Wow! I wish my family and friends were so compliant. If I tried this I’d probably need surgery to remove the phone from wherever they’d thrust it. I probably wouldn’t be able to sit down for some time either 
1 Like
@Vaughan it’s not compliance… 
you say ‘i’m not on whatsapp, find me on x’ and if they want to talk to you they find you on whatever you say to.
1 Like
Rik clearly said “I’m just gonna install it for them”.
1 Like
haha true i tried @donut3 's method also, but came back from that 
whatsapp is too ubiquitous at the moment. But we will change that!
1 Like
You bet, we will change it!
1 Like
hello all, i’d appreciate it if you could help with answering the question here, that asks if XMPP and Matrix are the 2 most-used open-source, federated messaging protocols currently, or if there are other big ones in existence
whatsapp spying on my text message?
I sent a family a member a link to install element messenger (former known as riot) and whatsapp popped up a notifcation trying to reassure me whatsapp is secure end to end encryption no one can listen to calls not even whatapp employees, tho amusingly did not mention assurances for texting. was it a coincidence? or was it monitoring, seems odd it popped up at that specific time. I have seen that popup notifcation before in past tho rarely shows up.
2 Likes
I didn’t know Quicksy, but having to link my phone number to XMPP loses a bit the sense to me.
1 Like
I have some friends using and made my core family use it as the main channel to chat with them (we don’t live in the same city).
Group video calls works smooth and phone calls as well.
Quite happy so far
Being more precise about your question “I don’t know anyone there” you can start by being the first one there.
I took a personal decision on just providing 3 communication channels.
- One popular phone number linked app: Telegram, which is FLOSS friendly and if configured correctly can be privacy friendly.
- One ultra private technology: my choice Element/Matrix.org
The less communication channels you are active one the less you focus on attracting users.
People will find a way to chat with you, if they want, of course, which I assume they do.
3 Likes
the sense is that it is easy for laypersons to start using XMPP, just by downloading an app and starting to message, just like with whatsapp, signal, telegram, etc
2 Likes
With family, after talking to them about it I have installed it for them. That’s the major friction point I guess, it’s one less thing for them to do. I also have as my Status on whatsapp to find me on Signal / Session
1 Like
Bridges only solve a small portion of the problem: you don’t have to install multiple messengers anymore.
At least for me however the main problem isn’t really the amount of apps/messengers. That is only a problem if you want to connect with multiple people at once and they all have different messengers.
And in that case a bridge won’t help you either (or at least I haven’t heard of such a service which connects groups over multiple messengers, please correct me if that actually works).
Instead, the main problem is privacy and trust in the provider.
If your messenger concept is fundamentally broken like it is the case with Telegram what good does the bridge do?
I don’t really see an advantage there.
The other thing is trust. Whatsapp these days might be properly encrypted, but it’s still Facebook and I don’t want to be connected with Facebook.
Matrix doesn’t really help you there either.
So … the idea is nice, but at least in my opinion it solves a small issue, while the big problem is still very much present.
Personally, I stopped using Telegram and I’m only using Signal and Threema nowadays.
Both have flaws. Signal does require a phone number (even though they are working on an alternative solution afaik) and requires access to your phone book.
Threema solves these problems, but it’s not open source.
Still, I think right now they are the best compromise between usefulness (since quite a few people actually use them) and awareness (meaning that they are at least properly encrypted and seem to take that seriously).
And regarding Threema, there is now hope that it might be open sourced within a reasonable amount of time:
https://www.zdnet.com/article/threema-e2ee-chat-app-to-go-fully-open-source-within-months/
Although you have to add, that since that article 3 months have passed and so far it didn’t surface.
But at least there is hope. Once Threema is open source (and has been checked again by experts), it might be the best recommendation to just about anyone.
2 Likes
and noone use element (riot.im)
That is a nice move indeed. Even if they make the app open source please keep in mind that the infrastructure is critical as well. After all it is a centralized service. They also have the metadata about users (and the phone number?). That’s why I keep recommending Delta Chat (where the email provider have the metadata, albeit decentralized).
yeah i agree, this is why open-source is so important: if trust is lost in 1 party, a different one can start a fork using the code
1 Like
I do! with a bridge to WhatsApp.
Synapse, Element and Jitsi all running on my home server.
Off course, there are difficulties but I’m satisfied so far.
Transferring your address book is optional with Threema (can’t remember if it’s opt-in or opt-out though).
You can also use it without any phone number at all, just by creating a Threema ID.
That’s the one advantage it has over Signal currently.
If you give permission to access your address book, it’ll not send the phone numbers directly but instead SHA256 hashes of them. See e.g. in the Wikipedia article:
As they write there, this is not really a secure method, since brute-force can reveal the numbers resulting in each hash.
However, it still should serve its purpose of protecting the users data to some degree since at least for Threema itself it would not be reasonable to do this for each data set. Especially since the data is stored on volatile memory.
Thus the use of the metadata they acquire this way is a bit more limited than it is e.g. for Whatsapp.
It’s obviously not bullet-proof. It’s a rather pragmatic approach.
And for all of this we only have their word of course, until it is finally open sourced.
1 Like
After long years of development Tox is getting better and better. There are clients for every plattform too. Somehow Tox is often overlooked.
1 Like
Here is an overview of IM apps from Rob Braxman: Best Secure Instant Messaging Apps for 2021 , with recommendations which one fits which user case.
1 Like
So they did indeed publish it. Here you can find information about the Threema/Open Source topic:
https://threema.ch/de/open-source
And here specifically is the source code for Threema Android:
Licence is AGPL 3.0. However signing a CLA is required if you want to contribute, which personally I find discouraging, but it’s a relatively common procedure.
You still have to pay to use it, since the self-compiled one cannot be used to generate Threema IDs, which is a bit of a let-down. Personally I don’t have a problem with paying for it, but it will still limit distribution, since there are many people who will not get it if they have to pay for it.
Anyway, the closed source argument against Threema does not seem valid anymore. The only real argument against is the price, I guess.