Over the past few years I have gone through a bunch of different apps and protocols to find the best one for “securely” communicating with my family and friends.

I ended up with the amazing XMPP protocol and my family/friends frequently use its clients to contact me.

Monal for IOS and Cheogram/Conversations/Quicksy for Android. The android app I install depends on if I can get F-Droid on their phone or not.

It’s been great with OMEMO encryption and the clients/apps available for XMPP. But sometimes I have issues introducing people to it.

Jabber (friendly name for xmpp) sounds silly to say. The clients all have weird names. And after trying the Signal mobile app it feels more focused than what anyone in the XMPP community has whipped up.

But the capabilities of XMPP makes it better.

Signal Cons (immediete)

  • Centralized
  • Single app
  • Phone numbers

XMPP/Jabber Cons

  • Picking server
  • Apps are sort of less friendly

What really scares me about Signal is the centralization. Any nerd can easily host an XMPP server these days. But Signal from what I’ve heard really wants us to use their server.

If XMPP gets more attention I’m sure we can get people supporting projects and creating better apps.

I keep seeing people recommended Signal instead.

This is a bit of a tired ramble. What I wanna know is why anyone is preferring Signal over XMPP apps. I assume it might be not knowing about it. Tell me what you use to message people.

  • Mgineer@lemmy.ml
    0·
    4 hours ago

    For most people, Not this community, it’s trying to get people off Whatsapp. So even signal is better

  • undefinedTruth@lemmy.zip
    0·
    6 hours ago

    Signal may not be the best in a technical sense, but it is good enough and it has the network effect. I’ve been pleasantly surprised when in the span of a few months I met two different people actually in real life, who happened to already be using Signal.

    Signal is also just as usable as the big tech alternatives, which makes it not a very hard sell to friends and family. For quite a few years now I have managed to convince everyone I communicate with to do so over Signal. There is no chance I would be as successful with something else.

  • Lyra_Lycan@lemmy.blahaj.zoneEnglish
    0·
    10 hours ago

    Don’t forget that OMEMO on XMPP has no backward decryption - all messages are lost with every new client. Massive dealbreaker for me, as I value message history between those I love.

    I’ve gone for Matrix. Signal doesn’t interest me until they get rid of the requirement for phone numbers.

    Others have noted that XMPP servers hold user contacts (and maybe other parts) wholly unencrypted, and if the server isn’t yours, that’s a trust risk.

  • Joe Bidet@lemmy.ml
    0·
    11 hours ago

    Many people will tell you you have to sacrifice your principles because interface, because “normies” (which is an elitist way of telling you that non-elitist people are idiots…), etc. I say: stick to your dreams!

    • pathief@lemmy.world
      0·
      11 hours ago

      It’s not elitist, it’s realist. They don’t want to install Signal just as much as I don’t want to install Facebook messenger.

      Yes you can nag people but it will more often than not have the same effect as when people try to convince me to install Facebook messenger.

      • Joe Bidet@lemmy.ml
        0·
        5 hours ago

        speaking of “normies” is elitist, because the term is used usually people privileged/experienced with knowledge about technology to describe people who don’t have this privilege/experience. It is implying that there would be a class of (sub-)humans who are not capable of taking the same path as the person who employs this term. I stand by the term “elitist”. In a world of diverse people, life-paths and needs, in my own experience everybody is capable of understanding the political reasons to use a piece of software over another one (because one company sucks, because their model of centralization is detrimental to freedom, because they got shady funding, because they pretend to be something else but bar free software authors to modify their software, because they’re from the USA, etc.). Everyone has their own way of understanding these things. Everyone has some arguments that will resonate better than others. Pretty much the same way you probably decided to not install Facebook messenger. Well the good news is: everybody is capable of understanding these things. It may take time and effort, it may make elitist people realize it is not as easy as they first thought it would be, and require to fail and try again. It requires efforts and a humble approach as to listen to these people and take them where they are and walk a bit along the way with them.

        My personal experience is that most people are capable of understanding such things. It may take time, but everyone is capable.

        I also saw tons of elitist tech-enthusiasts and other tech-savvies “bros” not even addressing who they call “normies” out of pure lazyness, to avoid to speak outside of their own comfort zone and question their own status, and to avoid sharing their elitist knowledge.

        -> “‘normies’ won’t do that” = “i am too lazy to engage meaningfully with people who do not know the same things as i know.”

        That’s a major part of the problem. Elitist feedback loop…

        • pathief@lemmy.worldEnglish
          0·
          5 hours ago

          First of all normie not an insult or a derogatory term. The term “normies” is often used in many niche communities to refer to someone outside the community. It has nothing to do with being smart, privileged or experienced. It means more like “the average user” or “the typical person”. Example: a person in the boardgaming community may refer to you as a normie, not because you’re dumb but because you don’t play hobby boardgames (check out Brass: Birmingham, what a game).

