• orca@orcas.enjoying.yachts
    link
    fedilink
    arrow-up
    222
    ·
    6 months ago

    Any tool that calls itself “open source” and uses proprietary encryption that they refuse to let any neutral third party review, should absolutely not be trusted.

    • SchmidtGenetics@lemmy.world
      link
      fedilink
      arrow-up
      9
      ·
      6 months ago

      Wonder if maybe there could be some organization that could fill that need. Independent, or a collection of industry vets, who look through the code and say if it’s safe or not. With the assumption details won’t be leaked or something to protect anything actually proprietary?

      • spujb@lemmy.cafeOP
        link
        fedilink
        English
        arrow-up
        9
        ·
        6 months ago

        there could but it would take cash

        or one could make it truly open source for free

  • ᗪᗩᗰᑎ@lemmy.ml
    link
    fedilink
    arrow-up
    107
    ·
    6 months ago

    Signal > Matrix/Element > RCS > SMS.

    iMessage isn’t in the equation because it only works on a single platform.

    • modcolocko
      link
      fedilink
      arrow-up
      59
      ·
      6 months ago

      signal protocol is basically the opposite, open source but the company is hostile to 3rd party client development

          • bitfucker@programming.dev
            link
            fedilink
            arrow-up
            30
            ·
            6 months ago

            Understandable actually. Server maintenance costs money and if a 3rd party chat app; which significantly has more usage than other forms of social media; is trying to connect to the server, they have to handle that traffic too. Remember, it is not just about data size, but also the sheer volume of connection to handle.

            I think the solution is just P2P with each peer acting as a relay to the other too. The protocol needs to be designed in such a way that no-one in the middle can reply to send false acknowledgement so as to prevent sybil attack or other attack where a malicious actor is a part of the network.

            • modcolocko
              link
              fedilink
              arrow-up
              26
              ·
              6 months ago

              My point is basically that matrix/element is arguable the much more ethical chat solution because of its openess still with a focus on security.

              • kautau@lemmy.world
                link
                fedilink
                arrow-up
                5
                ·
                6 months ago

                Right, the rating list is generic, whereas it should be categorized. For example while iMessage is a walled garden, if the list was sorted by ease of use, it should be first, as it’s nearly zero-configuration for the end user and they get encrypted messaging. Matrix would be first on open access (if we weren’t counting SMS), because it’s available on so many platforms and clients. Signal probably wins on security, though I don’t know enough about it to verify that. So on and so forth

          • ᗪᗩᗰᑎ@lemmy.ml
            link
            fedilink
            arrow-up
            10
            ·
            6 months ago

            This is an often repeated piece of misinformation. The developer of gurk-rs, a third party Signal client, has even said this himself. The client presents itself with a completely identifiable name to the Signal servers - the Signal devs can see this and could easily block this client from connecting but they don’t. This project has existed for at least 3+ years now.

      • ᗪᗩᗰᑎ@lemmy.ml
        link
        fedilink
        arrow-up
        5
        ·
        6 months ago

        There’s a few clients for Signal, nobody is preventing developers from creating apps; there’s Molly, gurk-rs, Axolotl, Flare, signal-cli, Pidgin (with the Signal plugin.

        The problem is 3rd party clients don’t implement all features because it takes a lot of work and they’re created/developed by volunteers - just take a look at Matrix and how many clients support all features or even just group end-to-end encryption (E2EE). Last I checked many third party Matrix clients didn’t support encrypted group messages, primarily just Element, the reference client built by the matrix developers. So you have the same problem on Signal that you have on Matrix.

        • Flipper@feddit.de
          link
          fedilink
          arrow-up
          2
          ·
          6 months ago

          In Matrix a direct chat is a group chat with two people.

          Also I’ve used several clients and they all supported encryption.

          • ᗪᗩᗰᑎ@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            6 months ago

            In Matrix a direct chat is a group chat with two people.

            You’re right, I forgot how Matrix handled messages and the current state is that there’s are at least 6 other clients that support E2EE - this is awesome.

            That said, as soon as you look for a stable client that supports other features like Native 1:1 calls and Threads the only client listed is Element, check here: https://matrix.org/ecosystem/clients/

            Side note: Looks like ~3 years ago a Fluffychat dev stated they would not implement E2EE in the app [0], this must have been around the time I was looking at other clients because I recall this one “looking” the best and might be viable for non-techy people to use/recommend. I’m glad they changed their mind and implemented E2EE. Time to take a look at it again.

            [0] https://gitlab.com/KrilleFear/fluffychat/-/issues/25#note_423061121

        • Liz@midwest.social
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          Do any of these also support SMS? I’ll switch back if I can have my encrypted message comingle with my SMS messages. Signal dropping SMS was the primary reason I left.

        • ditty@lemm.ee
          link
          fedilink
          English
          arrow-up
          18
          ·
          6 months ago

          Meanwhile I can’t even get my boomer mom to switch to Google Messages from Samsung Messages because she’d “have to relearn how to use it.” Then she just continues to complain that she can’t send messages over WiFi, and that when she sends or receives pictures over SMS they get compressed… 💢

          • stankmut@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            ·
            6 months ago

            Doesn’t Samsung messages support RCS? I know it did at one point. You just had to go into the settings and enable the option.

          • misanthropy@lemm.ee
            link
            fedilink
            arrow-up
            4
            ·
            6 months ago

            I had several friends and family switched over, until they killed SMS support like idiots. I now know maybe one or two people using it, and barely use it anymore.

            • FQQD@lemmy.ohaa.xyz
              link
              fedilink
              English
              arrow-up
              1
              ·
              6 months ago

              They killed SMS support? Maybe not in Germany as an exception, I still use Google messages to recive spam SMS.

