Over the past few years I have gone through a bunch of different apps and protocols to find the best one for “securely” communicating with my family and friends.
I ended up with the amazing XMPP protocol and my family/friends frequently use its clients to contact me.
Monal for IOS and Cheogram/Conversations/Quicksy for Android. The android app I install depends on if I can get F-Droid on their phone or not.
It’s been great with OMEMO encryption and the clients/apps available for XMPP. But sometimes I have issues introducing people to it.
Jabber (friendly name for xmpp) sounds silly to say. The clients all have weird names. And after trying the Signal mobile app it feels more focused than what anyone in the XMPP community has whipped up.
But the capabilities of XMPP makes it better.
Signal Cons (immediete)
- Centralized
- Single app
- Phone numbers
XMPP/Jabber Cons
- Picking server
- Apps are sort of less friendly
What really scares me about Signal is the centralization. Any nerd can easily host an XMPP server these days. But Signal from what I’ve heard really wants us to use their server.
If XMPP gets more attention I’m sure we can get people supporting projects and creating better apps.
I keep seeing people recommended Signal instead.
This is a bit of a tired ramble. What I wanna know is why anyone is preferring Signal over XMPP apps. I assume it might be not knowing about it. Tell me what you use to message people.
I use XMPP, and the original idea was for it to be a family chat and a way to securely ask for things on Jellyfin.
No one uses it. (XMPP, not JF)
What’s better?
No one cares. They know it’s a hassle to ask for media. They know they can only ask me in person if they don’t use it. They just won’t bother installing a client. Can’t be bothered.
Oh well, I can’t be asked, then. So we sit in this perpetual state of tug of war. I can’t be contacted, it’s complained about, the situation is explained again, they complain again, and still never resolve the situation.
Going on three years now.
Signal is the best intersection of genuine security and ease-of-use that I’ve ever seen. No choosing a server, no making an account. Just install the app, get a confirmation SMS, and now you can communicate with future-proof encryption and authentication right away.
For more technical people, who aren’t going to be intimidated by things like making accounts and secure passwords and choosing servers, Signal is not the best. But when I need to communicate securely with non-technical people, it’s a wonderful quick go-to solution.
Most people don’t understand what is instance and do not want to do 3 step registration if they can do 2 step registration on Signal. Also, if I understand correctly, xmpp protocol and client didn’t support stickers and Signal added that feature and gifs? Not sure
Protocol and client are different. I know Cheogram has some kind of sticker thing, but I don’t think it’s as robust as what Signal probably has. I can download Signal stickerpacks to use on Cheogram (the xmpp client), but using them was a tad difficult.
There’s nothing wrong with Signal’s centralization model in a worrying sense. It acts only as a clueless message relay, and it has near-zero information on any of its users, even as it delivers messages from person to person. The only information Signal knows is if a phone number is registered and the last time it connected to the server. There is great care taken to make sure everything else is completely end-to-end encrypted and unknowable, even by subpoena.
The only real issue with Signal’s centralization is that if Signal the company goes down, then all clients can no longer work until someone stands up a new server to act as a relay again. Signal isn’t the endgame of privacy, but it’s the best we have right now for a lot of usecases, and it’s the only one I’ve had any luck converting normies to as it’s very polished and has a lot of features. IMO, by the time the central Signal server turns into an actual problem we’ll hopefully have excellent options available to migrate to.
Also TMK, the only reason you still need a phone number for Signal is to combat spam. You can disable your phone number being shown to anyone else in the app and only use temporary invite codes to connect with people, so I don’t count the phone number as a huge problem, though the requirement does still annoy me as it makes having multiple accounts more difficult and asserts a certain level of privilege.
Note that Signal is not a company, it’s an NGO. Would you say that Wikipedia is at risk of disappearing because it’s centralized?
Yep, I forgot it’s not a company. The point stands though; someone has to pay for the servers and administration, and if they run out of money or the foundation falls apart, then the problem happens in the same way. I don’t know much about Wikipedia’s structure, but I would guess it’s a similar situation in terms of needing money to stay running and also being able to be salvaged by the community if it does go down.