          The problem isn’t about comprehending the problem, most people understand that Facebook is selling their data. They just don’t care. They would rather have their data sold than to have the trouble to move to yet another communication app. WhatsApp is working just fine, Facebook is sparking joy. They don’t care.

          “Normies won’t do X” is a perfectly acceptable way to express that the hurdles are too high for the average user. The average user wants a sleek UI, a user friendly experience and most of all they want to be in the place everyone is already at. The average Joe doesn’t want to be the first guy on Simple X, they actually really want the hassle free platform everyone is already at.

          Also, the next great communication app is constantly changing. It used to be IRC, ICQ, MSN Messenger, Facebook Messenger, WhatsApp, Instagram, Telegram, Signal, Matrix, Simple X, Session. I’m sorry to say that the average person is not willing to migrate that often. Facebook works, their friends are already there, they stick to it. This isn’t elitism, it’s just stating what I see.

      • cdzero@lemmy.ml
        0·
        6 hours ago

        I find this resistance weird. (From the “normies”, not the Signal users)

        Most of them have phones filled with all sorts of crap that they download willy nilly, yet they only seem to put the walls up for Signal.

  • glitching@lemmy.ml
    0·
    11 hours ago

    to answer your question - if you wanna eventually talk to normies. like cute boy/girl you meet at a bar or a business contact from a random meet. even Signal has dogshit penetration compared to the big players, so XMPP/Matrix/Briar/etc aren’t even a blip on the dradis.

    also, you sorta sidestepped the UX. if you’re coming off the hyper-polished world of Telelgram and iMessage, all those things have dogshit UX. yes, you’ll eventually find your way around them but you have to be motivated to endure them ugly and slow and unrealiable apps (comparatively speaking); you got that shit covered, your contacts do not.

    the situation is kinda like with The Linux Desktop - it’s competing with gargantuan corpos with unlimited resources, and to add to that, the miniscule dev teams aren’t working together, they’re competing between themselves, pulling in different direction (Gnome, Plasma, Cinnamon, etc.) with duplicated efforts and tons of abandoned paths. can you imagine where we’d be if all that dev effort went towards one goal?

    same thing with the messenger space, it’s doubtful any of them will become mainstream, but they have its uses.

    • mistermodal@lemmy.ml
      0·
      7 hours ago

      Wrong, XMPP is the only option that actually lets you talk to baddies on their phone number without them downloading a new app just for you. Aside from some kind of tortured solution such as AirMessage/BlueBubbles involving buying a literal Macbook.

  • CoconutCream@piefed.zipEnglish
    0·
    15 hours ago

    First of all, thank you for your recommendation. I was on the fence between Siskin IM and Monal, so I went with Monal to replace AstraChat.

    I’ve used Signal before and it was fine but I prefer not to give a phone number to open an account; there are other services that don’t require it.

    Speaking of services, I use Simple X, Session, Matrix and Delta Chat (occasionally). Most of my eccentric mix of family, friends and colleagues are happy to try something new or switch as long as it doesn’t require a phone number to sign up. They’re slowly leaving Signal, WhatsApp, Telegram and limiting access to their iMessage.

    In my experience, Session syncs very well between my devices which makes it my favorite. I chose FluffyChat over Element because of the App Privacy in iOS.

    • I Cast Fist@programming.dev
      0·
      17 hours ago

      I’ll be honest, most of the crypto/security jargon flies straight over my head, but Tim Henkes’ reply at the end, for fucks’ sake man. I don’t suppose xmpp has an alternative encryption to use instead of omemo?

      • TurkeyDurkey@piefed.worldOPEnglish
        0·
        17 hours ago

        Pretty much any encryption you can send over text. My favorite clients support PGP instead. But it’s up to the clients to implement envryption and not really the protocol I guess.

    • TurkeyDurkey@piefed.worldOPEnglish
      0·
      17 hours ago

      Signal is a much better recommendation when leaving Telegram. And the OMEMO implementation concerns are something I need to consider. That unprofessional response from one of the devs is not a good look at all.

      Though as a comment pointed out, control of servers is like the one main checkbox that I really need filled.

      On the point about clients not being OMEMO by default or enforced. This isn’t the biggest issue for me. I’m not doing crimes, but I still wouldn’t want my saucy messages to be read by server admins or third parties. Whenever I message somebody, I confirm that they are the proper recipient and are using OMEMO. And the clients I found myself comfortable with all support PGP key use instead. (That would be Cheogram & Gajim if anyone was interested.)

      This was a great read though, at least to me. It gave me some thoughts to consider.

      I’m gonna look into what kind of threats these improper dependency versions and such might pose. Hopefully by now most of these issues have been resolved.

