I use the apps my friends use but it gets tiring to keep up with so many.
Yeah, there was a nice period when Pidgin could easily handle all the chats. Then providers siloed their apps 🫤
That was the time when all the apps were standard XMPP. It didn’t have proper encryption back then. WhatsApp is still XMPP nowadays, but excluding federation and non-standard implementation on Meta servers and so on
It didn’t have proper encryption back then.
OTR predates all the commercial platforms adopting XMPP, so that’s not exactly true.
Was OTR a protocol where the server had zero knowledge of the unencrypted content? Or was it basically like SSL?
OTR is E2E, it’s the direct predecessor of OMEMO/Signal on which they are both based.
Sure, but now you show me all the clients that supported OTR back then 😜 - or now, for that matter. Besides, OTR doesn’t work in multi user chats. OMEMO does, and support for it is still not exactly widespread…
Most popular clients supported OTR back then… Pidgin, Gajim, Adium, bitlbee, Psi, you name it.
And that’s at a time where absolutely no one did E2E, even SSL wasn’t a given.
Yes OTR* doesn’t do group chat, but now you’re just moving the goalpost.
*There has been a proposal in the works for years and years, but OMEMO stole a lot of it’s traction, and the last nail in the coffin was the arrest of Ola Bini in Ecuador as he was one of the main contributors.
You seem to not get that OMEMO is directly based on OTR.
Fun fact, iMessage is also XMPP based!
My brother in Christ do you know what fun means
Federated XMPP is fun yes, defederated XMPP is, indeed, not fun.
Also I’m no Christ’s brother, thanks. Beelzebub maybe.
So is WhatsApp, Zoom, Jitsi
Had no idea about Zoom!
It’s kind of crazy that all these services use it, and on the federated side of things, Signal killed it.
It also powers the communications / presence on many gaming avenues as well like Fortnite, League of Legends, & whatever Nintendo is using for notifications + online status (assuredly a lot more games).
XMPP is old, stable, & massively scalable for industrial applications – while maintaining decentralization + efficiency & allowing for extensibility like OMEMO encryption which is covering most folk’s chat use cases. Since the XMPP foundation don’t put budget into marketing & hype, a lot of folks weirdly assume it’s dead or not being used. It’s strange to me how folks seem more interested in RCS & Matrix despite their histories/ownership/flaws rather than embracing what is already good.
Yeah, XMPP is great and all, but the client side is a big old mess, everything is full of friction and missing support for feature xyz. Have you tried using XMPP on iOS?
Conversations compliance test has brought most clients into an acceptable base to where most basic chat/audio/video needs are met, so if you are comparing older legacy clients then the experience will be different. The XEP system means everything is optional & can be pitched by making a spec & seeing who uptakes the idea. It also means the bar to create your own server is absoluetly minimal since everything is an extension which means you could build one in a weekend which is great for those learning to code since the barrier to entry is extremely low if Conversations isn’t the goal.
IDGAF about Apple since you have to have a wad just to publish an application on their proprietary store & the EU didn’t do a good enough job so it’s expensive to open alternative stores like F-Droid while also being antagonistic towards sideloading as well as PWAs (not to mention needing to buy their overpriced hardware to build/release applications). Heck, you can’t even publish a GPL-or-similar-licensed app on their store. This is a giant slap in the face to free/ethical software developers & probably why the clients aren’t in a good state; if you aren’t trying to make money, why would you develop in an ecosystem that is entirely hostile for you to develop in?
Well said! I really miss having a huge roster on XMPP
We can start it up again. Time to nudge in the next Lemmy AMA to allow XMPP addresses alongside Matrix. You’d be surprised how little things like that can nudge adoption & pique curiosity.
You can bridge to all of the apps in the image from Matrix
Or Slidge
I actually tried pidgin maybe 6 months ago just for kicks if it could handle whatsapp, signal and telegram, and whaddaya know, it could. It was ugly as hell, but it could be done.
