We really need to stop recommending Keybase to people, the codebase is not maintained at all (the github activity is a flat line) so the crypto should be considered obsolete. From what I can tell, it was designed to show off the skills of the devs for acquisition/hiring and now it has been acquired.
As if XMPP does not even exist… doesn’t give me much confidence in how well this is researched.
I think they’re aiming at a more general market, that needs a nice UI to use the product. Also, XMPP is not encrypted by default.
XMPP is very much e2e encrypted by default. It uses the same system as Signal in their OMEMO implementation, which is widely supported by XMPP clients.
And clients like Conversations also have a really nice and mass market compatible UI.
OMEMO is not default. Even in the list you linked, half of the clients do not fully support it.
It is the default in the clients that cover like 95% of the user-base.
I think it’s supported but not turned on by default. At least when I tried conversations recently it was not default in one on ones, and not available at all in group chats.
Odd, for me it defaults in 1:1 chats, when was the last time you tried?
For group chats it AFAIK is enabled automatically if the group-chat creator has made the right settings for it to work (OMEMO can not work with pseudonymous chats and history disabled).
I think it was maybe a month ago or so.
OMEMO can not work with pseudonymous chats and history disabled
OMEMO works fine in a private group chat, it’s disabled in public channels as there’s no point doing encryption there.
Conversations UI can be MUCH improved to compete with the looks of some other common chat apps like messenger and imessage imho.
Conversations actually follows the Material guidelines from Google. Which puts it in an odd spot in that It looks “too new” for those that want a classic look, and “too old-fashion” for those that want a flashier look.
For me personally, it doesn’t look horrendous and it works, so I’m happy with it.
XMPP is very much e2e encrypted by default
Please do some research and stop perpetuating this myth.
- XMPP is not E2E encrypted by default.
- Conversations does OMEMO by default.
- There isn’t a single other XMPP client out there that does OMEMO by default, not one. They have support for it, but they very much do not enable it by default.
- Every time a friend of mine uses a different messenger, I have to remind after getting a load of unencrypted messages to hit the damn padlock icon in their new client.
So compared to other messengers that have only one single official client, how is this any worse? If you use Conversations it is the same but better.
Easy, it doesn’t help if your friend goes onto discover another XMPP messenger (cause they want their messages on their laptop/iOS or something else).
There’s no global OMEMO option for these either, you have to remember to enable OMEMO for every single conversation. The community has been asking for this for years on github, but the developers just never bother to enable it.
How is that worse than Signal, Threema or Whatsapp where no such clients even exist?
Nobody in my family is going to configure their chat app to use XMPP. So yes, it exists. But no one is using it.
Ask them to try https://quicksy.im/ Super easy and with phone-number discovery as well.
P.S.: There are using XMPP already, if they use WhatsApp. Switching to a proper XMPP client will be an even better experience.
Will definitely have a look. And of course, I meant “using XMPP on my own, secure server”. WhatsApp requires no configuration, the XMPP server I use is a different story. It was hard enough to get them to move away from WhatsApp, imagine asking them now to use yet another one. But thanks for the link, will definitely be looking into it.
Although Matrix might have a few kinks in it, I still think it’s the best choice for privacy-concious messaging. They seem to be coming up with good ideas; bridging for one is kind of functional, and I like the concept of federated systems. There also seems to be a good community around it, with lots of good libre clients in particular popping up.
Matrix is ok from a decentralization point of view, but privacy isn’t a strong point of it and if fact seems more of an afterthought conflicting with many early protocol design decisions.
Signal is by far the best of all.
I fully agree. That is exactly why I chose Signal.
Element/Matrix is a particularly strong choice for privacy enthusiasts, although its niche user base severely hampers its practicality as as a WhatsApp replacement.
just use session
