Enough of fenced services owning the users. I'm fed up with carouselle of new services for same features. I'm going to stick with XMPP, which is openly federated and free as in freedom. It is now technically capable of chat sync, sent messages editing, end to end encryption (there are alternative modes to fit different usecases), videocalls, and many more things. There are working gateways to many other networks, including Skype (not fully, but mostly enough to start transition away from skype).
XMPP could be a fantastic option but it's missing push notifications, which are an absolute killer these days. You either don't use XMPP on mobile or take a massive hit to your battery.
I just tested the video call with my parents that still have an old adsl link to their home, it was crystal clear.
Both skype and hangouts struggle when doing the same. Hangouts actually makes the audio choppy.
I'm a bit worried about using something that is free and has no ads while maintaining central servers though..
I just gave it a shot too, and it works well. I deleted my account though, because I only need voice chat with my team and Discord has this app beat hands down for collaboration and team rooms.
- As a non-American, I see America as one of the least safe places to store my information. The Snowden leaks showed that the US government has zero respect for the privacy of non-Citizens.
- As someone who's lived both inside and outside America, I've noticed that privacy laws in the US are weak relative to other countries (much of Europe, Australia) that I've been in. Europeans have things like Right to be Forgotten. Americans have companies that have refused to remove my personal information after I terminated my account with them.
As an Australian, I would argue the metadata retention laws leave us just as weak as the US - if not, worse. I'd be surprised if the US equivalent of Greyhound Racing Australia had legally mandated, warrantless access to every ISP's metadata.
- "information that states an address to which a communication was sent on the internet, from a telecommunications device, using an internet access service provided by the service provider and was obtained by the service provider only as a result of providing the service"
When they first introduced that bill it was rather scary looking but by the time it passed it's not too bad.
Well I did say "metadata", rather than "traffic content". There are always different way to look at it, but the absurd ease with which groups that are not law enforcement have access to such data is the issue to me.
America doesn't appear to respect it's Citizen's data privacy either, they just have to collect the data indirectly from other countries (I'm not sure how they can avoid respecting the laws by doing it this way though...)
Also interesting to note that, despite this claim on their front page, the Terms of Use specifies that for American users it is interpreted by / subject to California law and SF courts.
Does anyone know of an independent audit/confirmation of the robustness of their privacy / security? I don't really know enough about crypto or security to be able to tell.
I'm wondering the same, it is a shame there's not a whole lot of end to end encrypted applications, it's a conspiracy all of it's own or something? Maybe cryptologists are sparse or this is just not in their available time for the type of problems to tackle, not sure. The need is clearly there for more open source secure applications, hopefully we see more.
My theory, as way out there as it might seem, is that there is hardly any interest for actual encryption. GPG's unique maintain was struggling to make ends meet until last year when he made it in the news.
I have yet to find someone, even among the "privacy aware" people to chat on Facebook using Pidgin's OTR plugin.
>I have yet to find someone, even among the "privacy aware" people to chat on Facebook using Pidgin's OTR plugin.
That's because the "privacy aware" folks don't use Facebook. And if they did (likely a damn good reason) they would. Makes it all the less likely for you to have met them
XMPP strong selling point is federation. You can run your own private server and it does encryption. There is plenty of implementations from servers to clients, most being open source. It seems to me just one of the Zillion messaging alternative available.
Why hasn't there been a beautiful XMPP apps created? A company could come in and provide effortless XMPP server setup for a monthly price, and provide great apps for all to use, no?
I really don't get this. What's their advantage over using this over... well, anything else?
They seem like a complete copy of Signal to me: they're a centralized service with open source clients that promises end-to-end encrypted communication. I see no difference between them. It's like re-inventing the wheel. Honestly, I don't see a single reason why I should use this.
The problem with Signal (at least for me) is that its desktop client relies on your phone's Signal app, which feels weird and "duct tape-ish". I've been spoiled by the ease of using iMessage with multiple devices (phone, tablet, desktop, or otherwise): just sign in and it works, no janky-feeling interdevice communication necessary, and I've come to expect that from any messaging service I use.
Signal is great for those who confine their instant-message-like communication to their phones, since desktops being treated as second class citizens isn't an issue for them. I am not one of those individuals. I want to be able to read and reply to messages on whichever device I'm using at the moment without having to think about my phone's presence at all.
Well, when you consider that the keys are ethereal, it makes it clear why it's "duct tape-ish". You could argue they should have a syncing protocol but now you need to come up with a secure syncing protocol.