Signal may not be the best in a technical sense, but it is good enough and it has the network effect. I’ve been pleasantly surprised when in the span of a few months I met two different people actually in real life, who happened to already be using Signal.
Signal is also just as usable as the big tech alternatives, which makes it not a very hard sell to friends and family. For quite a few years now I have managed to convince everyone I communicate with to do so over Signal. There is no chance I would be as successful with something else.
.
TBH it’s worrying, but at the same time, it’s better to have people on something that’s somewhat Privacy-respecting.
Baby steps, you know. BTW how many here are familiar with GNU-Jami ?
Jami is a mess, when i tried it first it starting calling as it were to receive a phone call. The second time i tried it on 3 devices, out of which 2 could contact each other lol. My last attempt was when I needed to send a few strings from a (internet connected) VM to its host machine*, installed Jami on both and the 2 instances couldn’t talk to each other. Joke of a program, really.
- i know i could do it much easier
Joke of an app ??
Not really
If the devs put work into making the backend work instead of adding shiny new features, maybe it would gain some usage, but if an IM doesn’t work between 2 devices, which is its most basic job, and this continues over span of almost a decade, it’s just not something anyone but its developers can use.
I tried using Jami with a very technical friend. The android version kinda seemed to work, though a little glitchy. The desktop linux/windows version was complete garbage, completely unusable.
What’s that? GNU-Jami?
Very similar to Signal, but Libre software & has no phone-number requirement https://jami.net/
to answer your question - if you wanna eventually talk to normies. like cute boy/girl you meet at a bar or a business contact from a random meet. even Signal has dogshit penetration compared to the big players, so XMPP/Matrix/Briar/etc aren’t even a blip on the dradis.
also, you sorta sidestepped the UX. if you’re coming off the hyper-polished world of Telelgram and iMessage, all those things have dogshit UX. yes, you’ll eventually find your way around them but you have to be motivated to endure them ugly and slow and unrealiable apps (comparatively speaking); you got that shit covered, your contacts do not.
the situation is kinda like with The Linux Desktop - it’s competing with gargantuan corpos with unlimited resources, and to add to that the miniscule dev teams aren’t working together, they’re competing, pulling in different direction (Gnome, Plasma, Cinnamon, etc.) with duplicated efforts and tons of abandoned paths. can you imagine where we’d be if all that dev effort went towards one goal?
same thing with the messenger space, it’s doubtful any of them will become mainstream, but they have their uses.
Wrong, XMPP is the only option that actually lets you talk to baddies on their phone number without them downloading a new app just for you. Aside from some kind of tortured solution such as AirMessage/BlueBubbles involving buying a literal Macbook.
deleted by creator
I totally agree with you. But!
But Signal from what I’ve heard really wants us to use their server.
Signal doesn’t have their own servers. Instead, they rent servers from 4 companies, 3 of them is Google, Amazon, and Microsoft. So Signal is relying on Big Tech and if Big Tech decides that enough is enough, they can easily shut Signal down.
THAT is what I find most terrifying. And why not use their own server? Not enough money, but they are working on it (good).
And to make it a little bit worst: Signal depends on a third party company for sending out SMS. Your phone number is therefore handled by not Signal, but by yet another company, highly likey an American company. And they are against privacy invading companies at the same time they are one. Oh, the irony.
You want sources? Sure.
- https://signal.org/legal/ (below “Information we may share”)
- https://signal.org/blog/signal-is-expensive/
Don’t get me wrong, I absolutely love the idea of Signal. But there is flaws that makes Signal more privacy invading than privacy friendly.
Nobody would host a worldwide instant messaging (including a lot of data such as video) on its own servers. That would be incredibly costly and inefficient. Designing for E2E (nothing critical happening on the server) is the way to go.
That’s the part that makes me nervous. If I get a bunch of people locked on Signal, then they take away services or change how they run the servers, then it would be a hassle to move people to a completely new interface.