For whatsapp, my experience with Pidgin was terrible. Stickers had to be downloaded as photos, group chats would only show up once someone sent a message, contacts would only show as the full international phone number, all existing chats were horizontal tabs, like a browser.
Yup indeed, it wasn’t a pleasant experience. Self-hosting Matrix with all its bridges is kinda nice tho (although a bit lacking).
Just never interact with anyone. Christ, it’s not that hard people! (This comment doesn’t count.)
We’re all bots. You still haven’t interacted with a person.
Everyone on lemmy is a bot except for you.
Speak for yourself. I’m not a bot, I’m a cat walking across an unmonitored keyboard.
So you are a robotic cat, even better!
i really fucking hate discord.
Why does EVERYTHING have to be proprietary. Fucking capitalism.
Its pretty amazing for voice communication in gaming.
As a messenging app? Meh
i get much better call quality in telegram
dude discord has been one of the worst experiences for voip in gaming IME. I started using mumble SOLELY because discord was actually just disappointing. Though tbf maybe if i paid out the ass for nitro it’s better? I ain’t paying for that though.
Though yeah, for messaging, it’s dogshit, It’s a mess.
I don’t get why people like it either. It’s a mess of chats.
Gamers using it for gaming. In game Voice communication is trash
And that’s fine, but why do gamers use it over any other VoIP option? And why the infinity chat channels over infinity servers?
Content creator branding, and “community”
Because it’s the standard for gaming. I use it and would drop it in a heartbeat if it wasn’t standard for every mmo out there.
I really wanted to keep faith in it after the ui overhaul recently - VoIP performance was SO much better on Xbox, latency specifically. But good GOD the mobile app is just a pile of garbage nowdays. I have so many friends stuck on that platform, I still end up sharing links there to Lemmy memes and like 60% of the time when I share to the app it permenantly sticks on the splash screen??? 🙄 notifications are fucked these days too, myself & my friend group regularly miss messages entirely, even with direct @ mentions?!
Worse, I dropped a crap review and complained that function has dropped horribly since the update and the devs INSTANTLY replied like “Have you tried pretending you’re a beta tester for us? Do you mind doing a buncha troubleshooting you definitely haven’t already done?” (They wanted me to reinstall the app… Smh)
Anyway - fuck discord. I’m planning to shift to Revolt, but if anyone has better suggestions I’d be happy to try some!
im genuinely surprised discord even tries testing things on the two test branches they have. Yes, you heard me correctly, they have TWO separate testing branches. Bugs literally should not exist on the stable branch.
also when it comes to voip, i’ve enjoyed mumble, it’s pretty solid, minimal, configurable (highly integrated into games already, it’s old af though so maybe not new games) and works pretty well. Revolt seems alright, but it’s plagued with bugs, and weird issues, plus it’s self hosting is just, jank.
We could use a self hosted discord replacement tbh.
Reject Discord, go back to Teamspeak
i would fuck with ts if they would release ts5 and have an actual feature release, until then mumble it is. Shit slaps, and is minimal.
Ew! In my Mumble opinion teamspeak is garbage.
How dare you, trying to sow Discord?
I’m not sowing, I’m cracking him.
Don’t like it - don’t use it. It’s a free (capitalist) country.
that’s the cool thing, i dont, but you know who does? You, and you know how i would need to contact you? Through discord! Uh oh!
I don’t use discord
damn didn’t know you weren’t all of my other friends.
I think they wanted to be, they were advertising themselves!
Friends don’t make friends install chat apps (besides Signal)
Not sure why you were downvoted. I’ve successfully made most of my friends, and my mom for that matter, talk to me on Signal.
The comment implies Signal is peak chat when it’s flawed & other than maybe onboarding, isn’t superior to alternatives—with the phone number being a pro for onboarding is a con for privacy. It still requires you have an Android or iOS primary device (fueling that duopoly). They don’t want you installing it from a safer space like F-Droid. They still by default send notification metadata to Google & Apple (websocket support exists but drains a fair amount of battery & they refuse to support UnifiedPush). They still ship/use Apple emoji on Android & Linux. It’s still a centralized system you can’t self-host. They still have that missing part of the source code (where I would assume the feds planted something). It still isn’t a good space large chats. And the Electron desktop apps are far too bloated.
