We really need to stop recommending Keybase to people, the codebase is not maintained at all (the github activity is a flat line) so the crypto should be considered obsolete. From what I can tell, it was designed to show off the skills of the devs for acquisition/hiring and now it has been acquired.
As if XMPP does not even exist… doesn’t give me much confidence in how well this is researched.
I think they’re aiming at a more general market, that needs a nice UI to use the product. Also, XMPP is not encrypted by default.
XMPP is very much e2e encrypted by default. It uses the same system as Signal in their OMEMO implementation, which is widely supported by XMPP clients.
And clients like Conversations also have a really nice and mass market compatible UI.
OMEMO is not default. Even in the list you linked, half of the clients do not fully support it.
It is the default in the clients that cover like 95% of the user-base.
I think it’s supported but not turned on by default. At least when I tried conversations recently it was not default in one on ones, and not available at all in group chats.
Odd, for me it defaults in 1:1 chats, when was the last time you tried?
For group chats it AFAIK is enabled automatically if the group-chat creator has made the right settings for it to work (OMEMO can not work with pseudonymous chats and history disabled).
I think it was maybe a month ago or so.
OMEMO can not work with pseudonymous chats and history disabled
OMEMO works fine in a private group chat, it’s disabled in public channels as there’s no point doing encryption there (when anyone can join and it’s impossible for verify everyone’s fingerprints).
Conversations UI can be MUCH improved to compete with the looks of some other common chat apps like messenger and imessage imho.
Conversations actually follows the Material guidelines from Google. Which puts it in an odd spot in that It looks “too new” for those that want a classic look, and “too old-fashion” for those that want a flashier look.
For me personally, it doesn’t look horrendous and it works, so I’m happy with it.
XMPP is very much e2e encrypted by default
Please do some research and stop perpetuating this myth.
- XMPP is not E2E encrypted by default.
- Conversations does OMEMO by default.
- There isn’t a single other XMPP client out there that does OMEMO by default, not one. They have support for it, but they very much do not enable it by default.
- Every time a friend of mine uses a different messenger, I have to remind after getting a load of unencrypted messages to hit the damn padlock icon in their new client.
So compared to other messengers that have only one single official client, how is this any worse? If you use Conversations it is the same but better.
Easy, it doesn’t help if your friend goes onto discover another XMPP messenger (cause they want their messages on their laptop/iOS or something else).
There’s no global OMEMO option for these either, you have to remember to enable OMEMO for every single conversation. The community has been asking for this for years on github, but the developers just never bother to enable it.
How is that worse than Signal, Threema or Whatsapp where no such clients even exist?
deleted by creator
Ask them to try https://quicksy.im/ Super easy and with phone-number discovery as well.
deleted by creator
Although Matrix might have a few kinks in it, I still think it’s the best choice for privacy-concious messaging. They seem to be coming up with good ideas; bridging for one is kind of functional, and I like the concept of federated systems. There also seems to be a good community around it, with lots of good libre clients in particular popping up.
Matrix is ok from a decentralization point of view, but privacy isn’t a strong point of it and if fact seems more of an afterthought conflicting with many early protocol design decisions.
deleted by creator
ProtonMail is run by SiliconValley techbros that stan for cia-backed Bellingcat. Their whole brand is just leveraging Americans impression of Switzerland being a secretive country. It’s not a great company.
Can you provide some resources for your claims?
About Bellingcat being an arm of the CIA or that Proton supports Bellingcat or that Protonmail is run by Americans techbros that did some studies at CERN and decided to stay and leverage the Swiss brand? These are all relatively easy to google. For the Bellingcat CIA link search for GrayZone + Bellingcat. There’s some quality investigative journalism there.
Removed by mod
deleted by creator
Keybase
deleted by creator
deleted by creator
just use session
