@x0rz
Delighted to see this in one place. Laughing at the recommendation of Threema at the end though, isn't that a proprietary, closed-source app?

@cathal
yes, great article indeed.
I just don't understand why to make the recommondations they made.
I'm not an expert, but I prefer #xmpp /jabber.
thought also #briar, even so I yet do not understand how their implementation of bluetooth makes it a security issue if an attacker is nearby.
@x0rz

@paulfree14 @x0rz In terms of raw security, Signal's protocol is best but they do have the ability to add devices to an account, Australian-spy-style. But it will at least warn other users about "safety number changed". I overall recommend Signal, even though it's centralised and doesn't federate. XMPP's protocols look strong if used correctly.. but "used correctly" is always the failure point. So I'd never recommend to my tech-fail family.

@cathal
for xmpp there're apps as conversations that are simple to use.
yet, one can switch between unencrypted and encrypted. So it's not safe for false usage here.

simple to use, and always encrypted is #briar. It's even p2p.
@x0rz

@paulfree14 @x0rz Briar is fairly new on the scene, so I'll remain cautious for a while. And, it's hard to model threats in P2P, there is usually a trade-off. Take Fediverse as an example: despite being free of overt, "legal" surveillance capitalism, the Fediverse generally is easier to crawl and monitor than, say, Twitter or Facebook. So illegal or covert surveillance is substantially easier here.

@paulfree14 I couldn't make bluetooth work on #briar (android). It works when adding contacts, but doesn't work for communication when both wifi and mobile data are switched off.

@x0rz@mastodon.social.signal ir.linked To the phone number, and depends on GCM as well…

@x0rz
Wow, Threema is also closed source and centralized, so this doesn't improve much.
What about #matrixchat ?
It seems much more secure to me.

@x0rz Threema is proprietary software and shouldn't be trusted as well.

@x0rz all those things don't make Telegram "insecure" though

@x0rz
Some out of date data, and many debatable arguments (like i.e. those about contact sharing and link preview)... But an eventually interesting reflexion

@x0rz
Very interesting article. Wouldn't Signal have the same vulnerability to somebody spoofing your SMS?

@x0rz The arguments aren't wrong, but I disagree with the conclusion.
Some of the things are unnecessary (Phone number link), others (cloud storage, contact "theft") are integral to a good messaging experience.

I'm a proud Telegram user. While I'm also starting to explore alternatives again, I'd much rather have everyone use it than WhatsApp.

Imo it's by far the best compromise for now that's ready for the masses.

@x0rz @switchingsocial I wonder why people don't use or talk about Kontalk. It is open-source and easy to use because you register with your phone number. What am I missing?

@coda Good question. Hearing of it for the first time here. Thx!

@coda There's no iOS client, and it's based on Java. That's already two hard criteria not to use it. And “based on XMPP”… means, it's probably somewhat similar to XMPP, but not really, so it's not compatible with XMPP (which most people already don't know what it is). Wording on encryption is super vague. (“… *can* be secure”… (emphasis mine))

I can really understand why nobody would care to even consider it.

@x0rz @switchingsocial

@MacLemon @coda AFAIK it *is* compatible with the XMPP network, meaning you can be reached by XMPP and contact anybody on any reachable XMPP server.
That's cool if some of your contacts don't like to provide their phone-number, but you and the majority of your friends want to use something like Signal, Telegram or (shudder) WhatsApp where everybody is identified by his/her phone-number.

cc: @x0rz @switchingsocial

@coda @x0rz @switchingsocial registering with your phone number is actually one of the critiques of telegram, signal, etc. I also think, this is not an advantage...

@coda @x0rz @switchingsocial My two cents:
When I worked in marketing, the 3 big reasons people didn't use a product were 1) just plain had never heard of it, 2) there was a value-perception issue or 3) there was a technical hurdle that made adoption an issue.
#1 is most-quickly solved by $ (ads) and most-economically solved by human effort (manual promotions). #2 is solved by identifying and resolving the end-user doubts or mistrust. #3 is the tech version of #2's emotional issue, and resolves when the tech issue is fixed.

Sign in to participate in the conversation
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!