That was the time when all the apps were standard XMPP. It didn't have proper encryption back then.
WhatsApp is still XMPP nowadays, but excluding federation and non-standard implementation on Meta servers and so on
Sure, but now you show me all the clients that supported OTR back then 😜 - or now, for that
matter. Besides, OTR doesn't work in multi user chats. OMEMO does, and support for it is still not exactly widespread...
Most popular clients supported OTR back then.... Pidgin, Gajim, Adium, bitlbee, Psi, you name it.
And that's at a time where absolutely no one did E2E, even SSL wasn't a given.
Yes OTR* doesn't do group chat, but now you're just moving the goalpost.
*There has been a proposal in the works for years and years, but OMEMO stole a lot of it's traction, and the last nail in the coffin was the arrest of Ola Bini in Ecuador as he was one of the main contributors.
You seem to not get that OMEMO is directly based on OTR.
It also powers the communications / presence on many gaming avenues as well like Fortnite, League of Legends, & whatever Nintendo is using for notifications + online status (assuredly a lot more games).
XMPP is old, stable, & massively scalable for industrial applications -- while maintaining decentralization + efficiency & allowing for extensibility like OMEMO encryption which is covering most folk’s chat use cases. Since the XMPP foundation don’t put budget into marketing & hype, a lot of folks weirdly assume it’s dead or not being used. It’s strange to me how folks seem more interested in RCS & Matrix despite their histories/ownership/flaws rather than embracing what is already good.
We can start it up again. Time to nudge in the next Lemmy AMA to allow XMPP addresses alongside Matrix. You’d be surprised how little things like that can nudge adoption & pique curiosity.
Yeah, XMPP is great and all, but the client side is a big old mess, everything is full of friction and missing support for feature xyz.
Have you tried using XMPP on iOS?
Conversations compliance test has brought most clients into an acceptable base to where most basic chat/audio/video needs are met, so if you are comparing older legacy clients then the experience will be different. The XEP system means everything is optional & can be pitched by making a spec & seeing who uptakes the idea. It also means the bar to create your own server is absoluetly minimal since everything is an extension which means you could build one in a weekend which is great for those learning to code since the barrier to entry is extremely low if Conversations isn’t the goal.
IDGAF about Apple since you have to have a wad just to publish an application on their proprietary store & the EU didn’t do a good enough job so it’s expensive to open alternative stores like F-Droid while also being antagonistic towards sideloading as well as PWAs (not to mention needing to buy their overpriced hardware to build/release applications). Heck, you can’t even publish a GPL-or-similar-licensed app on their store. This is a giant slap in the face to free/ethical software developers & probably why the clients aren’t in a good state; if you aren’t trying to make money, why would you develop in an ecosystem that is entirely hostile for you to develop in?
I actually tried pidgin maybe 6 months ago just for kicks if it could handle whatsapp, signal and telegram, and whaddaya know, it could. It was ugly as hell, but it could be done.
For whatsapp, my experience with Pidgin was terrible. Stickers had to be downloaded as photos, group chats would only show up once someone sent a message, contacts would only show as the full international phone number, all existing chats were horizontal tabs, like a browser.
dude discord has been one of the worst experiences for voip in gaming IME. I started using mumble SOLELY because discord was actually just disappointing. Though tbf maybe if i paid out the ass for nitro it's better? I ain't paying for that though.
Though yeah, for messaging, it's dogshit, It's a mess.
I really wanted to keep faith in it after the ui overhaul recently - VoIP performance was SO much better on Xbox, latency specifically. But good GOD the mobile app is just a pile of garbage nowdays. I have so many friends stuck on that platform, I still end up sharing links there to Lemmy memes and like 60% of the time when I share to the app it permenantly sticks on the splash screen??? 🙄 notifications are fucked these days too, myself & my friend group regularly miss messages entirely, even with direct @ mentions?!
Worse, I dropped a crap review and complained that function has dropped horribly since the update and the devs INSTANTLY replied like "Have you tried pretending you're a beta tester for us? Do you mind doing a buncha troubleshooting you definitely haven't already done?" (They wanted me to reinstall the app... Smh)
Anyway - fuck discord. I'm planning to shift to Revolt, but if anyone has better suggestions I'd be happy to try some!
im genuinely surprised discord even tries testing things on the two test branches they have. Yes, you heard me correctly, they have TWO separate testing branches. Bugs literally should not exist on the stable branch.
also when it comes to voip, i've enjoyed mumble, it's pretty solid, minimal, configurable (highly integrated into games already, it's old af though so maybe not new games) and works pretty well. Revolt seems alright, but it's plagued with bugs, and weird issues, plus it's self hosting is just, jank.
We could use a self hosted discord replacement tbh.
The comment implies Signal is peak chat when it’s flawed & other than maybe onboarding, isn’t superior to alternatives—with the phone number being a pro for onboarding is a con for privacy. It still requires you have an Android or iOS primary device (fueling that duopoly). They don’t want you installing it from a safer space like F-Droid. They still by default send notification metadata to Google & Apple (websocket support exists but drains a fair amount of battery & they refuse to support UnifiedPush). They still ship/use Apple emoji on Android & Linux. It’s still a centralized system you can’t self-host. They still have that missing part of the source code (where I would assume the feds planted something). It still isn’t a good space large chats. And the Electron desktop apps are far too bloated.
And the Electron desktop apps are far too bloated.
No argument. Electron is categorically silly in its own right, lol.
They don’t want you installing it from a safer space like F-Droid.
F-Droid is by no means safe; use Droidify.
They still by default send notification metadata to Google & Apple (websocket support exists but drains a fair amount of battery & they refuse to support UnifiedPush).
Easy: use the FOSS version of Molly instead of the default Signal app.
It's also worth mentioning that part three of that series ended up directly inspiring another project called Obtanium, which he then did a video on here:
RCS is an open standard. However, on Android you can only use it with Google chat. So android stops any other apps from using it. Nothing to stop you making your own phone from scratch and adopting it.
Samsung messages app also supports RCS, depending on your carrier, though? It's super fucking buggy and frequently switches back to sms so I still switched to Google messages, but it does technically have it.
Spoken like a real android user. All my iPhone friends (and especially family) refuse to download any other app, they just complain that I physically can't download iChat.
Yeah, fair. It can't delete your messages to the extent a centralized system, and that's an indication of the lack of centralized control? It's a different threat model I think many find satisfying (though perhaps not most).
in other words, devices don't delete megolm keys after they've been used to decrypt history (which is why you can back them up and share them with your other devices in order to ensure that all your devices can read your history).
Still I could only find:
Your username is stored indefinitely to avoid account recycling.
Same for telegram. Most other messagers store only joins.
They don't control other homeservers. You never know if there is some homeserver/instance that stores everything in Matrix/Mastodon/Lemmy/PeerTube/Pleroma/whatever-else. Still I could only find:
Your username is stored indefinitely to avoid account recycling.
EDIT:
We will forget your copy of your data upon your request. We will also forward your request to be forgotten onto federated homeservers. However - these homeservers are outside our span of control, so we cannot guarantee they will forget your data.
Meanwhile Matrix was built & funded by Israeli Intelligence (to which I’m sure there are anonymous donors today). It’s expensive replication model means only those with the deepest of pockets can run a server leading many to flock to the mother instance of Matrix.org centralizing, replicating the data to a single node (being decentralized in theory, not so much is practice). It’s funny to see them call out Signal, but luckily there are private, free alternatives to both.
Huh, would it be possible to provide a source? I might be bad at searching, I'm not finding anything...
EDIT: Ok I found one with some search operators. I can provide links, most were less trustworthy, I'd reserve judgement.
An organization which was initially responsible for Matrix, AMDOCS, is allegedly (I say allegedly since I didn't confirm it to a reasonable extent) an organization based in Israel which appears to have products related to surveillance
By association, Matrix is tainted, perhaps it has sophisticated backdoors along with the other myriad of issues mentioned by other commenters
To give an alternative explanation with plausible hypotheses
An organization linked to intelligence surveillance, created and discarded software, which occurs with most software, and I would imagine occurs with software developed at an organization linked with surveillance as well (if it's publicly funded, i.e. by a government, I'd lean into this)
Though suspect in origin, the amount of time the software has been independent, and with its open codebase, means any backdoors or other nefarious artifacts can be reasonably said not to exist
An organization linked to an intelligence agency would perhaps be the one to expect to have a secure messaging platform, one could imagine said organization would develop a solution in-house as even with software audits, they may not be certain of any external software which may itself be compromised by an antagonist or have vulnerabilities which they could not control
Some food for thought. I'm not one to jump to conclusions, I think claims require proportional evidence, and obviously my judgement isn't the same as a security researcher or clandestine operator, so settling on what 'appears' to be true without proper investigation isn't something I do.
