I'm actively recruiting volunteer devs for a native Signal / Signal-like client in Gtk, in the hopes that we can bring it to the @Purism Librem 5 phone. Please contact sean.obrien@puri.sm if interested.

PGP/GPG: FA9D 40F1 5FE1 D8AB 8312 4AAA 77E3 1447 CD1F C3F6

@diggity

Anything to do with #Signal do not count with me.

Why not opt for an #open solution, as opposed to an "open" one?

@Purism

@philippemargery @61 @Purism Signal isn't "bad". In a nutshell:

OpenWhisperSystems / the devs behind Signal made the choice to centralize the service and build identity around the phone number system, instead of doing the federated / decentralized approach.

They did this consciously to encourage widespread adoption without the traditional difficulties associated with a decentralized, multiple-client approach.

That makes it different from approaches by Matrix.org, XMPP, and so on. 1/2

@philippemargery @61 @Purism OWS has had a contentious relationship w/ FOSS devs who want alt. clients/forks of Signal that interop w/ OWS network

From the OWS perspective, it's important to keep the UI/UX consistent; alternative clients degrade the user experience for everyone on the network, and use expensive resources. Security and QC are impossible to verify for apps out of OWS control

The FOSS-y arguments are familiar, and include the fact that centralization is dangerous for freedom. 2/2

@diggity

As for the OWS perspective, we're going to have to file that under #utterbollocks.

For the record, I have nothing against closed source per se. It's specious arguments, outright lies and #antisocial behaviour that gets in my tits. And that's the things that #signal truly are experts on.

@philippemargery @Purism

@diggity @philippemargery @Purism

Just for the record.

* First things first, the #wikipedia advertised “Open Whisper Systems” does not actually exist. Prove me wrong with an official incorporation document.
* The also #wikihyped “Signal Foundation”, AFAICT does not exist either, according to people who should know, namely irs.gov/charities-non-profits/

See next message for what *does* exist…

@diggity @philippemargery @Purism

* Previously, when this guy came up with his previous product iteration, he had set up another #Delaware entity, WHISPER SYSTEMS TECHNOLOGIES, INC. This was in 2011.
* In 2012, a #California #LLC (businesssearch.sos.ca.gov/CBS/) was selling his software on the #apple store (news.ycombinator.com/item?id=8)

@diggity @philippemargery @Purism

The #California entity QUIET RIDDLE VENTURES, LLC is still active (as is the 2011 DE corporation) with a modest income and one employee on file (www.buzzfile.com/business/Open-Whisper-Systems-415-267-1806).

@diggity @philippemargery @Purism
For the Delaware entities, if someone wants to shell out $20 you can get the tax returns which should give an idea to what extent the claims made in #wackypedia and the press are true or not, and where any money has been coming from and going to.

For the “foundations”, please someone publish their articles. And obviously, as for any other private non-profit, their finances.

@diggity @philippemargery @Purism

Not even getting into the technical aspects of it. #Security? Your own phone number as your ID, what could possibly go wrong?

It could be a decent closed source app if it weren't for the #bullshit security #hype.

But the obvious disparity between the public claims and the hard data that can be found with just a casual search, are no journalists wanting to dig a bit into that? @maxeddy?

@61
Wow. It is indeed intriguing. Thanks for that. What messenging up do you use? My family is fed-up with me asking them change app all the time.... 😂
@diggity @Purism @maxeddy

@philippemargery
#xmpp user since 2001.

I've changed JID (Jabber ID) exactly once, around ten years ago.

@diggity @Purism @maxeddy

@61 @philippemargery @diggity @Purism @maxeddy
What about all the metadata that your XMPP server (and the others you contact to) can see and manipulate? I was using Conversations.im but just leave it after discover about this.
infosec-handbook.eu/blog/xmpp-

Follow

@Gorio Interesting read. Generally, however, it's not surprising that people who administer whichever kind of infrastructure also will have access to (meta)data collected all along the way, and be that just for being able to provide a given service. We either need *true* (serverless) peer-to-peer solutions or a way to provide *trustworthy* operations of critical infrastructure. Just to have FLOSS code available to "run your own" doesn't help here.

@61 @philippemargery @diggity @Purism @maxeddy

Sign in to participate in the conversation
Mastodon

One of the first Mastodon instances, there is no specific topic we're into, just enjoy your time!