                • FQQD@lemmy.ohaa.xyz
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  6 months ago

                  Oh yeah sorry, I’m really stupid early in the morning. I read something else in this thread about Google Messages and just assumed it was related. I didn’t even know Signal had SMS support, that honestly sounds like a good feature

      • ᗪᗩᗰᑎ@lemmy.ml
        link
        fedilink
        arrow-up
        9
        ·
        6 months ago

        I could settle for this but remove telegram as it’s not even E2EE by default. It’s basically facebook v2.

          • ᗪᗩᗰᑎ@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            6 months ago

            Private messages on Matrix have been end-to-end encryption (E2EE) by default since 2020 - https://matrix.org/blog/2020/05/06/cross-signing-and-end-to-end-encryption-by-default-is-here/

            For anyone considering Telegram for privacy:

            1. Telegram doesn’t default to encryption. All your messages are stored and can be viewed by anyone with enough privileges on Telegram’s infrastructure.
            2. Telegram’s “secure” 1-1 messages are limited to the point of being useless and not worth using. It’s a dark design pattern created to discourage their use, ensuring you give them all your data.
            3. Telegram doesn’t support E2EE group messages.

            TL;DR - Matrix is more private than Telegram.

  • spujb@lemmy.cafeOP
    link
    fedilink
    English
    arrow-up
    24
    ·
    6 months ago

    disclaimer: i barely know what im talking about here so if any of the language in this post is inaccurate feel free to reach out

    • Aatube@kbin.melroy.org
      link
      fedilink
      arrow-up
      27
      ·
      edit-2
      6 months ago

      It’s correct, although I’m surprised that there isn’t even a FOSS implementation of the unencrypted part.

      Hopefully you made this in GIMP

        • ferret@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          36
          ·
          edit-2
          6 months ago

          This meme is just two images and some text, no offense but you could make this using only ffmpeg if you were sufficiently masochistic

          • Feathercrown@lemmy.world
            link
            fedilink
            English
            arrow-up
            32
            ·
            6 months ago

            “What photo editing app do you use? Photoshop? GIMP? MS Paint?”

            “ffmpeg.”

            “All hail technomancer Joe, wielder of ffmpeg!”

          • spujb@lemmy.cafeOP
            link
            fedilink
            English
            arrow-up
            8
            ·
            6 months ago

            yeah i could use a hex editor if i wanted but turns out the fasted app workflow is often the best

            • ferret@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              9
              ·
              6 months ago

              “Fastest workflow” has no bearing here, nobody gives a shit if a task takes exponential time or linear time when the total time is less than three seconds in both cases. You are acting like you are some prodigal graphics designer when the task at hand is the computer artist equivalent of banging two rocks together.

              • spujb@lemmy.cafeOP
                link
                fedilink
                English
                arrow-up
                23
                ·
                edit-2
                6 months ago

                bro ur getting so antagonistic and for what 😭

                imgflip is purpose-built for the process i am taking. GIMP takes more than 3 seconds to boot up on my device. there is no competition. stop with the toxic behavior and insults. this was a joke. you make the internet miserable.

              • Aatube@kbin.melroy.org
                link
                fedilink
                arrow-up
                7
                ·
                edit-2
                6 months ago

                I couldn’t do this in three seconds even with imgflip. I’d say a minute using normal tools, and probably 20 seconds with imgflip.

    • Welp_im_damned@lemdro.id
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      6 months ago

      Rcs isn’t a open source but an open standard. Two very different things.

      Open standard: anyone can use the standard but could be proprietary/closed source

      Open source: anyone can edit/review the code and forket it if they want to.

      The issue with RCS currently is that Google won’t release the API for it on android and only allows Samsung to use it for their app. Another part is that their encryption is based on signal and released a white paper about it.

      Now it’s understandable why people would distrust Google. But apple is currently trying to add e2ee to the open standard (google also tried in the past but failed).

      Mind you the only reason apple is even implementing RCS is because China is forcing them to. Since any new 5g devices must support rcs to be certified in china.

      I hope this helps. Also have a android turtle from the blob!

      • spujb@lemmy.cafeOP
        link
        fedilink
        English
        arrow-up
        3
        ·
        6 months ago

        this true, ty for the clarification

        ill leave the meme as is (in quotes) since that was the thrust of the propaganda i saw 18 months ago

        seems like a term that is intentionally thrown around to make things sound secure and cool when it’s not.

    • LinkOpensChest.wav
      link
      fedilink
      arrow-up
      8
      ·
      6 months ago

      I’m not sure I understand it fully either, but what I do know about this topic is certainly disappointing

      Typical Google fuckery

      • iltg@sh.itjust.works
        link
        fedilink
        arrow-up
        4
        ·
        6 months ago

        what data gets hogged back? most stuff can be turned off and are features that would be missing anyway from xmpp, like identity servers or integrations server. also you can selfhost your identity server and add integrations manually

      • AVincentInSpace@pawb.social
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        Isn’t like the entire point of Matrix that it’s end to end encrypted, thus rendering any data servers acquire useless?

        You could make the metadata argument, but having one node aware of even most transactions is better than having one node aware of all of them.

  • InvaderDJ@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    6 months ago

    Did people call RCS open source? I’m not a huge follower of the standard, but I don’t think I ever heard that said. In fact, I’ve heard people complain about not just the proprietary encryption but lack of E2E and carrier/Google control.

    Its only advantages are that it is better than SMS and supported by the carriers, Google and Apple sometime this year.

    It’s a shitty standard but given how shitty SMS is, I’m willing to hold my nose and jump in.

    • spujb@lemmy.cafeOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      yes sorry when i called it “open source” that was an overstatement that others have since corrected

      “open standard” is correct—nevertheless doesn’t excuse google’s deceptive marketing to force this as industry standard instead of investing in something actually open source and aproprietary