@mattj Back then when I used XMPP there was no good solution for mobile usage, because OTR is tricky if one participant is offline.

Did that change?

@Nico Yes it did! Modern XMPP clients all support OMEMO encryption, which is based on the Signal protocol actually. It works when the recipient is offline, and also (unlike OTR) works with multiple devices on both sides. omemo.top/ shows status of all known clients. For a few client recommendations see this post I made earlier: mastodon.technology/@mattj/105

@mattj That‘s great news! I havn‘t followed the XMPP progress for a long time, but it looks like it‘s worth another try \o/

@Nico
If you want an easy start, I'm working on @snikket_im which is a preconfigured XMPP server (currently using docker, love it or hate it) and ready-made clients. Well, an Android client right now. The iOS one is currently in beta and should be out soon 🙂 (Siskin is a good choice until then).

@Nico @mattj yes pretty good with @dino and #Conversations

for the sake of simplicity many can use #Quicksy with phone number registration

@Nico
Most #xmpp-clients have left OTR behind. Have a look at OMEMO Multi-End Message and Object Encryption – conversations.im/omemo/

@mattj

@mattj
Yes. Then only smaller parts of the world is unable to communicate and not everyone! 😃

Even if that's funny and I mostly agree, to be honest we don't have a good recovery mechanism yet if our main server is down (we still can have SRV fallbacks or several accounts on different servers, but it's not ideal).

There is room for XEP improvement here.

@Goffi Now, if only MUC/MIX would be truly decentralized as in Matrix. It’s nice that 1:1 is decentralized, but no reason to stop there. A single chat room is still very much centralized :(

@js actually, there are XEPs for replication (xmpp.org/extensions/xep-0282.h and xmpp.org/extensions/xep-0289.h) but I'm not aware of any implementation.

Also MIX is built with this in mind (see requirement 11 at xmpp.org/extensions/xep-0369.h) so it's doable.

But true, that's a desirable feature and it would probably come sooner or later (just that we XMPP dev often lack resource and have to concentrate on other priorities, like UX, e2ee, etc.).

@Goffi Ah, I was not aware - nice! :) Glad to see XMPP is making progress again!

@mattj my home instance is working fine. It's called Prosody ;)

@mattj yes, it's right.
But if such amount of users would join xmpp community servers, it would be down

@techit @mattj
Agreed for the need for decentralization, but there currently isn't anything near the level of Signal's polish that we can point non-technical people too. Matrix may be getting close, but it's not yet "plug and chug", as it were

@montdor
#Conversations available on FDroid is pretty great, smart interface, easy to use, works on all android systems, works over Tor and I2P, etc.
@techit @mattj

@montdor @techit @mattj
We almost forgot the important part about Conversations, it does #endToEndEncryption without needing your phoneNumber!

Just get #OpenKeychain app, which is also available on #FDroid.

(And Conversations can be built from sourceCode without any proprietary blobs.)

For it to operate over #I2P just get the I2P app and make a tunnel in I2P that points to the #hiddenService.

If you have questions, ask and we may receive :)

#e2ee #PGP #privacy #Tor

@dsfgs @montdor @mattj
why not to use omemo for encryption?
how does i2p works? what I need for it to work?

@techit
We can't vouch for #OMEMO but it sounds good too.

#I2P is very similar to #Tor. It bounces your traffic around. It works slightly differently to Tor.

Tor is designed mostly for accessing the #legacyInternet anonymously. They also discourage high traffic use such as traffic from videosharing etc and that is what many do on socialMedia. So I2P is better suited for socialMedia.

The #I2PRouter software is required. A good starting for learning is:
geti2p.net

@montdor @mattj

@mattj

shade was thrown when Slack was down recently, first by someone with a big "wooo FOSS is better!" take, then shade reacting to that take rightly pointing out that FOSS or no, anything can have outages. So, true enough.

But, decentralization can limit the scale & impact of an outage. So, yeah!

@mattj any good descentralice app for mobile and desktop?

@mattj there were individuals who grumbled that Signals' centralization is an exploitable weak point, and after seeing what happened to Parler, this was inevitable.

I just use it for the good looks. I have no Signal contacts.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!