rysiek ✅ is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

I personally like Wire as I don't have a smartphone (and you don't have to provide your mobile phone number) so it's one of the few security conscious messaging apps I'd consider a true alternative. I just wish more people used it.

thoughts on the security audit?


rysiek ✅ @rysiek

@david_ross I wish FLOSS secure IM developers would finally come to the sane conclusion they need interoperability, so that Wire users could talk to Signal users, etc.

· Web · 6 · 3

@rysiek @david_ross I was like "why would Signal federate, it's being run by a company after all" then looked it up on the wikipedia, and it turned out OWS is running from donations... but it's not a non-profit, and from what I've seen, it's acting like a for-profit company... dunno what to think about it...

@rysiek @david_ross no, not this again. It's the third time I'm seeing it, and Gultsch of conversations.im has already refuted it.

@Wolf480pl @rysiek @david_ross how? I guess I'm going to have a lot of laughter by anything xmpp produce...

@Wolf480pl @pony @david_ross thanks, I was looking for some good rebuttal. I don't agree with Moxie on this, vehemently, just didn't have time to write it down myself.

@rysiek @pony @david_ross Not sure if it's complete though. IIRC it only addresses points that are relevant to XMPP and mobile devices, there might've been more points in Moxie's article.

@pony @rysiek @david_ross please stop trolling and just say where it's wrong, and why exactly.

@Wolf480pl @rysiek @david_ross it's not even five years ago when we had a xmpp deployment within a single company and you couldn't depend on it to deliver messages, not to ever mention luxuries like voice (lol) or sending files (lol^2), because it just didn't ever work properly no matter what you tried, even when you could fix a particular issue on hand, next day, there would be another and then another, neverending stream of broken shit

moxie is right

@pony @Wolf480pl @david_ross ...said Commander Pinkponylove on a federated social network.

@rysiek @Wolf480pl @david_ross which is pretty much a single implementation that doesn't really keep up with whatever twitter can do, so, the point is?

@pony @rysiek @david_ross I thought part of the plan was to NOT be like twitter. To do things differently.

@Wolf480pl @rysiek @david_ross i'm sure it was, but sadly, the only thing twitter is worse at is politics

@pony @rysiek @david_ross
what about content warnings? does twitter have that?

@Wolf480pl @rysiek @david_ross no, but in my book, that's a plus, you don't have to strip them down and deal with that crap

@pony @rysiek @david_ross ok, so how about I drop some book spoiler right here in this conversation? I'm sure you won't mind.

@Wolf480pl @rysiek sure you can... it will quickly get propagated into the entire network for everyone to see and it will be very hard to do anything about, because there are essentially no non-nuclear content policies on mastodon...

@pony @rysiek with content warnings, neither you nor random bystanders accidentally read the spoiler without first making a conscious decision to unwrap the CW.

With whatever "content policies" you're proposing, at least you would see it, before any kind of content policies took care of it.

The harm to you is the same. You saw the spoiler you didn't want to see. Because there was no CW.

@Wolf480pl @rysiek in practice, you get a failed system where people cw a picture of an apple pie

@Wolf480pl @rysiek while the Natalie suicide flew around with almost no CWs at all, I remember that, so?

@pony @rysiek people's fault for not using the CW as they should. Can't solve social problems with technical means.

@Wolf480pl @rysiek sigh, ok, so here we are again... you get to have control on some level anyway

i think you can have a system you control on a technical level and define its boundaries and live happily

you think... you need to make people do "the right thing"? pick the right clients? or what exactly?

@pony @rysiek what I'm saying is that while technical solutions (like content warnings) can enable people to behave better, they can't force people to behave better.
That doesn't they're useless.

@Wolf480pl @rysiek yeah, and now we could think about what twitter or other tightly coupled network could do that mastodon/fedi can't... or what tools twitter already has... to which anyone can reply that maybe fedi could, if they could agree, and everyone implemented it... and there we are back where we started... and where i find a contradiction.

@pony @rysiek what?
Are you implying that people are behaving better on Twitter than here?
And that there there could, in theory, be technical solutions to social problems?

@Wolf480pl @rysiek no, do i? i'm just implying that twitter has superior technical means to deal with abuse and moderation and in the end it matters because, as you are now saying, if neither system solves social issues but one does solve the technical ones, hm, which one is better? 🤔

@pony @rysiek what technical issues are you talking about?
You keep saying that twitter has more features than the Fediverse, but you still haven't explicitely mentioned any single one...

