Librem5 (and why I am no longer interested)

103 replies [Last post]
Masaru Suzuqi
Offline
Joined: 06/06/2018

Then if you don't want to be tracked (by hellicopters or bamboo-copters or drones), don't buy a car and a motorcycle or something, too. And consider moving from the tapped house to more secure house. Well, it would seem that this is the actual World War III, isn't it? Need tough guys, no cowards. Cowards will betray at the right time. That's the slight risk.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> Like Magic Banana said : if you don't want to be tracked don't buy a phone, smart or not.

Right. This is the kind of important information that people should know for their privacy's sake. Purism is an adversary to the goal of spreading this information. Ironically, this makes potential customers less likely to understand the importance of phone's most important (in my opinion) feature, which is the ability to fully disable the modem with a hardware switch.

zigote
Offline
Joined: 03/04/2019

> phone's most important (in my opinion) feature, which is the ability to fully disable the modem with a hardware switch.

The most important feature of a a phone is to connect people and it cannot do that when it is disconnected from the network.

Masaru Suzuqi
Offline
Joined: 06/06/2018

The most important feature of a phone for lovers is to be able to listen to her/his partner's voice, with precious, excited feelings. That is their privacy.

The most important feature for our adversaries is to gather valuable information from them, or disturb blatantly love and our private privacy, to peek at their bedrooms.

Why I dislike them is that that is an action to destroy people's trust. Destroing love is their prior desire, you know?
Most people have difficulty to find a 100% trusty, not 99%, person.
They are destroing that trust, and love. Besides most are earning money from that action. The true freedom is related with the idea of what is called trust. In my opinion.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

Sorry, I left out a word when typing. I meant to say "of *their* phone's most important (in my opinion) feature". I know that it's not the most important feature of phones in general. I meant the most important feature that is unique to Purism's phone.

zigote
Offline
Joined: 03/04/2019

Even with that clarification such feature contradicts the essential function of a phone - to be able to send and receive calls at any time.

Otherwise similarly we can say it is unique to have a TV which has a kill switch for the TV cable, so that your TV provider won't be able to track which program you watch. But then it is not a TV but just a monitor on which you can watch your own recordings locally.

So turning

tele-phone
tele-vision
tele-communication

into an isolated unit is simply anti-functional. Of course - it gives you privacy because you don't share any info with anyone. But that is no longer the same device with its essential purpose. One more reason not to call it a "phone".

aloniv

I am a translator!

Offline
Joined: 01/11/2011

Name a company that produce/produced a Mobile phone that have :
-free Hardware Design.
-Kill switches.
-You can install any GNU/Linux OS on your phone and have total control over the software and can upgrade/change the hardware your self.
-Baseband modem separated from the CPU.

Openmoko, Golden Delicious (the wireless card on the Neo Freerunner can be removed by the user and the modem can be powered off see link below - there are no hardware kill switches just software ones). The Golden Delicious Neo Freerunner upgrade requires non-free firmware for wireless but otherwise from a freedom standpoint it should be identical.

wiki.openmoko.org/wiki/Manually_using_SMS#Reset_the_GSM_Modem

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

Identical from a freedom standpoint (is there a free driver for accelerated graphics on the PowerVR chip?) but no longer produced and with ten-year-old specifications (a processor cadenced at 800 MHz, 512 MB of RAM, a 2.8" 480×640 display, etc.) that does not allow "any GNU/Linux OS on your phone" to run smoothly.

aloniv

I am a translator!

Offline
Joined: 01/11/2011

Actually the Freerunner's graphics are decent - it just lacks 3D acceleration. Some nice games can run on it such as a maze game. Optimized GNU/Linux distros run pretty snappy on it - e.g. QtMoko and the other distros. There are other issues such as a hardware bug causing echo during phone calls and the phone not functioning very well as an actual phone (e.g. you cannot ring * phone numbers and you might not always receive phone calls or text messages). Also, since the phone only supports GPRS it is not particularly useful if you need internet access but can't access wireless networks.

EDIT: it seems you are referring to Golden Delicious's upgraded phone. I don't know the freedom status of the graphics card there.

johnminaa
Offline
Joined: 03/18/2019

Thanks alonic for sharing this informative and detailed article link which really helped me to figure out and configure my GSM Modem . After reading this anyone easily send and receive SMS on GSM devices.

tonlee
Offline
Joined: 09/08/2014

> One should understand what they are trying to do.

What did purism do? They mislead people about their notebooks. What purism tells
about the librem 5 is vague.

> because an employee or (maybe) some errors in their web site/forums is non-sense.

You are naive.

Purism's deceptive behavior has worked on people. I have several times encountered
people who defends purism even if you tell them how they fooled people about
being able to sell a new free software notebook.

zangisharp
Offline
Joined: 01/08/2019

First of all I'm not defending them, like I said I'm only interested in their product.

