1/ In defense of . Yes, I'm a guy that just posted a roundup of distributed/mesh messengers changelog.complete.org/archive of which was obviously not part. I am really excited about the potential of those.

But to the general public, I still recommend Signal. Here's why.

2/ brings and to meet people where they're at, not the other way around. People don't have to choose a server, it can automatically recognize contacts that use Signal, it has emojis, attachments, secure voice and video calling, and they all just work (Musk aside). It feels, and is, a polished, modern experience with the bells and whistles they are used to.

Follow

3/ I am a huge fan of /#Element and even run my own instance. It has huge promise. But it is Not. There. Yet. Some reasons:

, the only currently viable Matrix server, is not ready. My Matrix instance hosts ONE person, me. Synapse uses many GB of RAM and 10+GB of disk space, with little tuning for either. It's caused OOMs more than once. And this is AFTER extensive tuning. It cannot be hosted on a Raspberry Pi or even one of the cheaper VPSs.

4/ Choosing a instance. Well you could just tell a person to use matrix.org. But then it spent a good portion of last year unable to federate with other popular nodes due to Synapse limitations. Or you could pick a random node, but will it be up when someone needs to say "my car broke down?" Some are run from a dorm computer, some by a team in a datacenter, some by one person with EC2, and you can't really know. Will it be stable and long-lived? Hard to say.

5/ Voice and video calling is not there yet. Matrix has two incompatible video calling methods (Jitsi and built-in), neither work consistently well, both are hard to manage, and both have NAT challenges.

6/ is so hard to set up on a server that there is matrix-docker-ansible-deploy matrix.org/docs/projects/other . This makes it much better but it is STILL terribly hard to deploy, and very simple things like "how do I delete a user" or "let me shrink down this 30GB database" are barely there yet, if at all.

7/ Encryption is not mandatory in . E2EE has been getting DRAMATICALLY better in the last few releases, but it is still optional, especially for what people would call "group chats" (rooms). Signal is ALWAYS encrypted. Always. (Unless, I guess, you set it as your SMS provider on Android). You've got to take the responsibility off the user to verify encryption status and make it the one and only way to use the ecosystem.

8/ Again, I LOVE . I use it every day to interact with Matrix, IRC, Slack, and Discord channels. It has a TON of promise. But would I count on it to carry a "my car's broken down and I'm stranded" message? No.

9/ What about some of the other options out there? is fantastic and its offline options are novel and promising. But in common usage, it can't deliver a message unless both devices are online simultaneously, and doesn't run on iOS (though both are being worked on). It also can't send photos or do voice or video calling.

10/ Some of those same limitations apply to most of the alternatives also. Either that, or they are encryption-optional, or terribly hard to set up and use. Just today, I boosted a post about , which shows a ton of promise also. But it's got no voice or video calling capabilities. How about ? Fantastic protocol, extremely difficult onboarding (lengthy process, error-prone finding a sub, multi-GB initial download, etc)

11/ So gives people: dead-simple setup, store-and-forward delivery, encrypted everything, encrypted voice/video calls, ability to send photos/video encrypted. If you are going to tell someone "it's so EASY to get your texts away from Facebook and AT&T", THIS IS THE THING you've got to point them to. It may not be in 2 years, but for now, it is. Do not let the perfect be the enemy of the good. It advances the status quo without harming usability, which nothing else does yet.

12/ I am aware of all of the very legitimate criticisms of . They are real and they are why I am excited that there are so many alternatives with promise, some of which I use actively. Let us technical people use, debug, contribute, and evangelize the alternatives.

And while we're doing that, tell Grandma to contact us on Signal.

/END

@jgoerzen Thank you for the great summary!! 🙂 I think you really hit the core of that question very well. In many discussions about that topic, tech users don't consider the average user enough, or even at all, or have a wrong image of them.

@jgoerzen can't wait until my mom can use matrix but yeah it isn't there yet

@jgoerzen hi John, regarding here I have a fun poll floss.social/@ademalsasa/10558 I invite you to join. It's already 700 people participating already with hundred of comments.

@ademalsasa Hello, instance-neighbor! Thank you for the link; very interesting conversation.

I used XMPP extensively for awhile, but haven't now for a few years.

Also, I learned of there. I hadn't heard of Jami before, but sadly the website has no detail on how it achieves connections or if both endpoints must be online simultaneously for messages to be sent.

@jgoerzen But to summarize quickly, DHT for discovering, then ICE to negotiate a TLS link between peers, then the protocols like SIP for example for calls/messages.

Both peers should be online to communicate, but with swarm, one other device of the conversation should be online for syncing history.

@AmarOk thank you & thank you very much, Amarok, for sharing about GNU .

I'd like to add it is one of High Priority Projects of Free Software Foundation (@fsf) can be found here fsf.org/campaigns/priority-pro.

