Tuba XMPP is way lighter than Matrix. It's been around for decades and has managed to evolve with time to support the new needs as the context since 1999 has changed. In my opinion that signals that it can continue evolving for another couple of decades. It's a very stable standard. It doesn't have a reference implementation nor a "default" server provider, which makes it harder to "kill" or steer in a specific direction for the benefit of a few.

On the other hand, it's more confusing and less friendly to newcomers. Which is I guess why Matrix seems to be more popular nowadays

SimpleX is a great step up from Signal. It has the same double-ratchet encryption but fixes privacy issues around metadata and phone #s. Should absolutely replace WhatsApp for anyone still using that.

    supersonic Signal leaves no metadata except date app downloaded (which can be avoided with GitHub APK) and date app last used. Pretty useless stuff. Just phone number if you choose to make it available. Otherwise it is a truncated hash on an encrypted Signal server. For me, I want people to know my number is attached to Signal as I am not high threat model. I want my contacts who start using Signal to know I use Signal. I want to see if a contact has added Signal. The more the merrier.

      Bumwin3
      I agree with this, it is the most annoying aspect of secure texting, the need for which seems so obvious to us.

      My family and I were using Signal and Wickr, until Wickr changed. Then we all migrated to Session, and Signal sort of fell out of use.

      There are only two of us with pixel phones, and I am the only one on GrapheneOS. The rest are iPeople, and they have had trouble with sending photos and notifications. One has trouble at work, I suspect due to the antics of her IT people, but we have no idea how or why.

      I strongly suspect that were I not the patriarch, they may not have all gone along with any of this. I have four friends on Signal, and one who refuses to use secure texting. There is very little communication with him.

      For whatever I may be worth, that is my/our history. We are not wizards or geeks, we just don’t want our correspondence sitting on someone’s server, in the clear, ready to be read at the whim of some “authority”.

      I’ve seen how almost any statement, no matter how innocuous, can be interpreted differently, or distorted in meaning, to ever be comfortable with my texts being read by anyone who has the power to ruin my life.

        Blastoidea
        Well said! I don't know who to quote on this one but "don't let perfection be the enemy of progress". If I can convince someone to learn about PGP Great! If I can get them to use signal awesome! If I can get them to wrap their head around why something like E2EE is important but they're stuck on using whatsapp, that's fine too.
        My experience in trying to spread awareness on security & privacy has been that there is nothing wrong with incremental improvements and pushing too much complexity on a newcomer is the best way to drive them straight into the arms of blissful ignorance, which is the worst possible outcome.

        Blastoidea The Senate and their staff have been ordered by their chief of security to use Signal - and they already have hardened, more secure government cell phones (I always wonder what they do for that and if it is more secure than GOS. Heck, maybe they use GOS).

          AlanZ

          Indeed, unfortunately It's a function that is missed in signal.

          • [deleted]

          • Edited

          AlanZ Hopefully this is will be addressed soon, but you also aren't met by a completely empty contact list. Phone numbers are there for a reason, but good on Threema for making both approaches work, although my contact list is still at zero, just like it was when I first purchased it.

          • [deleted]

          • Edited

          People looking at XMPP might be interested to read XMPP: Admin-in-the-middle by now defunct Infosec Handbook and associated HN discussions here and here. It mostly applies to using third party servers, not hosting your own.

          zzz
          No link able sources, but read about Australia and encryption.

          US politicians are no better than Australian politicians, to say the least.

          And “our” government is constantly dinging them to “take action” on the “problem” of encryption for the citizenry.

            supersonic My 0.02 cents. Creator of ,,tinfoil chat'' which is a really secure communicator, has a long reddit history of saying unpleasant things about SimpleX. Sadly i cant say much specyficaly as i was reading this long time ago