social.gl-como.it

Cerca

Elementi taggati con: conversations

Note to myself: How to disable OTR in ChatSecure



Some weeks ago, a colleague, who unfortunately uses an iPhone (he is not a completely bad person, though) installed ChatSecure. Immediately, I and others were annoyed by unreadable OTR garbage he sent. It took us a while, but at the end of the day (the whole day!) we found out how to disable OTR. Yesterday, a friend who unfortunately also uses an iPhone (he is not a completely bad person neither), had the same issue and it took me the help of strangers on the internet (here; the Conversations MUC), to remember what to do. For the next time and the benefit of the public:
  • One cannot disable OTR globally in ChatSecure, but only contact by contact.
  • You need to open the chat of the contact.
  • Go to the "contact details".
  • Go to "advanced encryption settings" and select "OMEMO", nothing else.
  • Close chat with the contact.
  • Repeat the last four steps for all your 511 contacts.
#xmpp #ios #iphone #otr #omemo #chatsecure #conversations
 

The rocky road to OMEMO by default



Daniel Gultsch, developer of Android XMPP client Conversations, writes,

Why it took us more than two years to enable End-to-End encryption by default: The first in a series of essays leading up to the release of Conversations 2.0



...
The other big hurdle we had to overcome was the adoption rate in clients. If you send OMEMO encrypted messages by default you should have a reasonable expectation that your contact will be able to decrypt the message. Reasonable expectation doesn’t mean that every single client out there has to support it—In an ecosystem with hundreds of small, badly maintained clients that’s just not feasible—but the major clients should at least have a plugin available.
In March 2018 we finally reached the point where every plattform has one or more clients with OMEMO support. Conversations and Zom on Android, ChatSecure on iOS, Psi and Gajim on the desktop. The up and coming desktop client Dino—despite not having had an initial release—already has support for OMEMO as well. And even the webclient JSXC has a plugin available.
Considering the complexity of OMEMO and the fact that most of these clients are developed by people in their spare time, this is actually quite an impressive adoption rate.
...
Moxie Marlinspike, in his 2016 propaganda piece ignorantly bashing XMPP, had one valid point: Enabling end-to-end encryption in a homogenous environment is easier than introducing it in a heterogenous one like Jabber. Nobody is denying that. However, if something is hard to achieve there are two possible approaches: Either try your best and don’t give up, or put your head in the sand and create yet another walled garden that is no different from other proprietary solutions.
Admittedly it has taken us a while to get to a point where we can enable end-to-end encryption by default, but it was worth the effort in that we ended up with something that is different from WhatsApp in more than just marketing.
#xmpp #omemo #conversations #psi #gajim #zom #chatsecure #dino #jsxc #federation #encryption
 

Biboumi - An XMPP-IRC Gateway



Debian maintainer Vasudeva Kamath writes in their blog:
IRC is a communication mode (technically a communication protocol) used by many Free Software projects for communication and collaboration. It is serving these projects well even 30 years after its inception. Though I'm pretty much okay with IRC I had a problem of not able to use IRC from the mobile phones. Main problem is the inconsistent network connection, where IRC needs always to be connected. This is where I came across Biboumi.
Biboumi by itself does not have anything to do with mobile phones, its just a gateway which will allow you to connect with IRC channel as if it is a XMPP MUC room from any XMPP client. Benefit of this is it allows to enjoy some of XMPP feature in your IRC channel (not all but those which can be mapped).
He then explains in detail how to configure Ejabberd with Biboumi and how to actually use Biboumi from the XMPP client, e.g. Conversations. Worth a read!

I'm using Biboumi, too. Both via the wonderful movim.eu social network site, but also at my company, where we run it behind the Prosody XMPP server.

#gateway #irc #mobile #xmpp #ejbberd #biboumi #conversations
 

Conversations Open Source Secure XMPP Client for Android



This article on XDA-Developers focusses on encryption features of Conversations and an interview with developer Daniel Gultsch. Nice read!
Q: What motivated you to develop Conversations?
A: I am using Jabber/XMPP for many many years. Even back in 2009 I was able to use Jabber on my Nokia e71. Sometime around the year 2012 I switched to an Android phone, so I suddenly was unable to use Jabber. [...]
Q: Can you give three reasons why Conversations protects your privacy better than Whatsapp or Threema?
A: I don’t have to give my private phone number to strangers if I want to chat with them. I could have a private and a business account. I can disable the business account after my shift, to prevent my boss from annoying me during my free time. WhatsApp allows everybody to analyze my app usage patterns any time. (My boss could stalk me to investigate if I am using WhatsApp during my working hours or if I am using WhatsApp at night instead of sleeping and coming well rested to the office.) This is different with Conversations; Conversations also doesn’t upload my entire address book to Facebook.
Q: Is it allowed to compile Conversations on your own from your Github and use it for private use?
A: Of course. Not only private, also for business and everything else you want. It is also allowed to modify the code to meet individual requirements.
#conversations #freesoftware #xmpp #android #interview #pgp #otr #omemo #forwardsecrecy #xda https://www.xda-developers.com/conversations-jabber-xmpp-android/
 