I don't have time to respond to everything, so I'll just respond to the first one- which is that it's tankie copium. I don't deny the Signal Foundation might be taking money from government groups- I believe it is. But looking at the groups its pretty clear what it is, Radio Free Asia, as in the Asia branch of Radio Free Europe. Aka, their goal is to make people living in US adversaries rebel. The US does not censor private communication, it would be very quickly found out if I sent a text to my friend and they couldn't receive it, or I was sent to jail for the content of that speech.(That's not to say its not spied on though.) However, in many(most?) US adversaries there is active censorship of opposition communication, the US generally(although not always) supports the opposition by nature of them being the opposition- this is why(if you believe the narrative that everything is a cabal of the powerful) US tech companies supported the Arab Spring. This is why Radio Free Europe broadcast in support of Dubček and the Prague Spring, why they also supported the 1956 Hungarian Revolution. All that is just to say the US can follow the narrative of being 100% power seeking while still supporting open communication platforms. (After all, the US government also either directly created or contributed to SHA-2, Tor, and Ghidra too) And, Signal is open source, read the code and network traffic yourself, they won't remove encryption for US allies.
That doesn't mean they're immune to criticism, they may be able to explain it, but I personally probably wouldn't donate to an organization that has the money to pay part time developers $450,000 according to their Form 990, but its not my money so not my place to judge how its spent.
The part about "not reading private messages" I think is mistaken, or rather, maybe amiss. I mean I don't have evidence, so this is all conjecture. The sophistication of data surveillance and data gathering makes the content of the message rather meaningless in my view.
EDIT: Oh, I don't think any adversaries of US, even if working together, make any meaningful threat towards it. It's really hard to imagine, esp. considering the US has a bunch of successful coups & stuff under their belt.
I wasn't saying the US doesn't spy on private messages, I was saying Signal is open source so it would be hard to hide a back door. So I don't see how any other E2E encrypted messages could be more secret then Signal. I guess obfuscating the messaging servers.
The sophistication of data surveillance and data gathering makes the content of the message rather meaningless in my view.
That's a fair point but I don't know if there's any other good solution to that.
yeah i'm rethinking some stuff too, even in some utopia i think some information related to me might make life inconvenient, so the best way to protect that (e.g. not disclosing it digitally) maybe needs outta the box solutions.
related, does anyone even bother to look at physical mail for stuff? like if i put a cipher in a letter with no return address, using that pen ink that you can erase (which comes back if you put it in a freezer) and only i and my contact have the key to the cipher which we exchanged in-person; could anyone reasonably know it?
it seems digital stuff might be a carrot for surveillance people, maybe it can be made into a honeypot and physical or analog means can make a return.
I think finding novel ways to communicate with a specific person and not be monitored is easy. The difficulty is opening a new line of communication on an already monitored one, communicating to new people, and one of those new people not blabbing.
After all, if you play on a private Minecraft server and spell out text with dirt blocks, I don't think anyone's going to bother writing code to analyze your Minecraft network traffic.
Take Signal to Matrix for example. They use different encryption protocols, which means a message sent from one end has to be decrypted, and then re-encrypted with the protocol of the recipient before they can actually receive it.
So basically, your encryption is not very e2e anymore, and the fact that someone can set this up, effectively giving encryption keys to a third party without their contacts being able to do anything about it is pretty fucked.
Oh, and different TOS between different services also come into play.
So if you do this, at least tell your contacts about it, so they can make an informed decision about whether or not that's okay for them.
I bet none of my contacts made an informed decision about which chat app they are using. I don't think that this really bothers one of them. Most of them do not know, what the difference between Insta-pms and Whatsapp even is, as far as security and privacy are concerned. And from my point of view I don't know it detailed enough too. Making an informed decision about a closed source software and as a non technical person is not as easy as you may think. At least from my point of view.
Libpurple had constant breakage due to proprietary apps having no incentive to keep their protocols stable. A lot of it worked easier then since no one was using e2ee either. Newer gateways exist in the space but it’s a real shame since for a brief time the earlier 2010s, most chat applications were using the same protocol—until they realized it’s harder to capture profits when the garden walls are lowered.
A lot of people around me are genuinely confused when your email is not [email protected], as they mostly just use it for confirming logins. That's how bad the situation is.
I recently started using a + in my email address to make use-specific aliases, so I can more easily filter content from them or see if they're leaking my email.
I signed up for a rewards program in person the other day and the strange look I got:
Random hot take, I'm at least grateful that my wife and I use an app that none of our friends use. Removes the "oh shit did I send that to the wrong person" panic.
You mean text editing after sending? I would definitely not consider that a "basic" feature - we are talking about E2EE here, editing a message that you already encrypted locally and then sent on its way is by no means trivial - especially with the kind of E2EE that we have nowadays.
It actually is super easy, barely an inconvenience. When you edit an E2E encrypted message, your client simply sends another E2E encrypted message telling your contact what to replace your previous message with.
I really miss how windows phone allowed other chat services to plug in to it, so that you could have a single chat app for all your contacts, but open the individual apps for advanced features.
And if you have two phone numbers which you want to use for WhatsApp then you need to clone the damn app because they can't even make such basic functionality
I literally had to bring all my group kicking and screaming onto discord literally within the year it launched. Same story, non stop bitching about Skype but all of a sudden nobody wanted to try discord. I straight up had to send a message to all of them saying I'm uninstalling and dropping my discord link if they wanted to play. Over the course of a month they all switched over, couldn't be happier.
Somebody please tell me what's wrong with just texting? Why did half the world decide MMS needed to be replaced with a proprietary app? It works, everyone has it and there's no confusion. Unless you are concerned about privacy or something, why not just text?
Edit: MMS not SMS. I didn't understand the difference.
SMS doesn't handle pictures, videos, gifs, reactions, or group conversations. Things I use all the time. MMS handles some of that, but implementation varies greatly by carrier and device. If you want consistency of that functionality, you have to go with an app. Apple and Google have created replacements for SMS and MMS that could be the next version of "texting" but Apple refuses to let anyone else use theirs (iMessage) and Google has only half opened up theirs (RCS), so those don't really fix much.
(I guess I don't know the difference between SMS and MMS.)
I must be using MMS for texting. All of those features work for me and anyone I text with. The only issue I've ever had is imessage compressing videos to and from my android.
It's unencrypted and we know with certainly that the messages are stored by federal agencies and cell carriers. It also requires giving out one's phone number which may be undesirable in some situations
If you have friends in another country, it might cost a quarter every time you send a message.
In regions of the world (e.g. Europe, and a lot of Asia) where some countries are the size of a large city (or perhaps the entire country is one city), that's a problem. You'd be sending international texts all day every day.
Why did half the world decide SMS needed to be replaced with a proprietary app
SMS is even worse in terms of openness. You won't find a modem that runs open source baseband firmware. It's because the radios are subject to several regulations which means customers can't be able to modify that firmware.
Wait until everyone and their dogs gets back to MMS...
You know how expensive they were during the upcoming of WhatsApp? Germany paid 0,80€ (at the time. Though the price is probably not much different during the early iPhone/Android 2.3 times) per picture. Compare that to the amount of stuff sent today and at the time you will probably pay 5€ per day just to get some things across.
It's ironic that Europe adopted SMS years before we did in America because texting was absurdly expensive here. I remember paying $0.25/SMS back in 2003 or so (it dropped to a comparable bargain of $0.10/SMS after you sent 20 messages in a month), plus we had to pay to both send and receive them. I remember having to pay my parents $20/mo extra just to have unlimited SMS/MMS on my line only a couple years later once I was old enough to get a job.
I'm surprised that Europe kept up per message charges for MMS so long, they were basically always billed at the same rate as SMS here.
It's just that almost every phone plan includes sms (dunno about mms) nowadays. So it's a no brainer and those that are getting pre paid sims probably only need it for calling anyways.
MMS doesn't have much bandwidth available and it'll just compress instead of failing to send, so even android to android if you send a long enough HD video the recipient will get compressed garbage. Then, of course, there's the fact any videos sent over MMS from android to an iPhone(and vice versa iirc) becomes compressed garbage no matter how long or HD the video was, but that's more Apple's fault than MMS directly.
Imma be honest, half my communication involves emojis on discord. Jeb with his arms up is part of my personality now and I won't apologize. When I started seeing someone a few weeks ago I had to explain that he's missing out on half of my personality by texting. I substitute by jebbing in person but it's just not the same 😔
because cellular providers are actually criminals.
Also sms (and mms, whatever the fuck else exists, it's all terrible, shits all packets flowing through the internet, it's the same shit) sucks, and is bad, and you shouldnt use it.
The average person just has no idea about RCS or protocols in general and are incidental adopters of it just like SMS. Sometimes these nerd debates about platforms and protocols emphasize technology features over actually connecting with people or doing something productive on said technology.
I'm a nerd. I know vaguely what RCS is because I had a discussion in 2019 with a friend about it. Do I have it? Do I use it? I have no idea. Is it an app or just a protocol that happens behind the scenes? I would assume the latter. My phone's a few years old, isn't everyone's? Probably that means I don't have it. No way to tell and I'm not going to bother trying to find out.
