Follow

With all my gripes with# Signal (centralized, non-federated, server-based, Electron-based desktop app), the fact that in my circle of contacts it's not longer the "pretty good solution we should be using" but the "pretty good solution we are using but looking for something better" is such a win.

I just wanted to stop for a second and appreciate that.

If we're talking about the need to move to something better than Signal, we are in a pretty decent place.

@rysiek Couldn't agree more .. it's still very sad to see so much potential essentially squandered 😞

@moritzheiber I wouldn't say it's squandered. It gave us a very good secure IM protocol -- double ratchet -- and tested it out in the field, in production, on millions of users. It showed that security *is* a feature users want. We should not forget about that.

Can it be better? Sure. But credit where credit's due!

@rysiek I think by opportunity I meant opening up the Signal network to servers that aren't maintained by a single entity .. and yes, obviously Signal has done a lot for the secure IM space (that's why I agreed with you in the first place 😊)

@moritzheiber well, I am not convinced that eventually moxie will not get convinced to open the server-side up too.

Hoping beyond hope, I guess.

@rysiek
This is great news!
I'm still at:
them "hey, we use Skype to communicate"
me "let's use something confidential enough for the sensitive information we have to exchange, I know signal"

The problem is, when anything as private as signal and decentralised comes along, I'll have to start it all over.

@ScriptFanix yes. That is what annoys me. But at least Signal is open, so one could create a multi-protocol client supporting Signal and (say) Briar, and Tox, and...

@phil
End to end encryption is not as easy as with signal. Also, the identification of contacts by phone numbers is (imo) the biggest advantage of signal. If you have someone's phone number, and they use signal, you're encrypted. Xmpp requires the exchange of additional information : xmpp address + key exchange for E2E encryption. Also, I tend to assume people don't have an xmpp account (Gmail accounts don't qualify)
@rysiek

@ScriptFanix @rysiek tying everything to a mobile phone number also has drawbacks

@phil
True. But having someone's phone number is more frequent than having their IM identifier.
@rysiek

@phil @ScriptFanix Signal is not perfect (the phone number thing is also a biggie for me), but I used to run 2 XMPP servers and that shit was cray.

Servers and clients not implementing the same set of XEPs means that basically you have unmanageable fragmentation within the network.

I would not be able to get people to use XMPP. Full stop.

@rysiek
That is sadly very true. Xmpp is a nice project, but too many optional features have led to huge fragmentation of the network.
Also, xmpp suffers from huge protocol overload. That being said, I don't know a thing about signal's protocol overload.
@phil

@rysiek
IMHO XMPP could be really close to succeed but there are few things which would need to happen: (1) define a set of modern XEP's as mandatory for every XMPP server. (2) have a "official" public server with a nice web interface like movim (similar to matrix.org and riot). (3) opt-in "address book" to map email addresses, phone numbers, etc to JID's. (4) A good iOS client.

Cc @phil @ScriptFanix

@rysiek @phil @ScriptFanix
And most important, a fancy name for it because nobody will ever use something called "XMPP". ;) Conversations, both the client and the server offering shows what's possible. I still didn't gave up, that's why I still run my own XMPP server and I have to say it is one of the easier services I (tried) to run myself.

@phil @ScriptFanix @rysiek Wire has the same protocol as Signal, open-sourced their server components, have announced they'll build a federated system, can be used without being tied to a mobile phone number.

@wakest @skiant @phil @ScriptFanix not the Fediverse support, obviously, but yes, the idea is to be able to run your own Wire server and talk to users on any other Wire servers.

@rysiek I was searching their github for "federation" and "federate" but didn't see anything. do you know where they said they were working on that? I'm excited!

@wakest @rysiek #Wire said they'll allow federation, but did not say they are working on it. See:
github.com/wireapp/wire/issues
github.com/wireapp/wire/issues

Please, do *not* write them an email. An issue or any public communication is preferable. Many people would like to see the official answers.

@lightone @wakest @rysiek Adding federation to an existing non-federated system is HARD, and usually does not provide a business value - so I'm sceptical of those claims.

@skiant

I can't find anything about them adding support for federation, care to send a link?

