@jerry @Aaron what we really need is a way to securely send e-mail.

People will continue to send e-mail. There is no way this goes away antime soon. People will send sensitive stuff via e-mail.

We can spend time discussing just how exactly people should not use e-mail, or we can build a system that works.

I like the ideas behind PEP and AutoCrypt. I'd like to see them implemented in more clients.

@rysiek @Aaron I’m all for something that works and is usable. I can’t help but think that we need to take a step back and put some focus on designing the successor to smtp mail, rather than continuing to try to keep adding parts to Frankenstein.

@jerry @rysiek @Aaron
I have a feeling that right now, SMTP has the biggest adoption of all federated messagning protocols, and the second place is far far behind. Of all the new communication protocols I've seen recently, they're either popular, or federated, not both. And trying to get your new protocol adopted not just by people for their private communications, but also by companies, govts, and orgs for their internal and external communication is going to be extremely hard.

@Wolf480pl @jerry @Aaron there is some hope in the p2p world.

BitTorrent is not exactly a "messaging" protocol, but got immensely popular.

FireChat, a p2p messaging app, got very popular during protests in Romania. Sadly it's proprietary, so I'd stay far away from it.

Briar doesn't need any introduction in this group, methinks, but is not popular at all... yet.

But, messaging and e-mail are two different things. It's not just about sending the message. It's about the infra around it.

@rysiek @Wolf480pl @jerry @Aaron@boringpeople.org I'd like to add Tox to this list.

It's freesoftware with multiple GUIs, and is quite similar to Briar. Except they do allow adding remote contacts (though sharing the pubkeyhashes to do so may not be practical for most), and they've made superficially different protocol decisions.

@alcinnz @Wolf480pl @jerry @Aaron I agree Tox is interesting. PLayed wth it ~3 years ago, even used it quite extensively.

But usability was a problem. And battery drain on mobile. Plus there were some security issues I'm sure they fixed since.

Has Tox undergone an audit?

@rysiek @Wolf480pl @jerry @Aaron@boringpeople.org I don't know about these security issues, and I haven't heard of any auditing (though I am interested in any).

And I mostly just use my laptop, so I didn't notice those battery issues.

Wish I could be more informative.

@rysiek @Wolf480pl @jerry @Aaron@boringpeople.org Wow I'm finding it difficult to quite comprehand the conversation there, but I'll be more cautious about recommending it.

At the same time I don't know what I'd recommend instead. I like the freesoftware p2p, but Briar doesn't appear to fit my usecase (besides I'd prefer a smaller codebase to audit, it looks quite bloated).

Maybe I'll lean more on Matrix or XMPP? But then a loose the metadata encryption I'd love to play with.

@alcinnz @Wolf480pl @jerry @Aaron I think you could go Matrix. Heard good things about it.

Also RetroShare seems interesting, but also bloated.

I am not concerned about Briar's codebase. People working on it are as solid as they come, and Briar went through an audit already. More problematic is the model of establishing contact, which requires physical presence or a common friend. I like how secure it is, but I understand how annoying it might be at times.

For me personally Briar looks good.


@rysiek @Wolf480pl @jerry @Aaron@boringpeople.org I'd by no means discourage others from Briar, it looks like a useful tool. It's just not for any usecases I can foresee myself having.

As for the personal auditing, it's something I like to make a habit of. Not that I seriously trust myself to catch many or any issues, but nor do I trust enough auditing is done. And I be no means trust myself with auditting crypto, the most I really can do is say "yeah, that kinda looks like crypto". I'm glad you trust the devs.

Sign in to participate in the conversation

For people who care about, support, or build Free, Libre, and Open Source Software (FLOSS).