Joe LanmanEspecially in the light of Zuckerberg's recent behaviour, please consider using Signal, it's actually good and a pretty easy replacement for Whatsapp
contrapunctus ✊🏳️🌈🏳️⚧️@joelanman Signal is centralized. Centralized services are vulnerable to enshittification, as demonstrated by Reddit, Twitter, and Facebook.
The solution is to use a #federated platform like #XMPP instead.
The easiest way is to use it is to install Quicksy from the Play Store, App Store, or F-Droid - https://quicksy.im
For more curious users, here's a guide to XMPP, with client, server, and public channel recommendations.
https://contrapunctus.codeberg.page/the-quick-and-easy-guide-to-xmpp.html
maple@contrapunctus @joelanman This is the whole problem with #XMPP. You say "Signal is centralized. Centralized services are vulnerable to enshittification, as demonstrated by Reddit, Twitter, and Facebook." Don't necessarily disagree with that. But then you say, "The solution is to use a #federated platform like #XMPP instead. Ask your contacts to install Quicksy from the Play Store, App Store, or F-Droid." And my response would be, "I've never heard of Quicksy. How do I know it's free of malware? How do I know if I can even use it?"
But THEN you put the cherry on top: "Here's a user-oriented guide to XMPP, with client, server, and channel recommendations."
WTF??? I don't need a "user-oriented guide" to install #Signal. Client, server, and channel recommendations? Why the f... do I need those? You seem to think I want to have to read a bunch of crap and then try to figure out how how to make sense of it. And I don't. Very few people do. I want something I can just install and that is easy and intuitive to use. Private and secure is also great (and Signal gives you that, for now), but I don't want to have to learn a bunch of geek stuff when there are solutions I can just install and have up and running in two to five minutes.
And that is how probably 99% of people feel. I use Linux and I STILL don't want to have to mess around with any of the available XMPP servers. Until the #XMPP proponents understand that, they are just spitting into the wind (and coming off as a little preachy in the process).
> "I've never heard of Quicksy. How do I know it's free of malware? How do I know if I can even use it?"
The people who say that to me usually get a brief explanation about freedom-respecting software, and why it's the only kind of software you can trust.
And people usually trust something when their technical friend (= me) recommends it. More so when it's the only way to reach said friend.
1/
@contrapunctus @joelanman You: "And people usually trust something when their technical friend (= me) recommends it. More so when it's the only way to reach said friend."
Yes, but:
1: Not everyone has a technical friend who wants to sign on to be their tech support, and
2. I once had a friend say that the only way he could be reached henceforth was via Telegram. How would you have reacted to that. I simply told him I don't use apps that require a phone number to sign up. Period, end of story.
(However when it comes to Signal, though it does require a phone number, it doesn't necessarily have to be YOUR phone number).
Anyway I was just reacting to what you wrote. If that upsets you, please feel free to mute or block me. I really don't want to argue with you but I do disagree with you to some extent (and agree to some things you have written also) and I do think it is unrealistic to expect anyone to use #xmpp if they don't have a technical friend such as you (or if they don't fully trust their friend - remember my friend who tried to get me to use Telegram, where would I be now if I had followed his urging?).
Who said anything about "tech support"? You said people won't trust an unknown app, and I gave multiple reasons why they might.
1/
@maple Since you mention that you don't like providing your phone number, you'll like the options that XMPP gives you.
You can use Quicksy (which requires a phone number) and get easy onboarding and contact discovery. Or you can use one of the many public servers that don't even require an email to register (be sure to use a password manager!). Or you can host your own server.
Whatever you choose, you will be able speak to contacts on any XMPP service, and use any XMPP client.
2/
@contrapunctus @joelanman And there you go:
"You can use Quicksy (which requires a phone number) and get easy onboarding and contact discovery."
That's a hard no. If I have to give a phone number then there is no advantage over Signal.
"Or you can use one of the many public servers that don't even require an email to register (be sure to use a password manager!)."
A public server run by someone I don't know from Adam who may or may not be able to intercept my conversations, and that could go down without warning at any time (yes, so could Signal, but at least in that case the tech media will likely be all over it and tell you why it happened and if/when they'll be back). AND then I still have to deal with installing AND CONFIGURING an XMPP client, which most people would have no idea how to do.
" Or you can host your own server."
Again that's a hard no. At least for most people. Linux geeks may enjoy that sort of thing but almost every one else would get frustrated and give up, especially the minute they have to do anything involving certificates.
Look, I am not arguing that XMPP isn't better on a conceptual level, I am just saying that the people who love it can't seem to wrap their heads around the fact that it's too complicated and time consuming for ordinary users who DON'T have a techie friend they trust to do the setup for them.
@maple @joelanman You're mixing up your own preferences and priorities with those of most people.
Most people use a mobile device and have no issue providing their phone numbers. Quicksy is perfect for them. There's no "configuration" or "tech support" needed.
@contrapunctus @joelanman Okay ,well you got me there, far too many people are willing to give up their phone number or other personal details. But then I ask, so what advantage does xmpp give them? If they don't give a flying f... about their privacy then they can use Signal, or Whatsapp, or Telegram, or whatever their friends and family are using. The whole point of using xmpp is that it is more private and that it is not controlled by a big corporation, but the people who are willing to hand out their phone numbers to anyone who asks probably don't care about such things. And yes, I know you got 100 people onboarded (I assume using Quicksy) but my suspicion is if you had asked some of them them to use Signal or Telegram or Whatsapp they would have gone for that just as easily. It was the fact you were willing to personally help them get it set up that made all the difference. And if that was a one time thing, where you set it up but don't plan to be their ongoing tech support, them probably within five years at least half of them will have gone back to one of the larger platforms.
pixelschubsi@maple @contrapunctus @joelanman
> but at least in that case the tech media will likely be all over it
That's wishful thinking. I recently reported both here on Mastodon and on Signal's public issue tracker that Signal servers can remotely disable privacy features in the client leading to revealing metadata to their servers. Reply by Signal was, that they want it like this. Reply from tech media was, that if Signal wants it like this, it must be good this way.
Signal silently falls back to "unsealed sender" messages if server returns 401 when trying to send "sealed sender" messages · Issue #13842 · signalapp/Signal-Android
Guidelines I have searched searched open and closed issues for duplicates I am submitting a bug report for existing functionality that does not work as intended This isn't a feature request or a di...
@maple @contrapunctus @joelanman
Given that malware being built into Signal potentially causing real harm is also known for years and even was discussed within some tech circles, but not the mainstream tech media, it seems that Signal is above any critique and can just do whatever they want.
Fact is, we don't know what they do. We know they certainly do have backdoors in place and there are ways to remotely extract messages from Signal clients. Hopefully they're not used maliciously.
Rihards Olups@richlv @maple @contrapunctus @joelanman A dynamic loader. It dynamically downloads dalvik bytecode from a Google-controlled server and executes it within the Signal process, thus getting access to Signal's private data storage and encryption keys. Both the loader code and the code downloaded are proprietary and have not undergone any third-party audits. And of course Google (or whoever gets access to their infrastructure) can deliver targeted versions of the bytecode for targeted attacks...