Recent searches

No recent searches

Search options

Not available on lingo.lol.
lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Administered by:

Server stats:

55
active users

lingo.lol: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.3

#omemo

0 posts0 participants0 posts today
*
Kevin Karhan :verified:

My reservations and criticism re: #Signal are not just valid, but the reality is even worse than I thought:

  • The fact that @signalapp requires not only their shitty #Android #App, and a #PhoneNumber but literally won't allow people to use their shitty #Desktop-App unless they have an Android device with a camera pointed at it makes it utterly unuseable for certain users who don't have a fucking #camera in their Android

Seriously, do they expect folks to deal woth that shit? It's already worse in terms of #UX than #telgram and #discord and that too makes #XMPP+#OMEMO clients like @monocles / #monoclesChat & @gajim / #gajim easier and faster to onboard #TechIlliterates onto.

  • Whichever asshole decided that a replacement for #SMS should mandate #PII like a #PhoneNumber & not be natively cross-platform should be banned from doing any #tech in their life. Trying to circumvent this shit and helping folks with it makes me so fucking angry that I'm now explicitly refusing to support it!

FIX THAT SHIT, @Mer__edith, and if it means you need to kick some devs in their crouch then consider this a necessary "investment"

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)Content warning: Rant re: Signal Shills being dangerous Tech Illiterates
#sarcasm#TechSupport#TapesFromTechSupport
Replied in thread
*
:awesome: Leo 🇲🇽

@flan #XMPP

  • El servidor de XMPP que mejor maneja #OMEMO es #Prosody
  • Las usuarias deberían recibir una inducción para que se aseguren de configurar sus clientes con OMEMO activado siempre.
  • El cliente para #Android que reúne todas las características que valoramos como grupo es #Monocles: [video]llamadas, OMEMO, widgets webxcd, interfaz elegante y amigable, reacciones a mensajes con emoji (selector cómodo), inserción de multimedia, renderizado de markdown, hilos.
  • El cliente para #Linux que tiene casi todas las características que valoramos es #Gajim (aunque aún carece de llamadas y widgets webxcd).
  • Los clientes web recomendados son #conversejs y #Movim, aunque tienen limitaciones que deben ser comentadas siempre que alguien se integra a un grupo, en concreto, Movim, es incapaz de insertar multimedia cifrada.
#prosody#Android#omemo
Custard! 🍮:fedora:

La táctica es sencilla

Pedirle el dispositivo al sujeto interesado

Instalarle #fdroid + #conversations

Activar notificaciones
Activar acceso a contactos
Desactivar la optimización de batería
Esconder la notificación del servicio en segundo plano

Activar #OMEMO por defecto

Crear un chat con el sujeto

Mandar un mensaje para establecer las claves OMEMO

?????

Listo!

No encuentro una manera más viable y sin dolor de pasar a la gente que no sabe y no quiere saber de algo más que #WhatsApp

Funciona? Sip, así tengo a mis familiares y puñado de amigos en el humilde servidor de bonito

:awesome: Leo 🇲🇽

Encuesta sobre #XMPP con cifrado #OMEMO

Si te has comunicado mediante dicho protocolo, con dicho cifrado ¿cuál ha sido tu experiencia?

Favor de impulsar para conseguir una buena muestra de experiencias.

· 38 people · Closed
Continued thread
CryptGoat

XMPP leidet seit Jahren darunter, dass kein Client wie der andere funktioniert. So hat es zig Jahre gebraucht bis #OMEMO in den wichtigsten Clients vertreten waren und dann stolperte man auch noch lange danach über die unterschiedlichen Implementierungen und Defaults. Tja, steckt halt kein Geld drin, alles historisch gewchsen. Immerhin laufen XMPP-Server auf Kartoffeln.

#Matrix-Server nicht, aber dafür wollte man alles besser machen: Dicke Finanzierung, große Akteure an Bord geholt, Standardclient #Element, der quasi die anzustrebenden Feature-Defaults vorgibt. Und jetzt geh ich als Newbie auf die offizielle Seite von Element und will den Messenger runterladen: element.io/download
Dort wird mir dann #ElementX nahegelegt. Blöd ist nur, dass das Ding zig Sachen nicht kann, die man über Jahre hinweg beim alten Element eingeführt hat und wo viele Leute inzwischen drauf bauen. X hat keine Unterstützung für Spaces, keine Nachrichten-Threads, keine Nachrichten-Suche. In meinen Matrix-Gruppen hab ich ständig Diskussionen, ob wir dieses oder jenes Feature nutzen können, weil Client XY es nicht unterstützt – darunter der FRICKING Hauptmessenger von #Matrix. Es ist zum Verzweifeln. 😫 (2/?)

element.ioDownload ElementDownload Element, an end-to-end encrypted secure messenger and collaboration app with voice and video chat. Available on Web, Android, iOS, macOS, Windows & Linux.
Replied in thread
*
Kevin Karhan :verified:

@derekmorr

Let it go, already. No one uses MobileCoin. You can’t even find an exchange to buy it.

Then why does @signalapp still have that shit in it? @Mer__edith could've pulled that #Shitcoin yet refuses to do do!

The Cloud Act is a non-issue. Signal doesn’t have data on users, so they can’t be forced to disclose it.

That's literally wrong!

  • #Signal not only collects #PII in the form of a #PhoneNumher but explicitly is able and willing to use that to dsicriminate against users and restrict app functionality based off their presumed juristiction. There is no "legitimate interest" for.doing so nor any legal mandate to do so (unless we excuse the ehole #MobileCoin-#Scam!)