Second when I said "> One should understand what they are trying to do." and "because an employee or (maybe) some errors in their web site/forums is non-sense." its because of this => https://puri.sm/jobs/

The jobs are remote, do you know how hard to make a company running and growing with only remote jobs ? Including all disciplines Communications, Marketing, Social, Programming etc... I invite you to try working remote for... lets say 6 months :).

>What did purism do? They mislead people about their notebooks. What purism tells
about the librem 5 is vague.

Librem 5 is vague? take a look at this page for news and read them! All the schematics are free is this enough for you?
https://puri.sm/posts/
https://puri.sm/posts/how-we-designed-the-librem-5-dev-kit-with-100-free-software/
https://puri.sm/posts/librem5-solving-the-first-fsf-ryf-hurdle/
https://puri.sm/posts/librem5-2018-09-hardware-report/
...

> Purism's deceptive behavior has worked on people. I have several times encountered
people who defends purism even if you tell them how they fooled people about
being able to sell a new free software notebook.

1st a notebook is not a peace of software they sell Laptops with PureOS wich is a free operating system. The difference between Purism and others companies like HP,Dell etc... they don't give you the choice to upgrade your hardware(for recent notebooks and chromebooks) and no kill switches.

If I have a laptop with recent GPUs and CPUs, kill switches and I can replace/upgrade the hardware on it, I'll buy it even if its more expensive than an Apple/Google/Microsoft product.

And I don't have to justify my choices I do what I want period.

Your the naive one who judge a company by what others say about them.

tonlee
Offline
Joined: 09/08/2014

> Your the naive one who judge a company by what others say about them.

https://trisquel.info/fr/forum/librem13-fully-free-time
Had you read Chris' posts you would not be so clueless.
Can you give me the librem notebooks' cpu source software?

> I don't have to justify my choices

Do you stamp on the floor while writing? If you are ignorant
on this forum then expect to get countered.

> I'm not defending them

You wrote
Calling for not supporting companies like Purism just because an employee or (maybe) some errors in their web site/forums is non-sense.
And
The jobs are remote, do you know how hard to make a company running and growing with only remote jobs ? Including all disciplines Communications, Marketing, Social, Programming etc... I invite you to try working remote for... lets say 6 months :).

That is a defense. And shows your lack of knowledge about
purism. About the librem notebooks purism wrote they possibly could
get respect your freedom certified. Purism mislead people in
order to gain money. Then you want me to believe what purism
is writing about the librem 5? No.

If replicant decides to not make a replicant version for the librem 5
then we know the librem 5 is worse than the phones we already got.

> Librem 5 is vague?

https://www.replicant.us/freedom-privacy-security-issues.php
This is how you inform people.

> 1st a notebook is not a peace of software

I meant a notebook adhering to the respect your freedom certificate.

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

If you are ignorant on this forum then expect to get countered.

If replicant decides to not make a replicant version for the librem 5 then we know the librem 5 is worse than the phones we already got.

https://www.replicant.us/freedom-privacy-security-issues.php

On that page, one can read:

A mobile device respecting the users' freedom would have:

  • Free hardware
  • Free firmwares
  • Free modem system
  • Free bootrom and bootloader
  • Free system and applications

Summing up the rest of the page, which takes each of the points in the above order:

Regarding free hardware, it barely exists as of today. (...) Firmwares running inside integrated circuits are most of the time proprietary. (...) The modem system on telephony-enabled mobile devices is always proprietary. (...) While it doesn't solve any of the freedom issues, having an isolated modem is a big step forward for privacy/security. (...) Looking at the software that runs early on the SoC, the first component is the bootrom. It is always proprietary and is stored in read-only memory, so it cannot be changed (in that case, it almost seems to behave like hardware). However, regarding the bootloader, the situation is different for each platform. (...) The biggest part of the software running on a mobile device is the main operating system, that runs on the main CPU. (...) It is the most critical part for privacy/security and is also very important for free software as it interacts with the user directly and holds knowledge about communication with the hardware. (...) Every piece of proprietary software running on the system is a risk for privacy/security as they can offer remote access back-doors and compromise the rest of the system.

