sevvie Rose ๐ŸˆฒSep 6, 2018
@puffinux Hm. Looks fun.

Programs I use with my #linux (#archlinux) machines:

#GNOME3 (display mgr)
#Brave & #FirefoxNightly (browser, image viewer)
#LibreOffice (office)
#Riot (chat)
#nvim (editor)
#terminator (term emulator)
#tmux (term multiplexer)
#mutt (email)
#GIMP (image editor)
Puffinux (@[email protected])

402 Toots, 185 Following, 116 Followers ยท #Solarpunk, technology repairer, free software enthusiast. Maker of robots. Bicycles for transport. #Alternative. ๐Ÿค–๐ŸŒฟ๐ŸŽจ๐Ÿ–ฅ๐Ÿฐ๐ŸŒ…๐ŸŠ๐Ÿšด๐ŸŽฎ๐ŸŽฒ๐Ÿ’ฟ๐Ÿ“š

Show threadTheOuterLinux โœ…Sep 6, 2018

@sevvie @[email protected] GNOME3....?! On an Arch machine?! WHAT MADNESS IS THIS! Have ye no i3 fealty?!

#MXLinux (Linux distro)
#XFCE (desktop environment)
#Palemoon (browser)
#xviewer (image viewer)
#LibreOffice (office)
#irssi or a #tox client (chat)
#nano (because I'm a sane person)
#xfce4-terminal (term emulator)
#tmux (term multiplexer)
#alpine or #Thunderbird (email)
#GIMP, #Krita, #MyPaint, or #GrafX2 for image editing/painting

Show threadDanilo SpinellaSep 6, 2018

@TheOuterLinux

I think that using Tox is crazier though xD

Show threadTheOuterLinux โœ…Sep 6, 2018
@danyspin97 I don't know. Most too clients support audio, video, text, and file sharing, as well as group messages. It uses a server temporarily to connect people as encrypted peer-to-peer. If you're worried about the IP part, you'd could just use a VPN or Tor. There's no signup either. You have a portable profile that kind of just knows how to talk to the relay servers. There are clients for almost a all systems, including mobile. Free and open source. Sounds good to me.
Show threadDanilo SpinellaSep 6, 2018

@TheOuterLinux

Yea, it did sound good to me too. Then some other users point me out to an issue on tox repository.

They're dumb asses, they don't know a thing about security, yet they don't accept critics and suggestions.

I've never used tox again.

https://github.com/TokTok/c-toxcore/issues/426

Tox Handshake Vulnerable to KCI ยท Issue #426 ยท TokTok/c-toxcore

Hello, I found this source code confusingly written (and downright scary at times) and the specification woefully underspecified and inexplicit, so it's entirely possible my understanding of the ha...

GitHub
Show threadTheOuterLinux โœ…Sep 6, 2018
@danyspin97 Well, I like it and definitely trust it more than Skype or even Signal. Microsoft decides to talk to Whisper/Signal people about using their software in Skype and then shortly afterwards, Signal gets a $50M donation from Facebook. They're all compromised to some degree. They're all a mess, be it security or legal stuff, but at least Tox is a fairly unknown one.
Show threadStrypeySep 20, 2018
@TheOuterLinux @danyspin97 have you tried #Wire and #Ring? Wire relies on a centralized server, but Ring is #P2P (like #Tox). They're both #FreeCode and both work pretty well for text chat, one-to-one voice calls (although I had persistent echo on Ring the one time I've tesed it so far). I've also tested file-transfer and image sharing on Wire, which work fine. Haven't test conference calling or video chat on either yet.
Show threadDanilo SpinellaSep 20, 2018

@strypey @TheOuterLinux

Wire is centralized and is really similar to Telegram in design (correct me if I'm wrong, I haven't used it).

#Ring is really interesting, I've downloaded it but I've never tried it.

In the end #Matrix still seems the most promising one to me, due to the presence of both a public community and a IM.

Show threadStrypeySep 20, 2018

@danyspin97 @TheOuterLinux
> Wire is centralized and is really similar to Telegram in design

Yes, in that both are server/client and not federated. The difference is that #Telegram server source code is non-free. #Wire has released all their source code under copyleft licenses (GPL/AGPL). So, I could run my own Wire server instead of using theirs, but users would probably have to download a modified client to use my server, and they wouldn't be able to chat to users on Wire's server with it.

Show threadDanilo SpinellaSep 20, 2018

@strypey @TheOuterLinux

Yea, I'm aware of this. I'm currently using Telegram but I'm not tempted to switch to Wire. If I'm gonna use something that is centralized, I prefer Telegram that has a lot of features and Pavel Durov has proved to stand for privacy many times.

Show threadStrypeySep 20, 2018
@danyspin97 @TheOuterLinux that would be an argument for using a #P2P solution like Ring or Tox though, since there's no servers, and thus no network operator whose respect for privacy you need to trust. But they're both young technologies, and will need a lot more dev and security audits before their protocols and client apps can be trusted.
Show threadDanilo SpinellaSep 20, 2018

@strypey @TheOuterLinux

I would instead go for #Matrix anyway or some chat app that runs on the new distributed protocols.

In the end a Matrix server is like a Mastodon server: you use it for communication and if you don't trust it, you just selfhost it. #P2P while being secure might be or might not be the solution to secure private messaging.

Show threadStrypeySep 20, 2018
@danyspin97 @TheOuterLinux but what about the people you are talking to? Unless they are all geeks confident with sysadmin practices, they have to trust a host. With a #P2P app, all they have to do is install it.
Show threadDanilo SpinellaSep 20, 2018

@strypey

Afaik, with E2E encryption you don't need to trust the host.

Show threadStrypeySep 20, 2018
@danyspin97 if you haven't compiled the apps from source yourself, you have to trust that the host who provided them used the same code that's on their repo. Also, even if they did (and the code is good) and the contents are unreadable by the host, what about metadata? Who you talked to can be just an sensitive as what you said to each other. With P2P apps, as long as the E2E security is sound, no third party has access to either your content *or* your metadata.
Show threadStrypeySep 20, 2018
@danyspin97 this is why I don't trust Signal. Why is Moxie so opposed to F-Droid (or even Debian) compiling #Signal clients from source rather than using his binaries? If he does all the compiling, it doesn't matter that both the client and server source code are on public repos, because we only have his word for it that this is the code he's actually compiling from. Every claimed virtue of Signal, including passing an audit, depends on us trusting that he is compiling from the audited code.
Show threadStrypey
@danyspin97 that's a lot of trust to put in one person, who seems to have a very prickly and dismissive attitude towards issues of user trust and software freedom, and a lot of praise for Apple (especially iOS) and goOgle non-free libraries and Play store. This is one reason I've never used #Signal, even once he liberated all the code for both client and server. Another is that I can't use it without a mobile device, like WeChat, which I also find suspicious.
Sep 20, 2018 at 2:58pmWeb