not anonymity, they don't mind (they even expect) to use phone numbers so that they can easily reuse their current social graphs without the need for invites or the like.
This is an additional reason why XMPP is just not what they are looking for to replace WhatsApp...
As I said, it's complicated, and Signal currently provides the best balance

@silmathoron If you want simple, secure, uses phone numbers, and still open and federated then you want Quicksy, not Signal
@silmathoron @fatboy @stevenroose Quicksy is secure, e2e by default, your grandma can install/use it, AND it's actually open source and federated, unlike Signal and other walled gardens.

I agree that we can hope for better alternatives than Signal. However I do not think it makes WhatsApp, Telegram, and Signal equally bad options.
@stevenroose @fatboy

@moparisthebest @stevenroose @fatboy @silmathoron
they don't encrypt your meta data
you would need to pay in order to put other xmpp addresses so newbs will see you.
signal seems better when you don't have close friends to run a server for you...

@techit @stevenroose @fatboy @silmathoron Signal only pinky promises to encrypt your metadata, they still have your entire social graph and know when you talk to who. Quicksy doesn't involve paying so I don't know what you mean there. I agree running your own server or having a friend or family do it is best, but using Quicksy is still better than Signal, because it's open and it's federated.

@moparisthebest @stevenroose @fatboy @silmathoron
well, lets say they just promised,its still better then nothing.
this is for the paying, it could federate, but non tech savvies won't do it.

@techit @moparisthebest @fatboy @silmathoron Why not? I will tell a normie to add me using my regular JID.. That's what federation is..

@stevenroose @moparisthebest @fatboy @silmathoron
he is used to just see the person out of his contacts, if not, the whole point of phone numbers is useless...
would he know or have the willing to know what is jid?
I'm not sure...


> #Signal's business model relies on donations and grants.


Now that we see where we stand on the credulity front, let's talk about this lovely selection of bridges I have for sale. 😀


Sign in to participate in the conversation
unidentified instance

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!