In light of that article, let us consider the Librem 5 (quotes from the discussion attached to the first post, but the same information is on Purism's website):

  • The Librem 5 avoids proprietary firmware wherever possible, including for accelerated graphics, what no phone has ever had, to the best of my knowledge (but the "Wifi/bluetooth chip is still being evaluated");
  • The Librem 5 has its modem isolated from the rest of the hardware, in the best known way ("our phone will have baseband modem isolated, communicating only via USB interface to the rest of the hardware and controlled by the free and libre operating system. This is NOT true for almost every smartphone today");
  • The Librem 5's bootloader is U-Boot, which is under the GNU GPLv2+: https://developer.puri.sm/Librem5/Development_Environment/Boards/imx8.html#flash-u-boot
  • The Librem 5's operating system running on the main CPU is PureOS, which is among the few FSF-endorsed OS: https://www.gnu.org/distros/free-distros.html

So, based on the reference you gave, how do you justify your claim that "the librem 5 is worse than the phones we already got"? Sure, it is far from perfect: the only acceptable solution is, in my humble opinion, to refuse to carry a phone, what I do. But it is, in fact, the best phone we can order today, given what the reference explains ("free hardware, it barely exists as of today", "the modem system on telephony-enabled mobile devices is always proprietary", "[the bootrom] is always proprietary"). Also, from a freedom point of view, having Replicant substitute PureOS would not be an upgrade (it would not be a downgrade either).

tonlee
Offline
Joined: 09/08/2014

> how do you justify your claim that "the librem 5 is worse than the phones we already got"?

It is not a claim.
It is a conditional sentence. Purism lied about the librem notebook.
Therefore I trust nothing purism says. If the librem 5 gets
made then replicant will probably decide whether they
want to make a version of replicant for the
librem 5. If replicant says its hardware is not acceptable for
replicant, then I will know it is worse
than the phones we got.

zigote
Offline
Joined: 03/04/2019

Guys,

I am reading each and every comment but please let's stay on topic as this is starting really difficult to follow.

Things which I see as off-topic are:

- Other phones
- Purism's forum/JavaScript/TOS
- Advise which has not been asked for
- "lovers" etc.
- Software licenses

Everyone is free to open a separate thread for any other discussion and share a link if one feels it is related.

I hope you don't mind. :)

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> this is starting really difficult to follow.

I agree.

> please let's stay on topic

Your OP was about Purism's deceptive marketing practices. Everyone involved in this thread has given their opinion on that, so if this is all you wanted to discuss then I don't think there's anything else to say. The other topic you seem interested in is private mobile communication in general, so I want to briefly wrap up my thoughts on that before moving on.

> - Advise which has not been asked for
> I described a normal life which happens to most people.

My intention was not to advise, and I'm sorry it came across that way. I tried to clarify that I do not believe in a one-size-fits-all solution, but I apparently was not clear enough. Sorry for the miscommunication. My intention was to explain the value of a feature of this phone, although it is not one that interests you. I probably would not have brought it up at all if I had understood your view as I do now.

I agree that being constantly connected is a normal part of most people's lives. I don't think believe that this automatically makes it good. Proprietary software and surveillance are normal to people's lives too. I think we agree that the amount of our time and attention that should accommodate communication is somewhere between 0% and 100%, but we seem to disagree one what that amount is. That's off topic, though, as you say. What I think we do agree on is that this communication should be privacy-respecting, and that it is not so when done through the cell network, so I'll address that now, accepting the premise that a solution should allow for communication up to 100% of the time as the user desires.

My impression is that cell network is fatally flawed, and that the only real solution is to replace it. Due to the network effect, this is only achievable with something that can be gradually adopted without losing the ability to communicate with users still on the cell network. This is a social challenge more so than a technological one, although technology will have to be involved in the solution.

The most promising approach I've encountered is that of JMP. It uses a relay bridge to the cell network so that users can send/receive XMPP messages that cell phone users send/receive as SMS messages, with SIP used for placing phone calls. The JMP user only requires an Internet connection, which makes location privacy possible depending on how they connect. Moreover, since XMPP and SIP both support end-to-end encryption, two JMP users communicating can have communication privacy. Thus, the amount of privacy that JMP users have depends on two variables:
(1) the percentage of the time that they can access the Internet without the cellular network (determines location privacy)
(2) the percentage of their communication that is with other JMP users (determines communication privacy)

The goal then, is to gradually increase these variables to 100%, so we need a solution that enables this transition, for example:

The user has a Librem 5* (or similar device) and a data-only plan from a cell carrier. They install a SIP client and XMPP client with which to send/receive calls and texts. The experience will be virtually identical to regular texting and calling. The modem only needs to be on when they do not have WiFi, so they will have location privacy some of the time. They will also have communication privacy with other JMP users, though not with regular cell phone users.

The next step is to increase our two variables. The user will want to encourage the people with whom they communicate most frequently to adopt a similar setup,** or at least install an XMPP client and SIP client onto their phone for communication with you. It helps that JMP + a data-only plan will probably remain less expensive than a full cellular plan, and that it allows the user to call and text people from their laptop when they wish, similar to the functionality provided by iMessage for iOS+macOS users. The other variable, increasing wireless access, will be trickier because it's not something the user can easily start doing much about individually, so location privacy will probably lag behind communication privacy with this approach. Still, this is the best idea I have for a path forward.