"How to Live Without Google" - and getting it all wrong



In a failed attempt to improve users personal privacy, DuckDuckGo jumps from the frying pan straight into the fire. With the motto
Remove Google from your life? Yes, it can be done!
they give ten advices, most of them very bad. Also, they are using inexact wording by calling things free, when they are "free as in beer", but not necessarily "free as in freedom". I comment on their three worst recommendations:
Google Search -> DuckDuckGo (free)
Let's start off with the easiest one! Switching to DuckDuckGo not only keeps your searches private but also gives you extra advantages such as our bang shortcuts, handy Instant Answers, and knowing you're not trapped in a filter bubble.
I understand, that they advertise their own service here. And while I do believe, that DuckDuckGo does not cheat and keeps your searches private, as a user, one cannot prove it. In any case, one just replaces one centralised search machine with another one. Better use a decentralised service, such as meta search engine Searx.
Android -> iOS (paid)
The most popular alternative to Android is of course iOS, which offers easy device encryption and encrypted messaging via iMessage by default. We also have tips to increase privacy protection on your iPhone or iPad.
This is certainly the worst recommendation in their list. I had to check the date of the article, when I read this. Aprils Fool's Day? I'm certainly not a fan of Android and I'm not an Android user anymore, but going for a much more restrictive jail is just stupid. Android has at least relatively free versions, e.g. Replicant. iOS, in contrast, is a carcel with beautifully painted walls. Very high walls with perfectly styled barbed wire on top. Even the most proprietary variants of Android let you at least install free software from F-Droid.org.

If you don't want to use Android anymore, like myself, better go for a free alternative, e.g. support the Librem 5 crowdfunding, or the Pyra handheld or the ZeroPhone, all three running the free Debian operating system.
Google Allo -> Signal (free)
There are several services offering private messaging but, as we've mentioned before, Signal gets our recommendation. It offers free, end-to-end encryption for both messages and private calls. It's also recommended by Edward Snowden and renowned security expert Bruce Schneier, among others.
Again, they recommend to leave one centralised service for another one. And one, that even wants your phone number, otherwise you can't use it. And one, that does not yet have a decent client for Linux. There are messengers around that are federated or completely decentralised, that do not force you give them your phone number, and that have native clients for all major operating systems. My recommendation is XMPP. If you are on Linux, use e.g. Gajim, on Android the best app is probably Conversations, for iOS there is ChatSecure and so on. Alternatives to XMPP are Ring, Matrix and more recently Wire.

Benjamin Franklin wrote in 1755:
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
One should also not give up libre software, which is essential in many ways, to purchase a little perceived safety or privacy through non-free or centralised services.

#duckduckgo #google #searx #replicant #fdroid #librem5 #pyra #zerophone #debian #xmpp #gajim #conversations #chatsecure #ring #matrix #wire

How to Live Without Google

Google tracking is more pervasive than most people realize. We show you some alternatives to Google services to limit your exposure.
 
| Translate | Gitter

Why we don't publish at the Play Store



We got some requests recently, asking, why we do not publish #dandelion at the #GooglePlay.So here are our main reasons, why we don't plan to uploadthe app there currently.

First of all, we do not comply with Googles terms of service. Having to pay ~25€ to Google who did not write the app and does not respect your freedom nor your privacy on its platforms (Youtube, GMail...) just doesn't feel right. We believe, that our userbase is well aware of the privacy concerns that come with using Google's Services, so many diaspora* users actually get their apps through F-Droid (which is great). Second, if a user that does not know about F-Droid yet wants to use dandelion* and searches for it, they'll hopefully find out about the F-Droid project and may get in touch with free software that way. So by not publishing to Google Play, we hope to get more people to understand, use and appreciate free and open source software.

If you find dandelion* on the Play Store, please be aware, that you likely just found a version built by someone else. We can not guarantee that such a version has not been tampered with in terms of #malware, so we highly discourage you to use it. It should be clear, that we'll never charge you any money for using, downloading, sharing or modifying the app. Note also, that we won't support those versions.