But, I feel like that the tools that promise to solve the same problem should at least have one drastic difference between them.
Kind of like social networks. Even though they all tackle the same problem (trying to keep us connected) each of them does it in its own distinct way.
I don't see any such feature here. They're tackling the very same problem in a very similar way. A bit too similar for me in fact. And since their target is a niche audience, I only see us having even more difficulties if Signal gets more and more alternatives.
But you shouldn't condemn the developers over this. Arguably, there's not major differences between Colgate and Crest toothpaste, but having alternatives in the market drives innovation and keeps prices down.
1. Their desktop support isn't provided by a native app but rather ducktaped onto Chrome, which in turn forces me to have that pole of junk installed.
2. There's no iPad app, granted you can run the iPhone app in compatibility mode but that's just feels wrong in 2016.
3. Their support for multiple devices using one account can at best considered an afterthought attached to their mobile apps with gum. When I checked last it only worked with their Android and their Chrome clients so no love for iOS users.
Wire provides all of this, wrapped in beautifully designed apps (if currently a touch unstable)
Wire launched at least a year ago, if not earlier, and I have the same question now that I had then: Why should I use it?
For good security, I have email/PGP which has few of my friends, but lots of usage for secure communication.
For secure chat I have Signal which some of my friends use, but not many.
For most of my chat I have WhatsApp which is relatively secure, and has a relatively good UI. Almost all my friends and family have this.
For the rest of my chat I have Facebook Messenger which isn't secure in the slightest, but it also has almost all of my friends and family on it. It has a very good UI, and lots of features that I make good use of.
Wire on the other hand has almost none of my friends, isn't open, so can't be any more secure than WhatsApp, and has a pretty but ultimately annoying UI, and very few features.
I'm not using Wire yet - so I'm just quoting their marketing material - but they directly address your comments:
"Wire uses open-source cryptography to encrypt all content. We made the source code for data handling available to the public under the GPL License. This means that anybody can review the source code."
"Only Wire offers fully encrypted calls, video and group chats available on all your devices, on any modern platform. Unlike niche security apps we do not sacrifice usability for security — Wire is simple and straightforward to use."
Ok, as several people have pointed out, there are portions that are open source. However, this doesn't help much.
It's better than iMessage, for example. With iMessage, the protocol is described, and we can confirm that it is a "secure" protocol, for some definition of secure, but we have no idea if that's what they actually use. With Wire, we can go a step further, the protocol is described in code, so we can verify that the code is correct, however we still cannot verify that this is indeed the code being used.
A step further, which as far as I can tell doesn't exist, would be to provide a bare-bones client (maybe a command line interface) that can be reproducibly built, so that people can interact with other Wire users, using code they built themselves, this would show that the protocol that the open source code describes is being used, however there's still the possibility of the closed-source Wire app subverting it in some way, perhaps with decreased entropy in random numbers, for example.
I apologise for not reading closely enough to see the GitHub link, but I also don't think this gets Wire anywhere near the level of Signal for example, which I have compiled and run myself in the past (and contributed to).
I use Hangouts at work because it's easy to get it on the screens in our office. I don't use VoIP in my personal life much, and never on a computer, I'd rather use a phone (and therefore either a phone call, or Signal).
So then maybe this isn't for you, but for me it completely replaces WhatsApp and Signal on my phone and now I don't need Skype on any of my computers (Linux for work, OSX on the go, and Windows at home) and all my conversations sync between my phone and computers.
Well, they seem to have some opensourced some of their code. But they are far away form being free software although they claim to use the GPL.
If I can't build the software myself, I won't use it.
It means that it's partly open source, which means that the marketing material is lying. It's OK for a company to not be 100% open source, but it's not OK to lie, especially if trust is needed.
I think this looks good - whether long term use is sustainable is dependent on whether they open up their protocol to interoperability via some sort of consortium. Email rules, not because of its brilliance, but because of its level of standardisation and ubiquity. The trick will be to provide a transparent P2P solution that can somehow be boosted by leaving nodes online.. now provide pay for service that can run the nodes for people - business plan (tm).
On second thought this kind of thing is already done around the torrent sub-culture with regards to seed boxes..
All modern platforms? I don't see the Linux version.
Plus, for any such application to have trust these days, it should be open source both for clients and servers. Enough of this walled garden closed instant messaging.
https://news.ycombinator.com/item?id=8692563