I understand that it may be problematic sometimes but this was very smooth. I didn’t even say anything.
A: what’s your number for the whatsapp group Me: I don’t have whatsapp because of facebook. B: ok, we have to use signal then A: ok
And that was it. Life can be very easy sometimes
Surprised that happened. Very rare to see that these days.
Maybe OP works on infosec and the team was like yeah, makes sense?
Let’s say I work in an IT area (but not infosec)
Should have used Matrix
No, Matrix isn’t the best in terms of privacy. It is a metadata disaster and most other platform are a lot more performant.
Matrix’s E2EE does not, however, encrypt everything. The following information is not encrypted: Message senders, Session/device IDs, Message timestamps, Room members (join/leave/invite events), Message edit events, Message reactions, Read receipts, Nicknames, Profile pictures
Matrix is developed by a for profit entity, a group of venture capitalists and having a spec doesn’t mean everything. The way Matrix is designed is to force into jumping through hoops and kind of draw all attention to Matrix itself instead of the end result.
XMPP is the true and the OG federated and truly open solution that is very extensible. XMPP is tested, reliable, secure and above all a truly open standard and decentralized it just lacks some investment in better mobile clients.
What most fail to see is that XMPP is the only solution that treats messaging and video like email: just provide an address and the servers and clients will cooperate with each other in order to maintain a conversation. Everything else is just an attempt at yet another vendor lock-in.
People need to get this through their heads, XMPP is the only solution for their problems.
People need to get this through their heads, XMPP is the only solution for their problems.
On the contrary, you need to understand that your own needs and priorities do not match everyone else’s, and that XMPP is not a good fit for every use case.
(Your rant was amusing, though. I hadn’t seen one like that in a couple weeks.)
While I agree with your point just tell me what Matrix does better? It’s better at being overly complicated? Or at being more propriety?
Nobody owes you their time or their patience. If you want help understanding something, I suggest you tone down the fearmongering, manipulative, adversarial comments. If you’re just looking for a fight, kindly go elsewhere.
Convinces clueless FOSS communities to move off IRC. Onto a unusable protocol designed around netsplits they never cared about, yes, but it’s n o v e l!
XMPP isn’t any better in terms of metadata. OMEMO is an afterthought that slaps on to XMPP. Many metadata are still attached to the message. The threat model only protects the content and doesn’t guard aginst metadata and traffic analysis. Even OMEMO extension is still in experimental status. Not to mention, users still need to signup an account using their email.
Honestly, I think SimpleX is better in everyway. No account required, minimal metadata (at least from the technical whitepaper and other sources I read), fully open source (AGPLv3), an ok mobile and desktop client, and audited. The register friction is almost non existance. You just need to install, set a name, and off you go. The only worry I have with them is they took VC funds.
ADD: XMPP is still better for company internal communication, especially when compliances require conversation archiving.
I think SimpleX is better in everyway.
A few SimpleX shortcomings beyond what you noted, in no particular order:
- No multi-device support.
- Adding contacts requires sharing somewhat large links (as either text or QR code) which can be inconvenient.
- Messages are lost if not retrieved soon after they’re sent. (I think it’s 21 days by default. I’ve had vacations longer than that.)
- No group calls.
- Group messaging is full-mesh, meaning that as a group grows, the network traffic will balloon faster than it would with any other topology. This is generally bad for high-traffic groups, but it might be okay if they stay small or everyone always has great unmetered connectivity.
- The claim to not have user IDs is misleading at best, and outright false in group chats.
- The desktop app uses Java, which will be unappealing to more than a few people. (To be fair, several other messengers use Electron, which is also unappealing to more than a few.)
It does have some neat design ideas. I don’t consider it ready for general use, but I look forward to seeing how it develops.
agree with your general sentiment. I’ve actually been using it and its very rough around the edges, in addition to being “slow” feeling overall, and I’m just testing it out between one other person and myself on other devices. it’s not something I can recommend to anyone yet, but definitely keeping my eye on it.
XMPP is way more open and interoperable than all the solutions available, it works like email any user can can talk to any other and doesn’t depend on a some proprietary / closed service centrally owned by anyone. That’s a good selling point.
XMPP doesn’t really force users to sign up with email address, it just happens that XMPP addresses use the same format, many public servers will give you an address like username@server.example.org that is never mapped to a real email address and only works for XMPP. The decision to actually ask people for their real addresses is up to who owns the server and won’t be directly exposed on the XMPP network.
Omemo sucks
XMPP is great but it’s dead.
It is as dead as we want. There’s no reason to reinvent the wheel, probably the only thing that XMPP lacks is a bunch of money into a very good, cross-platform (but native) client like Telegram has that actually works 100% of the time and a bunch of large scale public servers to handle regular users who don’t want to host their own. Also… easy registrations and setup on said client.
