Joe LanmanEspecially in the light of Zuckerberg's recent behaviour, please consider using Signal, it's actually good and a pretty easy replacement for Whatsapp
contrapunctus ✊🏳️🌈🏳️⚧️@joelanman Signal is centralized. Centralized services are vulnerable to enshittification, as demonstrated by Reddit, Twitter, and Facebook.
The solution is to use a #federated platform like #XMPP instead.
The easiest way is to use it is to install Quicksy from the Play Store, App Store, or F-Droid - https://quicksy.im
For more curious users, here's a guide to XMPP, with client, server, and public channel recommendations.
https://contrapunctus.codeberg.page/the-quick-and-easy-guide-to-xmpp.html
maple@contrapunctus @joelanman This is the whole problem with #XMPP. You say "Signal is centralized. Centralized services are vulnerable to enshittification, as demonstrated by Reddit, Twitter, and Facebook." Don't necessarily disagree with that. But then you say, "The solution is to use a #federated platform like #XMPP instead. Ask your contacts to install Quicksy from the Play Store, App Store, or F-Droid." And my response would be, "I've never heard of Quicksy. How do I know it's free of malware? How do I know if I can even use it?"
But THEN you put the cherry on top: "Here's a user-oriented guide to XMPP, with client, server, and channel recommendations."
WTF??? I don't need a "user-oriented guide" to install #Signal. Client, server, and channel recommendations? Why the f... do I need those? You seem to think I want to have to read a bunch of crap and then try to figure out how how to make sense of it. And I don't. Very few people do. I want something I can just install and that is easy and intuitive to use. Private and secure is also great (and Signal gives you that, for now), but I don't want to have to learn a bunch of geek stuff when there are solutions I can just install and have up and running in two to five minutes.
And that is how probably 99% of people feel. I use Linux and I STILL don't want to have to mess around with any of the available XMPP servers. Until the #XMPP proponents understand that, they are just spitting into the wind (and coming off as a little preachy in the process).
pixelschubsi@maple @contrapunctus @joelanman
I understand where you are coming from, but:
1. People install untrustworthy apps all the time. In fact, by far most malware infections on Android are not caused by security issues in the operating system (even though most people run terribly outdated versions with known vulnerabilities), but by users installing untrustworthy apps from third-party sources (not Play Store).
2. Signal for Android is known to include malware for almost a decade now.
@pixelschubsi @contrapunctus @joelanman You have made several allegations with no real proof but that's kind of irrelevant to the point I was trying to make anyway, which is that VERY few people are going to bother with #xmpp because it is too difficult and complicated for the TYPICAL user to install and configure. I am not talking about the Linux or server experts who love setting up this sort of thing, and I am not talking about the people who have a friend/relative/neighbor that's really hot on xmpp and has convinced them to try it and is willing to install and support it for them (and potentially their friends and family with whom they communicate regularly).
Is xmpp more private and secure? Unquestionably. Is it free from the control of major corporations? Mostly (but remember that Google used to use it in Google Talk and Google Voice). Is it easy for non-technical people to set up and configure? Some may think it is but they are living in fantasyland, or maybe they are promoting a solution that requires a phone number, which then makes any claims of being more private fly right out the window and into a different galaxy. If you have to give a phone number you lose the main advantage over Signal, et. al.
Until the xmpp proponents take the difficulty of onboarding seriously (and stop pretending it's easy, or that everyone has a technically-inclined person in their life that seriously cares about this sort of thing), xmpp is basically going nowhere.
By the way, yesterday someone mention #Gajim. Gajim is a fine program, probably one of the best xmpp clients I've seen, but it has one fatal flaw: It refuses to implement some xmpp features if talking to a server that doesn't have a valid, up to date certificate (a self-signed certificate won't do). Which, if you are trying to set up a small server for friends and family, is an additional layer of complication that will stop some folks in their tracks. So stop pretending xmpp is easy - maybe it is if you are the type who sets up servers as a hobby or for work, but it is not for most people, and most people just don't care THAT much about privacy (unfortunately).
@maple @contrapunctus @joelanman
1. Everyone is signing up and using means of communication for someone. You rarely open an account with an instant messenger without having an idea what to do with that later. Therefore I'd argue that being invited to a messaging app (let's for now ignore how exactly the invite looks like) is the main way for people to use that app.