And the Electron desktop apps are far too bloated.
No argument. Electron is categorically silly in its own right, lol.
They don’t want you installing it from a safer space like F-Droid.
F-Droid is by no means safe; use Droidify.
They still by default send notification metadata to Google & Apple (websocket support exists but drains a fair amount of battery & they refuse to support UnifiedPush).
Easy: use the FOSS version of Molly instead of the default Signal app.
Hi, could you touch on why F-Droid is less safe? Is it because they package (I think that’s the term?) stuff themselves?
Certainly.
To answer your question: yeah, pretty much.
I got all of this information, originally, through this guy’s channel (Side Of Burritos on YouTube):
- https://www.youtube.com/watch?v=IzpVI4zaso0
- https://www.youtube.com/watch?v=lAbgeJau3eE
- https://www.youtube.com/watch?v=FFz57zNR_M0
It’s also worth mentioning that part three of that series ended up directly inspiring another project called Obtanium, which he then did a video on here:
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=IzpVI4zaso0
https://www.piped.video/watch?v=lAbgeJau3eE
https://www.piped.video/watch?v=FFz57zNR_M0
https://www.piped.video/watch?v=JiN37bn0OE8
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Signal is the best, but no way I’m going to be able to get my wife, my friends, my parents and in-laws to use it.
Have you considered emotional blackmail?
No, I haven’t reached that point yet.
Do yo need a wife, friends, parents, or in-laws?
Can’t even get your wife on it? Damn…
I have 3/7 and I hate it. I wish signal never removed the ability to function as sms
Even if it did, it didn’t support rcs
That’s because Google is gatekeeping the android API for RCS
Wait, I thought Google wanted Apple to start supporting RCS. So that everyone can talk to each other.
So Google is just…trying to strong arm apple to give up their proprietary protocol for their own?
That’s so fucked up.
RCS is an open standard. However, on Android you can only use it with Google chat. So android stops any other apps from using it. Nothing to stop you making your own phone from scratch and adopting it.
It’s incredibly stupid, I know.
Samsung messages app also supports RCS, depending on your carrier, though? It’s super fucking buggy and frequently switches back to sms so I still switched to Google messages, but it does technically have it.
They only have it because they reached a deal with Google.
deleted by creator
Yeah, it’s mad.
4/7 here. I’m fine with it. Though sms should be included.
Wait, do you guys have friends?
Spoken like a real android user. All my iPhone friends (and especially family) refuse to download any other app, they just complain that I physically can’t download iChat.
As an iPhone user, iChat is mid. I think it’s only in the Us that it is widely used.
Embrace the beauty of Signal now
Kind of ironic considering that with Matrix…
- Forward secrecy is kinda hosed
- they store metadata permanently on their servers by design
- A ton of stuff that would otherwise be invisible and signal is visible in your Matrix homeserver, including permanent history of all group membership
- Your data does not belong to you, and that’s how the server is built to treat it, e.g.
- GDPR deletion is nonexistent (it won’t delete your username or your messages, making it less effective than on Discord, let alone Signal)
… Etc.
Ironically, older federated messaging systems like XMPP might be better by coincidence. Message archiving was an optional addition and some servers, such as the popular Riseup one, do not implement it.
Yeah, fair. It can’t delete your messages to the extent a centralized system, and that’s an indication of the lack of centralized control? It’s a different threat model I think many find satisfying (though perhaps not most).
All those points are about how one server communicates with itself. Federation doesn’t factor into it
huh, yeah that’s fair i did not actually notice that :/
Meanwhile Matrix was built & funded by Israeli Intelligence (to which I’m sure there are anonymous donors today). It’s expensive replication model means only those with the deepest of pockets can run a server leading many to flock to the mother instance of Matrix.org centralizing, replicating the data to a single node (being decentralized in theory, not so much is practice). It’s funny to see them call out Signal, but luckily there are private, free alternatives to both.