For a regular user and most privacy aware people, they just don’t care if the protocol is Matrix, Signal or XMPP - they just want a good end user experience and a solid thing, that’s what XMPP lacks today and it’s all client side.
Bottom line is: XMPP as a protocol is great, lacks someone with vision and money to drive it into mass adoption.
Does XMPP support voice/video calls?
I’m pretty sure an encrypted chat platform is possible with ActivityPub. In fact, sup is an instant messenger that will be encrypted and federated using the ActivityPub protocol. It’s being made by dansup, the creator of PixelFed.
For a team of 20 people matrix is way overkill imo
XMPP on the other hand…
I once setup a entire matrix server for my school club that comprised of 4 people because one of our members couldn’t use discord lol
deleted by creator
There would be room for expansion. What about an IRC then?
Depends. Since this is seen as an out-of-band coms option for work, there is a good chance you will want encryption for only folks in the room either for accidental company secrets leaked or to shit talk folks outside the room. IRC, the best you get is TLS.
I’m going to join OP’s company next and say I can’t use signal because phone companies. Then they’ll upgrade to Wire or Matrix
Not great
They only realized that when he said that? What a weird infosec team. I guess they also could use SimpleX if they wanted the most secure, private and anonymous option, but I think Signal is pretty well balanced as a messenger. Good privacy and usability.
I think you’re over estimating people who works in infosec. All the people I know that work in infosec in corporations are just regular windows support people assigned to keep the security updates on day.
There may have been discussions around it beforehand. I didn’t ask why it went so smooth.
What you didn’t realize is that your value to the company is way more than you realized.
Often times people have resolved all the rational arguments to act on a decision but lack on an emotional excuse to figuratively pull the trigger. I’d bet on someone high up had already made up their mind and you not using WhatsApp was the perfect excuse to just have the whole team finally migrate.
At first from the title it seemed like they changed app to avoid you
yeah, that was funny. Creating a group without OP wasn’t enough, they had to change apps lol
That’s exactly what I thought as well from reading the headline. It definitely could have been worded better.
I wouldn’t be surprised if that’s how it plans out.
A regular group chat and another signal one for when you specifically need to talk to OP.
yeah, some title gore going on here.
Before Signal made the boneheaded move of removing SMS support, it was so much easier for me to pitch the idea of using Signal to my friends and family, most of which eventually did make the shift from SMS to Signal messages for reasons like ease of use when it came to group chats, sending images/videos, voice clips, etc.
But now? Now it’s one of those embarrassing moments where I hear back from people basically all saying "your tech recommendations are usually on point but uh, what happened with Signal???" because the app just abruptly stopped supporting SMS and ruined the seamless appeal. SMS support was the perfect way to ease people into shifting towards Signal messages and now the only damn people I know who still know Signal are my most privacy-minded friends/family, while everyone else has switched back to WhatsApp.
Clearly I’m not bitter…😅 But I mean like, come on. I had the most notorious luddites in my social circle make the switch to Signal and they loved it. The shift from SMS to Signal messages was so smooth so many of them didn’t even have that "I miss [SMS stuff]", plus they LOVED that Signal could be used on their laptops in addition to their phones. Ahhhhhhhhhhhhhhhhhh this annoys me so much.
I totally agree. And to make matters worse, one of their arguments was that supporting SMS was taking resources away from developing other features. But what mind blowing features have come out since they dropped SMS? Usernames, I guess, which they were working on anyway. New app icons…
Why did they remove SMS support?
Think it was related to the messages being insecure and signal didn’t want people to be confused.
If your using signal your messages should be secure. SMS messages aren’t secure. It may have been clear to you when Signal send an sms or an encrypted message, but they need to cater to everyone.
That just feels like shooting themselves in the foot. Just inform the user SMS isn’t secure. That’s it.
Not being willing to trust the user with the information so they can make a choice is asinine. It’s the same reason why I stopped using Tuta. Complete privacy and security are great but if there’s no option to make things a little more open for the sake of convenience or interconnectivity, I’m just not interested.
Security and privacy shouldn’t be a prison.
You can’t target UX to the average person. It won’t work for most people. You need to target those that struggle with technology the most to make it accessible.
Signals main unique selling point is its security, not its ease of use. If people fall into useing signal in a insecure way, it can be hard to say signal is a secure messaging app. As many people may be using it insecurely.
Which is a BS argument because the app was VERY clear about it
I think you underestimate how oblivious many users are when it comes to using software.
Honestly that was the initial appeal. Grandma didn’t notice or care that the old SMS app was hidden & just thought there was an update. That ignorance meant she was talking in an encrypted fashion where possible even if accidentally. And since you will need a SMS app anyhow for OTP & other one-off notifications, might as well have it all in one spot. The fact it is different is probably more confusing to some users.
