pleroma.debian.social

pleroma.debian.social

The transition of all my non-tech friends into Signal has been truly startling

Just amazing to see behavior shift happen systemically. I love humans.

@grimalkina Depressing for those of us who wanted the shift to be towards decentralized tech like Jabber/XMPP...instead, we get yet another silo 🙁

@contrapunctus ok well I've never even heard of that so maybe start by asking stuff like why haven't people heard of this instead of lamenting in my replies

@grimalkina My apologies, I never seem to understand the right way of replying to people.

@contrapunctus @grimalkina yeah - well, we wanted that too, but in our professional opinion as an information privacy person, to do that in the current state of things would get people killed because they'd think they're safer than they are. so we pushed for Signal instead, with complicated feelings.

@contrapunctus @grimalkina we of course very much want to work towards a world where the decentralized things can give the same strong guarantees about metadata.

@contrapunctus @grimalkina honestly, we feel very fortunate to be facing this moment in history with even one platform that's genuinely reasonably safe at the technical level. it was not a given that we'd have even that.

@ireneista @contrapunctus @grimalkina quite genuinely XMPP with OMEMO is the same or better than Signal because it's literally the same technology but open

@Lunaphied @contrapunctus @grimalkina no, it doesn't protect metadata - a federated system fundamentally cannot do so, the metadata is needed for delivery. encrypting message contents isn't sufficient. that's exactly the misconception we're concerned that people would buy in to.

@Lunaphied @contrapunctus @grimalkina people without a security background will of course argue that it doesn't matter, but.....

https://abcnews.go.com/blogs/headlines/2014/05/ex-nsa-chief-we-kill-people-based-on-metadata

@ireneista @Lunaphied @grimalkina If someone is _that_ concerned about metadata, they could run their own private XMPP server.

Being a popular centralized service, Signal is a valuable target to backdoor. Far more so than a private XMPP server.

@Lunaphied @contrapunctus @grimalkina what we would love to see is something XMMP-like that incorporates an overlay network (like tor or i2p)

we would, in fact, love to help architect that

@ireneista @Lunaphied @grimalkina I believe most XMPP clients and servers support connecting with Tor - unless I misunderstand what you mean?

@contrapunctus it's ok! I took this as tech criticism but sounds like that wasn't intended. Wishing you all good things.

@ireneista @Lunaphied @contrapunctus @grimalkina the benefit of a widely dispersed, federated XMPP network is that it is very resistant to traffic analysis. Working towards wider availability of systems such at #freedombox help with this, as well as spreading the knowledge that open standards based chat is available, and has been for some time.

@grimalkina @contrapunctus XMPP has been around for a very long time, but because it is a standard rather than a product there is no central point for a lobby group to promote it. You can find out more at https://xmpp.org/
replies
1
announces
0
likes
0

@jlines @contrapunctus so what exactly is your behavioral request for me?

@grimalkina @contrapunctus I suggest actually trying XMPP - there are links to Free Clients and servers at https://xmpp.org/getting-started/, but you might find the 14 day trial at https://snikket.org/ (and then about $6 per month for up to about 10 people) worth a go. They are a friendly interface on real XMPP, and I like their transparency, and that they are on the Fediversse @snikket_im

@jlines @contrapunctus @snikket_im ok! Thanks for the links.

@jlines @contrapunctus @grimalkina @Lunaphied we're all for building mechanisms that resist traffic analysis, but we're highly skeptical that a federated system can do so. there are some unique challenges. it is very unlikely to be something that can be retrofitted onto an existing protocol, it almost certainly needs to be built from the ground up with that as the first principle.

with that said, we're very happy to see research in that direction.

@ireneista @contrapunctus @grimalkina @Lunaphied I am concerned about the risks associated with metadata for some time, specifically in the context of Who pays for WhatsApp, but any centralised system, e.g. Signal, or Telegram - even if well intentioned, will be vulnerable to insiders being bribed of coerced. Federation limits the insider information scope.

@jlines @contrapunctus @grimalkina @Lunaphied we are of course anarchists (well, you don't know us, but we're very public about it) and are highly skeptical of institutionalism. we are not arguing that something so essential as communication should be structured as a non-profit with legal status, we're just describing the world we see in front of us in the present moment.

@jlines @contrapunctus @grimalkina @Lunaphied the unfortunate reality is that most modern protocols, centralized or federated, have dramatically less privacy than what older protocols got "for free" by virtue of not being massively distributed systems. humanity has gone down directions in technical architecture that are hostile to privacy for several decades now.

@jlines @contrapunctus @grimalkina @Lunaphied we need to really rethink all that, we can't just keep doing the same things but imagine that it's safe somehow.

@jlines @contrapunctus @grimalkina @Lunaphied desire is a prison, here: people are used to features that come from having persistent storage on servers, and demand those features of every tool they use.

@jlines @contrapunctus @grimalkina @Lunaphied there's various other desires we need to work on identifying and letting go of, as well, if we are to get to a position where there is robust, grassroots architecture for this stuff.

@jlines @contrapunctus @grimalkina @Lunaphied unfortunately we are not aware of any effort right now which is putting this stuff at the heart of its approach. at best we get lip service and marketing copy around how the people driving these protocols would totally love to someday bolt on real metadata privacy as an afterthought (which is not possible).

@jlines @contrapunctus @grimalkina @Lunaphied again, that's not how we want it to be. we would love to sign off on XMPP as appropriate for people to use in world that is increasingly criminalizing the existence of everyone we love. we cannot in good conscience do so.

@thevril @contrapunctus @snikket_im @grimalkina I do like that list too, and use Conversations (via #fdroid and donate via @mastadon.xyz@liberapay). My aim is to inform people that alternatives to monolithic Instant Messengers exist, and encourage more mainstream use.

@ireneista @contrapunctus @grimalkina @Lunaphied There is an interesting thread here on Federated Metadata privacy

@jlines @contrapunctus @grimalkina @Lunaphied is there more, past those first two toots? (ironically, it can be hard to be sure whether a thread is federating to us.....)

@ireneista @contrapunctus @grimalkina @Lunaphied Clicking on the ellipsis at the bottom right of Daniel's post and selecting 'Expand this post' show other replies, but the one from @winfriedtilanus is the most useful.