@joelanman Signal is centralized. Centralized services are vulnerable to enshittification, as demonstrated by Reddit, Twitter, and Facebook.

The solution is to use a #federated platform like #XMPP instead.

The easiest way is to use it is to install Quicksy from the Play Store, App Store, or F-Droid - https://quicksy.im

For more curious users, here's a guide to XMPP, with client, server, and public channel recommendations.
https://contrapunctus.codeberg.page/the-quick-and-easy-guide-to-xmpp.html

@contrapunctus @joelanman This is the whole problem with #XMPP. You say "Signal is centralized. Centralized services are vulnerable to enshittification, as demonstrated by Reddit, Twitter, and Facebook." Don't necessarily disagree with that. But then you say, "The solution is to use a #federated platform like #XMPP instead. Ask your contacts to install Quicksy from the Play Store, App Store, or F-Droid." And my response would be, "I've never heard of Quicksy. How do I know it's free of malware? How do I know if I can even use it?"

But THEN you put the cherry on top: "Here's a user-oriented guide to XMPP, with client, server, and channel recommendations."

WTF??? I don't need a "user-oriented guide" to install #Signal. Client, server, and channel recommendations? Why the f... do I need those? You seem to think I want to have to read a bunch of crap and then try to figure out how how to make sense of it. And I don't. Very few people do. I want something I can just install and that is easy and intuitive to use. Private and secure is also great (and Signal gives you that, for now), but I don't want to have to learn a bunch of geek stuff when there are solutions I can just install and have up and running in two to five minutes.

And that is how probably 99% of people feel. I use Linux and I STILL don't want to have to mess around with any of the available XMPP servers. Until the #XMPP proponents understand that, they are just spitting into the wind (and coming off as a little preachy in the process).

@maple @contrapunctus @joelanman
I understand where you are coming from, but:

1. People install untrustworthy apps all the time. In fact, by far most malware infections on Android are not caused by security issues in the operating system (even though most people run terribly outdated versions with known vulnerabilities), but by users installing untrustworthy apps from third-party sources (not Play Store).
2. Signal for Android is known to include malware for almost a decade now.

@pixelschubsi @contrapunctus @joelanman You have made several allegations with no real proof but that's kind of irrelevant to the point I was trying to make anyway, which is that VERY few people are going to bother with #xmpp because it is too difficult and complicated for the TYPICAL user to install and configure. I am not talking about the Linux or server experts who love setting up this sort of thing, and I am not talking about the people who have a friend/relative/neighbor that's really hot on xmpp and has convinced them to try it and is willing to install and support it for them (and potentially their friends and family with whom they communicate regularly).

Is xmpp more private and secure? Unquestionably. Is it free from the control of major corporations? Mostly (but remember that Google used to use it in Google Talk and Google Voice). Is it easy for non-technical people to set up and configure? Some may think it is but they are living in fantasyland, or maybe they are promoting a solution that requires a phone number, which then makes any claims of being more private fly right out the window and into a different galaxy. If you have to give a phone number you lose the main advantage over Signal, et. al.

Until the xmpp proponents take the difficulty of onboarding seriously (and stop pretending it's easy, or that everyone has a technically-inclined person in their life that seriously cares about this sort of thing), xmpp is basically going nowhere.

By the way, yesterday someone mention #Gajim. Gajim is a fine program, probably one of the best xmpp clients I've seen, but it has one fatal flaw: It refuses to implement some xmpp features if talking to a server that doesn't have a valid, up to date certificate (a self-signed certificate won't do). Which, if you are trying to set up a small server for friends and family, is an additional layer of complication that will stop some folks in their tracks. So stop pretending xmpp is easy - maybe it is if you are the type who sets up servers as a hobby or for work, but it is not for most people, and most people just don't care THAT much about privacy (unfortunately).

@maple @contrapunctus @joelanman

1. Everyone is signing up and using means of communication for someone. You rarely open an account with an instant messenger without having an idea what to do with that later. Therefore I'd argue that being invited to a messaging app (let's for now ignore how exactly the invite looks like) is the main way for people to use that app.

@maple @contrapunctus @joelanman

2. I bet you use e-mail, but how did you start using e-mail? Did someone introduce you to it, guiding you through setting up an account with their favorite provider at the time? Or did you maybe follow some guide online to do so? Or have you been involved in the early days and set up a server yourself (maybe using a guide as well)? In any case the procedure was probably similar to setting up an XMPP account. And everyone has e-mail, so everyone could have XMPP.

@maple @contrapunctus @joelanman

3. I think you haven't really followed how much XMPP people have in fact thought about how to make onboarding easier. Quicksy is just one example (being based on phone numbers and your phone book like WhatsApp). Snikket provides means to invite using a single link (or QR) that when opened on a phone, would redirect you to the Snikket app in the respective app store which after installation will automatically set up an account and start a chat with the inviter.