@maple @contrapunctus @joelanman
2. I bet you use e-mail, but how did you start using e-mail? Did someone introduce you to it, guiding you through setting up an account with their favorite provider at the time? Or did you maybe follow some guide online to do so? Or have you been involved in the early days and set up a server yourself (maybe using a guide as well)? In any case the procedure was probably similar to setting up an XMPP account. And everyone has e-mail, so everyone could have XMPP.
@maple @contrapunctus @joelanman
3. I think you haven't really followed how much XMPP people have in fact thought about how to make onboarding easier. Quicksy is just one example (being based on phone numbers and your phone book like WhatsApp). Snikket provides means to invite using a single link (or QR) that when opened on a phone, would redirect you to the Snikket app in the respective app store which after installation will automatically set up an account and start a chat with the inviter.
@maple @contrapunctus @joelanman
4. You seem to see XMPP as an app or service. It's not. It's a protocol, a technology that apps and services can use. WhatsApp is using XMPP. Zoom is using XMPP. Fortnite is using XMPP. And a bunch of others. More than half of the world population is using XMPP regularly. So the protocol can't be the issue. And if you pick the right FOSS apps for the use (e.g. Quicksy, Snikket), they're just as fine as the commercial ones.
@pixelschubsi @[email protected] @joelanman At risk of beating a dead horse here, I will just say that there are two flaws in your arguments about #XMPP. One is you assume that an EASY solution doesn't need to be compatible with desktop computers. Yet that is where such a solution is most needed, since it's often older people (who have difficulty reading small text on a phone screen, or just can't figure out how to use their phone for anything beyond phone calls) that use the #Signal desktop application.
Second, when you talk about servers, what is really needed is an XMPP server that you can install and then it will offer a WEB-BASED interface for setup, maybe with a setup wizard to make it even easier for those who know nothing about XMPP. It should NOT just assume that you want to interact with other XMPP servers (some people just want to run a private system for friends and family). And (this is important) it needs to automate the process of getting and renewing any necessary certificates (from Let's Encrypt or wherever)., That is the part that stumps may would-be users. AND IT SHOULD NOT REQUIRE A PHONE NUMBER FROM USERS!!!!! And it should not assume you are a Linux nerd, or really know much of anything about computers.
By the way the reason the certificate thing is important is because many XMPP clients either will not work at all, or will not give you full functionality if there is no certificate (a self-signed one apparently won't do). For example Gajim, which is arguably among the easiest of XMPP clients to use, will let you do basic instant messaging but it won't let you send photos or files if there is not a valid certificate. WHY???
I don't want you to think I am promoting Signal. I HATE the fact they ask for a phone number, although at least you don't necessarily have to use your cell phone number. In fact I would probably be a lot more positive about XMPP if the servers were easier to set up (AND DID NOT USE A PHONE NUMBER!!!!! AND HANDLED THE CERTIFICATES AUTOMATICALLY!!!!!) and the clients had an option to use a self-signed certificate on the server. But still, I at least have a nodding familiarity with Linux. Most users (particularly Windows and MacOS users) would be in way over their heads trying to set up an XMPP server. And if you mention that fucking Quicksy again I will block you, I am not and NEVER will be interested in anything that requires a PHONE NUMBER. Having a phone number should NOT be a requirement for internet communications, and it throws all the privacy and security advantages of XMPP right out the window for the sake of convenience.
P.S. Also forgot to mention, I started watching a video about Snikket, first things it said was you need a domain name (regular users probably don't have those) and a VPS (and its associated monthly fee). Again, WTF!!! Why should I pay a monthly fee when I can use Signal for free and don't need to deal with all that nerdy stuff? The entire video runs over 17 minutes and almost none of it is anything a normal user would easily understand. And that's supposed to be the EASY way to install an XMPP server? If that is easy I would REALLY hate to see the hard way. Now I will grant that was just one video, and there may be an easier way to set it up (preferably self hosted so you don't need a VPS, especially for a friends/family only system), but I don't think you can ever get around the fact that it (at present) requires that you be a bit of a Linux nerd to get it going.
@maple
I understand you'd like to have a solution that also works on the desktop and I agree. However you have to realize that many popular messaging systems have a mobile app as a prerequisite, so it's hard to argue that XMPP systems doing the same is a major issue.
When it comes to settings up your own server, I like things to be simple as well, and hack Snikket server is >90% web based setup. [...]
@maple [...]
