Skip to main content

Cerca

Elementi taggati con: whatsapp


 

Looking for a mom-and-pops-friendly IM solution


tl;dr: I'm looking for an alternative to #Whatsapp that is easy enough for my nontechie family to use. So far, #Matrix looks like the most complete solution, but seems pretty slow these days for some reason. Also, I have reasons on why I'm not 100% on choosing #XMPP this time.

What is the alternative you would recommend to mom and dad?

#CambridgeAnalytica leaks and #Facebook scandals apart, I've already been looking for an alternative to WhatsApp for many years, with the largest hurdle in this crusade definitely being the fact that my family hasn't been keen on leaving it for another app. On my side, I have the following requirements:
  • End-to-end #Encryption enabled by default, or at least built into the program (native implementation, no third party plugins)
  • Clients exist for at least GNU/Linux and Android platforms (more is better, but not needed)
  • Support for group chats with E2EE
  • Supports at least text and image transferring.
Matching all of these used to be very tough for a chat program, until about two years ago. With the tremendous progress that the XMPP movement has been doing for the past two or so years, I was hard-pressed to inevitably tell them to immediately download #Conversations for their phones and find true #privacy with #OMEMO encryption and their chats. However...

OMEMO isn't exactly a silver bullet (yet).


First off, allow me to clarify one thing: I love XMPP. I think it is a very mature and very reliable protocol, has a very diverse ecosystem of servers and clients around and has worked very well for me so far. With that said, though, the entire Go OMEMO! isn't exactly the magical crypto bullet that will save every one from surveillance. Or at least not yet.

First off, adoption of OMEMO in client applications has been slow. The only one that actually gets it right in my opinion is Conversations, but that's a phone app - a privacy nightmare. On the desktop, we have few options, and, from experience, none is mature to the point of surviving heavy usage:
  • Gajim - the go-to answer everyone receives - doesn't have native support, and the OMEMO plug-in requires little-tested versions that are unstable, or link to libraries whose versions some distros like Debian and Ubuntu do not offer, even if you add the development Gajim repo.
  • Profanity has at least two plug-ins for OMEMO (python and C), but they are also in the early stages of development (when I tested the python one, it didn't allow me to send messages, just receive).
  • Pidgin seems to have released an OMEMO library, but given the time of the release, I doubt it's any more stable than the above.
  • Dino appears to offer native support, but is still in alpha stage.
I know that this site indicates many other programs having some or full support for OMEMO already, but quite frankly, in my experience it's not accurate at all from the experience of a user (see my points above).

So much for requirement #2...

Enter (or not) the Matrix


So while I was busy digging for the grail, all the cool kids seemed to have switched to something called Matrix, specifically through the Riot webapp. Citing full integration over many different communication networks, I also decided to give it a try because, well, why not?

Turns out that Riot is glossy and bloated, but yes, fairly easy to use - very much like WhatsApp itself. That could be a selling point to the non-techies! And they have E2EE that apparently has been audited already. And it does fulfill all the four requirements I have. But I still am a little unsure about a few things:
  • By using the Riot web interface, you have to use Javascript to do cryptography. I know that the implementation was audited, but the whole thing about trusting Javascript still gives me the creeps. Also: RIP my RAM.
  • Desktop clients for Matrix are, very much like XMPP, lacking. Riot-desktop seems to be just a thin wrapper around the webapp. The weechat plugin last time I checked does not support encryption, etc.
  • It is mysteriously very slow these days. It seems that this is because of people overloading a few of the already few servers around and not wishing to host more, thus resulting in a very inefficient federation and network. That wasn't the case when I first tried it two years ago. This will not help convince WhatsApp users.
But even with all the above considered, I still think that Matrix, through the Riot App and Webapp is the best way to go to convince nontechies to move away from WhatsApp. I'm not praising Matrix either, though. It always sounded to me like a project that wanted to do everything, and seeing the bloat I get for what I intend to use it for, it seems to have kept going that way.

