-
Océane
> Océane: agreed with the above, even if some magic and inaccessible crypto was making Signal better in some way, the fact that it's centralized throws away any privacy guarantee in exchange for "goodwill trust us" I've been thinking about this, but the issue with XMPP is about the same as with OpenPGP: it doesn't scale. Whereas increasing the number of people in an encrypted email thread increases the likeness of a vulnerable OpenPGP implementation and of a compromised server, increasing the number of people in e.g. a group chat increases the likeness of a misconfigured server, harming the XMPP's reputation – but more broadly that of encrypted, decentralized communications – to an entire group of people. The only solution here would be for me in the context of an organization with the means to manage their own server, and to host every member's account on it. ↺
-
Océane
There's a contingent risk of the Signal server shutting down, and basically Signal disappearing, in the long term, because someone else taking on the responsibility of funding and managing such a large infrastructure, with IMO an absolute lack of gratitude from free software activists, is rather unlikely. And there's the short-term probability that someone's server won't handle group chat properly.
-
MattJ
> The only solution here would be for me in the context of an organization with the means to manage their own server, and to host every member's account on it. Even if this is true, I consider this better than a walled garden, because you still *can* federate
-
MSavoritias (fae,ve)
also you can configure what you accept as a server. so its not like its trivial to have another server do bad things and for you to accept this stuff
-
Océane
Otherwise, believe me, everybody would be using the XMPP – nobody would've developed BigBlueButton if this protocol was reliable for group chat. It's well designed, the problem doesn't lie in code but in culture and organizations – there are still well referenced outdated guides making it to the first page, and honestly many self-hosted free software NPOs are whimsical, relying on a ton of unpaid labor; there's a general problem with many indie free software hosting organizations.
-
MSavoritias (fae,ve)
if you want to focus on security that is
-
Océane
No I'm just focusing on having reliable federated video calls
-
MSavoritias (fae,ve)
ah
-
MSavoritias (fae,ve)
ok never mind
-
Océane
I'm a Linux user, I know how to debug things, I'm not asking people to work for me
-
Océane
I'm just saying that the last time I've mentioned the XMPP to my partner, they told me I'd disgusted them from free software
-
Océane
(* he told me, he changed his pronouns)
-
Océane
I'm all with the XMPP, the tech is excellent, there are many use cases, I'm all behind it
-
MattJ
Yeah, just don't recommend "XMPP" to people (unless they are developers working on communication software)
-
Océane
But the Signal model just works, while the XMPP one just doesn't, because the tech and our organizations intersect in not handling federation well
-
MSavoritias (fae,ve)
also using free software/open source requires a "talk" before
-
MSavoritias (fae,ve)
to set expectations at the very least
-
MSavoritias (fae,ve)
and of course it may not work for them at all to begin with
-
Océane
Yeah but it _could_ just work, again, if contacts used the same, reliable server
-
Océane
Indeed
-
MSavoritias (fae,ve)
sounds like snikket then ;) for friends who are not techy
-
MSavoritias (fae,ve)
have them all in the same server
-
Océane
Isn't Snikket the phone number server?
-
MSavoritias (fae,ve)
it doesnt cost much anyway
-
Océane
Yeah or I could use a reliable org's server or manage mine by myself, even with YUNOHOST
-
MattJ
Océane, no, you're thinking of Quicksy probably? or Cheogram? https://snikket.org/about/goals/
-
MSavoritias (fae,ve)
> Isn't Snikket the phone number server? snikket is just an easily installable xmpp server preconfigured for small use cases
-
Océane
I'm not trying to make a point against the XMPP, but rather to bring a counterpoint on federation
-
Océane
Oh wow, cool!
-
Océane
And they're raising 30₤/week, which is fairly decent
-
Océane
(Org-mode is raising 140€/week, at least on LiberaPay)
-
MattJ
I work full-time on Snikket, between various sponsors, donations and income (e.g. https://snikket.org/hosting/ )
-
Océane
Sorry I got glopped by the internet
-
Océane
It's amazing to know that you've got the funding to work full-time on Snikket; I'm considering making a donation when I get the funding
-
Océane
I mean – when my credit card is unblocked, then maybe I'll have spare money to top up my LiberaPay account
-
Océane
Not talking about a big sponsorship