If you want to dontate to the project to support the developers, and keep them motivated, please feel free to contact us :D As always, you can help us by submitting bug reports, code and/or translations on github and crowdin.
PS: We maintainers (@gsantner and @vanitasvitae) will soon have more time again to actively work on the app. The last weeks we were distracted with educational work, so here is some background information:

@gsantner was working on another FLOSS app called Froody, which lets you share (naturally growing) food and other things with others. He hopes to enable people to live a more sustainable life. The main idea is to share to and help other people by e.g. sharing pears, which would rot anyway if unused.Everything is built with international use in mind. The app is available at https://github.com/froodyapp/froody-android, and is currently available in #English, #German and #Japanese. Also translatable on Crowdin. He also writes his bachlor thesis about Open Source and Android, which will be completed in summer and likely to be released in an appropiate free license.

@vanitasvitae is writing his bachelor thesis about an #OMEMO module for #Smack, a #XMPP library used by many free messengers like #Jitsi or #Kontalk.
He hopes to enable those messengers to #encrypt your communication end-to-end using the OMEMO protocol introduced by #conversations.
He'll also attend #FOSDEM in #brussels by the way, so if you are there you might meet him and chat a little ;)

Sharing welcome!



Immagine/foto

Tags: #dandelion #dandeliondev #diaspora #diasporaforandroid #diasporaandroid #diasporaapp #app #fdroid #freesoftware #opensource #google #play #store #app #android-dev #foss #freie-software #freesoftware #opensource #translation #translator #release #mobile #froody #froodyapp #omemo #security #sustainability #sustainable #thesis

Diaspora-for-Android/dandelion

dandelion* - unofficial diaspora* android client
 
| Translate | Gitter

Why we don't publish at the Play Store



We got some requests recently, asking, why we do not publish #dandelion at the #GooglePlay.So here are our main reasons, why we don't plan to uploadthe app there currently.

First of all, we do not comply with Googles terms of service. Having to pay ~25€ to Google who did not write the app and does not respect your freedom nor your privacy on its platforms (Youtube, GMail...) just doesn't feel right. We believe, that our userbase is well aware of the privacy concerns that come with using Google's Services, so many diaspora* users actually get their apps through F-Droid (which is great). Second, if a user that does not know about F-Droid yet wants to use dandelion* and searches for it, they'll hopefully find out about the F-Droid project and may get in touch with free software that way. So by not publishing to Google Play, we hope to get more people to understand, use and appreciate free and open source software.

If you find dandelion* on the Play Store, please be aware, that you likely just found a version built by someone else. We can not guarantee that such a version has not been tampered with in terms of #malware, so we highly discourage you to use it. It should be clear, that we'll never charge you any money for using, downloading, sharing or modifying the app. Note also, that we won't support those versions.

If you want to dontate to the project to support the developers, and keep them motivated, please feel free to contact us :D As always, you can help us by submitting bug reports, code and/or translations on github and crowdin.
PS: We maintainers (@gsantner and @vanitasvitae) will soon have more time again to actively work on the app. The last weeks we were distracted with educational work, so here is some background information:

@gsantner was working on another FLOSS app called Froody, which lets you share (naturally growing) food and other things with others. He hopes to enable people to live a more sustainable life. The main idea is to share to and help other people by e.g. sharing pears, which would rot anyway if unused.Everything is built with international use in mind. The app is available at https://github.com/froodyapp/froody-android, and is currently available in #English, #German and #Japanese. Also translatable on Crowdin. He also writes his bachlor thesis about Open Source and Android, which will be completed in summer and likely to be released in an appropiate free license.

@vanitasvitae is writing his bachelor thesis about an #OMEMO module for #Smack, a #XMPP library used by many free messengers like #Jitsi or #Kontalk.
He hopes to enable those messengers to #encrypt your communication end-to-end using the OMEMO protocol introduced by #conversations.
He'll also attend #FOSDEM in #brussels by the way, so if you are there you might meet him and chat a little ;)

Sharing welcome!



Immagine/foto

Tags: #dandelion #dandeliondev #diaspora #diasporaforandroid #diasporaandroid #diasporaapp #app #fdroid #freesoftware #opensource #google #play #store #app #android-dev #foss #freie-software #freesoftware #opensource #translation #translator #release #mobile #froody #froodyapp #omemo #security #sustainability #sustainable #thesis

Diaspora-for-Android/dandelion

dandelion* - unofficial diaspora* android client
 
| Translate | Gitter

Why we don't publish at the Play Store



We got some requests recently, asking, why we do not publish #dandelion at the #GooglePlay.So here are our main reasons, why we don't plan to uploadthe app there currently.

