Wire[1], another E2EE chat application (using libsignal, just like WhatsApp and Signal itself), does not require this. It also has open-sourced its client and server applications[2], and is in the process of documenting how to run them yourself.
It also has a pretty solid API[3].
One downside for JS haters, though, is that while the application isn't a wrapper for the site it is still Electron.
In Matrix, E2EE isn't enabled by default[1], and the option to enable it is in fact marked with a warning that it comes with potentially unwanted side-effects. This isn't the same, and the arguments that call recommending Telegram for E2EE encryption disingenuous apply to Matrix/Riot recommendations too.
One other issue I have with Matrix is the fact that they're in the process of completely rewriting their reference implementation in Go despite the fact that - as far as I remember - the first one, in Python, isn't entirely complete[2]. Combined with the app-bridge song and dance[3] there's too much in flux for me to recommend in good conscience.
Finally, and perhaps most importantly (speaking as a "regular" user - the type needed to achieve mass adoption), the client is horrendous. This is especially apparent when compared with Wire, but I'd go as far as saying it's apparent even when compared with some IRC clients. At least Signal's UI/UX is passable. Encryption didn't catapult Telegram to 200 million monthly users. A slick UI, a half-decent UX, and some good marketing did.
The difference is that there is no way to even enable encryption on Telegram desktop clients.
Edit: Aside from that, while the Telegram UI is nice, it doesn't even try to compete with the interfaces commonly found in IRC clients (i.e. no bubbles, one or more lines per message, can actually fit more than a handful of messages without scrolling, and so on... see qwebirc).
1) So it’s true that Matrix is still in beta and E2E is not yet on by default on private rooms (but we’re working on it).
2) Synapse (python impl) is however “complete” (for implementing the Matrix 0.3 spec at least, and newer stuff) and has been for several years. We should spell this out better in the README.
The reason for Dendrite (go impl) is to escape the python GIL and switch to a multidb/multiwriter architecture to keep up with the load on massive HSes like matrix.org’s.
3. I have no idea what the “app-bridge” song and dance is that you’re complaining about: bridges are one of the most powerful and fun bits of Matrix. Perhaps you don’t like the config used to provision them? I’m not sure how this impacts normal users.
4. You may need to give more info on why you feel Riot is “horrendous” so we can fix specifics :)
Any ideas if they're planning on doing something about not being able to see conversation history on new devices? That was the limitation that drove me away the last time I tried it out.
As far as I'm aware they consider it to be a feature, and I don't particularly disagree. The rationale is that if somehow someone else manages to add a device to your account (which you get notified about on your other devices), they cannot see your chat history up until the moment the device was linked.
Once they're all linked you don't have this issue again so it's kind of a one-time thing.
But why not let me make that decision? You're assuming
- a) everyone has a phone number
- b) everyone has ONE phone number
- c) everyone has a phone
- d) everyone has ONE phone
- e) said phones have a good battery life, lots of storage, and are always on a fast unlimited internet.
- f) you want to give your phone number to everyone you want to talk to
For some of my chats, I'd want that sure, and the price in those cases is cheap.
For many other cases, no, I'm not willing to pay that price. I'm not willing to keep my phone on and with me all the time and provide it with fast expensive internet, just so I could say hello to some people.
You might say that I can find another service, or that I don't understand the price I'm paying. I did and I do. I'm only debating your claim that the price is cheap and putting it into general perspective.
"To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data.
Thanks to this structure, we can ensure that no single government or block of like-minded countries can intrude on people's privacy and freedom of expression. Telegram can be forced to give up data only if an issue is grave and universal enough to pass the scrutiny of several different legal systems around the world.
To this day, we have disclosed 0 bytes of user data to third parties, including governments."
Telegram is ran by Russian oligarchs that built the local equivalent of facebook. Telegram was developed in the st. Petersburg offices of the local facebook equivalent.
Telegram developers have deliberately made encrypted conversations impossible to use, despite selling their app on it’s “encryption”. Telegram developers also choose to use pretty questionable crypto, why?
This is incorrect. The oligarchs took vk.com away from Pavel Durov (the founder of vk.com and later Telegram) by force with some help from FSB, then banished him from Russia. Both Pavel Durov and Telegram are now out of the reach of these oligarchs, and Durov has no desire to aid people who robbed and exiled him.
Oddly enough, your exilee friend Pavel has been a regular sight in St. Petersburg despite supposedly eluding the reach of the Russian authorities
https://tjournal.ru/52954-durov-back-in-ussr
>Durov has no desire to aid people who robbed and exiled him.
It seems strange to think that he'd have a choice.
And anyway, Telegram is designed in a manner which allows its operators to easily read ~99% of the conversations between users. The same is not at all true of Signal or Whatsapp. Do you think that's a coincidence?
It's cute that you link to lenta.ru as if it's undoubtedly a reliable source. Wikipedia says:
"On March 12, 2014 the owner, Alexander Mamut, fired the Editor-in-Chief Galina Timchenko and replaced her with Alexey Goreslavsky. 39 employees out of the total 84, including Director-general Yuliya Minder, lost their jobs. This includes 32 writing journalists, all photo-editors (5 people) and 6 administrators. The employees of Lenta.ru issued a statement that the purpose of the move was to install a new Editor-in-Chief directly controlled by the Kremlin and turn the website into a propaganda tool. Dunja Mijatović, the OSCE Representative on Freedom of the Media, referred to the move as a manifestation of censorship."