And without that appeal, the missing server code history, the US government funding, centralized service, the requirement of a SIM card (which many places now require ID to get so they can register you in a database), as well as the requirement of bowing to the mobile duopoly (can’t use the service if you have a KaiOS, Linux, or other phone—or without a phone), I don’t know there is much of an appeal. In hindsight, I wish I hadn’t gotten my family on it since I would love to ditch Android.
https://www.howtogeek.com/787957/why-sms-needs-to-die/
SMS is bad, and on the way out. Besides that, I barely noticed when Signal stopped allowing SMS.
I guess in some circles it matters, but seems like most people use messengers nowadays.
Bad? Yes, on the way out? Maybe(mostly gone outside the US), but it’s really slow here in older less tech savvy demographics.
I guess what I want now is a client for both protocols that works like the old app. That would cater to me - I don’t remember which person is on which app so I keep ending up on SMS because it has everyone.
Yup
What were you using SMS for?
SMS is still the dominant message format in some countries
Doesn’t every phone have an SMS app? What’s the benefit of having SMS in signal?
the core benefit was in adoption. it was easy to get parents, for example, saying that they jist have to bother with one app for all of their messaging.
the minute they have to contend with sms and signal, they don’t mind adding whatsapp in the mix as well.
Conversely, they do mind having multiple apps and only send sms
I mean, if the main draw-card is convenience, then signal isn’t going to have much holding power (especially when combined with the network affect problem and attentions grabbing design of other message apps).
Signal will only really succeed if there is a critical mass of people in your circles who care about security to some degree (it works well for me for this reason).
Not having to guess which app has the person you’d like to contact.
The benefit is that Signal displaces the default sms app and is also Signal. Rather than having to jump between 2 apps.
Well, they partly took that “feature” away because people thought they were sending encrypted SMS messages which is not true. False sense of security.
They just took the secure high road and ditched SMS. It also made the app leaner with a smaller attack surface.
I think they did the right decision. Signal is the secure choice for the masses.
Having said that, I’m using Molly-Foss as it has less footprints, no Google messaging framework, leaner than Signal, with no crypto payment, and an encrypted database at rest.
Sms is also not secure, kinda not what signal is…
Signal started out as textsecure, an sms/mms app that encrypted your text messages. It quietly started sending messages over its server at one point after an update, but before that sms is what it was about.
That’s interesting, I was always under the impression they were moving away from sms because they wanted a more secure client.
But you are already on Signal.
Also I live in a country where SMS is very common
I have a feeling B wanted to use Signal, but expected it to be difficult to make others shift. When OP gave the opportunity, B came in and swyped it right away,
Exactly my thought as well
This headline sounds a lot funnier if you assume “it” means Signal, like I did.
Fuck this one guy in particular.
Still, you were lucky that your colleagues are aware of alternatives and will use it (I hope). I wonder though if people will migrate because of you. Its tough to encourage others to communicate Signal while majority use Messenger or Whatsapp. Their reasoning for that is the most friends and family member are on mainstream solutions.
Signal is an interim solution imo for most people, which I also recommend. Not too extreme, not to “geeky”, which introduces them to alternative app world.
What did you do to offend them?
I first read it that way too.
If i ever get a job and have to use whatsapp, im using to use all those stupid stickers in every message i send
Pretty much the entire world, except the US and Canada, is WhatsApp based. Every job chat, every message you send, it’s all WhatsApp. Heck to pay for parking or to get immigration visa services from the government, it’s mostly WhatsApp. And yes you can send stickers.
Sometimes Lemmy loses perspective that the way 300ish million people do something is not that relevant to the other 7500 million.
Popularity has little to do with quality. And that applies to iMessage as much as WhatsApp, Facebook, or any of the other communication channels that dominate due to network effects and switching costs.
I don’t disagree but don’t let perfection get in the way of good enough. SMS and standard email etc are all unencrypted. WhatsApp is encrypted end to end. You may not trust meta, or like them. But that’s millions time better than SMS or email.
Getting your parents on WhatsApp is a huge awesome step. Getting them to telegram or Signal or whatever else is a minor step comparatively.
The former Soviet Union, China, Korea and Japan are big exceptions to this though
I’m currently in a former USSR country on holiday and everything is WhatsApp and Telegram. Delivery drivers to government services.
Japan is still on floppy disks attached to carrier pigeons.
China is WhatsApp for every non Chinese even with the ban. Wechat for everything else but you need a Chinese mobile.
Korea surprisingly is using WhatsApp more than even prepandemic. Almost all my Korean friends are now WhatsApp versus like 1 just 5 years ago. Telegram is also popping up there.