Huh, would it be possible to provide a source? I might be bad at searching, I’m not finding anything…
EDIT: Ok I found one with some search operators. I can provide links, most were less trustworthy, I’d reserve judgement.
- An organization which was initially responsible for Matrix, AMDOCS, is allegedly (I say allegedly since I didn’t confirm it to a reasonable extent) an organization based in Israel which appears to have products related to surveillance
- By association, Matrix is tainted, perhaps it has sophisticated backdoors along with the other myriad of issues mentioned by other commenters
To give an alternative explanation with plausible hypotheses
- An organization linked to intelligence surveillance, created and discarded software, which occurs with most software, and I would imagine occurs with software developed at an organization linked with surveillance as well (if it’s publicly funded, i.e. by a government, I’d lean into this)
- Though suspect in origin, the amount of time the software has been independent, and with its open codebase, means any backdoors or other nefarious artifacts can be reasonably said not to exist
- An organization linked to an intelligence agency would perhaps be the one to expect to have a secure messaging platform, one could imagine said organization would develop a solution in-house as even with software audits, they may not be certain of any external software which may itself be compromised by an antagonist or have vulnerabilities which they could not control
Some food for thought. I’m not one to jump to conclusions, I think claims require proportional evidence, and obviously my judgement isn’t the same as a security researcher or clandestine operator, so settling on what ‘appears’ to be true without proper investigation isn’t something I do.
Thanks for the info though!!
I don’t have time to respond to everything, so I’ll just respond to the first one- which is that it’s tankie copium. I don’t deny the Signal Foundation might be taking money from government groups- I believe it is. But looking at the groups its pretty clear what it is, Radio Free Asia, as in the Asia branch of Radio Free Europe. Aka, their goal is to make people living in US adversaries rebel. The US does not censor private communication, it would be very quickly found out if I sent a text to my friend and they couldn’t receive it, or I was sent to jail for the content of that speech.(That’s not to say its not spied on though.) However, in many(most?) US adversaries there is active censorship of opposition communication, the US generally(although not always) supports the opposition by nature of them being the opposition- this is why(if you believe the narrative that everything is a cabal of the powerful) US tech companies supported the Arab Spring. This is why Radio Free Europe broadcast in support of Dubček and the Prague Spring, why they also supported the 1956 Hungarian Revolution. All that is just to say the US can follow the narrative of being 100% power seeking while still supporting open communication platforms. (After all, the US government also either directly created or contributed to SHA-2, Tor, and Ghidra too) And, Signal is open source, read the code and network traffic yourself, they won’t remove encryption for US allies.
That doesn’t mean they’re immune to criticism, they may be able to explain it, but I personally probably wouldn’t donate to an organization that has the money to pay part time developers $450,000 according to their Form 990, but its not my money so not my place to judge how its spent.
I think most of your criticism makes sense.
The part about “not reading private messages” I think is mistaken, or rather, maybe amiss. I mean I don’t have evidence, so this is all conjecture. The sophistication of data surveillance and data gathering makes the content of the message rather meaningless in my view.
EDIT: Oh, I don’t think any adversaries of US, even if working together, make any meaningful threat towards it. It’s really hard to imagine, esp. considering the US has a bunch of successful coups & stuff under their belt.
I wasn’t saying the US doesn’t spy on private messages, I was saying Signal is open source so it would be hard to hide a back door. So I don’t see how any other E2E encrypted messages could be more secret then Signal. I guess obfuscating the messaging servers.
The sophistication of data surveillance and data gathering makes the content of the message rather meaningless in my view.
That’s a fair point but I don’t know if there’s any other good solution to that.
yeah i’m rethinking some stuff too, even in some utopia i think some information related to me might make life inconvenient, so the best way to protect that (e.g. not disclosing it digitally) maybe needs outta the box solutions.
related, does anyone even bother to look at physical mail for stuff? like if i put a cipher in a letter with no return address, using that pen ink that you can erase (which comes back if you put it in a freezer) and only i and my contact have the key to the cipher which we exchanged in-person; could anyone reasonably know it?
it seems digital stuff might be a carrot for surveillance people, maybe it can be made into a honeypot and physical or analog means can make a return.
