This is an article written by telegram’s founder and CEO Pavel Durov in 2019 on “Why whatsapp will never be secure”. Your thoughts?

  • @[email protected]
    link
    fedilink
    1011 months ago

    Signal is not the best choice, it’s just a somewhat aceptable middle ground. I prefer something that doesn’t require a phone number and something you can self-host, like XMPP.

    • @Dehydrated
      link
      711 months ago

      Good luck convincing normies to use some obscure messaging protocol. It’s difficult with Signal, even harder with Matrix, basically impossible with XMPP. 99.99999% have never in their life heard about XMPP. Also most mobile clients absolutely suck. You also can’t get proper push notifications without completely ruining your battery life. What a great choice!

      • @[email protected]
        link
        fedilink
        511 months ago

        I don’t see a big difference, the hardest thing by itself is convincing someone to install one more program or app. Also Conversations does not suck.

        • @Dehydrated
          link
          211 months ago

          Conversations is only available on Android. And that’s the problem. You need different clients on different plattforms, etc. It’s just a mess. Some clients don’t support encryption and everything is just unnecessarily complicated, especially for new users. You can’t just tell someone “let’s chat on XMPP”. You need to explain to them what XMPP is, what app to download depending on what OS they use, tell them how to set everything up, etc, etc…

          Signal is definitely not perfect, but it’s the best known private messenger and doesn’t compromise on privacy and security. It’s very simple to use, the setup process is basically the exact same as on WhatsApp or Telegram, it has good clients for every platform and they have operated safely with a great record for over 10 years.

          I understand that other solutions might be better in theory, but if we keep suggesting a new obscure and hard to use messenger to noobs, they will never make the switch. In order to get more privacy for ourselves and the (potentially less technical) people we need to communicate with, let’s just get them to use something simple and private like Signal.

          • @CaptainSpaceman
            link
            311 months ago

            Yea, ive gotten pretty wide adoption from friends and family on Signal, but id love to have a comparable product with even more features/security/privacy

            Matrix may get there eventually, but for now its Signal.

          • @[email protected]
            link
            fedilink
            1
            edit-2
            11 months ago

            When it comes to clients being not fully compatible - I understand where there might be a problem, but I personally never encountered it. Conversations covers Android, and Gajim is on both Windows and Linux. In my experience, they work just fine with each other, and Android+Windows+Linux covers the majority.

            I do use Signal with a few people who refused to use XMPP, but I’d disagree they have good clients for every platform. Because the desktop one essentially doesn’t work without a smartphone. Registering in something like Waydroid doesn’t allow binding a desktop client because it wants to scan a QR code, and Signal-Cli just didn’t work with binding a regular client. So I am stuck using the inconvenient Signal-cli, because the only alternative I saw so far would be using it on Waydroid, which is even less convenient. Not to mention that the client itself is on Electron.

    • @[email protected]
      link
      fedilink
      111 months ago

      You mean that XMPP protocol which is not encrypted by default? Oh yes you mean that.

      XMPP would need to be redesigned from ground up as a secure and private messaging protocol to be a valid choice.

      XMPP has it advantages but to many cry out that it is the savior when it is not. We need something better.

      • @[email protected]
        link
        fedilink
        111 months ago

        The major clients now do have OMEMO. Yea, I agree it’s flawed but that’s so far it’s the one I settled on. Do you know other, more refined selfhostable solutions? I am now looking for development there but doubt I’d get few people that I already got there to switch again.

        • @[email protected]
          link
          fedilink
          111 months ago

          Not aware that there is a modern decentralized secure and private chat protocol. Sadly. I also am not aware of any developmenta of something like that, so XMPP is the best we got (for decentralized open widly supported protocols)

          I know that a lot of clients do encryption of the message body by default, but it still leaves a lot of stuff in plain text (afaik).