There is just some things - https://snikket.org/service/quickstart/ - that need to be done before getting access to the web setup, like starting the web server and making it available. Snikket also will automatically get your LetsEncrypt certificate and so on.
But here is also where you got me 100% confused: You watched a video on how to setup a Snikket server and complain that you need a server for it? Well, what else does a server run on if not a server?
[...]
Snikket quick-start guide
Hi, welcome! This is a guide to help you set up your own Snikket service. Once it is set up, you will be able to invite others to join you using the Snikket app and chat over your own private messaging server! Not sure what this is all about, or self-hosting is not your kind of fun? Good news: we also provide hosted Snikket instances! You can start a Snikket instance for your group in just a few clicks with no technical expertise necessary. Requirements To follow this guide you will need:
@maple [...]
If you don't want to run a server on you own and also don't want to pay someone to run it for you - https://snikket.org/hosting/ -, you need to use the server of someone else. With Snikket that means, you need to find someone that invites you to their server. If someone was to send you an invite to their Snikket, there is literally nothing you need to setup, so you probably won't find a tutorial video on how to do that.
If you don't want to run a server on you own and also don't want to pay someone to run it for you - https://snikket.org/hosting/ -, you need to use the server of someone else. With Snikket that means, you need to find someone that invites you to their server. If someone was to send you an invite to their Snikket, there is literally nothing you need to setup, so you probably won't find a tutorial video on how to do that.
Snikket Hosting
Snikket is a fully open-source personal messaging server that allows groups of people such as family, friends, clubs and small organisations to have their own private communication space. You can use our simple dashboard to launch Snikket instances for you in just a few minutes. It’s a great option if you’re just looking for a more privacy-friendly alternative to mainstream messengers such as Facebook, WhatsApp or Telegram, without any technical knowledge required.
@pixelschubsi I think you are misunderstanding what I am saying. *I* understand that #Skikket is a server and needs to be set up, but what I keep hammering on is that a typical user won't have the foggiest clue how to do that with any of the current #xmpp server programs. A typical user wants to install an app and get on with their life, and yes many of them will just blindly enter their phone number when requested, but not all will. And again, I agree that if someone else wants to set up a server and be your tech support it can be a breeze for you, although if they are not all that Linux savvy they may not care much for the current server choices.
The only time I ever had an xmpp server that was reasonably easy to install and use was #OpenFire, and that was only because it was installed using a script that actually set up several programs at the same time. But that was MANY years ago (probably more than 15, maybe 20 years) and was before certificates became a thing on xmpp servers. But as I recall it had a decent web interface (or maybe that was pa\rt of that package of programs), anyway I only ran that package for maybe two or three years and then that project died. But even that would be more than a typical user wants to deal with (and yes I had a nodding acquaintance with Linux even back then, but I don't know a whole lot more about it today than I did back then, it mostly frustrates the hell out of me whenever I encounter some problem).
Almost nobody running a xmpp server wants to invite anyone and everyone to use it, but even if those open servers exist, few people have heard of them and in a group of friends or family someone would surely object that they know nothing about that server, it could go down without warning at any time or the operators could be intercepting messages, etc. #Signal, at least, is big enough that it's probably not going to fall of the face of the earth without warning (and if it does the tech press will be telling you why and if it's likely to come back) and it does have a privacy policy. So running your own server is preferable and my point all along is that they need to make that MUCH easier for non-nerds. If the server uses text-based or yaml configuration files you are lost already. Users want web-based configuration (think something like Home Assistant, which I do not use but I have noticed it is getting very popular, which never would have happened if they did not have that superb web interface).
Snikket may in fact be most of the way there, but as far as I know it is not cross platform, and it could definitely stand to have a better introductory video than that one I was watching. BUT you could have the easiest server in the world to install and it's not going to motivate a user that wants to be up and running in two or three minutes, using a platform their friends and family have at least heard of. And yes I know, those are the kind that will happily give up their phone number, and it burns me to no end that people don't care about that, but they don't. And then if you have xmpp servers that also require that, you have really just taken away any reason someone should prefer xmpp over Signal.
In my mind before you go promoting xmpp as an alternative to Signal you need to have a server that preferably is cross-platform, but at the very least is drop-dead easy to set up (you should be able to show how to set it up and add users in a video of 3 minutes or less, 5 tops), and it should not require the user to know anything about certificates. It should not require a domain if you just want to use it locally, or tell you how to use it with a free service such as freedns.afraid.org or DuckDNS or something like that. It should not tell you that you need to use any paid service (Signal is free!). It should not assume you need any kind of group chat (maybe you just want one-to-one messaging) but it should let you send images and files to another user. It should not assume you want to federate with any other xmpp server (in case you are running a private friends/family server). In other words it needs to be as easy to work with as something like Home Assistant.