I'm not sure what your point is, but to me this makes it more likely that this is an article made to smear Durov than anything else considering it's literally a government mouthpiece.
At least the Russian government doesn't have many ways to meddle in my life. I would be far more worried about my own government having access to my conversations.
Putin gives the Trump administration information on activists in the US, people part of the so called resistance, that are using telegram. Pavel Durov is told to keep quiet, or he'll get to eat some polonium.
A modern COINTELPRO.
I'm not saying that's likely, however given history, it also wouldn't be surprising.
Why are you using the therm "mother Russia"? Are you trying to politicize this conversation?
People should stop worrying about whatsapp, telegream etc.
The biggest security hole are the keyboards on your phone. Especially on android. Has anyone bothers to check what data for example Swiftkey collects or potentially could?
> I'm a Reactiflux admin. We are VERY happy with Discord!
Are you in any way being compensated to say this? I don't expect you to disclose the details here, but I will at least ask. Publishing this blog post I understand that it is important for Discord to win over open source project to their platform. As users, developers are often early adopters and "organic" influencers.
I think you should give https://riot.im a try. It's open source and federated and has IRC bridges.
I am absolutely in no way compensated for _anything_ I do with Reactiflux :) I hang out there in my free time and answer questions because I like helping people learn about React and Redux, and I posted that comment because I truly am happy with Discord.
I had no idea they were even writing that article until I saw it posted here on HN.
Not sure what else I can say to prove that, but it's true :)
for the record i disagree with this kind of very tenuous tinfoil hat conspiracy theory. there isnt even an economic incentive here. we should be free to speak our minds without disclosing the presence of vested interest even in super inconsequential cases
Don't swallow the lure. Please allow me to quote what I said yesterday[1].
>> Slack, like so many others before them, pretend to care about interoperability, opening up just so slightly, so that they can lure in people with the promise of "openness", before eventually closing the gate once they've achieved sufficient size and lock-in.
> Spot on. People are lured in by hype and forget the long-term consequences. Always chose “open” by design, never by charity.
Sorry if I keep repeating myself. If you suddenly feel that IRC is too feature free or outdated for your needs, have some courtesy and consider a modern, federated and open solution instead. Matrix/Riot.im roughly has the pros of Slack (yes, including IRC bridges).
> Slack, like so many others before them, pretend to care about interoperability, opening up just so slightly, so that they can lure in people with the promise of "openness", before eventually closing the gate once they've achieved sufficient size and lock-in.
On spot. People are lured in by hype and forget the long-term consequences. Always chose “open” by design, never by charity.
Doing the reforge course this was something that really stuck out for me. These tech platforms promise the world then slowly cut things out or become inefficient over time to cater for enterprise clients. If you are interested read this https://medium.com/point-nine-news/the-lifecycle-of-lead-gen...
I'd be interested to know how widely used these gateways are, since the conventional wisdom on HN is so frequently "vote with your wallet/feet/personal data".
No, it's still an assumption - the outcome perhaps is what a person expects will happen, however that doesn't then validate a past assumption - it does validate their past belief/prediction/expectation though.
No it's not. You're conflating "it was terminated" with "it was designed with termination in mind". It's a fact that it was terminated, true, but this doesn't necessarily mean that it was designed with termination in mind. For all we know, it may have been designed with every intention of continuing IRC/XMPP support until yesterday when an executive decision suddenly said otherwise. Now, I don't believe that, but that doesn't matter: the fact that it was terminated is not the fact that it was designed with termination in mind.
As a user, I was very disappointed to see that the gateways must be enabled by the project owner, not by the users themselves. In the end none of the Slack groups I've participated in allowed me to connect via IRC/XMPP.
Slack is an in-company chat product (their slogan is literally “where work happens” [1]) and it was never intended for public groups, which is why all invite automation tools for Slack are third-party. Slack doesn’t want you to use their product as a public chatroom and they try really hard to make that as unattractive as possible.
Given that, “moderation nightmare” is not really a concern for the target audience since if your company needs moderation in its work chat, you have much bigger problems.
I can't answer the broader question, but I did attempt to use the XMPP gateway for a little while. Many features were implemented in ways that made them hard or impossible to follow when viewed via XMPP (threading was a big one), and there were a fair number of bugs. It very much felt like a tacked-on feature as opposed to something they would have expected to be used in a meaningful way.
The number of people who used slack because of the XMPP or IRC gateway is probably miniscule. If they accounted for a significant percentages of users, they wouldn't have shut it off.
Well, they did that the moment non-tech people started pushing for slack, and the decisions to adopt this was no longer in the techies hands.
The company I currently work for was very hesitant of adopting it, and they only did the moment our sales people started asking for it. And as a productivity tool it's great, but there is obviously a lock-in.
Just a heads up. If you suddenly feel that IRC is too feature free or outdated for your needs, have some courtesy and consider a modern, federated and open solution instead.
https://gitter.im/ was acquired by GitLab and thus likely to remain for quite a while. Also, it might even suit the needs of such a project better than Slack, as apparently it's aimed more at communities rather than teams, but I'm not sure what that means in practice.
Register matrix.org accounts there. There's a web client, desktop clients and mobile clients (called Riot.im). It's open source and federated. And, there are IRC bridges!
Also, for those still using IRC, and needing an easy way to get others on it: IrcCloud is an excellent service with a mobile client lightyears beyond any other.
That's a cheap price to pay for E2EE only.