Perhaps when one day OMEMO finds its way into native or mature implementations in XMPP clients, I will revisit this post and lean towards XMPP again. But so far, no single free software IM solution has been 100% satisfactory in my case, and I'm still looking for more alternatives.

What is the alternative you would recommend to mom and dad?

 

Katarina Barley fordert Öffnung von WhatsApp für andere Dienste


Huch, eine Ministerin mit einer richtig guten Idee? Was ist denn da passiert?

Chat-Dienste sollten genauso wenig monopolisiert sein wie Email oder Telefonie. Menschen, die bei verschiedenen Email-Providern oder Telefonie-Anbietern sind, können trotzdem miteinander kommunizieren. Nur bei IM ist das anders: Bei Whatsapp sitzt man im rostigen Käfig. Die Politik sollte in der Tat durchsetzten, daß IM-Dienste ab einer bestimmten Größe geöffnet werden müssen. Dafür gibt es seit knapp zwanzig Jahren sogar einen offiziellen Internet-Standard. Whatsapp, Google, Facebook haben genau diesen Standard sogar jahrelang genutzt, sich von diesem aber verabschiedet um sich abzuschotten.

Auch sympathisch: Frau Barley ist weder bei Whatsapp noch bei Facebook.

#barley #katarinabarley #im #whatsapp #spd #xmpp #chat #federation

 

Have you considered the alternative?



Good read. The authors make clear, that end-to-end encryption, as important as it is, is not the most important tool to protect privacy. Federation or decentralization is much more important. They also see clearly, that centralized messengers have much better funding opportunities than federated ones.
While OWS provides thorough expertise in the field of cryptography, Marlinspike is currently advocating centralisation as the only answer towards user-friendly, fast and secure messaging apps. Decentralisation, according to him, has no place in the modern world and apparently hampers innovation. However, some of his arguments have not remained unchallenged. In particular, where Marlinspike accuses federation of stalling evolution, Daniel Gultsch provides a counter argument by using the Web as an example of successfully federated system. Furthermore, Gultsch states that the problem is not that federation doesn't adapt, but rather that there are problems with its implementation for a very significant reason: software developers working on federated systems mostly work for free in their spare time or with little means, given the difficulty to monetise a system which design can only succeed if it is open and can be appropriated easily beyond its original scope, and thus making its capitalisation particularly challenging. In that sense, the most interesting aspect of this debate is that while Marlinspike seems to defend his product from a technological perspective, Gultsch's counter argument moves back the discussion to the context of political economy.

Hosting your own infrastructure allows you to scale your communication in a way that is the most meaningful for the group or community you belong to. It is also a way to make sure your system matches your own threat model?, while simultaneously allowing you to deal with trust that is not mediated by an app. It also allows you to experiment with economic models other than those linked to large-scale infrastructure involving surveillance and capturing of your social graph for financial gain. Maybe you want to share the cost of the server or the responsibilities of administrating it, maybe you want to collectively learn how to run all this stuff, or maybe you want to start meetings to exchange tips, etc. However, this does not mean that you need to cut yourself off from the rest of the world and this form of localism should not be misunderstood for a hipsterist and reactionary form of escapism. Instead, such an approach is quite the opposite as it provides a possibility to actively engage with societal issues. It allows groups to collectively think, in the sense of defining questions and hypotheses themselves, acquire skills and knowledge and respond to issues that are both relevant to their own situation but that can also resonate globally, enabling others to start a similar process.
#whatsapp #facebook #signal #xmpp #conversations #gajim #chatsecure #selfhosting #federation #politics #freesoftware

 
Dear acquaintance, colleague, customer, family member, friend, etc.: If you happen to store my personal data, such as my landline phone number, on your mobile phones contact application, please make sure to not pass this data to any companies, such as Whatsapp. Sending this data is clearly illegal without my explicite consent. Thanks.