So.... proprietary data collecting thing owned by Google, service that requires phone number to sign up, or service that does not even pretend to be E2EE and (worse) routes chat traffic through multiple potentially-adversary-controlled servers on its way to you?
Most of my friends use Signal. Honestly hadn't heard of RCS till now. Either my phone only supports SMS or I'm too technologically incompetent to enable RCS.
Matrix with bridges can help consolidate them. Some managed versions exist like Beeper and Element. Been slowly moving to that. Will eventually self host.
Yeah... This 1000 times... It DOES bother me to install all that shit. What doesn't bother me? Installing a bridge on Matrix and having everything in one place. Hell I've even started adding matrix to my linux scripts. I get notifications about script status in dedicated spaces on my single chat window.
I'm literally SMS away from doing 100% of the chat clients I use for personal usage... And seriously debating on bridging teams for work usage.
I've even gotten my wife onboard. That, to me, speaks about how frustrated normal people are with having many different apps as well.
One of the aspects that is glossed over in this doc however is the networking parts. There are many ways to setup your DNS, certificates, and ingress depending on how/where you are hosting the container.
I use telegram mostly because it have great features and its certainly better than any meta apps in privacy and private enough imo. It was easy to get my friends and family on telegram because they loved those features, signal is just... boring.
Sure, but we have to consider what other people wants too, and if they are getting alot of feature in a single app without any big compromise, they would prefer that and thats perfectly logical.
From my experience of getting other people on Signal, the main issue is that not everyone is already on it. People generally want to use only one app and it attracts them to the most popular one because they don't need to switch as much.
Secondary issues are:
No automatic phone transfer (no cloud backups, has to be done manually)
No large public channels
I might add another one, but it applies to WhatsApp too - it's crazy that there's still no easy way to move between iOS and Android...
OTOH telegram gives you option to export your whatsapp chats there making migration a bit more convenient.
For the last point, yeah it sucks a lot and fuck whoever is responsible for that...
I don't like whatsapp either but my claim still holds. e2ee by default for all chats is arguably more privacy respecting than opt-in e2ee for 1-1 chats only. and what metadata exactly does telegram encrypt but whatsapp does not?
It's fun though. I'm glad they keep an eye on this stuff because I don't and someone definitely should. But it really is just a hobby. It's fun how serious they take it. Super serious hobby lol. Love them to death though. Greatful too!
Which funnily enough, has bridges to Signal, Whatsapp, Discord, Telegram and some more, meaning you wouldn't have to have as many other clients installed to chat with contacts on those platforms
I remember looking into that a while ago, but it's not like I can just instantly hook up my WhatsApp or Telegram account into that, right? I'd need a server to act as a bridge.
And I wouldn't be so keen on giving that kind of access to a random server.
Yes your Matrix homeserver does have to run the bridges.
So I agree with you - you have to somewhat trust the admins of your Homeserver, or host your own homeserver and bridges. But I understand that the latter is not for everyone.
Although official tg bridges are meh: they have trouble with sending/receiving pics and loose messages from time to time. Plus those work for chats only (AFAIK)
Wait a moment it is actually march. How about the DSA against Gatekeepers from the EU? I thought we are all able to communicate to every messenger from the messenger we chose.
Gatekeepers like WhatsApp need to open their platform, but the other app developers need to attach to those provided connections. And so far Signal and Threema already announced that they will not use the opportunity.
Element is okay, but I really wish Matrix had better clients on iOS. If Cinny put out an iOS app or got the web app working better on mobile, I’d be way more willing to start using Matrix more.
Hahaha, SimpleX on Android is fine, the Desktop client is kinda incompatible with anything (no flatpak, the ubuntu version is kinda broken, no repo, their sync requires a random firewall port to be open)
Security is a compromise between convenience and safety.
However, simply using flatpaks isn't inherently more secure than using a binary or compiling from source. But it can make it easier to be secure for people that don't want to manage their own sandboxes.
It's also easier for devs so they only have to make one version of their app which in theory should work on all systems. But in practice I find it doesn't always work that way
This hurts me so much: it's why I revert to text messaging because everyone has a phone number. The only downside is that you can't add/remove numbers to existing groups, so it can get out of hand quickly with the number of group chats.
WhatsApp is also owned by meta, so out of the 7 options, 3 of them are owned by the same company and yet continue to lack support for interoperability.
Wait you guys use Signal? Idk a single Canadian that uses it we all use Discord, WhatsApp, Facebook Messenger, Instagram, Telegram, WeChat, and Snapchat depending on the person. The reason why I put WeChat there because I had to use it in university because at the time we had a lot of Chinese international students so had no choice
It sounds like your problem is with the way providers handle email and not email itself. Email is actually a really nice protocol. It’s got so much fault tolerance built into it. I could take my servers down for 24 hours, and none of my customers would miss an email.
Yes, there is definitely a spam problem, but overzealous spam filters are not the fault of email, they are the fault of email providers.
As much as I hate Gmail, at least they are pushing for everyone being required to use SPF and DKIM. That alone will eliminate a huge portion of the spam problem.
Also, email isn’t the only protocol with a spam problem. I get so many spam messages on SMS, Facebook (back when I used it), Telegram, etc. Basically anything that allows someone to send a message without two-party consent first (like scanning each other’s QR codes) is going to have a spam problem if it’s popular enough.
It sounds like your problem is with the way providers handle email and not email itself.
No. Providers handle mail this way because they have no choice to do so.
You are stuck between two major Issues.
On one hand you can have your anti-spam very lenient and receive pretty much everything. But if you do you will get more phishing and malware ridden mails. So the users will be exposed to one of the most dangerous vector of infection.
On the other hand you can have a super aggressive spam filter but some mail will be dropped. Whether an email notifications or the contract of the year for a business. It's no matter. It might never be delivered.
And since we have to block millions of spam mail everyday we have to block them silently because if you respond to certain malicious SMTP server online they will just spam you.
In reality businesses are used to email so that's what is commonly used.
But it's far too unreliable to communicate with clients of that business. You can't just have an important contract sent as an attachment by mail with some chance that it will be silently dropped at some point.
The simple fact that you can send an information to someone by email and it might be silently dropped without you ever being aware of it should IMO have led to the conclusion that it should never be used for anything remotely critical.
If it's important it shouldn't be an email. The reality is millions of dollars worth of business conducted solely through email conversations. And also a very lucrative business of spam.
Even businesses are often spammers or as they may call it "gray mail".
No email providers will guarantee you a 0% fault spam filtering.
Not Gmail either.
As much as I hate Gmail, at least they are pushing for everyone being required to use SPF and DKIM. That alone will eliminate a huge portion of the spam problem.
It's a good thing Gmail does that but it helps only their users right now (since February's changes). If your business communicates with thousands of small domains on small providers it will take another decade for every SMTP server to fix their s***. And even then there will still be spam.
What's the difference between a spammer going through all the hoops of creating a mail domain and a new business ?
Not much. Both mynewlegitEmailDomain.com and SpammerWho UnderstandsDNS.com are essentially the same for a spam filter.
They both would have "legit DNS records" but would both have trouble sending mail to Gmail at first.
Because Gmail cannot know if you are a spammer that setup a new disposable domain or a serious actor in email that just wants to communicate with you.
Truthfully Email is a terrible protocol that cannot be fixed with yet another layer of duct tape. You will never have any guarantee your mail is delivered. There is plenty of communication systems that's will tell you it's delivered or not.
Again, your problem is with the way providers handle email. It would be perfectly possible to deny email that’s flagged as spam, then the sender would get a bounce notification. “Dropping them silently” (which actually means accepting them and delivering them to a spam folder in this context) is a choice that providers make. It’s already general practice to deny email from an IP address that’s been blocklisted.
Also, spammers aren’t going to spend the money to buy and set up domains if each one is blocklisted before it makes a profit. My own email service will mark something as spam if it fails FCrDNS, SPF, and DKIM. Gmail went one step further and doesn’t even consider FCrDNS.
And again, any communication method will have a spam problem if it is popular enough and it allows non-two party consent messaging. Email’s popularity is the reason it has a spam problem, not its protocol design. And any distributed system cannot guarantee delivery. If my server tells your server it’s delivered, you just have to trust it, no matter what protocol you’re using.
By dropping silently I meant really litteraly. If you answer to SMTP commands, you are not silent. You essentially say a spammer server that you are a valid target and that they can go on.
It's not even a question if spammer buy domains to spam.
It's well known and the reason why commercial products provides a feature to filter too fresh domains.
There are procedures to "warm-up" an IP if you are a large provider and if you don't do it and attempt to send a lot of mails to Gmail this will not work. It's not just about DNS records. You could have donne everything perfectly DNS wise and still be blocked by Gmail servers.
You should take a look at the requirements of Gmail for large providers. As far as I recall Gmail does check FcrDNS since last month. On top of more requirements for authentication.
Still you can't just buy an IP, a server, set MX, SPF, DKIM, DMARC, ARC?, FcrDNS and expect large amounts of mail to go through right away.
And again, any communication method will have a spam problem
The major issue here is that anybody can send any email to whoever. Most communication apps won't let you do that certainly not like emails.
