• 22 Posts
  • 71 Comments
Joined 4 years ago
cake
Cake day: June 29th, 2020

help-circle
  • yep, but not only decentralized, I remember the issue about a company claiming they could extract Signal messages from the phone, if they were able to overcome the phone encryption (easily if the phone is unencrypted, though I believe LOS AOSP in general don’t allow unencrypted phones fro quite some time now)…

    I’m wondering if p2p app also suffer the same. I honestly have no clue, but I would guess it should be the same, unless you provide a decrypting password or mechanism any time you open the app, to decrypt keys keeping the contents encryupted (supposing it keeps some sort of agent when opening, so you don’t need to keep decrypting the keys while the app is open)… Perhaps they don’t do it by default, but AFAIK, briar, jami, antox and triffa were not having content encrypted in the phone, and I’m not sure if there was an option to opt-in for such encryption…

    Going back to xmpp, the same mentioned on the post, applies to the desktop apps, for example, I’m not awae of Dino, Gajim or Kaidan encrypting local content… I’m wondering if there are apps doing that by default, and perhaps without opt-out mechanisms…

    That’s why both, the phones and the desktops/laptops/mobile/etc, require to have the storage encrypted. And even though the storage is encrypted, all private keys (GPG and/or SSH) must be encrypted as well. There are people keeping private keys unencrypted, for convenience I’d guess, but that’s really bad if the device keeping them is compromised…

    In brief, I’m not aware of apps, phone or desktop, which besides doing e2ee for content transmission, they keep all local content encrypted. Not sure if there are some which can do it by setting some preferences, but if there are, please share which ones, :) Thanks !


  • Yup, there are several options… And I guess, as everything, it’s a matter of taste. I do believe Tox shouldn’t be used when looking for privacy and security, and somehow, perhaps due to lack of developers, that hadn’t changed for quite some time. FYI, there’s a Briar for gnu+linux, though I can’t tell if there’s a desktop version of it (I do know ubuntu touch makes it available for phones). Unfortunately I don’t like status.im, it includes a crypto wallet within, and though it’s OSS, it’s not FLOSS, which I prefer, having an option. I’m hopping for Jami to get more polished, both on the devices syncing and the UI. I have to see what happens with Briar for gnu+linux, and although I lost hope some time back, I’d really like Tox to improve on its security status. BTW, I used Tox (I really had high hopes on it), and there’s no multi-device support. On Android I used both, trifa and antox (it seems antox has been dropped now a days), and on desktop I used qtox. And with no exception, on Android, tox apps, briar, jami, all are power hungry, which is the other thing I’d really like them to improve, but have low expectations given their p2p nature…


  • It seems cool, particularly if already using gpg for signing/encrypting (it uses autocrypt), however, as based on openpg (gpg), it doesn’t support (perfect forward secrecy), but it’s the same for gpg signing/encrypting.

    What is really bad about delta chat, is that it doesn’t support (encrypted keys), which to me is really, really, a bad idea. Even openKeyChain (android) manages encrypted keys, as well as any desktop email client supporting gpg, so I really can’t see why delta chat wouldn’t.

    And though email is decentralized by nature, it still requires an email service provider. You might self host one, but not everyone can, so in the end, it’s not much different than having another messenger service, such as xmpp. With the advantage those other messengers support voice/video calls, which delta can’t, since it’s based on email in the end, and also most support perfect forward secrecy (some through double ratchet e2ee, like xmpp+omemo, or through other means, like jami).

    Though in the end, if no additional service is wanted, voice/video calls are not required, and no perfect forward secrecy is required, then delta might be an option. Thunderbird used to offer chatting as well, I’m wondering if it was based on delta chat, or the other way around, :(




  • Why you think there wouldn’t be linux (kernel) upgrades? Are there tweaks not getting upstream? It seems their SW is FOSS, so they could contribute back if they want (though contributing to linux is not as easy, hehe)… And for the distro, besides linux support for the HW, it seems like a really polished plasma mobile (at least both jingos and cutefishos desktops seem Qt based). And plasma mobile on top of manjaro is what pine64 chose for its phone, and I guess tablets. So it seems one might be able to move somewhere else, as long as there’s linux support for its HW.

    Though I’m betting more on pine64 to be honest, :)




  • I’m wondering what happened to lrnpg, :( It used to be my preferred printers spooler. At some point genius people on GTK+ decided they would only support cups on GTK applications buttons, and there was no way to print anything from GTK GUIs anymore. I’m not sure if that changed or not, neither if Qt people followed (they end up following on everything, except on CSD, which is what I miss the most from Qt GUIs). There were several great scripts to make lprng great, and it wasn’t ever as bloated as cups… Ohh well, I was forced to use cups…







  • I won’t comment about kde neon, however, it’s weird that the reference mentions koffice, when calligra is the kde office suite, which is pretty fast compare to libreoffice for example, and can open pretty similar m$ files, though it can’t write them… And korganizer has let me down, not allowing syncing remote ics/ical web calendars, so far. Even icsdroid handles them, but korganizer after all these years being there hasn’t. There are bugs about it (eg. 428665), but it seems there’s total lack of interest getting them fixed…










  • Just in case, perhaps one can get away with dynamic DNS sort of pseudo domain, not a full domain, so that you can access services you host at home, without having to know the IP. At any rate, whether pseudo DDNS or full DNS, the IP is fully recognizable.

    The advantage of a VPS might be some protection against home blackouts and internet lost every now and then, depending where you live. However, self hosting poses several issues. Isolating your network (firewalls plus kernel hardening), hardening the servers,protect against common attacks such as denial of services, as well as infiltrating the services. All than not to mention dealing with spam and much more.

    However, I’m tending towards the idea the we have to self host, now a days. Trusting providers is not wise. Granted email is not secure, neither private, however the same applies to other services. FB is even looking at ways to extract information from whatsapp without decrypting messages… Signal leaks quite some information about its users, and though the advertise themselves about not able to decrypt messages, they can and probably do share all metadata they grab.

    I’d really like distributed mechanisms, to take over, and become mainstream, not just decentralized, because then there are no servers to depend upon, and the information is just shared among those whom the information was generated for, no trusting in servers, not even your own.