See also: — but nobody cares.

#privacy #whatsapp #smartphone

 

Politik & Whatsapp



Politiker liefern der Fa. Facebook praktischerweise eine Liste aller ihrer Anhänger. Zumindest die Mobiltelefonnummern und die sind in Deutschland sind bekanntlich nicht anonym. Z.B. Sahra Wagenknecht, die mit der “klaren Kante gegenüber Washington”. Ein zukünftiger Bundesinnenminister Alexander Gauland wird nach der Machtergreifung gleich in Washington um die Liste bitten. Die AfD hat natürlich auch ihre einschlägigen Whatsapp-Gruppen, in André Poggenburg "Whatsapp den Deutschen" gröhlen darf.

Es geht mir hier nicht um diese oder jene Partei oder politische Richtung, sondern nur um das Datenschutzproblem: Daß Politiker egal welcher Couleur Listen ihrer Anhänger er- und Großkonzernen zur Verfügung -stellen.

#whatsapp #datenschutz #politik #teamsahra #sahrawagenknecht #dielinke #alexandergauland #afd #andrépoggenburg

Gemeinsam für Frieden und soziale Gerechtigkeit | Team Sahra

Gemeinsam für Frieden und soziale Gerechtigkeit | Team Sahra

 

WhatsApp backdoor allows snooping on encrypted messages



I knew it! Liars, Liars, Liars!

#whatsapp #privacy

WhatsApp backdoor allows snooping on encrypted messages

Privacy campaigners criticise WhatsApp vulnerability as a ‘huge threat to freedom of speech’ and warn it could be exploited by government agencies

 

WhatsApp backdoor allows snooping on encrypted messages



I knew it! Liars, Liars, Liars!

#whatsapp #privacy

WhatsApp backdoor allows snooping on encrypted messages

Privacy campaigners criticise WhatsApp vulnerability as a ‘huge threat to freedom of speech’ and warn it could be exploited by government agencies

 
To all my friends and family, if you have ever used Whatsapp to contact me I will be removing Whatsapp. Before I do I will be sending you a whispersystem invite. This is a much improved version where your messages are encrypted end to end and Facebook is not snooping through them. You can send pictures and call as you would on whatsapp the key difference is there is no one snooping on what you are doing.

Once I have sent the invites I will be removing whatsapp from my devices.

More info about the Open Whisper System https://whispersystems.org/

Why I am not happy with Whatsapp http://www.techbout.com/stop-whatsapp-sharing-phone-number-facebook-17952/

This should be opt in not opt out.

Just because everyone shares there whole life with Facebook and don't mind being abused silently is not my problem. I have to make a stand for my privacy in this connected world and I will be voting with my feet so to speak.

#whatsapp #facebook #openwhispersystem

Open Whisper Systems >> Home


 
To all my friends and family, if you have ever used Whatsapp to contact me I will be removing Whatsapp. Before I do I will be sending you a whispersystem invite. This is a much improved version where your messages are encrypted end to end and Facebook is not snooping through them. You can send pictures and call as you would on whatsapp the key difference is there is no one snooping on what you are doing.

Once I have sent the invites I will be removing whatsapp from my devices.

More info about the Open Whisper System https://whispersystems.org/

Why I am not happy with Whatsapp http://www.techbout.com/stop-whatsapp-sharing-phone-number-facebook-17952/

This should be opt in not opt out.

Just because everyone shares there whole life with Facebook and don't mind being abused silently is not my problem. I have to make a stand for my privacy in this connected world and I will be voting with my feet so to speak.

#whatsapp #facebook #openwhispersystem

Open Whisper Systems >> Home


 

Blind Trust Before Verification



Very interesting article on how hard it is to get encryption and trust right. There is no silver bullet it seems, we can only strive hard.
WhatsApp - and pretty soon Signal as well - are the prime example of an industry turning End-to-End Encryption into a hollow marketing phrase that doesn’t mean anything.

