Follow

If you missed the broadcast this morning, you can watch our recording of Inside Story on how to regulate surveillance capitalists like Facebook and Google and replace them with ethical alternatives at your leisure at aljazeera.com/programmes/insid

@aral
Signal and Wire are both centralized, even if you run your own server, you can't talk to users on the official servers. It is easy to block them too. I recommend matrix, which is federated. There is no single point of failure.

@praveen What’s the state of end-to-end encryption on Matrix? Last I checked, it was not ready.

@aral
It works mostly but with some rough edges. There is a redesign in progress to fix these issues matrix.org/blog/2018/11/02/use your inputs would be valuable.

@aral
Conversations/Gajim/ChatSecure all have good e2e over xmpp I think (I prefer Matrix so not verified). Both xmpp and matrix are federated and hence preferred over Signal, Wire or Telegram. For those who want phone number based contact discovery, there is quicksy.im which is fully compatible with xmpp network.

@aral @praveen I don't have any opinions about the m.megolm.v1.aes-sha2 algorithm that Riot uses, but I have been using e2e encrypted 1-to-1 chats in Matrix/Riot for a year now.

It's a bit of a pain to manually backup the encryption keys and restore them on each new Riot installation. Search doesn't work in rooms with e2e encryption. Device verification is an additional step.

After first setup, the e2ee is quite smooth. I'd still recommend Riot over Whatscrap and Signal even in its Beta form.

@Aral Balkan Great points about the need for funding the free and federated alternatives! I think that this is the most impactful way individual nations or the EU can help liberate us from the US centralised, surveillance capitalist model. At least if we can focus on interoperability and standardising protocols, as you also mention. Keep up the great work you do about fronting these matters!

I agree with @{praveen@social.masto.host}, though on the messaging apps. Wire looks like it could be interesting once (if?) it gets federation in place. With Moxies public refusal to support anything outside of Google's distribution channel, I'm a bit surprised you still recommend Signal.

@harald @aral

The EU or most european countries will only "liberate us from the US centralised, surveillance capitalist model" to enforce their own. It's up to ourselves to create and spread decentralized, secure, free, open and socially-constructive technology.

@vulpesvulpes @harald There is no silver bullet that will make things better by itself. Yes to what you just wrote but also yes to any regulation that will slow down the incumbents and give the ethical alternatives a better chance. GDPR is by no means perfect but having it is worlds better than not having it. We must understand its limitations, we must combat institutional corruption so can regulate more effectively, and we must fund the ethical alternatives. We must do it all at the same time.

@aral
Yes I totally agree with this and fighting on several fronts at the same time is essential. What I said is just: Bury the illusions in nation-states setting up THE alternative. They won't. In the end it's us to move forward the change, but of course institutions can be useful for these purposes, in a limited way.
Maybe I just misinterpreted what Harald wanted to say.

@vulpesvulpes I don’t want nation states or the EU or set up the alternative. I want us to get funding for the alternatives from the commons. I want us to use taxpayer euros to support organisations that (a) create free and open source products (b) that are decentralised/peer-to-peer, (c) and interoperable and (d) cannot be sold to other commercial interests (e.g., Silicon Valley companies). So instructure not owned/controlled by the state but funded by taxpayer money and owned by individuals.

@aral  May I suggest that you have a chat with Heather Marsh heathermarsh@riseup.net
She's developing the #GetGee Platform .. Maybe help with a few ideas / suggestions? A little time in helping her?

https://georgiebc.wordpress.com/2015/12/24/getgee-tools-for-self-governance-part-1/ 

@harald Signal is not my first choice. Heck, Moxie blocked me on Twitter for calling him out for legitimising Google/Facebook by working with them. I should have mentioned Wire first but it’s hard to get things exactly right when you’re in the moment. But regardless of all that, Signal is one of the few options people have for encrypted communication and so, yes, I will continue to recommend it, regardless :)

@aral @harald Yes. I have quite a laundry list of reservations about Signal, but if it's a choice between that and something unencrypted, or "encrypted" but the platform has the private keys, then Signal is still a reasonable choice.
@bob @aral There is no circumstance where those are the only choices.
@maiyannah @aral It depends who you're communicating with and what environment they're operating in, but in most cases you're right and there are other better options than Signal.

@bob @maiyannah @aral What are the alternatives for you? I mean real good and easy ones, not Matrix or XMPP...

@skynebula @aral @maiyannah On desktop another easy one is qTox. It can be onion routed and doesn't need servers. Can also run on an autonomous mesh.

Other possibilities on mobile apart from xmpp and riot are GNU Ring and Briar.
Sign in to participate in the conversation
Aral’s Mastodon

This is my personal Mastodon.