And for the people that absolutely will not set up their own server (and don't have a tech-savvy relative) then there needs to be a service they can use THAT DOES NOT REQUIRE A PHONE NUMBER (otherwise why not just use Signal?) and that has the ability to scale and that has a decent privacy policy (and it will still need to reach critical mass before people will use it). And of course that all costs money (again, Signal is free!). We actually used to have something more or less like that in the form of Google Talk but they shut that around 2016 if I recall correctly.
Anyway those are the hurdles the xmpp proponents need to think about and overcome if they really want to "sell" anyone outside their immediate friends/family circles on using xmpp. Speaking from experience, we used to have an xmpp server set up in our friends/family group (using Prosody after that OpenFire setup went away, only because we found some good instructions in some guy's blog that are now no longer online) but as with many things it became harder and harder to deal with and the when the xmpp clients started demanding valid certificates just to send photos and files that just killed it, and everyone went to just using email and then later to Signal. So that is not something I personally would ever want to get back into unless I was pretty certain the process of setting up and running a server had become MUCH easier.
methuselah@maple @pixelschubsi @joelanman you use conversations as server and for older people gajim is best. No fuss. You have to anyway set up account once. And they can use WhatsApp also. It's not totally off the books right. Setup server is hard enough for most of young people as well
@methuselah @pixelschubsi @joelanman Sure, conversations is an option IF you and your friends/family are highly motivated to use #xmpp, and you all agree that a platform most of you have probably never heard of is a better choice than the big slick one that everyone's heard of. And I actually could envision scenarios where that would be the case (a family or group of friends that do not want to associate a phone number with their accounts, for example) but basically you're being asked to trust the operators of a platform you have never heard of. Is that any worse than trusting the larger, shinier platform? Maybe not, but still I think conversations would be a hard sell in many friend/family groups, simply because most people are unfamiliar with xmpp and xmpp clients.
I also note that in a footnote on their page they say, "To create an account your client needs to support inband registration. Depending on the client, you will either be asked for the desired address (e.g., [email protected]), or separately for the user name (e.g., alice) and domain part (conversations.im). A login password must also be specified. If anything else can be configured, the default settings should usually be fine." And a lot of people would say, "Your client? WHAT client? What's a xmpp client? How do I know if it supports inband registration? Does that mean setup will be complicated?" They may also ask things like "Can I trust that my messages are not intercepted and/or stored?" and "Is this service likely to go belly up with no warning in the middle of the night?" I am not saying conversations is a bad choice, it actually might realistically be one of the best choices for many users, but there might be a high hurdle to convincing them of that. And also there are users would would prefer to use a totally free service (as far as I can tell, use of the conversations server is free but their official clients are not), remember Signal is totally free.
Even with those objections, I think the xmpp proponents might be much further ahead to suggest something like that (and maybe make a list of FREE clients that will work with it) than just telling people they should try xmpp and offer no further guidance).
I looked in my password manager and I actually had created an account there at one time, but for whatever reason never actually used it. I don't remember now if it was because I could not get it to work with my xmpp client or what; I must have created it some time back and my memory is not that good.
@maple @methuselah @joelanman
I'm not sure what guides you read, but it seems the problem with them is that they're too open and offer options that make things more complicated.
A guide could be as easy as: [...]
@maple @methuselah @joelanman
Q1: Do you want to be reached by your and reach others by their phone number?
Yes > Install Quicksy on your phone. Follow on screen guidance. Done.
No > Q2
Q2: What device are you using?
Android > Install Conversation.
iPhone/iPad > Install Monal.
Computer > Install Gajim.
Open Conv/Monal/Gajim. Select create account. Enter your desired nickname followed by "@conversations.im". Enter a password, note it down and store it. Follow on screen guidance. Done.
@maple @methuselah @joelanman
This probably covers 99.9% of users' needs, but because the 0.1% are the tech people that write those guides, they're overly complicated to cover that tech person's personal needs.
This probably covers 99.9% of users' needs, but because the 0.1% are the tech people that write those guides, they're overly complicated to cover that tech person's personal needs.
@pixelschubsi Blocked!!!