Log in
| 1 | ||
| 1 | ||
| 1 | ||
| 1 | ||
| 1 |
Topic. I used the general phrase 'privacy respecting' to include more stuff than what's covered by e2ee. If there's no e2ee but the server software is open-source and easy to set up, then that counts as well. In fact I'm trying to include Telesham. Its e2ee isn't worth shit to me b/c it isn't available on the desktop but there's encryption in transit and supposedly the infrastructure is setup such that it's hard to subpoena shit. But then again the owner got arrested and cucked and did a 180. Whatever, it's more convenient and popular than alternatives, so still a step up from whatscrapp that shares your number and has AI make a profile of you. So I do use telesham as something normie-friendly.
Session doesn't cut it for me. It simply doesn't deliver msgs reliably. Sometimes it takes 20 minutes to deliver something. It's like we still need the server-client model. Even though Session is the most accessible out of all the decentralized ones.
I have XMPP, Matrix (gay tricks), Telesham, and Shitgnal. Out of these I don't even use the former two, I just stay available on them for occasional contact. Shitgnal is really where it's at. The only thing I don't like is its phone centricity. I want phone notifications so that I remain available, but when I'm chatting on the desktop I don't want my phone to constantly make beeping noises. And the desktop app has a minimal menu and a combined roster + conversations and for larger text you have to zoom the entire interface instead of setting the font size. I hate how bulky the window is for trying to fit in both the roster and selected conversation. Telesham's UI is a bit better, if you make the window small enough it will hide the roster. XMPP is king though because there's a choice of clients and one of them is Pidgin, which has a minimalistic interface and not this Electron crap.
But that's in terms of UI, but XMPP doesn't make the cut in terms of UX. First of all it makes you remember yet another username / password combination (and register them in the first place) so that's a higher barrier to entry for introducing others to it. Secondly OMEMO is a bit finnicky and unreliable where you connect multiple ends. So Telesham sits weirdly in the middle where it doesn't even provide e2ee but does some other things to protect your privacy on the infrastructure level and it's easier to register and introduce others, and the UI is acceptable. But still Shitgnal's shortcomings in terms of UI keep it worth it. It just works and provides e2ee and protection of metadata.
What are your favs?
Did you read this about Telegram?
https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/
They also arrest people for Telegram posts in Russia quite frequently, so there is a suspicion Durov is collaborating with Russian authorities stealthily in some way (or there are known security holes), so I won't create an account there in any case.
This would be a good case for a poll.
Another pro of XMPP that I forgot to mention is that the clients come from an age where it was default to provide users the option to connect via a proxy including Socks5 / Tor. Session does that too but not most Matrix clients for example so in spite of its convenience of providing e2ee by default, it will leak your IP address if you aren't cautious. Bring your own VPN I guess, but that's a VPN. It's so neat that you can count on XMPP clients to either connect behind Tor or not at all, without having to resort to torifying all your traffic (which is a painful thing to do, I've tried). Signal isn't torified either, and it's a centralized service running from the US on top of that, so they may be compelled by the NSA to monitor the network and collect metadata. This is actually alarming. Signal promises that the only metadata they can even see is when users last signed in and when they registered but I believe that assumes that the server is actually running the software from their github repository. But the NSA may have compelled them to replace it with compatible software that monitors the users. You're still ensured to have e2ee because the client software is open-source and builds are reproducable (you can verify that it's actually built from the claimed source code). Nonetheless, at worst it's just another whatscrapp in terms of monitoring. And they actively prevent people setting up their own Signal servers. What's your take on this @x0x7 ? Should we have listened to the people saying moxie's a sketchy figure, was this the whole plan? Note also how Signal was funded by InQTel and how moxie closed an issue about trying to get the app F-Droid approved. I'm not sure why I closed my eyes to these facts (that I've been aware of for a while) before. It seems like some controlled opposition type shit, I'm not sure what the proper nomenclature is for technology. I didn't care too much because I don't do illegal shit and it's for communicating with normies, like I even have whatscrapp for that purpose, better than no communication at all. But I'm wondering if it's really that good that I promote Signal.
honeypot, maybe, in terms of nomenclature
Here's my take. Telegram is the most honeypot of them all. I think Signal started with good intentions, but when your messenger depends on a central operator they can be pressured by outsiders. So it doesn't matter what their intentions are.
Any messenger being marketed heavily as an iphone app that integrates with your telephone number is probably a bad idea. Hi, I've got this ultra secure chat application that integrates with your personally identifiable information. Said no hyper-secure software of any type ever. Why isn't there Facebook integration in the tor-browser?
Why fewer chat applications have options for connecting to socks? I suspect it is because we have wrappers like sockify that can make any application do that without that app needing to build out the menus. It's also a little more correct IMO to make it so the app's network security layer is agnostic to the technology used. Maybe it's not a strong argument but when you add an argument with some appeal with the prospect of doing less work it sounds good. Instead of making the menu and extra code to support that you just add an extra line to your git README.
Because he's a faggot.
Make your own and host it.
For an alternative view, see this article:
-> Against XMPP+OMEMO (Dhole Moments)
In other news I'm testing Delta Chat and it seems good. Something defederated and user-friendly. I have not chatted with anyone on this, however. Would anyone like to test this with me?