#Telegram has never ever been open source and secure. free and open alternatives: #Matrix #Riot or #xmpp

Signal

gibt noch ring und tox

Just don't use smartphone spyphone...

If on, tracks your location constantly. Only acts as a phone part time. So, should be called "tracker."

Also, speaking of privacy...

https://boingboing.net/2018/03/20/why-did-facebook-pitch-in-over.html Facebook fights against ballot initiative giving Californians more privacy. https://www.caprivacy.org/

I wouldn't use Riot. It shares your data with third parties. Take a look at its terms of use and privacy terms.
So far, the best option for me are decentralized/distributed networks, like XMPP.

Or use Ricochet on a regular computer. For XMPP on a regular computer there's Tor Messenger, which uses to Tor. Sign up for the account using Tor messenger or the Tor Browser, and only use it with Tor. Add end-to-end encryption with EasyGPG, and you're pretty secure. https://nerdpol.ch/tags/easygpg

If they really implemented E2E encryption, there would've been nothing to hand over...

Traffic analysis. The metadata. Who communicated with whom and when. That's often more important than the "content" of the communication.

None of which has to be "handed over" per se. Neither one of the messengers mentioned so far (except perhaps the solutions based on Tor) protect the user from that kind of passive analysis anyway.

tox! ...

Auf Heise und Golem habe ich dazu noch nichts gelesen.
Gibt es weitere Quellen?

https://derstandard.at/2000076501533/Russische-Justiz-ordnet-Entschluesselung-von-Telegram-an

gerade eben gesehen

@Miguel in Riot you have to opt-in to share anonymous usage data.

And the privacy terms of use are only for the default matrix.org server, not for your homeserver.
Read here the explanation of the head developer:
https://github.com/vector-im/riot-android/issues/1185

I wouldn’t use Riot. It shares your data with third parties. Take a look at its terms of use and privacy terms.

@Miguel (Diaspora) are you referring to riot.im or the riot app? I'm interested in more details.

@Theodotos Andreou, I guess @Murkas Wylander answered better than me. Anyways, for things to be clear:

• Many people (I among them) were rapidly seduced by Riot's performance, image, and the fact that it was distributed and free software.
• Then, someone warned about privacy conditions. Terms refer to webclient, Riot (the app) and "the services". So, at first (some of us read it around October-November 2017), we applied it to everything handled by the Riot project. We were concerned that a data-selling firm or just an non-reliable service was attracting people concerned by privacy and freedom.
• Since then, terms and privacy statement seem to have been reworded a little (it seems to me, but I am not completely sure). I don't find so many references to sharing information with third parties as I found them. This part used to take several sentences. It is not the case anymore.
• The current statement, connected to the information that @Murkas Wylander gave to us in that link, seems to be more reassuring than the first info I got. So, today, I would not recommend to avoid Riot.

This seems to have concerned many people (like the one we see on GitHub) and the Riot project probably needed to explain things differently. I am glad that Murkas pointed out that information. Once again, team work makes us stronger. We are better protected when we live as a community. Thanks to you all.

Thanks @Miguel (Diaspora) and {markus@diaspora.flyar.net}

@Murkas Wylander ^^

Beyond of what has been said about Riot, I would suspend any judgment on Riot until I have more information about the project. My questions as for today are:
- How will it evolve regarding interoperability with previously existing open standards? I think that compatibility with IRC is working well so far but I am not sure about XMPP.
- How is Riot project funded?
Do you guys know or have any experience on this?

@Miguel
XMPP bridges are still very alpha:
https://github.com/pztrn/matrix-xmpp-bridge
https://github.com/42wim/matterbridge

Funding:
https://matrix.org/blog/2017/12/25/the-matrix-holiday-mini-special-2017-edition/
https://matrix.org/blog/2018/01/29/status-partners-up-with-new-vector-fueling-decentralised-comms-and-the-matrix-ecosystem/

Thanks, Murkas.

@Klaus w.r.t. E2E encryption, right on!

It did not make sense to use end-to-end encryption if the smartphone spyphone OS comes from google / apple.