You can't open WhatsApp and start spamming the whole world.
You basically can only do that with phone calls and emails ?
So no, SMTP/IMF has rotten foundations. No matter how many (optional) protocol you add on top, it will always be such an hassle to maintain and there will be always people who can't afford that much effort.
Small businesses having to set that up just to reach Gmail is a big problem that they usually externalize with Outlook365 and so on.
Again, Gmail calls the shots because they are the leader. But on paper my fully unauthenticated mail from Barack.obama is perfectly RFC compliant and legit. These protocols that are essential are optional at the end of the day. They became virtually mandatory because of the spam issue and Gmail pushing in the (right) direction because they have leverage.
I don’t see your issue with dropping a connection before issuing any SMTP commands. Your problem is with not being able to determine delivery status, right? If your server never even gets to send the message, then you know with 100% certainty that the message wasn’t delivered. And if it’s denied, you know with near certainty that it wasn’t delivered. (I don’t know of any servers that will issue a hard deny after receiving the message and then still deliver it, but that’s technically possible.)
I have read Gmail’s requirements, and I’m familiar with IP reputation. I didn’t mean that they don’t check FCrDNS, I meant that only having that is not enough. They now require both SPF and DKIM. Whereas my service will still accept your messages and not automatically mark them as spam if you only pass FCrDNS.
Generally if you’re getting your emails denied right off the bat, it’s because your IP or the block your IP comes from already has a bad reputation (basically any IP a cloud provider will give you). But yeah, you don’t want to spin up a server on a brand new IP and start firing off 10,000 emails a day, just like you said you don’t want to fire off 10,000 messages a day on WhatsApp. That’s a bad idea for any platform.
WhatsApp is not distributed, nor is it an open protocol, so that’s right out. It will never be the standard.
Gmail only calls the shots for Gmail users. If you never interact with Gmail users, you don’t have to obey any of their requirements. Like imagine a system that you’ve set up to receive notification emails from your own servers. You don’t have to obey anyone’s rules.
Your spoof mail may be perfectly valid for the base ESMTP spec, but there is not one single email provider on the planet that only considers that spec. Email isn’t just one spec. It’s a system that’s made of many specs and common practices, some required, some de facto required, and some optional.
People really need to consider the pedigree of the guy who created this company and how willing he is to walk away from a company when it becomes unprofitable. Eric Migicovsky sold Pebble when it became unprofitable, promised that people would still have their jobs as devs, and at the last minute, the sale didn't include their jobs, so everyone was left fucked out of luck and with no job. Also, the fact that he has zero long term plans for how to keep fighting Apple for iMessage access after he used a teenagers reverse-engineered code to make a standalone Beeper iMessage app which Apple promptly broke after only days. If that's as far ahead as he was able to "plan" in regards to that, it speaks to his weakness on having a long-term business plan. Lack of realistic long-term business plan coupled with how badly he fucked over the developers when he bounced from Pebble screams "Don't trust this."
Yes... because you have to trust that person/company. Which you implicitly should not... especially since they're already shown themselves to be untrustworthy in their previous endeavors.
Yeah, there was a nice period when Pidgin could easily handle all the chats. Then providers siloed their apps 🫤
That was the time when all the apps were standard XMPP. It didn't have proper encryption back then. WhatsApp is still XMPP nowadays, but excluding federation and non-standard implementation on Meta servers and so on
OTR predates all the commercial platforms adopting XMPP, so that's not exactly true.
Was OTR a protocol where the server had zero knowledge of the unencrypted content? Or was it basically like SSL?
OTR is E2E, it's the direct predecessor of OMEMO/Signal on which they are both based.
Sure, but now you show me all the clients that supported OTR back then 😜 - or now, for that matter. Besides, OTR doesn't work in multi user chats. OMEMO does, and support for it is still not exactly widespread...
Most popular clients supported OTR back then.... Pidgin, Gajim, Adium, bitlbee, Psi, you name it.
And that's at a time where absolutely no one did E2E, even SSL wasn't a given.
Yes OTR* doesn't do group chat, but now you're just moving the goalpost.
*There has been a proposal in the works for years and years, but OMEMO stole a lot of it's traction, and the last nail in the coffin was the arrest of Ola Bini in Ecuador as he was one of the main contributors.
You seem to not get that OMEMO is directly based on OTR.
Fun fact, iMessage is also XMPP based!
My brother in Christ do you know what fun means
Federated XMPP is fun yes, defederated XMPP is, indeed, not fun.
Also I'm no Christ's brother, thanks. Beelzebub maybe.
So is WhatsApp, Zoom, Jitsi
Had no idea about Zoom!
It's kind of crazy that all these services use it, and on the federated side of things, Signal killed it.
It also powers the communications / presence on many gaming avenues as well like Fortnite, League of Legends, & whatever Nintendo is using for notifications + online status (assuredly a lot more games).
XMPP is old, stable, & massively scalable for industrial applications -- while maintaining decentralization + efficiency & allowing for extensibility like OMEMO encryption which is covering most folk’s chat use cases. Since the XMPP foundation don’t put budget into marketing & hype, a lot of folks weirdly assume it’s dead or not being used. It’s strange to me how folks seem more interested in RCS & Matrix despite their histories/ownership/flaws rather than embracing what is already good.
Well said! I really miss having a huge roster on XMPP
We can start it up again. Time to nudge in the next Lemmy AMA to allow XMPP addresses alongside Matrix. You’d be surprised how little things like that can nudge adoption & pique curiosity.
Yeah, XMPP is great and all, but the client side is a big old mess, everything is full of friction and missing support for feature xyz. Have you tried using XMPP on iOS?
Conversations compliance test has brought most clients into an acceptable base to where most basic chat/audio/video needs are met, so if you are comparing older legacy clients then the experience will be different. The XEP system means everything is optional & can be pitched by making a spec & seeing who uptakes the idea. It also means the bar to create your own server is absoluetly minimal since everything is an extension which means you could build one in a weekend which is great for those learning to code since the barrier to entry is extremely low if Conversations isn’t the goal.
IDGAF about Apple since you have to have a wad just to publish an application on their proprietary store & the EU didn’t do a good enough job so it’s expensive to open alternative stores like F-Droid while also being antagonistic towards sideloading as well as PWAs (not to mention needing to buy their overpriced hardware to build/release applications). Heck, you can’t even publish a GPL-or-similar-licensed app on their store. This is a giant slap in the face to free/ethical software developers & probably why the clients aren’t in a good state; if you aren’t trying to make money, why would you develop in an ecosystem that is entirely hostile for you to develop in?
You can bridge to all of the apps in the image from Matrix
Or Slidge
I actually tried pidgin maybe 6 months ago just for kicks if it could handle whatsapp, signal and telegram, and whaddaya know, it could. It was ugly as hell, but it could be done.
For whatsapp, my experience with Pidgin was terrible. Stickers had to be downloaded as photos, group chats would only show up once someone sent a message, contacts would only show as the full international phone number, all existing chats were horizontal tabs, like a browser.
Yup indeed, it wasn't a pleasant experience. Self-hosting Matrix with all its bridges is kinda nice tho (although a bit lacking).
Just never interact with anyone. Christ, it's not that hard people! (This comment doesn't count.)
We're all bots. You still haven't interacted with a person.
Everyone on lemmy is a bot except for you.
Speak for yourself. I'm not a bot, I'm a cat walking across an unmonitored keyboard.
So you are a robotic cat, even better!
i really fucking hate discord.
Why does EVERYTHING have to be proprietary. Fucking capitalism.
Its pretty amazing for voice communication in gaming.
As a messenging app? Meh
i get much better call quality in telegram
dude discord has been one of the worst experiences for voip in gaming IME. I started using mumble SOLELY because discord was actually just disappointing. Though tbf maybe if i paid out the ass for nitro it's better? I ain't paying for that though.
Though yeah, for messaging, it's dogshit, It's a mess.
I don't get why people like it either. It's a mess of chats.
Gamers using it for gaming. In game Voice communication is trash
And that's fine, but why do gamers use it over any other VoIP option? And why the infinity chat channels over infinity servers?
Content creator branding, and "community"
I really wanted to keep faith in it after the ui overhaul recently - VoIP performance was SO much better on Xbox, latency specifically. But good GOD the mobile app is just a pile of garbage nowdays. I have so many friends stuck on that platform, I still end up sharing links there to Lemmy memes and like 60% of the time when I share to the app it permenantly sticks on the splash screen??? 🙄 notifications are fucked these days too, myself & my friend group regularly miss messages entirely, even with direct @ mentions?!