@maple @contrapunctus @joelanman

4. You seem to see XMPP as an app or service. It's not. It's a protocol, a technology that apps and services can use. WhatsApp is using XMPP. Zoom is using XMPP. Fortnite is using XMPP. And a bunch of others. More than half of the world population is using XMPP regularly. So the protocol can't be the issue. And if you pick the right FOSS apps for the use (e.g. Quicksy, Snikket), they're just as fine as the commercial ones.

@pixelschubsi @[email protected] @joelanman At risk of beating a dead horse here, I will just say that there are two flaws in your arguments about #XMPP. One is you assume that an EASY solution doesn't need to be compatible with desktop computers. Yet that is where such a solution is most needed, since it's often older people (who have difficulty reading small text on a phone screen, or just can't figure out how to use their phone for anything beyond phone calls) that use the #Signal desktop application.

Second, when you talk about servers, what is really needed is an XMPP server that you can install and then it will offer a WEB-BASED interface for setup, maybe with a setup wizard to make it even easier for those who know nothing about XMPP. It should NOT just assume that you want to interact with other XMPP servers (some people just want to run a private system for friends and family). And (this is important) it needs to automate the process of getting and renewing any necessary certificates (from Let's Encrypt or wherever)., That is the part that stumps may would-be users. AND IT SHOULD NOT REQUIRE A PHONE NUMBER FROM USERS!!!!! And it should not assume you are a Linux nerd, or really know much of anything about computers.

By the way the reason the certificate thing is important is because many XMPP clients either will not work at all, or will not give you full functionality if there is no certificate (a self-signed one apparently won't do). For example Gajim, which is arguably among the easiest of XMPP clients to use, will let you do basic instant messaging but it won't let you send photos or files if there is not a valid certificate. WHY???

I don't want you to think I am promoting Signal. I HATE the fact they ask for a phone number, although at least you don't necessarily have to use your cell phone number. In fact I would probably be a lot more positive about XMPP if the servers were easier to set up (AND DID NOT USE A PHONE NUMBER!!!!! AND HANDLED THE CERTIFICATES AUTOMATICALLY!!!!!) and the clients had an option to use a self-signed certificate on the server. But still, I at least have a nodding familiarity with Linux. Most users (particularly Windows and MacOS users) would be in way over their heads trying to set up an XMPP server. And if you mention that fucking Quicksy again I will block you, I am not and NEVER will be interested in anything that requires a PHONE NUMBER. Having a phone number should NOT be a requirement for internet communications, and it throws all the privacy and security advantages of XMPP right out the window for the sake of convenience.

P.S. Also forgot to mention, I started watching a video about Snikket, first things it said was you need a domain name (regular users probably don't have those) and a VPS (and its associated monthly fee). Again, WTF!!! Why should I pay a monthly fee when I can use Signal for free and don't need to deal with all that nerdy stuff? The entire video runs over 17 minutes and almost none of it is anything a normal user would easily understand. And that's supposed to be the EASY way to install an XMPP server? If that is easy I would REALLY hate to see the hard way. Now I will grant that was just one video, and there may be an easier way to set it up (preferably self hosted so you don't need a VPS, especially for a friends/family only system), but I don't think you can ever get around the fact that it (at present) requires that you be a bit of a Linux nerd to get it going.

@methuselah @pixelschubsi @joelanman Sure, conversations is an option IF you and your friends/family are highly motivated to use #xmpp, and you all agree that a platform most of you have probably never heard of is a better choice than the big slick one that everyone's heard of. And I actually could envision scenarios where that would be the case (a family or group of friends that do not want to associate a phone number with their accounts, for example) but basically you're being asked to trust the operators of a platform you have never heard of. Is that any worse than trusting the larger, shinier platform? Maybe not, but still I think conversations would be a hard sell in many friend/family groups, simply because most people are unfamiliar with xmpp and xmpp clients.

I also note that in a footnote on their page they say, "To create an account your client needs to support inband registration. Depending on the client, you will either be asked for the desired address (e.g., [email protected]), or separately for the user name (e.g., alice) and domain part (conversations.im). A login password must also be specified. If anything else can be configured, the default settings should usually be fine." And a lot of people would say, "Your client? WHAT client? What's a xmpp client? How do I know if it supports inband registration? Does that mean setup will be complicated?" They may also ask things like "Can I trust that my messages are not intercepted and/or stored?" and "Is this service likely to go belly up with no warning in the middle of the night?" I am not saying conversations is a bad choice, it actually might realistically be one of the best choices for many users, but there might be a high hurdle to convincing them of that. And also there are users would would prefer to use a totally free service (as far as I can tell, use of the conversations server is free but their official clients are not), remember Signal is totally free.

Even with those objections, I think the xmpp proponents might be much further ahead to suggest something like that (and maybe make a list of FREE clients that will work with it) than just telling people they should try xmpp and offer no further guidance).

I looked in my password manager and I actually had created an account there at one time, but for whatever reason never actually used it. I don't remember now if it was because I could not get it to work with my xmpp client or what; I must have created it some time back and my memory is not that good.

@maple @methuselah @joelanman
I'm not sure what guides you read, but it seems the problem with them is that they're too open and offer options that make things more complicated.

A guide could be as easy as: [...]