JesMeApr 12, 2017
inmysocks Of Doom, Naked KSC

Another friendly reminder:

Mastodon is awesome, but mastodon isn't an appropriate tool if you want private communications. DMs aren't actually private, they can be seen by instance admins and maybe by other people, it isn't at all secure.

Mastodon and GNU social aren't made for private conversations, if you want to have a private conversation there are many tools that are appropriate for that.

I suggest Tox, but Cryptocat and XMPP with OTR are also good. There are others but I have used those

Apr 12, 2017 at 1:13pmWeb
Show threadJérémie Zimmermann🎶💗🧀🫖5946Apr 12, 2017

@inmysocks

XMPP with OMEMO is the future! OTR should be thrown away and we shall all go OMEMO! It now has plugins in most OSes/clients...

<3 OMEMO (= the same type of crytographic ratchet used in Signal)

Show threadinmysocks Of Doom, Naked KSCApr 12, 2017
@jz I have not used that, I switched to Tox which has been awesome so far. I will try to look into it.
Show threadRysiekúr (old account)Apr 12, 2017
@inmysocks so how is Tox? Stopped following the development some time ago even though we tried introducing it in our org. It was not quite ready yet, and while I love the idea, we had to drop it.
Show threadCody Casterline 🏳️‍🌈Apr 12, 2017
@inmysocks An easy and very secure option: Wire (wire.com) Works on multiple devices, end-to-end encryption everywhere. And unlike Signal, you can use it without a cell phone #.
Show threadMenura™️Apr 12, 2017

@inmysocks I learn so much stuff from you. Please keep throwing info at me.

And coffee...

Show threadinmysocks Of Doom, Naked KSCApr 12, 2017
@Menura74 I don't know where you are, unless you are very close I don't think I could throw coffee that far.
Show threadMenura™️Apr 12, 2017

@inmysocks My timezone is: CET+2 (daylight savings), so I hope can throw well.

And no you are not shouting in the void. I hear every thing you say.

Show threadinmysocks Of Doom, Naked KSCApr 12, 2017
@Menura74 Also thanks! It is nice to know that I am not just shouting into the void.
Show threadGregoire (Ancien Compte)Apr 12, 2017
@inmysocks @jz is it really in the decentralisation concept DNA anyway?
Show threadinmysocks Of Doom, Naked KSCApr 12, 2017
@gregoiremarty @jz you can have privacy and security in a decentralised system, and in a federated one. It is just that the social aspect of mastodon and gnu social was created without much thought for the privacy aspects.
Show threadGregoire (Ancien Compte)Apr 12, 2017
@inmysocks @jz what I meant is that, in terms of ideas, is including DMs really thinking forward the decentralization concept (to its top scale)?
I see decentralization more like something that challenge us to disconnect from the one-app-only standard to a multi-apps/platforms use.
Show threadMOVEDApr 12, 2017
@inmysocks (and, before someone jerks at the knee: twitter has the same issue, it's just harder to tell who has access exactly)
Show threadsolidarityApr 12, 2017
@inmysocks
I suggest XMPP + OMEMO as the stare of the art encryption technology (wich is also used by cryptocat).
OMEMO doesn't require to be online and if multiple clients are online, messages are send to all, and all messages are still end to end encrypted.
Tox is cool for it's p2p approach, but on the other hand, you're required to be online, when another one sends you a message.
Show threadinmysocks Of Doom, Naked KSCApr 12, 2017

@allilengyi when I am wearing my tin foil hat than I have to say that the trade off is using a server to store the messages for XMPP, which can lead to problems with traffic analysis.

But that is only when I am being a tinfoil hat wearing paranoid person.

Show thread⊏︎ʜʀɪs⊤︎ɪ∧︎︎ɴApr 12, 2017

@inmysocks

Telegram (the app, not the 19th century version of SMS), is also quite good for easy, encrypted chats.

Show threadMenura™️Apr 12, 2017
@ChristianD @inmysocks Wire and Signal are my preferred apps.
Show threadinmysocks Of Doom, Naked KSCApr 12, 2017
@ChristianD telegram is supposed to be mostly good, the only complaint I have is that it uses a server you don't control, unlike Tox. But that is the only downside to it and that doesn't matter in most cases so I am just being unreasonably picky.
Show thread⊏︎ʜʀɪs⊤︎ɪ∧︎︎ɴApr 12, 2017
@inmysocks
I actually really like that they use server so that you can sync between all your devices. It does cause some privacy/security terms, though :/
Show threadDerek I. Batting 💬🍵Apr 12, 2017
@inmysocks How about Keybase.io and saltpack messages?
Show threadinmysocks Of Doom, Naked KSCApr 12, 2017

@wishx they aren't bad services, they are good for ensuring identity and preventing eavesdropping, I am not sure how they are about metadata, I haven't looked at it much.

I dislike having to use someone elses server so I have been avoiding keybase.io

Show threadStar HazeApr 12, 2017
@inmysocks use Signal if you trust the other person with your phone number
Show threadJamesApr 12, 2017

@inmysocks I'd also throw in Signal (if you're on mobile) and keybase.io (if you want mobile and some other handy features).

I haven't looked at Tox in quite some time. Is it still progressing?