u_tamtam @ u_tamtam @programming.dev

Posts

6

Comments

454

Joined

2 yr. ago

3. Signal just isn't as private as its marketing wants you to think it is

A tip (but you do you, of course), use something federated (XMPP!): the time for trusting a central organization to do no harm is over if you have kept tabs of anything internet over the last 40 years or so..

So on the privacy front nothing has either. Good to know.

I realized that my previous post didn't embed the rebuttal link I was meaning to send, so please give it a look, sorry for that.

But decentralization also means it takes a long time, sometimes a very long time, for the that particular product’s benefits to become known and widespread.

This is true: one can't possibly come up with a new chat product within few months would they want it to be an internet standard (which XMPP is) and having diverse parties implementing its components (which XMPP has). My question to that is, do we really need new chat products every other month? I personally consider that instant messaging was a solved problem 25 years ago when AIM/MSN & al. were ubiquitous and used by everyone and their aunt. Arguably, current generation's messengers pack less features, not more, than those they precede, and that's a trend we also observe within XMPP: old specs defining how to game together, share tunes, share whiteboards, … are slowly fading into obsolescence.

Nowadays XMPP has all the relevant features one would expect, in spec and implementation. There was a time when XMPP had problems with mobile use, not because it wasn't adequate (it was successfully used over extremely low bandwidth before), but because Google and Apple had decided that they would silently kill clients and a new protocol had to be figured-out for that event. That's perhaps a "once in a decade" evolution, which happened at a time the XMPP ecosystem wasn't as vibrant as it is today.

I believe that’s what happened to XMPP, IRC and so on.

IMO what happened has nothing to do with "features" nor "moving with the times", what happened was a lot of venture capital money to answer every tech giant building their own walled-garden messaging platform. Again, all current "modern" messengers can do pretty much the same thing, look the same, and came-up roughly at the same time (and yes, this applies to Telegram, too).

This is a danger that applies to Mastodon and Lemmy/Kbin too […] become obscure

This is not a danger, this is inevitable. Don't expect Lemmy/Mastodon (and the Fediverse in general) to become mainstream this generation: the internet doesn't work on merit, people don't spontaneously lean towards what's "best", even for themselves. Only tech enthusiasts do, and as it happens, they have a negligible political and societal impact compared to the (tech) majors. IMO no amount of persuasion by the geeks will change that. What I believe matters is, on one side, to define and standardize future-proof protocols and have them audited for security (XMPP is uniquely positioned here), and on the other, to lobby politicians so they make use of the existing legal framework (forbidding anti-competitive practices and monopolies, mainly) to level the playing field and compel the majors to become interoperable using said protocols. Mozilla may play a role in that, but what's going on with the EU and the Digital Markets Act is worthy to keep a close eye on.

Edit: typos and rephrasing

For cross-protocols messaging? Sure! But it has its flaws (for instance, only message bodies are encrypted, which makes XMPP's OMEMO a superior solution in 1:1 and small groupchats). Also, it tackles only a small part of the problem, the larger picture (and problem) is about how the different protocols should inter-operate (exchange handshakes, keys, …), and this is nowhere near ready yet: https://datatracker.ietf.org/wg/mimi/about/

Is your source for "what privacy experts say" a sad jpeg meme, really?
Also, no matter what some distracted expert might say, the only fact that matters is that none of Signal's marketing claims are verifiable: the feature you are referring to happens server-side. Nobody but Signal knows what runs server-side. The guarantee of "not knowing who's talking to whom" isn't built into the protocol itself. This is where trust enters the picture.

The dominant paradigm in cybersecurity is that trust is not proof of anything. Math is. And "sealed senders" isn't that.

Moxie is the megalomaniac behind Signal, of course you would expect him to back it up, but cherry picking facts doesn't make a good nor convincing argument. Here's a rebuttal by an XMPP developer. The current state of XMPP practically proves Moxies' post to be FUD: XMPP has multiple compatible, secure and maintained clients and server implementations, and by its decentralized nature, is more preserving of its users' metadata, and more resilient than today's Signal.

WhatsApp is based on XMPP, hence why it works so well, but with the difference that nobody "owns" XMPP (it's a network of account providers, just like email where you can be a @outlook.com and exchange messages with @yahoo.com).

You can start there and see how well it works for you and whether you want to embark your contacts with you. For me the main motivator is that XMPP, as a decentralized and extensible protocol, will still be there long after I'm dead. I'm done telling people around me to install this or that App, all I want is the confidence that whatever I'm using is the last messaging system I will ever need (won't go bankrupt, won't turn against me, will remain secure, will have all the desired features ...), and that's the only one that qualifies.

And as it was one of the few messaging platforms to be (in the future) paid at all, I cannot understand why it ever got popular...

Because that way people thought they were directly paying for the service they were using, instead of being the product of said platform, having their personal data harvested and sold to the highest bidder?

Well, sure, Meta cancelled the subscription plans later but to me it sounded a red flag in the first place.