      The biggest thing is getting people into the loop of “secure apps” before they really need it.

  • PiraHxCx@lemmy.mlEnglish
    0·
    18 hours ago

    If I could get a single person to use Signal instead of Whatsapp… or even the nerds I know to use matrix instead of Discord…

    • TurkeyDurkey@piefed.worldOPEnglish
      0·
      17 hours ago

      There two kinds of nerds. Ones that are actually curious to try new things, and ones that conform and sully the name. It’s like tech bros vs real IT professionals.

      • psycotica0@lemmy.ca
        0·
        14 hours ago

        I think the slightly more charitable division is “nerds who want to work on the tool” vs “nerds who want to use the tool to work on something else”

        Some people want their discord chat to work with little effort or errors because what they’re actually interested in is some video editor, or something. And if the chat is broken, it prevents then from getting to what they really want.

        I personally use XMPP, so this isn’t just to clear my own name, or anything.

  • Lunatique Princess@lemmy.ml
    0·
    19 hours ago

    Use simplex. Funny the cons you named about signal, people were arguing with me about a few days ago. (Phone numbers aren’t good for privacy)

  • extremeboredom@lemmy.worldEnglish
    0·
    19 hours ago

    Because it’s nearly impossible to convince friends and family to use anything other than iMessage or “the text app” on their phone. The process you’ve described is basically akin to swimming the English Channel for the general public. I’d do it. But expecting anyone else to is just a pipe dream.

    I’m already a social outcast and second class citizen for not using imessage. Asking my friends and family to install a whole separate app just to communicate with me puts me firmly in weirdo territory.

    • TurkeyDurkey@piefed.worldOPEnglish
      0·
      17 hours ago

      It can be tough trying to stick to good privacy and staying social. I can do it because I’ve set boundaries and have a passion for what I believe in.

      If somebosy actually wants to contact me, they join a privacy friendly platform, or just take my email. Most people my generation do not use email for instant communication, and neither do I.

      I’ve gotten myself to be someone people want to reach out to, almost entirely in an effort to promote/market FOSS. To be a likable, knowledgeable, and friendly resource. That’s how I managed to convert a lot of people. If I say anymore I really bet I could be identified from my post. 😆

      Tough pursuits will never be a pipe dream. It just takes enough time and grit. And a little mojo.

  • airikr@lemmy.mlEnglish
    0·
    21 hours ago

    I totally agree with you. But!

    But Signal from what I’ve heard really wants us to use their server.

    Signal doesn’t have their own servers. Instead, they rent servers from 4 companies, 3 of them is Google, Amazon, and Microsoft. So Signal is relying on Big Tech and if Big Tech decides that enough is enough, they can easily shut Signal down.

    THAT is what I find most terrifying. And why not use their own server? Not enough money, but they are working on it (good).

    And to make it a little bit worst: Signal depends on a third party company for sending out SMS. Your phone number is therefore handled by not Signal, but by yet another company, highly likey an American company. And they are against privacy invading companies at the same time they are one. Oh, the irony.

    You want sources? Sure.

    Don’t get me wrong, I absolutely love the idea of Signal. But there is flaws that makes Signal more privacy invading than privacy friendly.

    • pathief@lemmy.world
      0·
      11 hours ago

      If the worst part about Signal is having a third party send you an SMS to confirm your phone number then that’s amazing.

    • TurkeyDurkey@piefed.worldOPEnglish
      0·
      21 hours ago

      That’s the part that makes me nervous. If I get a bunch of people locked on Signal, then they take away services or change how they run the servers, then it would be a hassle to move people to a completely new interface.

      • airikr@lemmy.mlEnglish
        0·
        20 hours ago

        Yeah. Let say Signal goes down because of Big Tech and lets say that 50% of their users use Signal as their only messaging app. What will happen then? Hysteria!

        No, XMPP all the way for me until Signal becomes decentralized with zero external connections and when they also have removed the phone number requirement.

  • CerebralHawks@lemmy.dbzer0.comEnglish
    0·
    22 hours ago

    I use Telegram. Eek? It’s just my wife and I though. All these things I’ve heard about Telegram? Never actually seen them in mine. I have looked at groups, but I’ve only seen memes, crypto crap, and what look like scams (“post this in 5 Reddit threads to get invited to the actual group”). There’s nothing of value out there that I’ve seen. So I just use it to message my wife, because texting wasn’t good enough when we started using it (both our phones have RCS now) and I don’t use Facebook, and she doesn’t have an iPhone (so, no iMessage).

    I completely reject this notion that you have to pick one and stay with it. My messaging apps include iMessage, Session, Signal, and Telegram. I also have a fork of Telegram that lets me use it from my watch (as in, it has a watch companion; official Telegram does not). I also have Discord (need it for a couple things).