Worse, I dropped a crap review and complained that function has dropped horribly since the update and the devs INSTANTLY replied like "Have you tried pretending you're a beta tester for us? Do you mind doing a buncha troubleshooting you definitely haven't already done?" (They wanted me to reinstall the app... Smh)
Anyway - fuck discord. I'm planning to shift to Revolt, but if anyone has better suggestions I'd be happy to try some!
im genuinely surprised discord even tries testing things on the two test branches they have. Yes, you heard me correctly, they have TWO separate testing branches. Bugs literally should not exist on the stable branch.
also when it comes to voip, i've enjoyed mumble, it's pretty solid, minimal, configurable (highly integrated into games already, it's old af though so maybe not new games) and works pretty well. Revolt seems alright, but it's plagued with bugs, and weird issues, plus it's self hosting is just, jank.
We could use a self hosted discord replacement tbh.
Reject Discord, go back to Teamspeak
i would fuck with ts if they would release ts5 and have an actual feature release, until then mumble it is. Shit slaps, and is minimal.
Don’t like it - don’t use it. It’s a free (capitalist) country.
that's the cool thing, i dont, but you know who does? You, and you know how i would need to contact you? Through discord! Uh oh!
I don’t use discord
damn didn't know you weren't all of my other friends.
I think they wanted to be, they were advertising themselves!
Friends don't make friends install chat apps (besides Signal)
Not sure why you were downvoted. I've successfully made most of my friends, and my mom for that matter, talk to me on Signal.
The comment implies Signal is peak chat when it’s flawed & other than maybe onboarding, isn’t superior to alternatives—with the phone number being a pro for onboarding is a con for privacy. It still requires you have an Android or iOS primary device (fueling that duopoly). They don’t want you installing it from a safer space like F-Droid. They still by default send notification metadata to Google & Apple (websocket support exists but drains a fair amount of battery & they refuse to support UnifiedPush). They still ship/use Apple emoji on Android & Linux. It’s still a centralized system you can’t self-host. They still have that missing part of the source code (where I would assume the feds planted something). It still isn’t a good space large chats. And the Electron desktop apps are far too bloated.
No argument. Electron is categorically silly in its own right, lol.
F-Droid is by no means safe; use Droidify.
Easy: use the FOSS version of Molly instead of the default Signal app.
Hi, could you touch on why F-Droid is less safe? Is it because they package (I think that's the term?) stuff themselves?
Certainly.
To answer your question: yeah, pretty much.
I got all of this information, originally, through this guy's channel (Side Of Burritos on YouTube):
It's also worth mentioning that part three of that series ended up directly inspiring another project called Obtanium, which he then did a video on here:
https://www.youtube.com/watch?v=JiN37bn0OE8
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=IzpVI4zaso0
https://www.piped.video/watch?v=lAbgeJau3eE
https://www.piped.video/watch?v=FFz57zNR_M0
https://www.piped.video/watch?v=JiN37bn0OE8
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
Signal is the best, but no way I'm going to be able to get my wife, my friends, my parents and in-laws to use it.
Have you considered emotional blackmail?
No, I haven't reached that point yet.
Can't even get your wife on it? Damn..
I have 3/7 and I hate it. I wish signal never removed the ability to function as sms
Even if it did, it didn't support rcs
That's because Google is gatekeeping the android API for RCS
Wait, I thought Google wanted Apple to start supporting RCS. So that everyone can talk to each other.
So Google is just...trying to strong arm apple to give up their proprietary protocol for their own?
That's so fucked up.
RCS is an open standard. However, on Android you can only use it with Google chat. So android stops any other apps from using it. Nothing to stop you making your own phone from scratch and adopting it.
It's incredibly stupid, I know.
Samsung messages app also supports RCS, depending on your carrier, though? It's super fucking buggy and frequently switches back to sms so I still switched to Google messages, but it does technically have it.
They only have it because they reached a deal with Google.
Yeah, it's mad.
4/7 here. I'm fine with it. Though sms should be included.
Wait, do you guys have friends?
Spoken like a real android user. All my iPhone friends (and especially family) refuse to download any other app, they just complain that I physically can't download iChat.
I use signal as well, might be worth looking into these two links to better manage expectations.
First here and second here.
Related post by Matrix here
Yeah, fair. It can't delete your messages to the extent a centralized system, and that's an indication of the lack of centralized control? It's a different threat model I think many find satisfying (though perhaps not most).
huh, yeah that's fair i did not actually notice that :/
EDIT:
Meanwhile Matrix was built & funded by Israeli Intelligence (to which I’m sure there are anonymous donors today). It’s expensive replication model means only those with the deepest of pockets can run a server leading many to flock to the mother instance of Matrix.org centralizing, replicating the data to a single node (being decentralized in theory, not so much is practice). It’s funny to see them call out Signal, but luckily there are private, free alternatives to both.
Huh, would it be possible to provide a source? I might be bad at searching, I'm not finding anything...
EDIT: Ok I found one with some search operators. I can provide links, most were less trustworthy, I'd reserve judgement.
To give an alternative explanation with plausible hypotheses
Some food for thought. I'm not one to jump to conclusions, I think claims require proportional evidence, and obviously my judgement isn't the same as a security researcher or clandestine operator, so settling on what 'appears' to be true without proper investigation isn't something I do.
Thanks for the info though!!
I don't have time to respond to everything, so I'll just respond to the first one- which is that it's tankie copium. I don't deny the Signal Foundation might be taking money from government groups- I believe it is. But looking at the groups its pretty clear what it is, Radio Free Asia, as in the Asia branch of Radio Free Europe. Aka, their goal is to make people living in US adversaries rebel. The US does not censor private communication, it would be very quickly found out if I sent a text to my friend and they couldn't receive it, or I was sent to jail for the content of that speech.(That's not to say its not spied on though.) However, in many(most?) US adversaries there is active censorship of opposition communication, the US generally(although not always) supports the opposition by nature of them being the opposition- this is why(if you believe the narrative that everything is a cabal of the powerful) US tech companies supported the Arab Spring. This is why Radio Free Europe broadcast in support of Dubček and the Prague Spring, why they also supported the 1956 Hungarian Revolution. All that is just to say the US can follow the narrative of being 100% power seeking while still supporting open communication platforms. (After all, the US government also either directly created or contributed to SHA-2, Tor, and Ghidra too) And, Signal is open source, read the code and network traffic yourself, they won't remove encryption for US allies.
That doesn't mean they're immune to criticism, they may be able to explain it, but I personally probably wouldn't donate to an organization that has the money to pay part time developers $450,000 according to their Form 990, but its not my money so not my place to judge how its spent.
I think most of your criticism makes sense.
The part about "not reading private messages" I think is mistaken, or rather, maybe amiss. I mean I don't have evidence, so this is all conjecture. The sophistication of data surveillance and data gathering makes the content of the message rather meaningless in my view.
EDIT: Oh, I don't think any adversaries of US, even if working together, make any meaningful threat towards it. It's really hard to imagine, esp. considering the US has a bunch of successful coups & stuff under their belt.
I wasn't saying the US doesn't spy on private messages, I was saying Signal is open source so it would be hard to hide a back door. So I don't see how any other E2E encrypted messages could be more secret then Signal. I guess obfuscating the messaging servers.
That's a fair point but I don't know if there's any other good solution to that.
yeah i'm rethinking some stuff too, even in some utopia i think some information related to me might make life inconvenient, so the best way to protect that (e.g. not disclosing it digitally) maybe needs outta the box solutions.
related, does anyone even bother to look at physical mail for stuff? like if i put a cipher in a letter with no return address, using that pen ink that you can erase (which comes back if you put it in a freezer) and only i and my contact have the key to the cipher which we exchanged in-person; could anyone reasonably know it?
it seems digital stuff might be a carrot for surveillance people, maybe it can be made into a honeypot and physical or analog means can make a return.
I think finding novel ways to communicate with a specific person and not be monitored is easy. The difficulty is opening a new line of communication on an already monitored one, communicating to new people, and one of those new people not blabbing.
After all, if you play on a private Minecraft server and spell out text with dirt blocks, I don't think anyone's going to bother writing code to analyze your Minecraft network traffic.
A chat app for every friend and a launcher for every game. We live in a utopia.
i installed steam and epiv cities skylines installed paradox and Xbox gamepass is probably pre-installed
Yeah yeah we got it you have multiple friends quit bragging about it now
Matrix and bridges
Only if you tell your contacts about it, and explain to them what a bridge does
Why?
Take Signal to Matrix for example. They use different encryption protocols, which means a message sent from one end has to be decrypted, and then re-encrypted with the protocol of the recipient before they can actually receive it.
So basically, your encryption is not very e2e anymore, and the fact that someone can set this up, effectively giving encryption keys to a third party without their contacts being able to do anything about it is pretty fucked.
Oh, and different TOS between different services also come into play.
So if you do this, at least tell your contacts about it, so they can make an informed decision about whether or not that's okay for them.
Just self host the bridges. I mean if you trust your phone more than your server, this won't help.
Do whatever you want, but again, make sure your contacts can make an informed decision about it.
I bet none of my contacts made an informed decision about which chat app they are using. I don't think that this really bothers one of them. Most of them do not know, what the difference between Insta-pms and Whatsapp even is, as far as security and privacy are concerned. And from my point of view I don't know it detailed enough too. Making an informed decision about a closed source software and as a non technical person is not as easy as you may think. At least from my point of view.
