Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
I think this post is a noteworthy response. Against Silos+Signal
Noteworthy perhaps, but one is based on analysis of facts and the other is based on principle. I think they're both valuable points of view, but they're not actually debating the same points IMO even if they think they are.
Signal is a much better recommendation when leaving Telegram. And the OMEMO implementation concerns are something I need to consider. That unprofessional response from one of the devs is not a good look at all.
Though as a comment pointed out, control of servers is like the one main checkbox that I really need filled.
On the point about clients not being OMEMO by default or enforced. This isn't the biggest issue for me. I'm not doing crimes, but I still wouldn't want my saucy messages to be read by server admins or third parties. Whenever I message somebody, I confirm that they are the proper recipient and are using OMEMO. And the clients I found myself comfortable with all support PGP key use instead. (That would be Cheogram & Gajim if anyone was interested.)
This was a great read though, at least to me. It gave me some thoughts to consider.
I'm gonna look into what kind of threats these improper dependency versions and such might pose. Hopefully by now most of these issues have been resolved.
The biggest thing is getting people into the loop of "secure apps" before they really need it.
I'll be honest, most of the crypto/security jargon flies straight over my head, but Tim Henkes' reply at the end, for fucks' sake man. I don't suppose xmpp has an alternative encryption to use instead of omemo?
Pretty much any encryption you can send over text. My favorite clients support PGP instead. But it's up to the clients to implement envryption and not really the protocol I guess.
Many people will tell you you have to sacrifice your principles because interface, because "normies" (which is an elitist way of telling you that non-elitist people are idiots....), etc. I say: stick to your dreams!
It's not elitist, it's realist. They don't want to install Signal just as much as I don't want to install Facebook messenger.
Yes you can nag people but it will more often than not have the same effect as when people try to convince me to install Facebook messenger.
speaking of "normies" is elitist, because the term is used usually people privileged/experienced with knowledge about technology to describe people who don't have this privilege/experience. It is implying that there would be a class of (sub-)humans who are not capable of taking the same path as the person who employs this term. I stand by the term "elitist". In a world of diverse people, life-paths and needs, in my own experience everybody is capable of understanding the political reasons to use a piece of software over another one (because one company sucks, because their model of centralization is detrimental to freedom, because they got shady funding, because they pretend to be something else but bar free software authors to modify their software, because they're from the USA, etc.). Everyone has their own way of understanding these things. Everyone has some arguments that will resonate better than others. Pretty much the same way you probably decided to not install Facebook messenger. Well the good news is: everybody is capable of understanding these things. It may take time and effort, it may make elitist people realize it is not as easy as they first thought it would be, and require to fail and try again. It requires efforts and a humble approach as to listen to these people and take them where they are and walk a bit along the way with them.
My personal experience is that most people are capable of understanding such things. It may take time, but everyone is capable.
I also saw tons of elitist tech-enthusiasts and other tech-savvies "bros" not even addressing who they call "normies" out of pure lazyness, to avoid to speak outside of their own comfort zone and question their own status, and to avoid sharing their elitist knowledge.
-> "'normies' won't do that" = "i am too lazy to engage meaningfully with people who do not know the same things as i know."
That's a major part of the problem. Elitist feedback loop...
First of all normie not an insult or a derogatory term. The term "normies" is often used in many niche communities to refer to someone outside the community. It has nothing to do with being smart, privileged or experienced. It means more like "the average user" or "the typical person". Example: a person in the boardgaming community may refer to you as a normie, not because you're dumb but because you don't play hobby boardgames (check out Brass: Birmingham, what a game).
The problem isn't about comprehending the problem, most people understand that Facebook is selling their data. They just don't care. They would rather have their data sold than to have the trouble to move to yet another communication app. WhatsApp is working just fine, Facebook is sparking joy. They don't care.
