Also we have to get rid of any messenger that requires your mobile phone number as your unique identifier, even much-lauded #Signal. It locks you inside the conventional, easy-to-track phone infrastructure. Try #Conversations instead, on a WiFi-only device. It uses the decentralized XMPP and works like a charm.
@ralph I totally agree with "we have to get rid of any messenger that requires your mobile phone number as your unique identifier." This has been annoying me for quite a while, now.
@kensanata @ralph @hinterwaeldler
It’s all about tradeoffs, right? Whether phone number leaking is a big deal largely depends on your threat model. Some people need to keep that number private. Others assume the attacker knows it already.
Network effects matter too. Many are already using Signal. More have heard of it.
“Is Signal ideal?” isn’t the question but rather “Is Signal better for my situation than what I use today?”
@mkb @hinterwaeldler @ralph @kensanata #CopperheadOS has a good list in the usage guide: https://copperhead.co/android/docs/usage_guide#messaging
#Conversations is at the top of the list most recommended, then #Signal, then #WhatsApp and others.
@uranther @kensanata @hinterwaeldler @mkb What's a recommended xmpp server for conversations?
@ralph @uranther @kensanata @hinterwaeldler @mkb I recommend dismail.de. Conversations with OMEMO on LineageOS or Replicant and dismail.de are the perfect combination. But the good thing is, you can choose for yourself. Check the feature compliance on https://conversations.im/compliance/ and the availability on https://status.conversations.im/historical/ and make your own choice, that's what's so great about it :)
@resist_berlin @uranther @kensanata @hinterwaeldler @mkb Sorry, I should probably clarify. I meant server software in case I want to run it myself. Great with a service list though!
@ralph @uranther @kensanata @hinterwaeldler @mkb Oh, sorry, totally didn't get that. People usually use ejabberd or prosody, both are good choices. And they're easy to set up, but fairly difficult to fine tune if you want to support all current XEPs. Tried it myself, achieved about 90% of what I wanted, eventually gave up. Unless you're really willing, it's a good idea to leave this to the specialised guys. Especially if you want to have full OMEMO support and http upload etc... Not fun.
@resist_berlin @ralph @uranther @kensanata @hinterwaeldler @mkb I had good success with ejabberd. In recent versions it's as easy as uncommenting a few lines in the config file and setting up a few port forwards and DNS entries. The bigger problem was that nobody wanted to change from e.g. Hangouts to XMPP and the transport doesn't support photo attachments properly.
@mbirth @resist_berlin @ralph @uranther @kensanata @hinterwaeldler
I find the human angle to be the bigger hurdle most of the time. Convincing people to change behavior is hard. Either they don’t think it’s important or they are so overwhelmed they give in to security nihilism and don’t think they stand a chance.
@mkb @resist_berlin @ralph @uranther @kensanata @hinterwaeldler Mostly, they're just lazy. "I already have WhatsApp with all my buddies on it, why should I switch? And I don't even need an account with WhatsApp, why should I have to create one with <insert alternative>?"