Instant messaging apps review
I tested a lot & mulled on this for a while.
Our goal was something less centralized, more private & harder to take down or block.
BRIAR is good & with p2p modes to be censorship resistant if internet is cut, but you have to invite each user separately to a group which is a pain
XMPP is archaic & behaves like a traditional one to one messenger. Yes, groups are there but are more like texting groups & you can't tag or reply to anyone directly.
MATRIX is better but ends up being 3rd party centralized because hosting yourself is a hog, which means you're bound by that hosted server & all those rules, giving up your email credentials, getting possibly kicked off, etc. Matrix.org server started requiring email verification for instance.
Matrix doesn't encrypt metadata, your IP is visible to others in chats.
The last 2 require a hosted server somewhere for large groups to function properly, and so does SESSION since it too has no servers of it's own. But its way lighter than Matrix & can be hosted on a mediocre VPS (which I've done, I can pay, its cheap its fine). The added benefit of Session is everything is onion routed automatically, and there's zero identifying factors when creating an ID. No phone numbers, no emails, nothing. Restore that ID on a new device using a cryptic passphrase, or start a new one if you want.
Check out @Nogoolag room with SESSION:
http://chat.nogoolag.com/nogoolag?public_key=53b45de08520eb3af97933e9a4991e74e26972ee91cc94e6a05da03d956d4313
#im #session
I tested a lot & mulled on this for a while.
Our goal was something less centralized, more private & harder to take down or block.
BRIAR is good & with p2p modes to be censorship resistant if internet is cut, but you have to invite each user separately to a group which is a pain
XMPP is archaic & behaves like a traditional one to one messenger. Yes, groups are there but are more like texting groups & you can't tag or reply to anyone directly.
MATRIX is better but ends up being 3rd party centralized because hosting yourself is a hog, which means you're bound by that hosted server & all those rules, giving up your email credentials, getting possibly kicked off, etc. Matrix.org server started requiring email verification for instance.
Matrix doesn't encrypt metadata, your IP is visible to others in chats.
The last 2 require a hosted server somewhere for large groups to function properly, and so does SESSION since it too has no servers of it's own. But its way lighter than Matrix & can be hosted on a mediocre VPS (which I've done, I can pay, its cheap its fine). The added benefit of Session is everything is onion routed automatically, and there's zero identifying factors when creating an ID. No phone numbers, no emails, nothing. Restore that ID on a new device using a cryptic passphrase, or start a new one if you want.
Check out @Nogoolag room with SESSION:
http://chat.nogoolag.com/nogoolag?public_key=53b45de08520eb3af97933e9a4991e74e26972ee91cc94e6a05da03d956d4313
#im #session
#FBI Document Shows How Popular Secure Messaging Apps Stack Up
https://www.pcmag.com/news/fbi-document-shows-how-popular-secure-messaging-apps-stack-up
#im
https://www.pcmag.com/news/fbi-document-shows-how-popular-secure-messaging-apps-stack-up
#im
PCMAG
FBI Document Shows How Popular Secure Messaging Apps Stack Up
An FBI document lays out the information various secure messaging apps can share with law enforcement.
Why disroot.org shutdown their Matrix server:
@takebackourtech | https://takebackourtech.org
Earlier in 2021, I started seeing red flags surrounding the recently popularized Matrix protocol, thanks to a series of papers done by LibreMonde. Although I shared the research, many Matrix users saw it as an unfounded attack. This lead me to find and champion alternatives like XMPP.
Now disroot, an organization who ran a Matrix server for quite some time has shut down their Matrix instance due to privacy concerns.
β translated from Spanish
the reasons we decided to close our matrix instance were two:
1. the amount of enormous information that data from the users that we were forced to store (initiation and closing of session, interactions, publications and addresses exposed of users in public rooms, etc.) indefinitely and with the aggravation that the information also remains in the participating servers. and also the growing number of bots that polished mapping the network.
2. the ridiculously large amount of resources it required and increased with its use. about closing the instance, less than 100 users were costing us 5 gb of ram (not counting the branch that consumed the database) and 170 gb of space on the users information disk.
summarizing, it seemed to us that the amount of data accumulated was dangerously large and the resources dismedied for what is basically a text chat software.
We never thought that these problems were deliberately planned, but inherent in the matrix structure. And for us, they became unacceptable above all in relation to the commitment we have to the care of the information of the users.
