Modern XMPP project discussion - 2024-03-25

  1. Océane

    > Océane: agreed with the above, even if some magic and inaccessible crypto was making Signal better in some way, the fact that it's centralized throws away any privacy guarantee in exchange for "goodwill trust us" I've been thinking about this, but the issue with XMPP is about the same as with OpenPGP: it doesn't scale. Whereas increasing the number of people in an encrypted email thread increases the likeness of a vulnerable OpenPGP implementation and of a compromised server, increasing the number of people in e.g. a group chat increases the likeness of a misconfigured server, harming the XMPP's reputation – but more broadly that of encrypted, decentralized communications – to an entire group of people. The only solution here would be for me in the context of an organization with the means to manage their own server, and to host every member's account on it.

  2. Océane

    There's a contingent risk of the Signal server shutting down, and basically Signal disappearing, in the long term, because someone else taking on the responsibility of funding and managing such a large infrastructure, with IMO an absolute lack of gratitude from free software activists, is rather unlikely. And there's the short-term probability that someone's server won't handle group chat properly.

  3. MattJ

    > The only solution here would be for me in the context of an organization with the means to manage their own server, and to host every member's account on it. Even if this is true, I consider this better than a walled garden, because you still *can* federate

  4. MSavoritias (fae,ve)

    also you can configure what you accept as a server. so its not like its trivial to have another server do bad things and for you to accept this stuff

  5. Océane

    Otherwise, believe me, everybody would be using the XMPP – nobody would've developed BigBlueButton if this protocol was reliable for group chat. It's well designed, the problem doesn't lie in code but in culture and organizations – there are still well referenced outdated guides making it to the first page, and honestly many self-hosted free software NPOs are whimsical, relying on a ton of unpaid labor; there's a general problem with many indie free software hosting organizations.

  6. MSavoritias (fae,ve)

    if you want to focus on security that is

  7. Océane

    No I'm just focusing on having reliable federated video calls

  8. MSavoritias (fae,ve)

    ah

  9. MSavoritias (fae,ve)

    ok never mind

  10. Océane

    I'm a Linux user, I know how to debug things, I'm not asking people to work for me

  11. Océane

    I'm just saying that the last time I've mentioned the XMPP to my partner, they told me I'd disgusted them from free software

  12. Océane

    (* he told me, he changed his pronouns)

  13. Océane

    I'm all with the XMPP, the tech is excellent, there are many use cases, I'm all behind it

  14. MattJ

    Yeah, just don't recommend "XMPP" to people (unless they are developers working on communication software)

  15. Océane

    But the Signal model just works, while the XMPP one just doesn't, because the tech and our organizations intersect in not handling federation well

  16. MSavoritias (fae,ve)

    also using free software/open source requires a "talk" before

  17. MSavoritias (fae,ve)

    to set expectations at the very least

  18. MSavoritias (fae,ve)

    and of course it may not work for them at all to begin with

  19. Océane

    Yeah but it _could_ just work, again, if contacts used the same, reliable server

  20. Océane

    Indeed

  21. MSavoritias (fae,ve)

    sounds like snikket then ;) for friends who are not techy

  22. MSavoritias (fae,ve)

    have them all in the same server

  23. Océane

    Isn't Snikket the phone number server?

  24. MSavoritias (fae,ve)

    it doesnt cost much anyway

  25. Océane

    Yeah or I could use a reliable org's server or manage mine by myself, even with YUNOHOST

  26. MattJ

    Océane, no, you're thinking of Quicksy probably? or Cheogram? https://snikket.org/about/goals/

  27. MSavoritias (fae,ve)

    > Isn't Snikket the phone number server? snikket is just an easily installable xmpp server preconfigured for small use cases

  28. Océane

    I'm not trying to make a point against the XMPP, but rather to bring a counterpoint on federation

  29. Océane

    Oh wow, cool!

  30. Océane

    And they're raising 30₤/week, which is fairly decent

  31. Océane

    (Org-mode is raising 140€/week, at least on LiberaPay)

  32. MattJ

    I work full-time on Snikket, between various sponsors, donations and income (e.g. https://snikket.org/hosting/ )

  33. Océane

    Sorry I got glopped by the internet

  34. Océane

    It's amazing to know that you've got the funding to work full-time on Snikket; I'm considering making a donation when I get the funding

  35. Océane

    I mean – when my credit card is unblocked, then maybe I'll have spare money to top up my LiberaPay account

  36. Océane

    Not talking about a big sponsorship