It's weird that people are recommending Signal over XMPP and apps like Conversations.
-
@bhhaskin These are some of the reasons. Not telling you what to believe or trust, but I personally struggle to trust a
devs hobby project like most of the clients I'd use. -
@its_a_me I don't have a moment to give you a good reply, but I would say that modern computing pretty much either runs on hobby projects or grew out of hobby projects.
-
@bhhaskin yep. It isn't ideal but I'd still prefer my crypto at least to have a decent number of eyes on it if at all possible
-
-
-
-
-
contrapunctus (they/them)replied to its_a_me last edited by
@its_a_me @bhhaskin Here's a very short and sweet rebuttal of soatok's XMPP hitpiece -
https://www.moparisthebest.com/against-silos-signal/And here's a more detailed response from one of the OMEMO authors.
https://www.moparisthebest.com/tim-henkes-omemo-response.txtThe world would be a slightly better place if nobody ever shared soatok's drivel again.
-
@its_a_me @bhhaskin The entire article has basically only one real point: e2ee isn't mandatory in XMPP. That's also basically Soatok's primary shtick, if it isn't mandatory e2ee, it's automatically bad. And they do have a point with centralized services that run on compromised infrastructure like Signal, but outside of that the argument for mandatory e2ee is much weaker.
-
@bhhaskin Not that weird, #XMPP is harder to set up and use, nobody wants to have to fiddle around with a messaging program trying to get it to work. And if you want real privacy that's even more hassle. It's like the difference between running Windows or MacOS and running something like Slackware Linux. If you're not a true geek devoted to making it work, you probably won't have a good time with XMPP, partly because the documentation is horrible. With #Signal, you pretty much just install the app and register and it works. Even if you don't want your cell phone number associated with your Signal account, it's still easier to set up that XMPP in my experience.
But also, if you truly want privacy with XMPP you have to run your own server, and that's fine for communicating with people on your local network (once you get it working) but how do you connect to your server from say your phone? Now you have to open ports and do all kinds of other nerdy stuff and there is a good chance you will accidentally leave an insecure opening into your system or network. And yes, a true Linux geek might perhaps welcome that challenge, but most normal users just want the damn thing to work with as little thought or effort as possible. And that's not what you're going to get with XMPP. I don't disagree that XMPP is arguably better, but where are the easy to follow setup videos? Where is the single page of documentation that will let you get everything up and running in under five or ten minutes? Maybe you are nerdy enough to deal with XMPP, but it's not real likely all your friends and family will be.
And if your response is that you can use some third-party XMPP server and just run an XMPP client like Gajim, first of all you have no idea how secure that server really is, and second, if they require payment, that's a non-starter because #Signal (and similar apps) are free. And also how do you know that a third-party XMPP server won't just disappear one day, perhaps when you need them most?
And yes, you do need a phone number with Signal (which is the one thing I really detest about several of that type of services) but it does not need to be your personal cell phone number, if you search the Internet there are workarounds for that. And yes, that does make Signal a bit more of a hassle to set up, but not the major headache of dealing with XMPP.
-
@maple
About the one page setup to get it running : https://snikket.org/service/quickstart/
And once someone you trust has it running, the invite is actually faster then signal.
Only have to press a link and choose a nickname.>... have no idea how secure it really is...
I've got no idea how secure the signal server *really* is.
What I know : it's likely there are powerful people trying to get into that one. And I pretty sure my small server isn't under that observation and fire.
@bhhaskin