@Wolf480pl @rysiek the one in which twitter can deal with individual abusive accounts without having to cut off entire parts of the network maybe?

@pony @rysiek you mean censorship?

Srsly tho, I can see several ways to deal with them:
- every affected user just blocks that account (implemented)
- an affected instance filters out that account from their federated timeline (implemented in Mastodon, not in Pleroma AFAIK)
- an affected instance completely blocks that specific user (AFAIK not implemented yet, could be done by any instance alone, w/o protocol change or coordination)
- federated abuse reporting (AFAIK not implemented yet)

@rysiek @pony
The thing is, it's harder for the Fediverse to implement this, because we're federated, i.e. we're aiming much higher, trying to solve a more difficult problem.

Also, only the last one requires "everyone to agree".

@Wolf480pl @rysiek cool, so there is a disadvantage we can agree on? now, what if i just, again, think this is not worth it? you can have as many IM clients you want, you can have as many social network accounts as you want, so why everything should talk to everything? it eventually won't anyway

@pony @rysiek
So that the network effects don't push us towards a monopoly.

@Wolf480pl @rysiek it however seems to force you to use mastodon or conversation respectively ;)

@pony @rysiek But anyone can write their own instance.
Also, I'm not saying that just because mastodon and conversations are the best implementations right now, you shouldn't try to use the other ones, and contribute code to make them catch up.

@rysiek @pony
So that we don't end up in a situation in which there's only one social network, controlled by a single party, which can decide, that they don't like this guy's opinion, so they're gonna ban him, and then he'll have no way to reach anyone.

@Wolf480pl @rysiek it's a network thing that'd have to be there, as long as mastodon is the nearly-monopoly implementation and gargamel doesn't change his mind, there's no point

@pony @rysiek
You can run your own fork on your server and it will still be able to communicate with other servers.
But your server will be better - it will have polls. So if polls really are better, people will slowly migrate to you, or run their own instances of your fork.

If it wasn't federated, your fork wouldn't be better, because if I was using your fork, I couldn't communicate with the rest of the network.
But it's all federated, so I lose nothing by moving to your instance.

@pony @Wolf480pl @david_ross the point is it's not a single implementation; and that Twitter can't keep with certain features of this federated network either.

@pony @Wolf480pl @david_ross

"A single implementation of an idea is not great, therefore, the whole idea is useless."

I love this kind of reasoning.

@rysiek @Wolf480pl @david_ross I'm not even bothering to talk about xmpp in the wild, i picked a controlled environment that was actively developed, supported and had strong political push within the organization

@Wolf480pl @rysiek @david_ross a custom one trying to tightly integrated with the active domain within the org

@david_ross @rysiek @pony
from my POV, you sound like
"I tried programming, couldn't wrap my head around it, therefore programming is bad."

@Wolf480pl @rysiek @david_ross the server wasn't usually the source of problems, it was the clients and different versions of them and the network things and so on

@pony @rysiek @david_ross well, many clients (all except Conversations?) are plenty behind the latest XEPs. That is indeed a problem with the XMPP ecosystem. But IMO it's a fixable one. It's not a problem with the protocol itself.

@Wolf480pl @rysiek @david_ross sure, but fixable how? there's no way to make xep's non-optional in any sane way, all that xmpp is a very poor text messaging protocol with a lot of optional stuff on top, you can say, so go ahead and use this one good xmpp client and one good server, but thx, we already did this by picking up a different good protocol and client and we just don't care, because, well, why?

@pony @rysiek @david_ross

1. you agree on which XEPs should be supported by everyone
2. you take some of the funding that goes to Open Whisper Systems and give it to XMPP client and server devs who get no funding whatsoever
3. you make an automatic test suite that checks which clients and servers support which XEPs, and make it generate a public website with a leaderboard of clients and servers with best conformance.

@pony @rysiek @david_ross
2. get the source code of the server somehow
3. add the federation code to it
4. persuade the mainstream server to federate with other servers

@Wolf480pl @rysiek @david_ross ok, let me drop a bombshell here, i just don't think having a single IM protocol to talk to everyone is worth any effort

@rysiek Signal seems determined to remain a bunker. Wired, as far as I know, is single server only but might federate later. The ejabberd and prosody projects really need to provide default settings which allow all of the server tests in Conversations to pass, so that deploying secure IM becomes easy.