It’s been 30 years, and no one uses xmpp. Let it go.

Wrong again. Otherwise there wouldn't be thriving ecosystems and Apps to this day. It's just that corporate shills refuse to acknowledge that Signal - like all centralized, proprietary, #SingleVendor and/or #SingleProvider kessengers before and after - will inevitably die as their business model is not sustainable. Sake with #ICQ really. The only exceptions are those that abolish #privacy for #profit, integrate actually working payments or sellout to a #cyberfacist #government (all those apply to #WeChat!)

It’s shocking that people who claim to care about security and privacy push niche apps with terrible UX and no PFS like Delta or XMPP instead of the only private messenger with any real market share, Signal.

You know what's shocking to me: People who are unable or rather unwilling.to acknowledge that Signal is garbage and it's requirement for a #PhoneNumber kills any #privacy benefits it may have on paper by virtue of being at best pseudonymous (assuming the userd don't live in a juristiction that demands "#KYC" for even prepaid #SIM cards (ime. #Germany) or god forbid even #IMEI|s (i.e. #Turkey has a literal allowlist that'll kick any device off it's MNOs after 90 days within 365 days.

  • The #UScentric approach to #privacy and #threats makes Signal absolutely useless in many cases, and I do speak here from experience.

I'd rather help people onboard #XMPP+#OMEMO like @monocles and/or @gajim or #PGP/MIME like @delta & @thunderbird (incl. setting them up with #Orbot / #TorBrowserBundle / @tails_live so their traffic gets through @torproject and doesn't provide any useable IP addresses.

  • I've literally been there and done that!

As for #Sustainability, providers like monocles.eu finance themselves by subscriptions (starting at €2 p.m.) which people can pay fully anonymous using #CashByMail and #Monero on top of common payment methods (i.e. SEPA wire transfer)...

  • So even if you think "#monocles is a #honeypot" that is mitigateable ciz unlike with Signal you can choose your own client, choose a different provider & exervise self-custody of all tue keys!
monocles.eumonocles searchmonocles search, powered by searx
#monocles#honeypot
Replied in thread
Kevin Karhan :verified:

@debby @monocles @Stuxhost well, @delta / #deltaChat is not using #XMPP+#OMEMO (unlike #monoclesChat & #gajim) but #PGP/MIME on regular #eMail, which makes it way easier to setup in organizations as "nit yet another server needed" and also easier to comply with mandatory #archival laws in #business use-cases.

docs.monocles.euOverview - monocles Documentation
#session#signal#Telegram
Kevin Karhan :verified:

#discord IS LITERALLY THE PROBLEM!

I'm shure fecking #dread has better moderation and I'd rather use #MicrosoftTeams + #Slack cuz those at least have proper #moderation tools.

  • And I'd rather subscribe to the #LKML and see my inbox getting hosed than using any shitty #SaaS!

Case in point: I'd rather #SelfHost all my comms infrastructure than to ever use something like Discord or any other #GDPR-violating SaaS that is just enshittification.

I'd rather recommend people to instead choose a tool that does everything but horrible to go with multiple smaller & good tools

Check @alternativeto and @european_alternatives for options.

YouTubeThe problem With DiscordBy RoyaltyIsHere
Daniel Gultsch

Looks like Dino is enabling #OMEMO by default for the next release¹. I think that was the last of the major #XMPP clients to do so. Hopefully we can now put the "But XMPP is not encrypted by default" debate to rest.

¹: github.com/dino/dino/commit/fc

GitHubSet OMEMO as default encryption · dino/dino@fc6447cModern XMPP ("Jabber") Chat Client using GTK/Vala. Contribute to dino/dino development by creating an account on GitHub.
Daniel Gultsch

There are no known security issues with "Siacs OMEMO" / OMEMO v0.3¹ despite of what some very loud Signal fans would like you to believe. It has been audited by a third party² who took a longer look at it than all of the Signal fans combined.

Yes, #OMEMO v0.7+ (or TWOMEMO 😜) is a cleaner spec with more features (most notably Stanza Content Encryption). That’s why we wrote it. I’m a co-author. That doesn’t mean v0.3 is insecure.

¹: xmpp.org/extensions/attic/xep-
²: conversations.im/omemo/audit.p

xmpp.orgXEP-0384: OMEMO Encryption
#XMPP
Replied in thread
*
Bhante Subharo ☸️

@ljrk @chiraag @tortie @waeiski @Mer__edith I wish that the #EU would clarify its stance regarding #Signal: *is the AWS hosting problematic for them or not*? Let's assume *not OK* for a minute.

As to a Signal alternative, I *wish* I could recommend #XMPP over #Deltachat today. *AFAIK*, in XMPP, #OMEMO does perfect forward secrecy/double-ratcheting - but alas, the #iOS and #MacOS clients aren't the greatest at present. That lack of all common OS' having feature parity (very reliable notifications, Reactions, etc.) makes me hesitate in recommending XMPP for *everyone* today (but it's great for geeks).

Whereas Deltachat at least has usability parity for features across each OS it supports (which I feel users would highly expect *first*, before demanding a more modern encryption). Yes, autocrypt has no perfect forward secrecy, etc. and other metadata-related criticisms. But Deltachat is simple enough to learn, *allows servers to realistically be used in the desired country*, and works on all the common platforms. It's a decent choice for *today*, as a well-rounded choice (where tradeoffs must be made somewhere). And once the XMPP clients get better (in MacOS/iOS), I'll recommend XMPP as a goto *then*.

TrendingLive feeds
About