The red flag is to look at a free meal and not wonder what the catch might be. Especially to this day, with all we learned about what the tech majors do with all the data.

Don't buy into this, this is just marketing. I'm not saying that Signal is acting in bad faith, only that they chose to design a communication silo with themselves at the helm instead of a federation of servers/providers united by the same protocol. Because of that, they own all accounts, and have the monopoly of messages being routing on the network. Of course there is no difficulty for them knowing who's addressing whom, how often, with what kind of payload, by topology. "Sealed senders" and "secure enclave contacts discovery" is just techno babble meaning "trust us, bro. Especially because you have no choice, anyway".

There's no reason to trust Signal more than WhatsApp long term: the flaw isn't whether it's opensource or not, or whether it operates as a nonprofit today or not. The core issue is centralization: as soon as you accept that a single organization owns the whole network, you lose all leverage and freedom, and you should only expect that it will eventually turn against your interests with no recourse. Favour federated protocols (e.g. XMPP) which are by design largely immune to this, if you search for a stable and safe place for the long run.

I want to add "federated" to your list, as the only thing that actually matters long term. Signal checks your requirements but has already started to turn user-hostile (e.g. it mandates its own client so you get to have crypto payments whether you like it or not), and, as the single point of control, is an easy target and a single major liability.

Remember the days when WhatsApp was nice to its users? There is no technical guarantee that other centralized systems won't go the same path, which is largely mitigated when the network is made of smaller interoperable actors (i.e. a federation).

I would love to see XMPP be rediscovered and massively adopted as that next gen messenger. I don't trust Matrix to ever be reliable or get past their neverending funding troubles.

Because the "car software" that comes to people's mind is most likely to be the infotainment system, which generally sucks, while the hard/safety critical stuff is invisible to them (and admittedly done by 3rd parties like Bosch)

I'd be curious to read more about the context of this. It looks like there are soo many low hanging fruits for anyone with mid-level technical seniority to step in and improve the situation measurably. Scala isn't bad but sbt definitely has plenty of (avoidable in hindsight) footguns. The tooling ecosystem of Scala has also improved leaps and bounds in the last couple years. Of course that doesn't do anything to the seemingly disfunctional organization but like the engineering post it was, it didn't concern itself with it much.

I do hope that the new torrent protocol will help with that, especially for "compilations of stuff" (e.g series, episodes, starring XYZ, ...): as I understand it, seeding will become a global file-level thing that can cross torrent boundaries. The new trend of seeding and referencing over I2P might help with keeping the old stuff afloat too.

To all the prav folks responding here, sorry if my message came up rubbing the wrong way, I didn't mean to be diminutive or dismissive in any way. I am glad to see my questions answered, and I guess prav makes sense in the specific context that was mentioned. I only wish it was a little bit more explicit about what it is, what it is not, and whom it targets. I wish you good luck with your project :)

But then you end up with the downsides of having both and none of the upsides? Wouldn't that incur an enormous effort on the software side to make it all possible, so you could run a less efficient chip in the end (practically two instead of one)

Intel planning to abuse its quasi-monopoly to stifle competition and innovation? They wouldn't dare, would they? /s

Good question! Your perspective on that might differ a lot depending on how long you've been on the internet.
In recent years, every major messenger (WhatsApp, Telegram, Signal, ...) has been doing it this way, linking your phone number to your identity, so your contacts are automatically discovered from your address book (and reciprocally, people who have your phone number already will find you easily and as soon as they install the app you recommended to them). If that's all you've ever known, not only is that not a bug (or rather, a major privacy and identity linkage breach), that's a convenient feature, and you kind of expect things to work that way. I personally don't like that (and I'm aware of being a dying species).

Now, regarding Prav, please don't use it (for the time being, at least). As far as I can tell, this is a fork of the Conversations/quicksy.im XMPP clients (Conversations being the original work, and Quicksy being a derivative by the same author using the phone number discovery / easy onboarding approach discussed here). Unlike the original which is very safe and reputable, whose author is known and very active within the XMPP/security communities, and whose hosted service has years and years of excellent service and uptime under its belt, this one comes out of nowhere, from an unknown contributor (afaict), has no funding model to suggest it being sustainable, and worse, no rationale as to why it exists in the first place (why would it be chosen over the original). So, my recommendation is to stick to those.

Back to the original question, thanks to Quicksy.im having been around for several long years already, the debate of having phone numbers being used for identification on XMPP is not really something new. Having been there for a very long time and seen the before/after, indeed this has enabled some of my current contacts (who were already users of other services like WhatsApp and certainly didn't mind) to get on board a bit more easily. They are not the majority, so, and in all, I'm glad that the option exists, it's not as big a deal as it might seem for XMPP in general.

The whole thing is beta anyway ¯(ツ)/¯

Matrix misrepresenting its users base... By counting users that ever connected once, test accounts, spam accounts, bot accounts, bridged accounts, single ever used nicks... as a marketing strategy to give an illusion of relevance... that would be a first! /s