Follow

If you choose a messaging app, make sure it follows most or all of the following criteria:

- full client and server source code available (even better: plus reproducible builds)
- decentralized or federated
- end-to-end-encryption
- 21st-century messaging (emojis, replies, direct messages, mentions etc.)
- end-to-end encrypted audio/video calls (optional)
- independent security audits (otherwise your encryption will suck if it didn't see more than your own eyes, also never implement your own encryption if you're not a cryptographer)
- server location in the eu (or even better: self-hostable on a pi)
- minimal amount of metadata (even better: encrypt metadata)
- no phone number required (even better: randomly generated identifier á la icq)

Telegram and WhatsApp will fail this check.

@koyu most mobile messaging apps fail this check in one way or the other

@absturztaube @koyu maybe I will make an app in the future that will pass this check

@LunaDragofelis @absturztaube mastodon will get e2e in dms soon so maybe use that so we already have a starting point ;)

@koyu @LunaDragofelis can you link me the MR?

am usually not convinced of doing encryption inside the browser since there are usually several problems with it. the cryptolibrary has to be provided by the server which means that it can be compromised. also the keys would have to sit around in the browser which is not really the place where i want them to be.

protonmail has a similar issues (there was some paper about it but i can't find it rn)

i mean its better than nothing, just some things to really think about when done in this way

@absturztaube @LunaDragofelis right now it's just an api, a ui for that would be plausible, but there's no reference implementation yet: github.com/tootsuite/mastodon/

@LunaDragofelis @koyu i'd love to see more messenger apps that try to pass this check

@absturztaube @koyu maybe I will make it part of Cosmo, a fedi kit I plan to make in the long term.

@absturztaube @koyu Planned features:

- Shiny new protocol (unless I can extend ActivityPub to include all features)
- Smart attachments (applets)
- Groups with channels and threads
- E2EE DMs
- Hidden network support (later feature)
- Friending separate from following
- Circles
- Comment moderation for the OP
- Dislike button
- Edit button (not even big, corporate Twitter can pull this one off, lol)

@LunaDragofelis @koyu
> Smart attachments
what do you mean by that?

> Hidden network support
you mean something like routing through tor i guess?

> Circles
like google+ had?

> Edit button
not even fedi has pulled this off correctly. delete and redraft isn't an edit

otherwise that sounds really good. go for it
@absturztaube @koyu
  1. Smart attachments
    Attaching applets to posts, for example a little map, a minigame, an image gallery etc. The applets are defined by the server (instance), and only the post-specific data is stored with the post.
  2. Hidden network support
    yes
  3. Circles
    also yes
  4. Edit button
    There's actually edit functionality in ActivityPub, but Mastodon deliberately didn't implement it to imitate Twitter
@LunaDragofelis @koyu ah i see. sounds very interesting.

i know there is an update thingy in AP. its being discussed for pleroma too and i'd like to have it
https://git.pleroma.social/pleroma/pleroma/-/issues/1429
@absturztaube @koyu what about https://getsession.org/ ? Its an Signal Fork, but fully open source, only ids, routed via loki. :thinkingwithblobs:

Tho I am not an Expert, so i might oversaw something.

@koyu I don't think that any app will pass this check, this is just a dream

@koyu Matrix checks a lot of these boxes, tho I'm not sure if they already had security audits

@pixel @koyu and they also don't encrypt metadata nor store a minimal amount

@pixel @koyu There are 1500 hackers using it at HOPE this week, that's almost the same thing 😂

@neil @pixel i'm pretty sure they had security audits

@koyu
What does a federated messenger mean? Is XMPP decentral or federated?

@tommy sorry, i meant federated or distributed

Sign in to participate in the conversation
koyu.space

A cozy space for everyone (* ^ ω ^) ✨


This server doesn't have a specific theme or topic and everyone is welcome to join :)




What sets us apart from other Mastodon instances:

  • Custom theme
  • Stickers
  • Clean local timeline
  • Optimized interface for content creators
  • Great uptime
  • Podcast app with a complete podcasting platform
  • Fast and helpful support team
  • Strong prohibition of "cancel culture" and other bad social constructs



Server Status


Donate using Liberapay