"Normies won't do X" is a perfectly acceptable way to express that the hurdles are too high for the average user. The average user wants a sleek UI, a user friendly experience and most of all they want to be in the place everyone is already at. The average Joe doesn't want to be the first guy on Simple X, they actually really want the hassle free platform everyone is already at.
Also, the next great communication app is constantly changing. It used to be IRC, ICQ, MSN Messenger, Facebook Messenger, WhatsApp, Instagram, Telegram, Signal, Matrix, Simple X, Session. I'm sorry to say that the average person is not willing to migrate that often. Facebook works, their friends are already there, they stick to it. This isn't elitism, it's just stating what I see.
I find this resistance weird. (From the "normies", not the Signal users)
Most of them have phones filled with all sorts of crap that they download willy nilly, yet they only seem to put the walls up for Signal.
I’ve used XMPP since shortly after it was developed. I still use it today.
HOWEVER, while the clients are relatively good, as long as they support the extensions you want to use, I’ve found maintaining the server to be a royal headache. Between protocol and extension improvements, security updates and general server instability, I find that it’s a constant struggle to have it running and compatible with whatever client someone is using, when someone actually uses it.
Signal, on the other hand, pretty much always works, has a single client, and nobody has to worry about managing the server except Signal. So as infrastructure, it makes a lot more sense.
If I could get a single person to use Signal instead of Whatsapp... or even the nerds I know to use matrix instead of Discord...
There two kinds of nerds. Ones that are actually curious to try new things, and ones that conform and sully the name. It's like tech bros vs real IT professionals.
I think the slightly more charitable division is "nerds who want to work on the tool" vs "nerds who want to use the tool to work on something else"
Some people want their discord chat to work with little effort or errors because what they're actually interested in is some video editor, or something. And if the chat is broken, it prevents then from getting to what they really want.
I personally use XMPP, so this isn't just to clear my own name, or anything.
First of all, thank you for your recommendation. I was on the fence between Siskin IM and Monal, so I went with Monal to replace AstraChat.
I’ve used Signal before and it was fine but I prefer not to give a phone number to open an account; there are other services that don’t require it.
Speaking of services, I use Simple X, Session, Matrix and Delta Chat (occasionally). Most of my eccentric mix of family, friends and colleagues are happy to try something new or switch as long as it doesn’t require a phone number to sign up. They’re slowly leaving Signal, WhatsApp, Telegram and limiting access to their iMessage.
In my experience, Session syncs very well between my devices which makes it my favorite. I chose FluffyChat over Element because of the App Privacy in iOS.
I use Telegram. Eek? It's just my wife and I though. All these things I've heard about Telegram? Never actually seen them in mine. I have looked at groups, but I've only seen memes, crypto crap, and what look like scams ("post this in 5 Reddit threads to get invited to the actual group"). There's nothing of value out there that I've seen. So I just use it to message my wife, because texting wasn't good enough when we started using it (both our phones have RCS now) and I don't use Facebook, and she doesn't have an iPhone (so, no iMessage).
I completely reject this notion that you have to pick one and stay with it. My messaging apps include iMessage, Session, Signal, and Telegram. I also have a fork of Telegram that lets me use it from my watch (as in, it has a watch companion; official Telegram does not). I also have Discord (need it for a couple things).
I used xmpp with otr encryption... maybe also omemo, it rings a bell. This was some years ago. But it was barely usable. Otr refused to connect at times and only unecrypted worked, messages were encrypted with wrong keys or something and history became unreadable. It worked on the desktop, but then not on the phone, only with this and that client, but not those. It was a confusing mess and I had to stop using it. If it works today, thats great.
Android's bullshit made me quit XMPP. We needed instant messages to be instant but Android kept making that harder and harder until it was impossible.
With Signal we're still fighting but it works a little bit better due to integration with the messenger service or whatever it's called. Dunno, maybe XMPP can work with that as well by now.
Sigh, I want my Linux phone where I can control battery life vs availability myself.