You're hitting the nail directly on the head.
Not knowing what's going on being a bad thing is precisely my whole point
If I own the bridge, nobody but me is accessing the message.
Yup, this is what I do.
XMPP & Gateways
I miss pidgin for the cross platform chat
Anyone remember trillian?
Libpurple had constant breakage due to proprietary apps having no incentive to keep their protocols stable. A lot of it worked easier then since no one was using e2ee either. Newer gateways exist in the space but it’s a real shame since for a brief time the earlier 2010s, most chat applications were using the same protocol—until they realized it’s harder to capture profits when the garden walls are lowered.
i miss when using the internet gave you ptsd because of the actual things that you saw, rather than the software that you were using.
I've only recently threatened to take my own life due to spam. Never thought that'd be my 13th reason.
gotta love the internet, only the best, for the worst, and the worst for the best.
Try Matrix bridges or Beeper
I miss pidgin so much. I tried to use it the other day with Discord and it was terrible. So God-awful.
i use c0nnect for the calyx xmpp/jabber instance
Remember E-Mail, everyone?
A lot of people around me are genuinely confused when your email is not
[email protected], as they mostly just use it for confirming logins. That's how bad the situation is.I recently started using a
+in my email address to make use-specific aliases, so I can more easily filter content from them or see if they're leaking my email.I signed up for a rewards program in person the other day and the strange look I got:
Like "you don't have an account but you have an email specifically for our business? Sus AF"
Having an untraditional gTLD like
.xyzmakes many confused as well, especially those not in IT.Damn I'm over here with like 4 emails
Personal / gaming, the professional one with my name, my collage one, and the new one I made to make it harder to dox me
Never heard of her.
Random hot take, I'm at least grateful that my wife and I use an app that none of our friends use. Removes the "oh shit did I send that to the wrong person" panic.
We need a new Trillian or Adium. Fucking anti-interop gatekeepers.
Omg trillian immediately reminds me of ICQ and MSN Messenger
...Have they ever explained why?
Literally me.. I've 5/7 of these installed and even have Threema in addition. I don't need more than one Meta Inc product in my life though
I like Threema a lot, but it lacks basic features such as text editing, so I can't imagine recommending it to anyone.
How many contacts do you have in Threema though?
Only one that I actually talk to
You mean text editing after sending? I would definitely not consider that a "basic" feature - we are talking about E2EE here, editing a message that you already encrypted locally and then sent on its way is by no means trivial - especially with the kind of E2EE that we have nowadays.
It actually is super easy, barely an inconvenience. When you edit an E2E encrypted message, your client simply sends another E2E encrypted message telling your contact what to replace your previous message with.
I really miss how windows phone allowed other chat services to plug in to it, so that you could have a single chat app for all your contacts, but open the individual apps for advanced features.
Just stop using the spyware ones?
After posting I realized an exported PNG is the same size and looks much better. Enjoy.
You should be able to change the image after posting I think
Interesting. I found the option but despite editing the post and uploading the higher quality image, nothing seems to have changed.
And if you have two phone numbers which you want to use for WhatsApp then you need to clone the damn app because they can't even make such basic functionality
What kind of a take is this? What are you trying to say? "don't use messaging"? Amish take? Genuinely trying to understand
Are you even a true nerd if you have so many friends?
As long as those friends have strong and inflexible opinions about chat apps then yes.
if you won't talk to me except through insta then you're not worth being friends with just fucking text me like a normal ass human.
Am I too old that one of these should've been Skype?
I abandoned my chat to make a new one in Discord. Despite them complaining about Skype daily for years, suddenly they loved Skype.
Humans are silly. Either way, it's been Discord, Snapchat, and regular text for half a decade now.
I didn't known Skype still existed and i thought I was getting old.
Sorry dude.
/sad old man groans.
I literally had to bring all my group kicking and screaming onto discord literally within the year it launched. Same story, non stop bitching about Skype but all of a sudden nobody wanted to try discord. I straight up had to send a message to all of them saying I'm uninstalling and dropping my discord link if they wanted to play. Over the course of a month they all switched over, couldn't be happier.
Somebody please tell me what's wrong with just texting? Why did half the world decide MMS needed to be replaced with a proprietary app? It works, everyone has it and there's no confusion. Unless you are concerned about privacy or something, why not just text?
Edit: MMS not SMS. I didn't understand the difference.
SMS doesn't handle pictures, videos, gifs, reactions, or group conversations. Things I use all the time. MMS handles some of that, but implementation varies greatly by carrier and device. If you want consistency of that functionality, you have to go with an app. Apple and Google have created replacements for SMS and MMS that could be the next version of "texting" but Apple refuses to let anyone else use theirs (iMessage) and Google has only half opened up theirs (RCS), so those don't really fix much.
(I guess I don't know the difference between SMS and MMS.)
I must be using MMS for texting. All of those features work for me and anyone I text with. The only issue I've ever had is imessage compressing videos to and from my android.
I still don't get it
This article does a pretty good job differentiating SMS, MMS, RCS, and iMessages
It's unencrypted and we know with certainly that the messages are stored by federal agencies and cell carriers. It also requires giving out one's phone number which may be undesirable in some situations
If you have friends in another country, it might cost a quarter every time you send a message.
In regions of the world (e.g. Europe, and a lot of Asia) where some countries are the size of a large city (or perhaps the entire country is one city), that's a problem. You'd be sending international texts all day every day.
SMS is even worse in terms of openness. You won't find a modem that runs open source baseband firmware. It's because the radios are subject to several regulations which means customers can't be able to modify that firmware.
Wait until everyone and their dogs gets back to MMS...
You know how expensive they were during the upcoming of WhatsApp? Germany paid 0,80€ (at the time. Though the price is probably not much different during the early iPhone/Android 2.3 times) per picture. Compare that to the amount of stuff sent today and at the time you will probably pay 5€ per day just to get some things across.
Source: https://www.derstandard.at/story/1747665/deutschland-hohe-preise-fuer-mms-verderben-das-geschaeft
It's ironic that Europe adopted SMS years before we did in America because texting was absurdly expensive here. I remember paying $0.25/SMS back in 2003 or so (it dropped to a comparable bargain of $0.10/SMS after you sent 20 messages in a month), plus we had to pay to both send and receive them. I remember having to pay my parents $20/mo extra just to have unlimited SMS/MMS on my line only a couple years later once I was old enough to get a job.
I'm surprised that Europe kept up per message charges for MMS so long, they were basically always billed at the same rate as SMS here.
It's just that almost every phone plan includes sms (dunno about mms) nowadays. So it's a no brainer and those that are getting pre paid sims probably only need it for calling anyways.
MMS is still 0.37€ for me right now (SMS is free though). Completely unacceptable.
MMS doesn't have much bandwidth available and it'll just compress instead of failing to send, so even android to android if you send a long enough HD video the recipient will get compressed garbage. Then, of course, there's the fact any videos sent over MMS from android to an iPhone(and vice versa iirc) becomes compressed garbage no matter how long or HD the video was, but that's more Apple's fault than MMS directly.
Imma be honest, half my communication involves emojis on discord. Jeb with his arms up is part of my personality now and I won't apologize. When I started seeing someone a few weeks ago I had to explain that he's missing out on half of my personality by texting. I substitute by jebbing in person but it's just not the same 😔
(and yes, Jeb has become a verb)
JEB!
because cellular providers are actually criminals.
Also sms (and mms, whatever the fuck else exists, it's all terrible, shits all packets flowing through the internet, it's the same shit) sucks, and is bad, and you shouldnt use it.
I remember when WebOS had unified messaging. Those were the days. 👴
Don't make me cry. Android gets the job done but I miss WebOS so damn much
We can cry together.
Don't have friends. Problem solved.
And other countries don't understand why US users stick to txt/mms.... Its convenient and built into the phone so everyone has it.
Element has bridges to some of the services
Your options are RCS, Signal, or Lemmy mentions. Or losing contact with me I guess but I'm irresistible
"I only talk to other nerds" basically
Nah everyone has RCS these days except people with old phones and iPhones, and even the iPhones are going to be rcs compatible soon
The average person just has no idea about RCS or protocols in general and are incidental adopters of it just like SMS. Sometimes these nerd debates about platforms and protocols emphasize technology features over actually connecting with people or doing something productive on said technology.
I'm a nerd. I know vaguely what RCS is because I had a discussion in 2019 with a friend about it. Do I have it? Do I use it? I have no idea. Is it an app or just a protocol that happens behind the scenes? I would assume the latter. My phone's a few years old, isn't everyone's? Probably that means I don't have it. No way to tell and I'm not going to bother trying to find out.
I'm so much more technical than most people btw
What is RCS?
It's a messaging standard, it's pretty much SMS + Internet features. Developed like a decade ago and apple he been trying to dumpster it since then.
So.... proprietary data collecting thing owned by Google, service that requires phone number to sign up, or service that does not even pretend to be E2EE and (worse) routes chat traffic through multiple potentially-adversary-controlled servers on its way to you?
