The transition of all my non-tech friends into Signal has been truly startling

Just amazing to see behavior shift happen systemically. I love humans.

@grimalkina Depressing for those of us who wanted the shift to be towards decentralized tech like Jabber/XMPP...instead, we get yet another silo 🙁

@contrapunctus ok well I've never even heard of that so maybe start by asking stuff like why haven't people heard of this instead of lamenting in my replies

@grimalkina My apologies, I never seem to understand the right way of replying to people.

@contrapunctus @grimalkina yeah - well, we wanted that too, but in our professional opinion as an information privacy person, to do that in the current state of things would get people killed because they'd think they're safer than they are. so we pushed for Signal instead, with complicated feelings.

@contrapunctus @grimalkina we of course very much want to work towards a world where the decentralized things can give the same strong guarantees about metadata.

@contrapunctus @grimalkina honestly, we feel very fortunate to be facing this moment in history with even one platform that's genuinely reasonably safe at the technical level. it was not a given that we'd have even that.

@ireneista @contrapunctus @grimalkina quite genuinely XMPP with OMEMO is the same or better than Signal because it's literally the same technology but open

@Lunaphied @contrapunctus @grimalkina no, it doesn't protect metadata - a federated system fundamentally cannot do so, the metadata is needed for delivery. encrypting message contents isn't sufficient. that's exactly the misconception we're concerned that people would buy in to.

@Lunaphied @contrapunctus @grimalkina people without a security background will of course argue that it doesn't matter, but.....

https://abcnews.go.com/blogs/headlines/2014/05/ex-nsa-chief-we-kill-people-based-on-metadata

@ireneista @Lunaphied @grimalkina If someone is _that_ concerned about metadata, they could run their own private XMPP server.

Being a popular centralized service, Signal is a valuable target to backdoor. Far more so than a private XMPP server.

@Lunaphied @contrapunctus @grimalkina what we would love to see is something XMMP-like that incorporates an overlay network (like tor or i2p)

we would, in fact, love to help architect that

@ireneista @Lunaphied @grimalkina I believe most XMPP clients and servers support connecting with Tor - unless I misunderstand what you mean?

@contrapunctus it's ok! I took this as tech criticism but sounds like that wasn't intended. Wishing you all good things.

@jlines @contrapunctus so what exactly is your behavioral request for me?

@jlines @contrapunctus @snikket_im ok! Thanks for the links.

@jlines @contrapunctus @grimalkina @Lunaphied we're all for building mechanisms that resist traffic analysis, but we're highly skeptical that a federated system can do so. there are some unique challenges. it is very unlikely to be something that can be retrofitted onto an existing protocol, it almost certainly needs to be built from the ground up with that as the first principle.

with that said, we're very happy to see research in that direction.

@jlines @contrapunctus @grimalkina @Lunaphied we are of course anarchists (well, you don't know us, but we're very public about it) and are highly skeptical of institutionalism. we are not arguing that something so essential as communication should be structured as a non-profit with legal status, we're just describing the world we see in front of us in the present moment.

@jlines @contrapunctus @grimalkina @Lunaphied the unfortunate reality is that most modern protocols, centralized or federated, have dramatically less privacy than what older protocols got "for free" by virtue of not being massively distributed systems. humanity has gone down directions in technical architecture that are hostile to privacy for several decades now.

@jlines @contrapunctus @grimalkina @Lunaphied we need to really rethink all that, we can't just keep doing the same things but imagine that it's safe somehow.

@jlines @contrapunctus @grimalkina @Lunaphied desire is a prison, here: people are used to features that come from having persistent storage on servers, and demand those features of every tool they use.

@jlines @contrapunctus @grimalkina @Lunaphied there's various other desires we need to work on identifying and letting go of, as well, if we are to get to a position where there is robust, grassroots architecture for this stuff.

@jlines @contrapunctus @grimalkina @Lunaphied unfortunately we are not aware of any effort right now which is putting this stuff at the heart of its approach. at best we get lip service and marketing copy around how the people driving these protocols would totally love to someday bolt on real metadata privacy as an afterthought (which is not possible).

@jlines @contrapunctus @grimalkina @Lunaphied again, that's not how we want it to be. we would love to sign off on XMPP as appropriate for people to use in world that is increasingly criminalizing the existence of everyone we love. we cannot in good conscience do so.

@jlines @contrapunctus @snikket_im @grimalkina this guide is better https://wiki.xmpp.org/web/How_to_get_started_chatting_with_XMPP

@jlines @contrapunctus @grimalkina @Lunaphied is there more, past those first two toots? (ironically, it can be hard to be sure whether a thread is federating to us.....)