@Aaron @jerry @cwcopa thing is, the issue is not just about future e-mail that is going to be written and sent. It's about all past encrypted e-mails. And that's why it's so problematic, and that's why I can see how EFF's recommendation made a lot of sense.

It was about protecting past communication.

Plus, everyone should really have 2 secure channels. Just in case. Use Signal.

@rysiek Let's not use Signal though. They require a phone number, actively discourage alternative clients and it is plainly centralised.

@xrevan86 please give me a better solution for journalists from across the world, without a way of physically meeting, and with a need for good crypto, a mobile and desktop client, and a way to share files securely.

A lot are still using Telegram or Viber. We tried pushing Tox but it was nigh-unusable to regular people. Briar is interesting, but still barely out the gate. Wire is tempting, but we barely moved people to Signal from Telegram, Viber, WhatsApp.

@rysiek Wire is more acceptable as it doesn't require a phone number, yes.
I personally think !xmpp does meet those requirements.

@xrevan86 I used to run 2 XMPP servers. Tried setting up audio communication, and MUC, and send files, and it was always a major pain in the arse, and barely worked if worked at all.

XMPP is not a solution in any way, shape, or form, until they fix the "random XEPs implemented by random clients/servers" bullshit.

As to Wire, if I had to make this decision today, Wire would probably be it. But I am not going to move hundreds of people to Wire right now; Signal is good enough.

@rysiek @xrevan86 Setting up the XEPs is an annoyance and I think Conversations is the only viable XMPP client. But so long as everything is set up on the server side it just works.

Anything non-federated isn't going to scale. That includes Signal, and Signal has a lot of other problems besides. I can't run Signal without trusting Moxie's server.
rysiek ✅

@bob @xrevan86 well it works on *your* server. What about other servers?

We need a clear standard, implemented by and testable against the majority of servers and clients.

Otherwise it's a clusterfsck.

@rysiek @xrevan86 This is what #freedombone is about, but also ejabberd and prosody need to ship with a default set of xeps which pass all the Conversations tests. If that happened life would be easier.

@bob @xrevan86 if that happened, XMPP would perhaps become a contender again.

Right now it simply is not.

And I say this as a person who was promoting XMPP back when it was called Jabber.

@bob ejabberd pretty much does. And Prosody… not so much.
Is Prosody the evil in this equation :-)?
@rysiek The XEPs that are expected from a modern XMPP client are pretty clear, so if you see a client that doesn't work it out then either it has slow development, dead or doesn't care.
It's like with email: there are lots of dead clients, and people don't expect them to comply with modern standards, they either move on or grow a beard %).
Otherwise I can only think of one solution to the "problem", the one Signal chose – forbid alternatives.
@rysiek So you think vendor lock-in is not a bad thing?

@xrevan86 on the contrary, do a little google search for my name and let's talk after you do. Such keywords as "technomonopolies" might be useful, too.

But I have to secure communications of non-techies, today, and in a way that works. XMPP is nowhere near being able to do this.

I am looking at Briar though, with a lot of hope.

@rysiek That's what I expect of one from fediverse by default :-).
Yet my pseudo-arguement that Signal will do for you because it hates diversity worked oddly well.

@rysiek @xrevan86
I think you misunderstood Xrevan's point:

Can we have an open standard with multiple client implementations without it becoming unusable for a group of non-tech journalists supported by a single infosec expert?

@Wolf480pl @xrevan86 yes.

Surprisingly, e-mail is exactly that.

Signal could be that, if it opened the server and enabled federation.

Wire could be that if more people pick it up, but I have to choose my battles and that's not the hill I am willing to die on.

Briar hopefully, one day, in an ideal world.

@xrevan86 @rysiek servers support of that are more of as problem
>conversations does not have OTR
>pidgin and xabber does not have OMEMO (yet)
@skoll3 Pidgin has support for OMEMO the same way as OTR: via a third-party plugin called lurch. Pidgin is barely an XMPP client so don't expect more.
And Xabber apparently doesn't implement OMEMO in fears of FSB %).
Sign in to participate in the conversation

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!