You know RCS is not proprietary, right
it might as well be with how much control google has over who gets to implement it and how
But like saying Android isn't proprietary.
Like yeah, technically true, but in reality everybody uses a proprietary version of it controlled by Google.
I wish. But I don't know a single person that uses any of those.
Most of my friends use Signal. Honestly hadn't heard of RCS till now. Either my phone only supports SMS or I'm too technologically incompetent to enable RCS.
Matrix with bridges can help consolidate them. Some managed versions exist like Beeper and Element. Been slowly moving to that. Will eventually self host.
Yeah... This 1000 times... It DOES bother me to install all that shit. What doesn't bother me? Installing a bridge on Matrix and having everything in one place. Hell I've even started adding matrix to my linux scripts. I get notifications about script status in dedicated spaces on my single chat window.
I'm literally SMS away from doing 100% of the chat clients I use for personal usage... And seriously debating on bridging teams for work usage.
I've even gotten my wife onboard. That, to me, speaks about how frustrated normal people are with having many different apps as well.
they are beasts to set up self host. I'm going to do it one day
Matrix via docker is pretty simple actually.
Took me like 30 mins to set it up exactly like I wanted on my kubernetes cluster.
oh yeah? can you point me to tutorials or examples? i tried the official github but got a little overwhelmed.
Would you like docs on just the docker component or a kubernetes centered doc?
docker please. i got overwhelmed with all the fields that need to be set up.
I have not tried it. But this doc seems to make sense and isn't very opinionated.
https://computingforgeeks.com/run-synapse-matrix-homeserver-in-docker-containers/
One of the aspects that is glossed over in this doc however is the networking parts. There are many ways to setup your DNS, certificates, and ingress depending on how/where you are hosting the container.
that's really good thank you!
Used a self hosted matrix with element for years now it's solid. Have a friend group who uses it for everything with dedicated channels etc.
I use telegram mostly because it have great features and its certainly better than any meta apps in privacy and private enough imo. It was easy to get my friends and family on telegram because they loved those features, signal is just... boring.
Wdym "boring", what do you want a messenger app to do? It does what it's there for and it does it well.
Sure, but we have to consider what other people wants too, and if they are getting alot of feature in a single app without any big compromise, they would prefer that and thats perfectly logical.
From my experience of getting other people on Signal, the main issue is that not everyone is already on it. People generally want to use only one app and it attracts them to the most popular one because they don't need to switch as much.
Secondary issues are:
I might add another one, but it applies to WhatsApp too - it's crazy that there's still no easy way to move between iOS and Android...
OTOH telegram gives you option to export your whatsapp chats there making migration a bit more convenient. For the last point, yeah it sucks a lot and fuck whoever is responsible for that...
Sometimes boring is better, sticking to the fundamentals. I didn't like when signal tried to mix crypto into it.
interestingly it's worse than whatsapp regarding privacy
and how? dont send me a decade old audit on the protocol which telegram abandoned around the same time.
chats are not e2e encrypted by default and group chats are never e2e encrypted. even whatsapp is e2ee for every chat.
They hated him, for he spoke the truth.
Telegram is more akin to Discord with secret chats, I wouldn't trust ZuCKs Whatsapp.
And how does being e2ee by default guarantee you are secure? whatsapp doesnt even encrypt metadata.
I don't like whatsapp either but my claim still holds. e2ee by default for all chats is arguably more privacy respecting than opt-in e2ee for 1-1 chats only. and what metadata exactly does telegram encrypt but whatsapp does not?
e2ee by default only for your data to be used when you back it up. Atleast there have been no data breaches reported in telegram so far
you can encrypt backups in whatsapp but we might agree on whatsapp and telegram being equally bad then
yes they hand it out voluntarily, search term: telegram german authorities
It's fun watching people argue about things I don't care about. Like, y'all haven't already abandoned your sense of privacy to this world? Lol
These nerds will debate platforms way more than use them productively.
It's fun though. I'm glad they keep an eye on this stuff because I don't and someone definitely should. But it really is just a hobby. It's fun how serious they take it. Super serious hobby lol. Love them to death though. Greatful too!
And yet no one was able to crack it.
it's not about cracking anything it's about the telegram owners being able to read your messages???
You can use E2E???? !!!!!
not in group chats and most people don't care about it for 1-1 chats as well.
You can just use Matrix with bridges
I have all of them. Plus linkedin. This is madness
Too much relatable
Beeper!
What is the middle one?
Element. It's a popular client for Matrix, which is a federated messaging platform (similar to lemmy and mastodon) with different instances.
Which funnily enough, has bridges to Signal, Whatsapp, Discord, Telegram and some more, meaning you wouldn't have to have as many other clients installed to chat with contacts on those platforms
I remember looking into that a while ago, but it's not like I can just instantly hook up my WhatsApp or Telegram account into that, right? I'd need a server to act as a bridge.
And I wouldn't be so keen on giving that kind of access to a random server.
Yes your Matrix homeserver does have to run the bridges. So I agree with you - you have to somewhat trust the admins of your Homeserver, or host your own homeserver and bridges. But I understand that the latter is not for everyone.
Although official tg bridges are meh: they have trouble with sending/receiving pics and loose messages from time to time. Plus those work for chats only (AFAIK)
Is it cross platform with other major messagers?
Not directly no... But there are bridges you can implement (or use on servers that already have it implemented) to connect to those other services.
Element.io apparently. I've never heard of it before
What's the app in the middle? Never seen that logo
Schildichat > Element
Yeah I'm using Schildi at the moment as well. Thought since it's a fork of Element, and most people recognize its logo, I featured it instead.
I have to try that again. Last one I tried it it had some issues.
KDE's NeoChat is pretty solid too
Wait a moment it is actually march. How about the DSA against Gatekeepers from the EU? I thought we are all able to communicate to every messenger from the messenger we chose.
Gatekeepers like WhatsApp need to open their platform, but the other app developers need to attach to those provided connections. And so far Signal and Threema already announced that they will not use the opportunity.
Am I the only one who agrees with this non ironically?
I like how my notifications are segregated by friend lol.
You're probably in the minority, but probably not the only one.
I only use two of these (signal/molly and discord/aliucord/webcord)
Edit: oo element is on there. I also use that lol.
Element is okay, but I really wish Matrix had better clients on iOS. If Cinny put out an iOS app or got the web app working better on mobile, I’d be way more willing to start using Matrix more.
Element sucks but the fact that it uses Matrix makes it really good.
Add SimpleX and Conversations-i2p
Yep SimpleX works great. Although every time I read the name I think of herpes.
Hahaha, SimpleX on Android is fine, the Desktop client is kinda incompatible with anything (no flatpak, the ubuntu version is kinda broken, no repo, their sync requires a random firewall port to be open)
Interesting. For my desktop, I just installed a binary from the AUR and it works wonderfully.
Yeah I avoid installing stuff to my system but I looked into RPM .spec files and that should be possible too. Flatpak would be the way to go though.
Personally, I do the opposite. I try to avoid flatpaks and the like. And the AUR enables that really well
Welcome to security I guess
Security is a compromise between convenience and safety.
However, simply using flatpaks isn't inherently more secure than using a binary or compiling from source. But it can make it easier to be secure for people that don't want to manage their own sandboxes.
It's also easier for devs so they only have to make one version of their app which in theory should work on all systems. But in practice I find it doesn't always work that way
This hurts me so much: it's why I revert to text messaging because everyone has a phone number. The only downside is that you can't add/remove numbers to existing groups, so it can get out of hand quickly with the number of group chats.
Fuck, I actually do have all of them.
I have 2 more :(
Family abroad uses viber🤦
What happened to "Diversity is good"?
Diversity, not 10 incompatible apps that work the same, look the same and sometimes even are made by the same company.
I'ma just use my smart phone to, make a call. Or send a letter in the mail. I'm not about to do this lol.
Hey what's the app tho?
From left to right we have instagram, signal, whatsapp, element, discord, telegram, and messenger
Isn't Instagram the same as messanger?
In terms of being useless, most certainly. But they are two separate services despite being owned by the same company.
WhatsApp is also owned by meta, so out of the 7 options, 3 of them are owned by the same company and yet continue to lack support for interoperability.
The fact that Meta doesn't even bridge their various services or chat platforms really speaks volumes about what their broader goals and plans are
Well, actually no
What frustrates me the most about this is that if we promote one commercial solution to the top of the heap, destroying all others, we still lose.
Wait you guys use Signal? Idk a single Canadian that uses it we all use Discord, WhatsApp, Facebook Messenger, Instagram, Telegram, WeChat, and Snapchat depending on the person. The reason why I put WeChat there because I had to use it in university because at the time we had a lot of Chinese international students so had no choice
Everybody’s got email. Just saying.
I work on email systems everyday.
Please don't let this protocol survive.
Forget emails that is functionally a terrible communication tool.
You never know if it will be received by the recipient. There is always false positive false negative classification in spam.
SMTP is an outdated protocol that needs to die.
