@Aaron 😂😂😂😂😂 the irony burns
@jerry @Aaron@boringpeople.org what we really need is a way to securely send e-mail.
People will continue to send e-mail. There is no way this goes away antime soon. People will send sensitive stuff via e-mail.
We can spend time discussing just how exactly people should not use e-mail, or we can build a system that works.
I like the ideas behind PEP and AutoCrypt. I'd like to see them implemented in more clients.
BitTorrent is not exactly a "messaging" protocol, but got immensely popular.
FireChat, a p2p messaging app, got very popular during protests in Romania. Sadly it's proprietary, so I'd stay far away from it.
Briar doesn't need any introduction in this group, methinks, but is not popular at all... yet.
But, messaging and e-mail are two different things. It's not just about sending the message. It's about the infra around it.
@rysiek @jerry @Aaron
Maybe we mean different things by messaging.
IMO email is a messaging protocol, but one with certain interesting properties:
- allows you to send very long messages, with attachments, after preparing and proof-reading the whole thing
- is a de-facto standard for official online communication, incl. official documents
- everyone has it
@Wolf480pl @jerry @Aaron@boringpeople.org exectamente! But we have to be explicit about what we're talking about (incidentally, anyone who heard me talk in private about infosec and internet messaging knows just *how* explicit I get, but I digress).
The last two of your points is what I meant by "infra around it". That's the hard part. The network effect.
But we have a head start since SMTP is an open standard.
It's freesoftware with multiple GUIs, and is quite similar to Briar. Except they do allow adding remote contacts (though sharing the pubkeyhashes to do so may not be practical for most), and they've made superficially different protocol decisions.
At the same time I don't know what I'd recommend instead. I like the freesoftware p2p, but Briar doesn't appear to fit my usecase (besides I'd prefer a smaller codebase to audit, it looks quite bloated).
Maybe I'll lean more on Matrix or XMPP? But then a loose the metadata encryption I'd love to play with.
Also RetroShare seems interesting, but also bloated.
I am not concerned about Briar's codebase. People working on it are as solid as they come, and Briar went through an audit already. More problematic is the model of establishing contact, which requires physical presence or a common friend. I like how secure it is, but I understand how annoying it might be at times.
For me personally Briar looks good.
@rysiek @alcinnz @jerry @Aaron
I'm not a fan of Matrix. From what I've heard, they have a terrible server implementation, and nobody else tries to make their own implementation because Matrix changes the s2s protocol too often.
Also, I've heard there's a thing called Secure Scuttlebutt, haven't looked into it, but it may be relevant here.
@Wolf480pl @rysiek @jerry @Aaron I do kind-of have questions about Matrix. From a distance it kind-of looks like they decided to reimplement XMPP with the latest fashion of JSON. And I still have to explore it's encryption situation.
As for SSB I'm starting to look into it, particularly with Git-SSB. And from what I've seen, the tech looks very elegant when dealing with group comms or reliability despite the clients. Though again I have to look at the encryption again.
First off I'm aware that the routing metadata is quite sensitive information, and am keen on seeing ways to encrypt it.
And second while I by no means think everything should be p2p, I do think messaging should be. This comes down to a concern that unless given a practical reason otherwise I worry everyone will use the same server.
I like the approach of Briar and Ricochet, i.e. going via the Tor network. That's a good start. And with the improvements in the speed of hidden services lately potentially makes it possible to even have audio/video calls.
As for the personal auditing, it's something I like to make a habit of. Not that I seriously trust myself to catch many or any issues, but nor do I trust enough auditing is done. And I be no means trust myself with auditting crypto, the most I really can do is say "yeah, that kinda looks like crypto". I'm glad you trust the devs.
Invite-only Mastodon server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!