There are six documents confirming that it was the best decision. It is advisable to read them completely and you can find them here:
https://gitlab.com/libremonde-org/papers/research/privacy-matrix.org
in a part of them can be read:
"after a new research and analysis based on our first document, and despite the changes that have occurred since, we believe that new vector ltd and the Matrix.org foundation cic, which represent matrix.org and vector.im:
- they don't meet the gdpr of the eu
- do not follow the guidelines, best practices and explicit requirements described in the ico guide on gdpr for those who have daily responsibilities.
- fail to defend the fundamental principles of gdpr: legality, equity and transparency.
- are not able to process gdpr data requests correctly and in a timely manner.
- discriminate against non-tecnicxs in gdpr-related issues.
- they are trying to retain data and responses from individuals who are entitled to them, removing such data from their system before completing so requests for gdpr, being a lay crime of data protection for 2018.
- they are using misleading communications, capturing policies and terms of services hard to understand to limit the scope of data requests only to home server services, while providing several other independents.
This document includes disclosure of a personal data violation by Matrix.org.
if you currently have a #matrix account on any server, not only in matrix.org, we strongly recommend that you consider whether you need to file a complaint with the English authority of rgpd, regarding the processing of Matrix.org of your data so far. "
In particular, it seems to me that after several years things have not improved too much in the most important aspects: the care and protection of the data of the users.
#im
@takebackourtech | https://takebackourtech.org
Earlier in 2021, I started seeing red flags surrounding the recently popularized Matrix protocol, thanks to a series of papers done by LibreMonde. Although I shared the research, many Matrix users saw it as an unfounded attack. This lead me to find and champion alternatives like XMPP.
Now disroot, an organization who ran a Matrix server for quite some time has shut down their Matrix instance due to privacy concerns.
β translated from Spanish
the reasons we decided to close our matrix instance were two:
1. the amount of enormous information that data from the users that we were forced to store (initiation and closing of session, interactions, publications and addresses exposed of users in public rooms, etc.) indefinitely and with the aggravation that the information also remains in the participating servers. and also the growing number of bots that polished mapping the network.
2. the ridiculously large amount of resources it required and increased with its use. about closing the instance, less than 100 users were costing us 5 gb of ram (not counting the branch that consumed the database) and 170 gb of space on the users information disk.
summarizing, it seemed to us that the amount of data accumulated was dangerously large and the resources dismedied for what is basically a text chat software.
We never thought that these problems were deliberately planned, but inherent in the matrix structure. And for us, they became unacceptable above all in relation to the commitment we have to the care of the information of the users.
There are six documents confirming that it was the best decision. It is advisable to read them completely and you can find them here:
https://gitlab.com/libremonde-org/papers/research/privacy-matrix.org
in a part of them can be read:
"after a new research and analysis based on our first document, and despite the changes that have occurred since, we believe that new vector ltd and the Matrix.org foundation cic, which represent matrix.org and vector.im:
- they don't meet the gdpr of the eu
- do not follow the guidelines, best practices and explicit requirements described in the ico guide on gdpr for those who have daily responsibilities.
- fail to defend the fundamental principles of gdpr: legality, equity and transparency.
- are not able to process gdpr data requests correctly and in a timely manner.
- discriminate against non-tecnicxs in gdpr-related issues.
- they are trying to retain data and responses from individuals who are entitled to them, removing such data from their system before completing so requests for gdpr, being a lay crime of data protection for 2018.
- they are using misleading communications, capturing policies and terms of services hard to understand to limit the scope of data requests only to home server services, while providing several other independents.
This document includes disclosure of a personal data violation by Matrix.org.
if you currently have a #matrix account on any server, not only in matrix.org, we strongly recommend that you consider whether you need to file a complaint with the English authority of rgpd, regarding the processing of Matrix.org of your data so far. "
In particular, it seems to me that after several years things have not improved too much in the most important aspects: the care and protection of the data of the users.
#im
Take Back Our Tech
Let's use technology that doesn't use us. We publish regular in-depth series about friendly & effective technology, and how it could change our lives.
Konzept Notfunkneu_20211105.pdf
3.8 MB
In germany there is a group called FreieDeutscheGesellschaft.org
Experimenting with the LoRa technology.
https://t.me/FDG_Portal
loRa is super effective in Cities, but not in the countryside.
Therefore we switched to the Reticulum Protocol, which allows us to use litte computers like raspberrypi as Gateways, for connecting Lora, CB, Wifi and even more.
First we tried Meshtastic, but there Were many problems with messaging using many nodes.
Nodes not waking up after sleeping for some time.
And many problems with the APP, and interoperabilities.
