My semiannual telegram reminder, Telegram serves warrants now and does not actually provide DM or group chat privacy in 99% of use cases.
-
@nullagent I'm seeing a lot of recommendations for Signal, which I equally distrust as Telegram as well and Matrix. Secure communication is becoming a matter of life or death for many.
-
@Sh4d0w_H34rt @nullagent Why no trust for Signal? And what do you trust?
-
@bryanredeagle @nullagent Signal relies on centralized servers and encryption keys were being stored in plain text. Unless I can host an app myself I can't fully trust what it will do or who they give access to. It needs to support end to end encryption with no logging. Bonus if it can be deployed adhock over out of band networks.
What I recommend, well I don't know. I'm looking into Meshtastic, but that requires dedicated hardware, Matrix is good, but extra effort has to be made to make it secure. Sadly, projects like @supapp appear to be abandoned.
-
@Sh4d0w_H34rt @nullagent Signal is supposed to be perfect except for the phone number requirement. Matrix is alright since no company runs it, except for the shitty scaling & the encryption vulnerabilities, so it's fine for things that aren't sensitive. There are a few other encrypted messaging apps but they all seem to be either infested with cryptocurrency shit (Session, Jami) or underdeveloped (Briar, SimpleX Chat).
-
-
@kariboka @Sh4d0w_H34rt @nullagent XMPP is outdated as shit sorry
It would be less of an issue if people would use up to date OMEMO that fails closed instead of failing open like the popular version does though. -
@Sh4d0w_H34rt @bryanredeagle @nullagent @supapp why dont use #xmpp? @snikket_im is super easy to setup
-
@jackemled @Sh4d0w_H34rt @nullagent what you mean? We are using omemo just fine. Even the old omemo versions are robust, I mean good luck trying to brute-force those
C/c @adele @joinjabber -
@kariboka @Sh4d0w_H34rt @joinjabber @nullagent @adele If someone that doesn't have OMEMO messages you it will be plain text. If you message them it will be plain text. If you both have it & your keys are mismatched your clients will fail open & go "oh well, we tried. just send the message again without encryption, I'm sure it's fine". A newer version than what's used in XMPP properly fails closed & does not send an unencrypted message. Encryption doesn't matter if you can simply jam the signal to make the people talking decide to turn off their encryption. Encryption only works while it's turned on.
-
@jackemled @kariboka @Sh4d0w_H34rt @joinjabber @nullagent
the only feature I need about encryption is to be enabled when I think it is necessary (when the conversation is sensible)Look at what we are doing just know, our conversation is not encrypted and all is fine.
-
@jackemled @kariboka @Sh4d0w_H34rt @joinjabber @nullagent @adele Nothing is "plain text", as everything is always transport encrypted. Together with a self-hosted xmpp server that is pretty good already, and OMEMO on top works just fine in most cases.