To protect your privacy, do not use smartphone spyphone with Android or iOS.

Which phone should I use instead? Maybe old Nokia 3310 and a WIFI only tablet with LinageOS?

@Murkas this is exactly why it was a significant blow that Ubuntu phone did not take off, so while I see your point (if you want/have to use a smartphone, basically there is no good choice), but Dera is right: you could be using the best messaging apps in the world, but at the end of the day, all the FSB or NSA would need to do is pressure Google or Apple for the keys, because the keys are on devices that are under full control of these companies. An abomination, true, but a fact of life for the time being.

i think that lineageOS without GAPPS is OK - but sure i cant wait for the purism librem 5 phone.

To protect your privacy, do not use smartphone spyphone with Android or iOS.

if you want/have to use a smartphone, basically there is no good choice

You seem to be unaware of how easy it is to use G-free Android nowadays.

actually is LINEAGE OS the best choice, together with a bunch of useful open source apps - get them from https://f-droid.org

ad superSU, activate developer tools, activate ROOT, install ADAWARE & AF+WALL ... the first steps ...

there are more free ROMS, but no one is useful like lineageOS :)

@Debacle Even if you can't get anonymous SIMs, in my country it means that a telco will have information about 0.5-1M users directly and up to 3-M users indirectly (numbers called/messaged from their own subscribers). I would be thrilled to live in a world where that was as bad as amassing information and power gets, but sadly, we now live in a world where we're talking about hundreds of millions and billions of users in the hands of a single corporation, which is much worse than a government (can be sold tomorrow to whoever, much less regulated etc.).

As for Cyanogen, that's probably better than a factory Android phone without connecting it to a Google account (which is the way I use my phone), but you still depend on binary blobs to take a picture, to hear sound, to determine your location etc, and corporations - whether Google, Samsung or whatever - are the ones who write that code the way they want it.

In other words, there are many links in the chain - hardware, OS, apps, network, to simplify - but with regard to privacy and security in general, the difference in privacy between "no safe links" and "nearly all safe links" is unfortunately small. What's needed is "all links trusted" and there is no such thing on the market, AFAIK.

@Debacle That's fine as long as it works for you, but the platform is quickly becoming a prerequisite of meeting such basic needs as human connection, companionship, organisation of communal life etc. And it'll get worse before it gets better.

Smartphones, thats a train noone can stop anymore. Not so soon they will be bionic, fully integrated in our brains. We then can be anywhere at any time we want. The big question is, who will be in control of the Matrix?

@debacle@framasphere.org So the internet is a tamagotchi? Smartphone is only the means of access to the net, I just pointed out that the devices to access the internet will evolve, as they constantly did the last 20 years.

Do we want to be always connected? Yes, because of FOMO. We dont care for free software, as it seems software is already "free" (Facebook, Chrome, Gmail etc).
With "we" representing the mass of the people.
Education is the only way out of closed source software.

My personal choice is to not have any mobile phone, but that is not related to privacy

My citizen choice is to not have a smartphone spyphone. Only a mobile phone, because this is a matter of respect of privacy and basic freedoms.

Do we want to be always connected?

No! Privacy is a right. The right to not be always connected, but also the right to be connected with privacy.

Do we want to use devices that are not working well with free software and are not under our own control?

In free societies, no! In societies where basic freedoms are respected devices run free software and are not under control of someone else.
Are the laws (its societies rules) written in a black box, where public can not reach them? Rules are transparent, digital rules, digital code must also be transparent.

Do we want to have the freedom to use only the technology we find ethically acceptable?

Yes, of course! The freedom to choose.

Do we want to be always connected? Yes

Actually, no! Some are not within the mass ;-)

We dont care for free software, as it seems software is already “free” (Facebook, Chrome, Gmail etc).

You are right: citizens are not aware about this matter: free or not, we are the product. Here is the problem. True, the mass of people is still blind, that is why we should fight capitalism, which makes citizens blind using attractive, superficial, artificial promotions / products.

Education is the only way out of closed source software.

I agree!