[deleted]
PMUSR Olvid makes huge questionable claims, which seems like marketing stuff to make you pay 10$ per month.
Also refer to this Reddit comment: https://www.reddit.com/r/privacy/comments/14wovyz/comment/jrjhtbv/
PMUSR Olvid makes huge questionable claims, which seems like marketing stuff to make you pay 10$ per month.
Also refer to this Reddit comment: https://www.reddit.com/r/privacy/comments/14wovyz/comment/jrjhtbv/
Olvid is in the game since 2019. They have and are close to good cybersecurity French experts. Olvid is used by the RAID (elite tactical unit of the French police).
They are open to bug bounties.
As a startup they have chosen agressive marketing to attract attention and build a sustainable business model, namely with professionals that can pay them. For individuals the app is free, and 4.99€ / month to be able to call people.
A problem raised is that Olvid is using AWS. The Olvid answer is that their security model does not trust the servers.
I think that the biggest problem of Olvid is that it is not internationally mature enough so that people around the world take the time to look into the matter.
They seem focused to conquer the French environment first. They have not survived yet a big exposure at an international scale like Signal so that we challenge well their credibility.
As of now I would not necessarily recommend Olvid compared to the other solutions, just saying that this option exists.
Do I understand correctly that Signal uses XMPP?
Hathaway_Noa I have been hosting matrix on a Raspberry Pi for a long time with no problem and have changed server for the needs of another app.
Icecube Libre Threema still needs a paid Threema license. If you have a high threat model, they only accept Bitcoin which is traceable. Would like to see Monero. All a pain anyway and great FOSS options as mentioned.
Javcek No, Signal does not use XMPP. Signal uses its own open source encryption simply known as Signal Protocol. Been audited and tested like crazy by security pros and considered rock solid.
GrapheneLover hi can you host a xmpp server from something like a pixel running graphene? After upgrading I now have a spare pixel that would be great for this.
Also is xmpp user friendly for beginners
GrapheneLover I'd love to use xmpp, but a reference implementation would make it so much easier ! Each time I try, I overwhelmed by the different optional specifications, implementations, compatibility, ... How did you choose your server, and what clients are you using ?
zzz I have no idea at the moment if the devs of OMEMO are going to implement such a thing, I will have to ask them.
No, Signal uses its own protocol and XMPP is compatible with OMEMO which is a fork of the Signal created protocol.
Eirikr70 Still matrix is buggy as hell and heavy upon both phone and desktop imo.
Prosody is imo the best robust XMPP server which comes configured pretty good as default, though you can always improve it by adding onion routing and disabling server2server connection and more features. Setting up a server is just a 1-time effort and after setting up everything you're done and can use an app like Conversations like any other IM app.
Hathaway_Noa did you also try ejabberd ?
Hathaway_Noa Still matrix is buggy as hell and heavy upon both phone and desktop imo.
You might be right. But it was hard having my familiars switch from Whatsapp to a Matrix client. I won't try and have them migrate to xmpp ...
Tuba XMPP is way lighter than Matrix. It's been around for decades and has managed to evolve with time to support the new needs as the context since 1999 has changed. In my opinion that signals that it can continue evolving for another couple of decades. It's a very stable standard. It doesn't have a reference implementation nor a "default" server provider, which makes it harder to "kill" or steer in a specific direction for the benefit of a few.
On the other hand, it's more confusing and less friendly to newcomers. Which is I guess why Matrix seems to be more popular nowadays
SimpleX is a great step up from Signal. It has the same double-ratchet encryption but fixes privacy issues around metadata and phone #s. Should absolutely replace WhatsApp for anyone still using that.
supersonic Signal leaves no metadata except date app downloaded (which can be avoided with GitHub APK) and date app last used. Pretty useless stuff. Just phone number if you choose to make it available. Otherwise it is a truncated hash on an encrypted Signal server. For me, I want people to know my number is attached to Signal as I am not high threat model. I want my contacts who start using Signal to know I use Signal. I want to see if a contact has added Signal. The more the merrier.
MoonshineMidnight The proof is in the pudding. If I know law enforcement can't get any info, I'm good with the app. Here is Signal's response to a subpoena. Subpoena and Signal's response on the bottom.
Bumwin3
I agree with this, it is the most annoying aspect of secure texting, the need for which seems so obvious to us.
My family and I were using Signal and Wickr, until Wickr changed. Then we all migrated to Session, and Signal sort of fell out of use.
There are only two of us with pixel phones, and I am the only one on GrapheneOS. The rest are iPeople, and they have had trouble with sending photos and notifications. One has trouble at work, I suspect due to the antics of her IT people, but we have no idea how or why.
I strongly suspect that were I not the patriarch, they may not have all gone along with any of this. I have four friends on Signal, and one who refuses to use secure texting. There is very little communication with him.
For whatever I may be worth, that is my/our history. We are not wizards or geeks, we just don’t want our correspondence sitting on someone’s server, in the clear, ready to be read at the whim of some “authority”.
I’ve seen how almost any statement, no matter how innocuous, can be interpreted differently, or distorted in meaning, to ever be comfortable with my texts being read by anyone who has the power to ruin my life.
MoonshineMidnight
I have heard rumors that members of the US military are “advised and encouraged” to use Signal for correspondence with their families.
Blastoidea
Well said! I don't know who to quote on this one but "don't let perfection be the enemy of progress". If I can convince someone to learn about PGP Great! If I can get them to use signal awesome! If I can get them to wrap their head around why something like E2EE is important but they're stuck on using whatsapp, that's fine too.
My experience in trying to spread awareness on security & privacy has been that there is nothing wrong with incremental improvements and pushing too much complexity on a newcomer is the best way to drive them straight into the arms of blissful ignorance, which is the worst possible outcome.