First of all, we do not comply with Googles terms of service. Having to pay ~25€ to Google who did not write the app and does not respect your freedom nor your privacy on its platforms (Youtube, GMail...) just doesn't feel right. We believe, that our userbase is well aware of the privacy concerns that come with using Google's Services, so many diaspora* users actually get their apps through F-Droid (which is great). Second, if a user that does not know about F-Droid yet wants to use dandelion* and searches for it, they'll hopefully find out about the F-Droid project and may get in touch with free software that way. So by not publishing to Google Play, we hope to get more people to understand, use and appreciate free and open source software.

If you find dandelion* on the Play Store, please be aware, that you likely just found a version built by someone else. We can not guarantee that such a version has not been tampered with in terms of #malware, so we highly discourage you to use it. It should be clear, that we'll never charge you any money for using, downloading, sharing or modifying the app. Note also, that we won't support those versions.

If you want to dontate to the project to support the developers, and keep them motivated, please feel free to contact us :D As always, you can help us by submitting bug reports, code and/or translations on github and crowdin.
PS: We maintainers (@gsantner and @vanitasvitae) will soon have more time again to actively work on the app. The last weeks we were distracted with educational work, so here is some background information:

@gsantner was working on another FLOSS app called Froody, which lets you share (naturally growing) food and other things with others. He hopes to enable people to live a more sustainable life. The main idea is to share to and help other people by e.g. sharing pears, which would rot anyway if unused.Everything is built with international use in mind. The app is available at https://github.com/froodyapp/froody-android, and is currently available in #English, #German and #Japanese. Also translatable on Crowdin. He also writes his bachlor thesis about Open Source and Android, which will be completed in summer and likely to be released in an appropiate free license.

@vanitasvitae is writing his bachelor thesis about an #OMEMO module for #Smack, a #XMPP library used by many free messengers like #Jitsi or #Kontalk.
He hopes to enable those messengers to #encrypt your communication end-to-end using the OMEMO protocol introduced by #conversations.
He'll also attend #FOSDEM in #brussels by the way, so if you are there you might meet him and chat a little ;)

Sharing welcome!



Immagine/foto

Tags: #dandelion #dandeliondev #diaspora #diasporaforandroid #diasporaandroid #diasporaapp #app #fdroid #freesoftware #opensource #google #play #store #app #android-dev #foss #freie-software #freesoftware #opensource #translation #translator #release #mobile #froody #froodyapp #omemo #security #sustainability #sustainable #thesis

Diaspora-for-Android/dandelion

dandelion* - unofficial diaspora* android client
 

Blind Trust Before Verification



Very interesting article on how hard it is to get encryption and trust right. There is no silver bullet it seems, we can only strive hard.
WhatsApp - and pretty soon Signal as well - are the prime example of an industry turning End-to-End Encryption into a hollow marketing phrase that doesn’t mean anything.

#xmpp #omemo #conversations #signal #whatsapp

Blind Trust Before Verification

An introduction to the concept of Blind Trust Before Verification which means to automatically trust all new devices of contacts that haven’t been verified before, and prompt for manual confirmation each time a verified contact adds a new device.
 

End-to-End Encrypted group chats via XMPP



Jamie McClelland writes, that it is still difficult to have a secure group chat. But it's possible.
Use either Conversations for Android (f-droid or Play) or Gajim for Windows or Linux [...]

Ensure that everyone in your group has added everyone else in the group to their roster [...]

Create the group in the android Conversations app, not in Gajim [...]

#xmpp #muc #conversations #gajim #omemo #encryption

End-to-End Encrypted group chats via XMPP

 
Daniel Gultsch's (developer of Conversations, a very usable messenger that uses a decentralized protocol) reply to Moxie Marlinspike's (main developer of Signal, a very usable messenger that uses a centralized protocol):

https://gultsch.de/objection.html

#xmpp #jabber #conversations #signal

Conversations: the very last word in instant messaging

A free and open source Jabber/XMPP client for Android. Easy to use, reliable, battery friendly. With built-in support for images, group chats and e2e encryption.
 
Daniel Gultsch's (developer of Conversations, a very usable messenger that uses a decentralized protocol) reply to Moxie Marlinspike's (main developer of Signal, a very usable messenger that uses a centralized protocol):

https://gultsch.de/objection.html

#xmpp #jabber #conversations #signal

Conversations: the very last word in instant messaging

A free and open source Jabber/XMPP client for Android. Easy to use, reliable, battery friendly. With built-in support for images, group chats and e2e encryption.
 
#tox works good from my experience. #conversations with #xmpp +#omemo is solid as stone as well.
 
nuovi vecchi