So we decided to stop the complete Process, because we needed a strong base first, before expanding.
We found reticulum was better in many ways for this usecase, since then we are using it.
https://github.com/markqvist/Reticulum
#communications #im #lora
Experimenting with the LoRa technology.
https://t.me/FDG_Portal
loRa is super effective in Cities, but not in the countryside.
Therefore we switched to the Reticulum Protocol, which allows us to use litte computers like raspberrypi as Gateways, for connecting Lora, CB, Wifi and even more.
First we tried Meshtastic, but there Were many problems with messaging using many nodes.
Nodes not waking up after sleeping for some time.
And many problems with the APP, and interoperabilities.
So we decided to stop the complete Process, because we needed a strong base first, before expanding.
We found reticulum was better in many ways for this usecase, since then we are using it.
https://github.com/markqvist/Reticulum
#communications #im #lora
Dino 0.3:
Video calls and conferences β encrypted and peer-to-peer
https://dino.im/blog/2022/02/dino-0.3-release/
#dino #im #videocalls
Video calls and conferences β encrypted and peer-to-peer
https://dino.im/blog/2022/02/dino-0.3-release/
#dino #im #videocalls
kMeet
Free and secure videoconferencing solution
kMeet is a videoconferencing solution that respects your privacy for all your discussions.No e-mail address, no advertising and no registration are required. Your discussions are not analysed and are only transmitted through Infomaniak servers in Switzerland.
Features :
- Create online (audio and video) meetings with multiple people
- Excellent audio quality
- Unlimited number of participants (subject to resources)
- No apps required for desktop computers
- Join meetings hosted by Infomaniak Meet or Jitsi
- Protect access to your meetings with a password
- Discuss and share resources via the integrated chat function
- Invite your participants via a URL
Download - https://play.google.com/store/apps/details?id=com.infomaniak.meet
https://github.com/Infomaniak/android-infomaniak-meet
#im #Videocall
@foss_Android
Free and secure videoconferencing solution
kMeet is a videoconferencing solution that respects your privacy for all your discussions.No e-mail address, no advertising and no registration are required. Your discussions are not analysed and are only transmitted through Infomaniak servers in Switzerland.
Features :
- Create online (audio and video) meetings with multiple people
- Excellent audio quality
- Unlimited number of participants (subject to resources)
- No apps required for desktop computers
- Join meetings hosted by Infomaniak Meet or Jitsi
- Protect access to your meetings with a password
- Discuss and share resources via the integrated chat function
- Invite your participants via a URL
Download - https://play.google.com/store/apps/details?id=com.infomaniak.meet
https://github.com/Infomaniak/android-infomaniak-meet
#im #Videocall
@foss_Android
5 important vulnerabilities were patched in #Matrix
Four security researchers have identified five cryptographic vulnerabilities in code libraries that can be exploited to undermine Matrix encrypted chat clients. This includes impersonating users and sending messages as them.
https://www.theregister.com/2022/09/28/matrix_encryption_flaws/
#im
Four security researchers have identified five cryptographic vulnerabilities in code libraries that can be exploited to undermine Matrix encrypted chat clients. This includes impersonating users and sending messages as them.
https://www.theregister.com/2022/09/28/matrix_encryption_flaws/
#im
The Register
Matrix chat encryption sunk by five now-patched holes
You take the green pill, you'll spend six hours in a 'don't roll your own crypto' debate
British youth faces 100,000-euro bill for bomb threat joke that prompted Spain to scramble a fighter plane to escort easyJet flight
The accused was checking in for a flight at London Gatwick airport when he sent a message to friends via Snapchat. It was picked up by the UK security services when the plane was flying over French airspace
Source: https://www.surinenglish.com/spain/british-youth-faces-100000euro-bill-for-bomb-20240122151721-nt.html
>send a meme on snapchat
>get fined 120k
Would he have been saved by using any chat service with end-to-end encryption? Even Whatsapp? How can one avoid this happening to them?
β‘οΈhidden tech
#why #im #privacy
The accused was checking in for a flight at London Gatwick airport when he sent a message to friends via Snapchat. It was picked up by the UK security services when the plane was flying over French airspace
Source: https://www.surinenglish.com/spain/british-youth-faces-100000euro-bill-for-bomb-20240122151721-nt.html
>send a meme on snapchat
>get fined 120k
Would he have been saved by using any chat service with end-to-end encryption? Even Whatsapp? How can one avoid this happening to them?
β‘οΈhidden tech
#why #im #privacy