At /e/ we had lots of discussion about Telegram vs Signal vs ... But I must say that the best IM secured service in my opinion is @delta
Delta Chat is using emails to transport instant messages: it's fully decentralized, heavily encrypted and you can reach any contact 😀
That's a great design.
@gael I wouldn't recommend Telegram OR Signal OR Delta Chat. Telegram uses a proprietary backend and rolled their own crypto. Any cryptologist will tell you that that is *terrible* practise and incredibly insecure.
Signal includes blobs from Google and the devs are very hostile to people trying to fork the project to remove those.
Delta Chat is email. The only benefit there is body text encryption. Every email includes metadata such as the sender's IP address. It's also slower than other solutions - it's email.
I would recommend Wire only until Briar releases their "remote follow" feature. With it, you'll be able to add contacts without meeting them IRL.
What's about XMPP and Matrix? Do they adress these issues? Personally I use both XMPP and Signal and I am interesting about your point of view @amolith about Signal. Are the Google blobs only located in the apps or in libsignal or maybe the server? I have taken a look on libsignal one time but didn't notice it, a bit blurry for me.
I love XMPP and use it quite a bit. I just don't think it's *quite* user-friendly enough to include in a ROM by default. Matrix is still a bit immature imo because, just like email, it includes a ton of metadata by default. Message deletion is also very ambiguous because, even though it may *look* like you've deleted it, the message is still there. Someone could make a client that simply doesn't honour the server saying it was deleted and it would still show up. Again, I use Matrix a lot too. I just don't think it's quite ready to be the default app on a ROM aimed at the "average" user.
I don't remember exactly what it was I read but Moxie, the lead dev, went around in circles for years extolling the virtues of the Play Store, Google Services, and Google Analytics. For the longest time, he even refused to distribute an APK and he still refuses to put it in F-Droid.
Where Moxie goes around for 3 years talking about how he can't live without Google's pretty little graphs:
And this one shows where he killed a fork of Signal that removed its Google dependencies. He goes on and on about how XMPP is dead, how federation is dead and was never truly an option for serious projects, etc. etc. etc.
@amolith @gael I completely agree with everything you wrote so far about messengers, @amolith. It's also true that xmpp clients should be more user friendly. Many of the clients did implement omemo recently and it's truly cross-platform. Xmpp needs polish, but it offers all the features I'd like to see in a modern day messenger. Unfortunately (partly because of the issues) it's not wide-spread yet; the question is, if it ever will be...
I think one if the reasons XMPP can be so intimidating is much the same as why Mastodon is. There are so many different instances aimed at different things, run by different people, with individual configs, that it can be overwhelming trying to choose which one to go with. A lot of the things that differentiate servers from each other are settings that go over normal users' heads. What's a cipher, what's OMEMO, what's SSL, etc.?
IMO, if someone could find a good way to list in a user-friendly manner and make it easier to sign up for them, I wouldn't even be having this discussion lol. XMPP does groups, voice, video, and file sharing, it's distributed, encrypted, and battle-tested in hundreds of different scenarios. The only thing holding it back is the UX 😞
@amolith @gael Wire isn't decentral, costs money for companies, depends on telephone number or E-Mail-adress, it's server code isn't fully free (yet?), they were caught for tracking (references to Google Firebase in it's source code). Briar is much better but has huge battery consumption & I think it can't deliver messages to devices which are offine at the time of sending.
@STP_KITT I didn't realise the server code wasn't fully free or that there were references to Firebase. I'll revise my recommendations 👍
Briar does deliver messages sent when a device is offline once it comes online again. The next update is also supposed to drastically improve battery life.
@amolith Oh, I must've missed them adding offline messages. How do they do it though considering it's a P2P-messenger? If there's a central server for that it's like a problem got replaced my another problem. Anyway, I'm looking forward to improved battery life :-)
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!