I think finding novel ways to communicate with a specific person and not be monitored is easy. The difficulty is opening a new line of communication on an already monitored one, communicating to new people, and one of those new people not blabbing.
After all, if you play on a private Minecraft server and spell out text with dirt blocks, I don’t think anyone’s going to bother writing code to analyze your Minecraft network traffic.
deleted by creator
Yeah yeah we got it you have multiple friends quit bragging about it now
A chat app for every friend and a launcher for every game. We live in a utopia.
Matrix and bridges
Only if you tell your contacts about it, and explain to them what a bridge does
Why?
Take Signal to Matrix for example. They use different encryption protocols, which means a message sent from one end has to be decrypted, and then re-encrypted with the protocol of the recipient before they can actually receive it.
So basically, your encryption is not very e2e anymore, and the fact that someone can set this up, effectively giving encryption keys to a third party without their contacts being able to do anything about it is pretty fucked.
Oh, and different TOS between different services also come into play.
So if you do this, at least tell your contacts about it, so they can make an informed decision about whether or not that’s okay for them.
Just self host the bridges. I mean if you trust your phone more than your server, this won’t help.
Do whatever you want, but again, make sure your contacts can make an informed decision about it.
I bet none of my contacts made an informed decision about which chat app they are using. I don’t think that this really bothers one of them. Most of them do not know, what the difference between Insta-pms and Whatsapp even is, as far as security and privacy are concerned. And from my point of view I don’t know it detailed enough too. Making an informed decision about a closed source software and as a non technical person is not as easy as you may think. At least from my point of view.
You’re hitting the nail directly on the head.
Not knowing what’s going on being a bad thing is precisely my whole point
If I own the bridge, nobody but me is accessing the message.
Yup, this is what I do.
XMPP & Gateways
I miss pidgin for the cross platform chat
Anyone remember trillian?
Libpurple had constant breakage due to proprietary apps having no incentive to keep their protocols stable. A lot of it worked easier then since no one was using e2ee either. Newer gateways exist in the space but it’s a real shame since for a brief time the earlier 2010s, most chat applications were using the same protocol—until they realized it’s harder to capture profits when the garden walls are lowered.
i miss when using the internet gave you ptsd because of the actual things that you saw, rather than the software that you were using.
I’ve only recently threatened to take my own life due to spam. Never thought that’d be my 13th reason.
gotta love the internet, only the best, for the worst, and the worst for the best.
Try Matrix bridges or Beeper
I miss pidgin so much. I tried to use it the other day with Discord and it was terrible. So God-awful.
Remember E-Mail, everyone?
A lot of people around me are genuinely confused when your email is not
firstname.lastname@gmail.com
, as they mostly just use it for confirming logins. That’s how bad the situation is.I recently started using a
+
in my email address to make use-specific aliases, so I can more easily filter content from them or see if they’re leaking my email.I signed up for a rewards program in person the other day and the strange look I got:
Do you have an account with us?
Idk
I can look up your email
Ok, it’s foo@bar.com
I don’t see it, would you like to make an account?
Yes, but instead of that email, make it foo+yourcompany@bar.com
Uhhhhh… Ok…
Like “you don’t have an account but you have an email specifically for our business? Sus AF”
Having an untraditional gTLD like
.xyz
makes many confused as well, especially those not in IT.
Never heard of her.
deleted by creator
Random hot take, I’m at least grateful that my wife and I use an app that none of our friends use. Removes the “oh shit did I send that to the wrong person” panic.
I have a friend that will only chat with me on Instagram. I have his number, but he will never respond to text. He only engages in insta, it’s mildly infuriating.
…Have they ever explained why?
We need a new Trillian or Adium. Fucking anti-interop gatekeepers.
Omg trillian immediately reminds me of ICQ and MSN Messenger