#xmpp #omemo #conversations #signal #whatsapp

Blind Trust Before Verification

An introduction to the concept of Blind Trust Before Verification which means to automatically trust all new devices of contacts that haven’t been verified before, and prompt for manual confirmation each time a verified contact adds a new device.

 
#signal is a good replacement for people addicted to #whatsapp.

However building communication systems on the Internet, if we don't want to come back to telecom PSTN monopolies then we have to fight against technologies that build gated communities.

#signal, no matter how many good contributions they made (free software crypto messaging lib), they still build gated communities, and who know if OWS can be bought by FB or Google someday....

Using hybrid free software that rely on distributed and federated (self-hosting) systems will enforce much better data privacy, ownership, and interop.

 
@SkyzohKey +1 ;) I do use it on a daily basis and I can live with the side effects of p2p such as energy for battery and network consumption.

#signal is a better solution from #whatsapp or #skype, but as has been said, still supports PRISM friendly companies, even indirectly, it supports them as they force you to use GCM. (I haven't tested microG though) but building solutions out of companies like Google is a real feature when it comes to freedom of communications.

Sure OWS is a small team and I thank them for their great contribution such as the free and open code that is packaged as a lib than anyone can use in their comm. project. This is significant contribution. But I also thank freedom to not rely solely on #signal because it would then be wrong.
Federation and other problems will be tackled afterwards

Yes and probably by other people. Fighting against gated communities is a real challenge but hey... we love challenges right ;)

 
“[…] in the #surveillance state in which we all now live, it is more important than ever to ensure that our #communication tools are secure and trustworthy. While it’s a good thing that apps such as Duo and WhatsApp are now using end-to-end #encryption — meaning third parties, including the company providing the service, should not be able to read, or listen to, what users are saying — using #proprietary software and protocols means that we have to place a certain degree of trust in companies such as Google and Facebook.

“Given that we know many of these companies have co-operated with government agencies — such as the National Security Agency #NSA — the recent news that #WhatsApp will be cross-referencing users’ phone numbers with #Facebook accounts and the fact that the proprietary nature of these applications means they are often less likely to undergo thorough #security audits, it’s hard to blindly trust these companies to keep our best interests and #privacy in mind.

“My solution to the problem of people being segregated on, often insecure, communications platforms is to buck the trend whenever possible and refuse to correspond using anything that isn’t open and secure. But this will only work if other people follow my lead.”

#SurveillanceCapitalism #FreeSoftware #free-software #standards

National Post: Jesse Kline: Google gives the world another video conferencing app that won't let you talk to all your friends (Jesse Kline)

For a technology to become widely adopted as a method of communication, it needs to be based on open standards.

 
“[…] in the #surveillance state in which we all now live, it is more important than ever to ensure that our #communication tools are secure and trustworthy. While it’s a good thing that apps such as Duo and WhatsApp are now using end-to-end #encryption — meaning third parties, including the company providing the service, should not be able to read, or listen to, what users are saying — using #proprietary software and protocols means that we have to place a certain degree of trust in companies such as Google and Facebook.

“Given that we know many of these companies have co-operated with government agencies — such as the National Security Agency #NSA — the recent news that #WhatsApp will be cross-referencing users’ phone numbers with #Facebook accounts and the fact that the proprietary nature of these applications means they are often less likely to undergo thorough #security audits, it’s hard to blindly trust these companies to keep our best interests and #privacy in mind.

“My solution to the problem of people being segregated on, often insecure, communications platforms is to buck the trend whenever possible and refuse to correspond using anything that isn’t open and secure. But this will only work if other people follow my lead.”

#SurveillanceCapitalism #FreeSoftware #free-software #standards

National Post: Jesse Kline: Google gives the world another video conferencing app that won't let you talk to all your friends (Jesse Kline)

For a technology to become widely adopted as a method of communication, it needs to be based on open standards.