Problems we are having with #Signal:
* It is and will remain centralized (clear strategy of *not* federating servers)
* It requires strong identifiers/selectors (phone#) to use
* Author disallows distribution by anyone but Google, although free/libre
* It keeps pushing away verification of fingerprint in interface
* It relies on Google+Amazon infrastructure
* Its funding is shady (OTF = Radio Free Asia = USG)

= clearly unethical choices, unjustifiable by accessibility or technological reasons.


@jz Share your concerns + also that they have effectively helped whitewash Google/Facebook by working with them to add encryption that's not on by default.

At the same time, only one of two solutions right now that are fully open source + cross platform (the other being Wire). (Also, an apk is available for download but is discouraged/not easy to find - they do push people to Google.)

We definitely need decentralised alternatives that publicly oppose surveillance capitalism.

· · Web · 1 · 3 · 12

@aral Actually the download link to the APK on their website doesn't even work until you enable javascript coming from....


(guess who?...)





What a surprise... :/

Conversation is working well. Omemo gives hope that some flaws of XMPP/OTR could be compensated (offline messages, decent crypto...)

@jz @aral I've been thinking about widening my use of XMPP lately.

Last time I tried to use it as a daily driver for my friend's group communication (~6years), the notification sync between computers and phones was regularly failing. Don't clearly remember why, I think it was coming from diverging implementation of an obscure XMPP extension.

Are notifications more reliable nowadays?

@Ninjatrappeur @jz @aral yes, the XMPP(+OMEMO) combo is proving stable. Including notifications. An OOTB install of ejabberd gives a good set of XEP implementations.

See for a non exhaustive list of XMPP server and XEP compliances.

@aral @jz

I think things are slowly moving in a good direction. Certainly the situation today for secure chat looks a lot less hopeless than it did three or four years ago.

The lesson from XMPP is also that standardised server configurations are needed. This is where Matrix gets it right. There's so much diversity in the configuration of XMPP servers that this is often the cause of bad user experiences.

@aral @jz Have you tried Tox? I haven’t used it extensively, but it’s been very easy to setup and use.

@aral @jz I'm biased because I work on its design, but what do you think about Nextcloud Talk?

- fully open source, server as well as client
- self-hostable and only requires PHP
- app in F-Droid, apk available too
- uses WebRTC standard
- federation is planned, but using links to have calls with people not on Nextcloud is already possible - would love to get your feedback!

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!