It sounds like your problem is with the way providers handle email and not email itself. Email is actually a really nice protocol. It’s got so much fault tolerance built into it. I could take my servers down for 24 hours, and none of my customers would miss an email.
Yes, there is definitely a spam problem, but overzealous spam filters are not the fault of email, they are the fault of email providers.
As much as I hate Gmail, at least they are pushing for everyone being required to use SPF and DKIM. That alone will eliminate a huge portion of the spam problem.
Also, email isn’t the only protocol with a spam problem. I get so many spam messages on SMS, Facebook (back when I used it), Telegram, etc. Basically anything that allows someone to send a message without two-party consent first (like scanning each other’s QR codes) is going to have a spam problem if it’s popular enough.
No. Providers handle mail this way because they have no choice to do so.
You are stuck between two major Issues.
On one hand you can have your anti-spam very lenient and receive pretty much everything. But if you do you will get more phishing and malware ridden mails. So the users will be exposed to one of the most dangerous vector of infection.
On the other hand you can have a super aggressive spam filter but some mail will be dropped. Whether an email notifications or the contract of the year for a business. It's no matter. It might never be delivered.
And since we have to block millions of spam mail everyday we have to block them silently because if you respond to certain malicious SMTP server online they will just spam you.
In reality businesses are used to email so that's what is commonly used.
But it's far too unreliable to communicate with clients of that business. You can't just have an important contract sent as an attachment by mail with some chance that it will be silently dropped at some point.
The simple fact that you can send an information to someone by email and it might be silently dropped without you ever being aware of it should IMO have led to the conclusion that it should never be used for anything remotely critical.
If it's important it shouldn't be an email. The reality is millions of dollars worth of business conducted solely through email conversations. And also a very lucrative business of spam.
Even businesses are often spammers or as they may call it "gray mail".
No email providers will guarantee you a 0% fault spam filtering.
Not Gmail either.
It's a good thing Gmail does that but it helps only their users right now (since February's changes). If your business communicates with thousands of small domains on small providers it will take another decade for every SMTP server to fix their s***. And even then there will still be spam.
What's the difference between a spammer going through all the hoops of creating a mail domain and a new business ?
Not much. Both mynewlegitEmailDomain.com and SpammerWho UnderstandsDNS.com are essentially the same for a spam filter.
They both would have "legit DNS records" but would both have trouble sending mail to Gmail at first.
Because Gmail cannot know if you are a spammer that setup a new disposable domain or a serious actor in email that just wants to communicate with you.
Truthfully Email is a terrible protocol that cannot be fixed with yet another layer of duct tape. You will never have any guarantee your mail is delivered. There is plenty of communication systems that's will tell you it's delivered or not.
Again, your problem is with the way providers handle email. It would be perfectly possible to deny email that’s flagged as spam, then the sender would get a bounce notification. “Dropping them silently” (which actually means accepting them and delivering them to a spam folder in this context) is a choice that providers make. It’s already general practice to deny email from an IP address that’s been blocklisted.
Also, spammers aren’t going to spend the money to buy and set up domains if each one is blocklisted before it makes a profit. My own email service will mark something as spam if it fails FCrDNS, SPF, and DKIM. Gmail went one step further and doesn’t even consider FCrDNS.
And again, any communication method will have a spam problem if it is popular enough and it allows non-two party consent messaging. Email’s popularity is the reason it has a spam problem, not its protocol design. And any distributed system cannot guarantee delivery. If my server tells your server it’s delivered, you just have to trust it, no matter what protocol you’re using.
By dropping silently I meant really litteraly. If you answer to SMTP commands, you are not silent. You essentially say a spammer server that you are a valid target and that they can go on.
It's not even a question if spammer buy domains to spam. It's well known and the reason why commercial products provides a feature to filter too fresh domains.
There are procedures to "warm-up" an IP if you are a large provider and if you don't do it and attempt to send a lot of mails to Gmail this will not work. It's not just about DNS records. You could have donne everything perfectly DNS wise and still be blocked by Gmail servers.
You should take a look at the requirements of Gmail for large providers. As far as I recall Gmail does check FcrDNS since last month. On top of more requirements for authentication.
Still you can't just buy an IP, a server, set MX, SPF, DKIM, DMARC, ARC?, FcrDNS and expect large amounts of mail to go through right away.
The major issue here is that anybody can send any email to whoever. Most communication apps won't let you do that certainly not like emails.
You can't open WhatsApp and start spamming the whole world. You basically can only do that with phone calls and emails ?
So no, SMTP/IMF has rotten foundations. No matter how many (optional) protocol you add on top, it will always be such an hassle to maintain and there will be always people who can't afford that much effort.
Small businesses having to set that up just to reach Gmail is a big problem that they usually externalize with Outlook365 and so on.
Again, Gmail calls the shots because they are the leader. But on paper my fully unauthenticated mail from Barack.obama is perfectly RFC compliant and legit. These protocols that are essential are optional at the end of the day. They became virtually mandatory because of the spam issue and Gmail pushing in the (right) direction because they have leverage.
SMTP on its own is trash.
I don’t see your issue with dropping a connection before issuing any SMTP commands. Your problem is with not being able to determine delivery status, right? If your server never even gets to send the message, then you know with 100% certainty that the message wasn’t delivered. And if it’s denied, you know with near certainty that it wasn’t delivered. (I don’t know of any servers that will issue a hard deny after receiving the message and then still deliver it, but that’s technically possible.)
I have read Gmail’s requirements, and I’m familiar with IP reputation. I didn’t mean that they don’t check FCrDNS, I meant that only having that is not enough. They now require both SPF and DKIM. Whereas my service will still accept your messages and not automatically mark them as spam if you only pass FCrDNS.
Generally if you’re getting your emails denied right off the bat, it’s because your IP or the block your IP comes from already has a bad reputation (basically any IP a cloud provider will give you). But yeah, you don’t want to spin up a server on a brand new IP and start firing off 10,000 emails a day, just like you said you don’t want to fire off 10,000 messages a day on WhatsApp. That’s a bad idea for any platform.
WhatsApp is not distributed, nor is it an open protocol, so that’s right out. It will never be the standard.
Gmail only calls the shots for Gmail users. If you never interact with Gmail users, you don’t have to obey any of their requirements. Like imagine a system that you’ve set up to receive notification emails from your own servers. You don’t have to obey anyone’s rules.
Your spoof mail may be perfectly valid for the base ESMTP spec, but there is not one single email provider on the planet that only considers that spec. Email isn’t just one spec. It’s a system that’s made of many specs and common practices, some required, some de facto required, and some optional.
Everyone can read your emails, just saying.
Maybe they can but I never do
Well, I run my own email service.
Np, they read your mails on the destination, anyway.
S/MIME says otherwise.
GPG S/MIME are still a thing...
Give Beeper a try! It consolidates all the listed apps into one texting app.
Tried it, its bloated and battery hungry. It isn't also clear how beeper saves and uses/handles your messages.
People really need to consider the pedigree of the guy who created this company and how willing he is to walk away from a company when it becomes unprofitable. Eric Migicovsky sold Pebble when it became unprofitable, promised that people would still have their jobs as devs, and at the last minute, the sale didn't include their jobs, so everyone was left fucked out of luck and with no job. Also, the fact that he has zero long term plans for how to keep fighting Apple for iMessage access after he used a teenagers reverse-engineered code to make a standalone Beeper iMessage app which Apple promptly broke after only days. If that's as far ahead as he was able to "plan" in regards to that, it speaks to his weakness on having a long-term business plan. Lack of realistic long-term business plan coupled with how badly he fucked over the developers when he bounced from Pebble screams "Don't trust this."
Beeper is just paying someone else to maintain Matrix bridges for you.
And that's a bad thing ?
Yes... because you have to trust that person/company. Which you implicitly should not... especially since they're already shown themselves to be untrustworthy in their previous endeavors.
Beeper is great
Seconded. Good support team too
https://xkcd.com/1810/
I have a bunch of chat apps. I live in a country that uses a mix of messenger, telegram, viber, and whatsapp. Although it is mostly messenger.
If I can't text them they're not my friend
Good one
As a new player in the BFF market, Imma need you to add Threema to that spread
Not really, Signals cool and buttery smooth and also the gold standard
Whatsapp for irl friends, Discord for online friends and gaming, email for professional communication. Not too complicated
Email or text. Otherwise fuck off
So the two least secure online communication methods possible?
Let's find out, I'll email a text to the pentagon
Email encrypted with PGP keys?
Text over Internet protocol like XMPP or Matrix?
Right? Right?
So glad everyone here just uses whatsapp. Yeah yeah, meta sucks and privacy is bad. I prefer the ease of use and being able to communicate though.
Thanks apple!
Guessing you weren't around when MSN, AIM, IRC, ICQ, Yahoo! Messages and Skype were at the height of their popularity.
I was, and I ignored all of them, and I texted everyone with sms. No problems back then because standards, unlike now.
Beeper handles most of these
Beeper doesn't seem to exist yet
There's a waitlist, they're churning through it