@joelanman Signal is centralized. Centralized services are vulnerable to enshittification, as demonstrated by Reddit, Twitter, and Facebook.

The solution is to use a #federated platform like #XMPP instead.

The easiest way is to use it is to install Quicksy from the Play Store, App Store, or F-Droid - https://quicksy.im

For more curious users, here's a guide to XMPP, with client, server, and public channel recommendations.
https://contrapunctus.codeberg.page/the-quick-and-easy-guide-to-xmpp.html

@contrapunctus @joelanman This is the whole problem with #XMPP. You say "Signal is centralized. Centralized services are vulnerable to enshittification, as demonstrated by Reddit, Twitter, and Facebook." Don't necessarily disagree with that. But then you say, "The solution is to use a #federated platform like #XMPP instead. Ask your contacts to install Quicksy from the Play Store, App Store, or F-Droid." And my response would be, "I've never heard of Quicksy. How do I know it's free of malware? How do I know if I can even use it?"

But THEN you put the cherry on top: "Here's a user-oriented guide to XMPP, with client, server, and channel recommendations."

WTF??? I don't need a "user-oriented guide" to install #Signal. Client, server, and channel recommendations? Why the f... do I need those? You seem to think I want to have to read a bunch of crap and then try to figure out how how to make sense of it. And I don't. Very few people do. I want something I can just install and that is easy and intuitive to use. Private and secure is also great (and Signal gives you that, for now), but I don't want to have to learn a bunch of geek stuff when there are solutions I can just install and have up and running in two to five minutes.

And that is how probably 99% of people feel. I use Linux and I STILL don't want to have to mess around with any of the available XMPP servers. Until the #XMPP proponents understand that, they are just spitting into the wind (and coming off as a little preachy in the process).

@maple @joelanman

> "I've never heard of Quicksy. How do I know it's free of malware? How do I know if I can even use it?"

The people who say that to me usually get a brief explanation about freedom-respecting software, and why it's the only kind of software you can trust.

And people usually trust something when their technical friend (= me) recommends it. More so when it's the only way to reach said friend.

1/

@contrapunctus @joelanman You: "And people usually trust something when their technical friend (= me) recommends it. More so when it's the only way to reach said friend."

Yes, but:

1: Not everyone has a technical friend who wants to sign on to be their tech support, and

2. I once had a friend say that the only way he could be reached henceforth was via Telegram. How would you have reacted to that. I simply told him I don't use apps that require a phone number to sign up. Period, end of story.

(However when it comes to Signal, though it does require a phone number, it doesn't necessarily have to be YOUR phone number).

Anyway I was just reacting to what you wrote. If that upsets you, please feel free to mute or block me. I really don't want to argue with you but I do disagree with you to some extent (and agree to some things you have written also) and I do think it is unrealistic to expect anyone to use #xmpp if they don't have a technical friend such as you (or if they don't fully trust their friend - remember my friend who tried to get me to use Telegram, where would I be now if I had followed his urging?).

@maple

Who said anything about "tech support"? You said people won't trust an unknown app, and I gave multiple reasons why they might.

1/

@joelanman

@maple Since you mention that you don't like providing your phone number, you'll like the options that XMPP gives you.

You can use Quicksy (which requires a phone number) and get easy onboarding and contact discovery. Or you can use one of the many public servers that don't even require an email to register (be sure to use a password manager!). Or you can host your own server.

Whatever you choose, you will be able speak to contacts on any XMPP service, and use any XMPP client.

2/

@joelanman

@contrapunctus @joelanman And there you go:

"You can use Quicksy (which requires a phone number) and get easy onboarding and contact discovery."

That's a hard no. If I have to give a phone number then there is no advantage over Signal.

"Or you can use one of the many public servers that don't even require an email to register (be sure to use a password manager!)."

A public server run by someone I don't know from Adam who may or may not be able to intercept my conversations, and that could go down without warning at any time (yes, so could Signal, but at least in that case the tech media will likely be all over it and tell you why it happened and if/when they'll be back). AND then I still have to deal with installing AND CONFIGURING an XMPP client, which most people would have no idea how to do.

" Or you can host your own server."

Again that's a hard no. At least for most people. Linux geeks may enjoy that sort of thing but almost every one else would get frustrated and give up, especially the minute they have to do anything involving certificates.

Look, I am not arguing that XMPP isn't better on a conceptual level, I am just saying that the people who love it can't seem to wrap their heads around the fact that it's too complicated and time consuming for ordinary users who DON'T have a techie friend they trust to do the setup for them.

@maple @contrapunctus @joelanman

> but at least in that case the tech media will likely be all over it

That's wishful thinking. I recently reported both here on Mastodon and on Signal's public issue tracker that Signal servers can remotely disable privacy features in the client leading to revealing metadata to their servers. Reply by Signal was, that they want it like this. Reply from tech media was, that if Signal wants it like this, it must be good this way.

https://github.com/signalapp/Signal-Android/issues/13842

@maple @contrapunctus @joelanman

Given that malware being built into Signal potentially causing real harm is also known for years and even was discussed within some tech circles, but not the mainstream tech media, it seems that Signal is above any critique and can just do whatever they want.

Fact is, we don't know what they do. We know they certainly do have backdoors in place and there are ways to remotely extract messages from Signal clients. Hopefully they're not used maliciously.