Ⓥ
(he/him) @tortie @sbb @waeiski Yup :/ @Mer__edith Any chance of diversifying away from AWS? Main reason I brought this up is for anti-Amazon reasons, not privacy issues.
@chiraag @tortie @sbb @waeiski @Mer__edith This is not "the elephant in the room" and neither is deltachat a reasonable alternative. The metadata that delta leaves is *significant* and can be tied to an individual. That's why it is crucial to use a "trusted" mail provider, because delta doesn't use any of the advancements in cryptography of the last decade.
The data traces Signal leaves on AWS is not personal data, the metadata is minimal and they make efforts to reduce it further. AWS is still a problem, but one of Availability (what if Bezos cancels his contract with them?).
Please do not compare them based on where they store the data, if the amount and kind of data stored is very different.
@ljrk @chiraag @tortie @waeiski @Mer__edith I wish that the #EU would clarify its stance regarding #Signal: *is the AWS hosting problematic for them or not*? Let's assume *not OK* for a minute.
As to a Signal alternative, I *wish* I could recommend #XMPP over #Deltachat today. *AFAIK*, in XMPP, #OMEMO does perfect forward secrecy/double-ratcheting - but alas, the #iOS and #MacOS clients aren't the greatest at present. That lack of all common OS' having feature parity (very reliable notifications, Reactions, etc.) makes me hesitate in recommending XMPP for *everyone* today (but it's great for geeks).
Whereas Deltachat at least has usability parity for features across each OS it supports (which I feel users would highly expect *first*, before demanding a more modern encryption). Yes, autocrypt has no perfect forward secrecy, etc. and other metadata-related criticisms. But Deltachat is simple enough to learn, *allows servers to realistically be used in the desired country*, and works on all the common platforms. It's a decent choice for *today*, as a well-rounded choice (where tradeoffs must be made somewhere). And once the XMPP clients get better (in MacOS/iOS), I'll recommend XMPP as a goto *then*.
@sbb With XMPP + OMEMO I had the problem, that I needed to choose a server to connect to, which was fine, but one more step to make non-technical users make decisions, that they can only guess at. The next problem was, that back when I tried it, the clients I could install from standard repos of my distro and from Guix both did not have the OMEMO plugin. I tried building the client myself, but deep deep rabbit hole. Then next problem adoption. Friends would have only me on that messenger.
@sbb Signal is at least somewhat known where I live and doesn't make non-technical users choose a server to use, which is easier. But for non-technical users already the sometimes appearing prompt for a PIN is a detractor.
@zelphirkaltstahl #Signal is my goto IM app today (and by a long shot), in case anyone is in doubt of this. But I guess I have this nagging urge to have some sense of a 2nd best choice, were Signal to be blindsided by some unforeseen complication, knocking it out of its currently favored spot of "best choice, for privacy". Some second best choice which allowed federation.
@sbb @zelphirkaltstahl @ljrk SimpleX looks promising to me *if* there will be a fork. The current project leader seems to be a Trumpist, so that's something to watch out for - even if it doesn't compromise security right now.
I tried Cwtch - also promising but too hard to use for average people right now.
@scatty_hannah I remember now which client I tried back some years ago: Gajim.
@scatty_hannah @sbb @zelphirkaltstahl Yup, Cwtch and Veilid Chat are the two that could, at some point, perhaps replace Signal for me. But they're far from from this goal as of now.
@ljrk @scatty_hannah @zelphirkaltstahl so after a flurry of criticism, I hear you making recommendations that are *not* ready today, nor likely next month either. My recommendations, despite leaving something to be desired for activists, are available *today*, *with* caveats supplied honestly. And, as you've noted, the privacy and encryption is not as good as the incumbent: Signal. Fair enough. I too agree on #Signal as *today's* incumbent. Hopefully *tomorrow's* incumbent as well.
@sbb @scatty_hannah @zelphirkaltstahl No, I'm not making recommendations for cwtch or veilid. I'm just saying that these may become relevant at some point in the future.
And since were talking about privacy in this whole thread... any recommendation that are compromising on... privacy are kinda bad. You can totally argue that deltachat is a fun thing, but it's not the correct thing to recommend in this context.
@sbb Not intending to make recommendations really. Just anecdotes of past experience.
@sbb @zelphirkaltstahl @scatty_hannah Federation has unfortunately quite some complications w.r.t. security: Data distributed on multiple servers is tricky in itself, similarly permission models are hard to realize there. Federation is great for cross-org stuff, for very secure IM, P2P is the better choice. And Signal isn't P2P but the main server isn't much more than a rendezvous server.