@jgoerzen

@AmarOk @ademalsasa Thank you. I hadn't looked under the "blog" section, and the "questions" just went to a git repo, so I had discovered neither the docs site nor those posts. Very helpful!

The similarities to are many, though it looks like it trades the ability to do voice and video calls for anonymity (briar running over Tor hidden services; Jami using direct TCP/UDP connections between peers). I must say, I like the approach, but it may introduce unacceptable lag for video

@AmarOk Understood. One difference between your eval and briar is that briar uses Tor exclusively; that is, no exit node, since nodes find each other using onion addresses.

Still, Jami looks very interesting and I'm checking it out later today. I think it would more easily have wide adoption than briar at this point. Thanks for your work on it!

I love the decentralization, though leaking IPs to contacts makes me uncomfortable, as it often amounts to leaking coarse location.

@AmarOk Also I fairly frequently find wifi networks that permit outbound on only port 80 and 443, TCP. Can Jami work with those constraints?

@jgoerzen yes and no. One of my universities did thar. In that case, dhtproxy (for avoid dht usage) + torify work, but this needs some Config and media will not work. Or just use a distant device with forwarding... But it's not magic. If you bloc all traffic, traffic will not pass through.

@jgoerzen hello my new friend @danie10, glad to meet you. I saw you always share about that is good. Thanks!

@jgoerzen @ctonysem This is exactly why I recommend #Signal to anyone wanting to wean themselves off of Facebook. “Do not let the perfect be the enemy of the good” sums this up perfectly.

@rd @jgoerzen When it comes to online privacy the Asian countries are basically one of the least developed regions. Here those who advocate tools to avoid centralized services are often regarded as just geeks. That is what I would like to change at first.

@ctonysem @jgoerzen I think there’s still a lot of that mentality elsewhere around the world.

Exploring alternative options like decentralization (or even anything other than Facebook) still tends to make people ask, “what are you trying to hide,” or “how does that work for you down in your bunker?,” etc. Those are terrible reasons to just give up on the right to #privacy.

@rd @ctonysem @jgoerzen

Can help to reach ppl where they 'do care':

The big picture:

Not only is our personal data being used "against us" (social media background checks, financial credit scores, even raising of health/car insurance rates (based on our data/outdoor hobbies).

It's also the building of deep psychological profiles, advertisers/political contractors manipulating our ability to make our own next decision/s.

This is how I've reached ppl close to me.

#privacy ☮️

@jgoerzen I’m looking into #Status, it looks SUPER DOPE but it’s not #P2P, that’s literally my only concern

It does have #E2EE tho so no censorship

@jgoerzen honestly if it wasn't for signal being my SMS app I wouldn't be using it. The number of my contacts that use it is so low it would be hard to justify.

@jgoerzen a lot of groups don't need or shouldn't have encryption. Especially groups about some Foss projects where the chat history should be visible for new members. Also it makes bridges easier.

@jgoerzen messages to other Signal users are e2ee. Didn't Signal encrypt the SMS database on your Android device at one point? Does it no longer?

@jawsh It very well may (I don't use Signal as an SMS client) but the point is that SMS is not E2E encrypted.

@jgoerzen yes I'm aware, that's why I said database. Not sure there is a way to that e2ee would really work with standard sms. I haven't kept up with RCS but last I knew that may as well have been considered a Google feature.

@jgoerzen you can say the same about most fediverse nodes. (I know, fediverse is not for IM.) I'd go with briar. Why no mention of telegram?

@vesperto I'd agree about the Fediverse nodes; it is an obstacle. Telegram isn't E2E-only, and TBH I haven't heard of most security-conscious people seriously considering it. I am always open to learning more, however!

@jgoerzen hmm i think it's not on by default or something, you're right. Also at least part of their code is not open source yet, i think.

@jgoerzen What's your take on #Dendrite? I was thinking about setting up my own Matrix instance, but #Synapse just looks too freaking big (especially for my small VPS).

@kristof I am very excited about its potential. They are tracking progress with "are we synapse yet" -- see the homepage at github.com/matrix-org/dendrite -- but it very well may be close enough for some. I strongly suspect it or something like it will become the defacto server in the future.

@jgoerzen Cool, thanks! Then I guess it's worth playing around with it a bit, but not for, as you put it, relying on it when stranded with a broken down car.

The approach targeted by #Dendrite -- a bunch of small (even single-user), federated servers -- seems to me as the best solution for communication if full peer-to-peer turns out to be infeasible (looks like there must be some kind of server for offline messaging, unless DHT can solve that problem somehow...)
Sign in to participate in the conversation
FLOSS.social

For people who care about, support, or build Free, Libre, and Open Source Software (FLOSS).