By “shared” servers I mean hosters like https://tchncs.de/en/ who offer a bunch of services (they do a great job at it by the way) including Matrix and Lemmy.
I’m thinking of moving my close family to a Matrix chat over there, but I guess long term they might have to implement the ChatControl scanning.
This whole thing is just stupid.
p2p im:s like cwtch and jami come to mind
By the way, if you are using Gmail for Email, have files stored on GDrive, OneDrive (Documents are by default in OneDrive on Windows) or iCloud, use Messenger, Whatsapp, Skype, Snapchat, Xbox or Instagram to communicate, your files and messages are already being scanned for the last 5 years, since 2021.
ChatControl was already voluntary, and the products I mentioned villingly joined and are already doing it. For most of the people suddenly complaining, not much actually changes. They could do something about it for the past 5 years - not use the apps that do it, but “I don’t want to install another chat apps, I have everyone on messenger” have been forcing people like me to choose between privacy and having a way how to contact friends and familly. And I’m 90% sure that most of them vouldn’t switch even if this new law did not pass.
Anyway, if you haven’t already, look up “Matrix ansible project”, it’s an extremely easy way how to set up a server, with awesome guides and actually a very robust implementation. It will save you a lot of time. I"m just paying 6$ a month for Hetzner cloud, and setting it up took like an hour tops.
Self-hosted open source solutions will always be an alternative, the major problem is that they will soon ban side-loading of apps to phones, so you won’t be able to install a FOSS messenger that connects to your solution, or a browser that doesn’t scan you, unless you have something like GrapheneOS.
unless you have something like GrapheneOS.
I’m glad I just got it installed!
just install LineageOS or but a fairphone or vollaphone or shiftphone or furyphone with it preinstalled. or get a linux handheld device like the comet or pinephone or precursor et al
there is no using exploitative tech without financially running off a cliff. sooner you change the better
Good point about LineageOS. I’m just afraid of bricking the devices.
Hopefully this announcement will still push people to FOSS messengers.
I personally moved most of my data from Google and Microsoft around 2 years ago. Sure, they still have the data until 2021, but there’s no time machine, we can only act on the present.
“Matrix ansible project”,
My main issue with Matrix is the onboarding process. I just tried myself with two accounts, one on Fluffychat, the other on ElementX, the verification process is buggy (didn’t work the first time, I had to restart the apps for it to work), and even after you verify, ElementX will still show FluffyChat messages with a red warning because “this message has been sent from a device not verified by the sender”, while there is no way to verify the device on FluffyChat.
And I had to use FluffyChat as multi-account is still not available in Element X.
Anyway, I just set up DeltaChat on my girlfriend’s phone, we’ll try in out in the coming days. I keep an eye on second-hand Pixels with GrapheneOS, but one step at a time.
To be honest, I’m only using Matrix for the bridges into every other service, so I can talk to people on messenger, signal, telegram, discord and whatsapp through a single app, the Matrix client, so I at least don’t have spyware on my phone, even though they’ll get my messages. And E2E encryption doesn’t apply in that case, so I never had to deal with it.
With self-hosted solution, your main advantage is that you can simply create the accounts on the server side, and don’t need any verification. After the first login, it usually asks for every new device, that you have to confirm the session on a device that’s already confirmed, but I never had issues with that.
But I don’t have experience with actuall Matrix to Matrix communication, I just used the bridges. Haven’t tried DeltaChat yet, but tbh I’ve just given up convincing people to switch and am glad I can at least have the bridges working, so I never have to login or use any apps or websites of FB/Discord/whatever.
XMPP/Jabber comes to mind. You can self host or pay for hosting on a service like Snikket. The protocol supports OMEMO encryption and you can use whatever client you want (Cheogram, Dino, Gajim, etc) on any platform like android or linux. Cheogram is even coming out with a web interface for it, and it supports calling and video calling.
Threat model wise, whatever server you pick would have to be targeted directly, and would therefore be immune to sweeping regulation that directly targets big hitters like Signal. And if you pay for servers outside the EU, even more so
Thank you. I had a look at XMPP a while ago, but now DeltaChat seems a bit modern and with built-in encryption compared to OMEMO.
I just set up an account for a friend on their phone, the thing took 5 minutes, definitely nice than the Matrix experience.
i adore deltachat and arcane chat
Yes, they are really growing on me
RFC 1149, unironically.
My family is technologically illiterate, and there’s nothing I can do to impart them OPSEC with.I don’t quite get what you’re asking. You can use any chat app that works, just don’t expect privacy with current tech unless you’re a pair of trustworthy cryptography experts using secure devices at both ends. Near future tech should make it more possible for regular everyday tech users to achieve what an expert could do today
I want to avoid messaging apps that will be scanned. Seems likely that Signal will be part of it.
In the risk analysis, providers must check whether their services can be misused for the dissemination of abuse material or for contacting children. There are to be three categories for this: high, medium, and low risk. Providers in the highest category could be obliged to participate in the development of risk mitigation technologies.
We can anticipate Signal and co. will be part of the high risk category and assume the risk mitigation tech will be aimed towards breaking encryption. Especially since this new agency will be interfacing with Europol. I don’t see this as a win or even a draw.
https://feddit.org/comment/10169945
you’re a pair of trustworthy cryptography experts using secure devices at both ends.
As a lot of people here, I’m usually the IT/tech reference person in my family, so if I suggest to move to DeltaChat or Matrix, I’ll just take their devices, set it up and we’ll use that from now.
I have been looking at a real WhatsApp alternative, this was the last push I needed.
Moving away from WhatsApp might reduce how many people can access your messages, but you can still assume your messages will be scanned and indexed no matter what app you use
I’m actively looking at used Pixels with GrapheneOS installed, they aren’t that pricy these days, but even without those already getting rid of the app-level scanning would be an improvement.
I beat you to the punch there 😉
If you get a Pixel with GrapheneOS preinstalled, please please PLEASE do your own fresh installation of GrapheneOS anyways. You can’t trust what some third party may have done with it before you get it.
Of course, that’s the plan. Having it preinstalled is just to make sure the device was able to run it before I reinstall myself.
GrapheneOS probably a big step for reducing the number of people with access, I think
It’s definitely going to be context-based:
- I don’t mind getting used Pixels for my parents and my sister
- DeltaChat allows to create several profiles, so I can at least have one profile dedicated to chats with my family where everyone uses a secure device
- for other stuff, I accept that it will be scanned, but it’s less critical
Tox protocol ( its build on tor) Any p2p messenger using this protocol.