But point taken. A few bubbles of differences but WhatsApp really does rule supreme.
Most of southeastern Europe uses Viber as the “default messaging app”, so it does vary by region.
I don’t know what pretty much „the entire world” you’re talking about but Im pretty sure whatsapp has no official uses in this little known continent called Europe.
bruh what? Italy a lot of towns have a telegram and a whatsapp channel. Everyone uses whatsapp here and it’s similar in Ukraine, Ireland, and several other places.
But for official „visa” and similar uses?
not for Visas but we do use it for several public uses.
😎🤙
Why would a workplace need a group chat? Aren’t there any enterprise tools in place to achieve that?
Small companies and startups like to save money
Cannot access work intranet (Teams etc.) from personal phones. Don’t have work phones. They all use WhatsApp so reluctantly, so do I.
In these companies, does anyone check the licenses in details to make sure using them is ok for the company?
Meta will get at least the metadata: meaning they will record who was in which call connecting from where.
For example, if one member is visiting a client, Meta may be able to infer the relation between the 2 companies.
If any of the people in the room click “report”, then the discussion is sent for review without the encryption protection
I’m pretty sure their user agreement translates to “you agree to let us do whatever the f*ck we want with the data you’re purposely disclosing to us”.
And last but not least: if Meta decides to wipe the archives, any info get lost?
There a reasons large companies ban unauthorized apps to talk about work.
Like I said, it’s for us to talk about shifts and what have you.
I would never join a group chat like that. If they need to get ahold if me after hours, they can call me.
BTW Teams doesn’t live on Intranet. There’s no reason they wouldn’t be able to open up Teams to BYOD beyond incompetence.
I know Teams doesn’t live on the intranet, but I’m not going to put work software on my own phone. Policy needs it to set up a work profile and I then can’t use fingerprint, face or a 4 digit pin. And all the shite that flows through Teams would be be piling up, just like it does on the PC at work, brilliant when you’re only in a couple of days a week. They want me to use a phone? Provide one.
The WhatsApp group is for us to send updates about traffic, if someone can cover a shift etc. it’s not an official work thing. I could of course not use it and just text people. That’s really just making my life difficult whilst sat up here on my high horse with a self righteous look on my face, whilst I miss the chance of an extra shift.
Denying putting work stuff on your phone is absolutely valid. The company should provide a company device in that case. And if you do agree to put company data on your phone, they should give a monthly stipend towards your phone bill. That’s how every org I’ve worked at has approached it.
That requires a business login on your personal device, which is typically against company policy.
Although, so should be sharing work info outside of corporate channels, so what do I know.
Really depends a lot on the groupchat. I was apprehensive but it’s quiet there and overall the things that get sent there are either in office hours (e.g. “internet might be out intermittently we are working on a fix”) to links to pay for something someone paid for outside of work like food or drinks.
I don’t mind it that way, maybe once a week a couple messages
Emergency team chat when there is a outage of corporate systems
Chat for social work stuff like team building or off-site gatherings.
Being about to shit talk about corporate stuff off the reservation is nice.
It can be a big sms group chat, signal, discord, whatever your team likes.
…to which for privacy reasons your team shouldn’t like SMS, Discord, Telegram, Slack, and probably even Signal (somewhat for privacy, & more for accessibility)
What do you recommend?
XMPP. A business can self-host, there are public servers, or there are many businesses which offer customised xmpp hosting as a service.
I can be federated with other xmpp servers or be a locked-down work-only service, or federate with chosen other servers (such as a client company’s xmpp servers).
The main problem is, you need to have someone good enough to setup a proper firewall when selfhosting.
Sure, it might not take $$$$, but it will take $, which is definitely more than nothing.
If that’s the main problem then that’s easy to solve! Simply use a free public xmpp server.
I mention the self- and paid-hosting options because businesses tend to like having a sevice agreement backed by a contract, and may have additional specialised requirements not provided by free services (xmpp or otherwise).
Snikket exists for this type of user. If money is an issue, since XMPP is actually lightweight unlike Matrix, you can host multiple things even on the cheapest VPSs so it isn’t dedicated to one taskl or self-host out of your home (which is what I do, but also with some small sites, a feed aggregator, Mumble, terminal sharing, Darcs/Pijul version control systems, & Nix remote builder).
Skill issue, not money issue.
But when you are a business, everything can be converted into a money issue.
I used to work for a small PPI claims management company. Our accounts team had a WhatsApp group for social discussion outside of work.
All of our internal work comms were handled through Slack.
I wish my family was that easy to change, and there are only five of us.
In all my years of not using WhatsApp this has never happened to me lol. At best I’ve gotten some people to message me individually on Signal but not entire groups
Do you have a vacancy?
these 20 people are awesome :D
Wow, congrats.
dream team