@scriptfanix @rysiek @phil To me that's one of the biggest _dis_advantages. Phone number is a _very_ leaky identifier in terms of metadata, and is not necessarily a stable ID depending on your living situation.
@scriptfanix Key exchange? What are you talking about, that's automatic with OMEMO.
@maiyannah Probably OpenPGP (XEP-0373), OTR exchanges keys automatically too and is !xmpp agnostic anyway.
@scriptfanix in Signal, you have as many accounts as your phone numbers. In #XMPP, you have as many accounts as you and only you can only imagine. Difference?
Other aspects might be described above and below by others, I don't want to repeat any

@pettter correct, sorry for being vague. I meant protocol and client.

@rysiek @pettter
The server part is open! As in, it's open source/ libre software.

@rysiek @pettter I'm on phone right now but it's right there on the github page of ows. Should be github.com/signalapp

@rysiek Except that they explicitly said to piss off to LibreSignal.
@rysiek @ScriptFanix Developing compatible systems to Signal is difficult. LibreSignal tried and failed. Unless Signal is willing to entertain the possibility of federation it's not going to work.

@bob @ScriptFanix I would not say LibreSignal failed. I was using it for ~2 years before moxie took his head out of his rectum and finally provided APK download on the website directly.

@rysiek i think the better solution is matrix c: not ideal, but better

@rysiek it uses improved double ratchet, doesn't need an email or a phone number, has nice key distribution ux (dunno how it's implemented in signal). fully decentralized, but crypto and such are basic features of the protocol, not optional external xeps.

the only desktop client supporting encryption is electron though...

and it's convenient just like a usual messenger, has pushes and such

@leip4Ier @rysiek it's theoretically open source but the reference implementation seems to be the only one working and willing implementers are turned off by the ever-changing s2s protocol

@Michcioperz @rysiek @leip4Ier
How about e2e encryption? Is it enabled by default? I've tried riot.im quite recently and IIRC it was opt-in.

@pfm @Michcioperz @rysiek opt-in for now, yup. it'll be enabled for 1:1 rooms by default when it's out of beta. and there's no point in encrypting a public room, so for rooms with >2 people it will be opt-in, because the owner decides if it's public or not.

@Michcioperz @rysiek it's in active development, yep. they don't do anything specifically to break 3rd-party server implementations. in fact, there are two reference server implementations developed in parallel

@Michcioperz @rysiek and there are many clients, though no 3rd-party client supports e2e sadly. anyway, it's better than proprietary signal, isn't it?

@Michcioperz @rysiek why though? i don't see any signal advantages from what i heard. but i didn't register there because don't wanna use my phone number...

@rysiek Good for you. ;) Actually, so far I do have at least six different messengers on my phone, most of them to talk to two or three relevant persons, while the vast majority of contacts is still to be found in WhatsApp and totally reluctant / not seeing the need to even consider other solutions. Having even just 25% of my contacts in Signal would be a total win.

@z428 I'll admit I am a bit of a dick about not using WhatsApp, Telegram, Viber, and other crap like that. ;)

@rysiek Well I'd also be out of most of these channels but I recently experience there are a load of situations where this equals to being completely left out in certain situations where people who used SMS and e-mail before now got used to using WhatsApp before "everyone uses it". :|

@z428 sure thing. If I were to continue being a dick about using WhatsApp I would say you're de facto an enabler for them...

@rysiek @z428
Exactly. I've left Facebook and never looked back, even though most of my Facebook "friends" forgot about me very quickly.

So you know who the dicks are? The people that value their own convenience (of having everybody easily available in one place) higher than relations with other people.

@pfm @rysiek Well you can see it both ways... ;) On Facebook, my circles aren't really "friends" (in a "real-world" understanding) but rather "communities" similar to mailing-lists in the late 1990s. In such a situation, one also might end up being a "dick" for leaving such a group just to make a personal, "egocentric" tool decision (choosing another tool) and, at that point, making that "egoistic" choice of tools more important than the relationship with those left behind. What's better? ;)

@z428 @rysiek
In my opinion there's a big difference between not using a single tool that most of the people are using (while there are other tools) and not using any tool to contact a person, because you can't find them on your convenient contact list.

@pfm @rysiek Actually I had this dispute several times around here, too, with a larger group of (real-world) friends I'm trying to get off WhatsApp. Reasoning, all the time: "We all use it, to stay in touch with each other as well as with all of our other contacts. You are the only reason for us to even think about maybe finding another tool to talk to you. Why are you, as one person, trying to make things more complex for all of us?" I usually do have arguments for that, still it's difficult.

Sign in to participate in the conversation
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!