* The usefulness here of the Librem 5's kill switch here is not to disconnect, but to rely on cell towers for connection only no other connection is available. This wouldn't work with a separate dumb-phone, because the device needs to be able to run an XMPP and SIP client. However, until something like the Librem 5 exists, an alternative might be to use a small portable computer and USB modem with a data plan from a carrier. The "kill switch" would be unplugging the modem when it is not needed.

** Two improvements to JMP need to be made before this is really viable. The first is support for non-North American phone numbers, since obviously people have to be able to use JMP in order to adopt it. The other is group message support, as I think that lacking this would be too much of an inconvenience for many people to accept.

That's all the time I have to post in this thread, although I'll check back to see what else you and others write. Cheers.

zigote
Offline
Joined: 03/04/2019

*I seem to have replied by mistake in a non-threaded way. Sorry. You can still see my reply.

zigote
Offline
Joined: 03/04/2019

> I apparently was not clear enough.

You were, don't worry.

> I agree that being constantly connected is a normal part of most people's lives.

I was rather talking about the essential function of the phone: to be reachable. I wouldn't call that "constantly connected" although from a technical perspective it may be correct to say so. To me "constantly connected" is conceptually synonymous to "always on Facebook, refreshing my feed every 5 seconds". That (really crazy) state is different from the state of being reachable. The later one is like "you can ring my door bell at any time" (yet I still have privacy indoors) which is not identical to "I am non-stop at the door and my door is open 24/7".

> My impression is that cell network is fatally flawed ...

Which is the reason for my questions to Purism.

> JMP ...

I am in a car crash, bleeding, dying or my house is on fire - I need to call for help NOW in an easy and quick way. Your systems and kill switches are killing me. So usability is king, not privacy. That's why those who sell it rule the world (sadly).

From all the people I have invited to contact me through XMPP rather than through Facebook (where I login extremely rarely) zero have done it. Even those who are technical people (read: programmers, sysadmins) didn't do it. "I have too many messengers already" and all those excuses. Most people won't even consider sending an email (which is already so damn popular and easy). So it is not just that the network is owned but also the masses of people are owned.

> The other variable, increasing wireless access, will be trickier ...

Maybe not:

https://www.theguardian.com/technology/2016/nov/17/elon-musk-satellites-internet-spacex

> However, until something like the Librem 5 exists, an alternative might be to use a small portable computer and USB modem with a data plan from a carrier. The "kill switch" would be unplugging the modem when it is not needed.

Case A :)

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> > JMP ...

> I am in a car crash, bleeding, dying or my house is on fire - I need to call for help NOW in an easy and quick way. Your systems and kill switches are killing me.

Flipping the switch should take a fraction of a second. I suppose there is scenario in which that makes a difference, but I suspect that it is extremely rare compared to the number of car accidents caused by cell phone usage, something that could be addressed by reducing phone addiction and social pressure to be responsive. That's not relevant to what I'm discussing though, which is a setup whereby the user has their modem switched on whenever they don't have WiFi access, so in a car crash the modem would already be on. If the modem is off (like if they were at home and their house caught on fire), they would indeed need to switch it on to dial emergency services (not for regular phone numbers, JMP can handle that) but again, I don't think flipping the switch will add an appreciable amount of time to the process of locating it, picking it up, (flipping the switch,) and dialing emergency services.

> From all the people I have invited to contact me through XMPP rather than through Facebook (where I login extremely rarely) zero have done it.

I believe it. However, the challenge of replacing Facebook with XMPP is not a fair comparison to that of replacing SMS with JMP. If you make an XMPP account and delete your Facebook account, you can no longer communicate with Facebook users. However, if you are a JMP user, you can still use your XMPP account to communicate with SMS users (and other XMPP users, and Diaspora users, and Movim users, etc., but that's just a bonus, not a vital feature for the purposes of replacing the cell network). That doesn't mean that it will be trivial to get people to adopt JMP, but it does neutralize the thing that makes abandoning unfederated platforms so difficult: the network effect. At the moment JMP needs a little work (it's usable but still in beta), but if all goes well I could see it being more desirable to many than a traditional cell plan due to some of the perks that I mentioned in my last post.

> Maybe not:

> https://www.theguardian.com/technology/2016/nov/17/elon-musk-satellites-internet-spacex

Thanks, I'll have to research this more to understand how it will work and affect regular users.

> Case A :)

Sorry, I'm not sure what you mean by that.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> Flipping the switch should take a fraction of a second.

It just occurred to me that I didn't take into account the time it will take for the modem to connect to a cell tower once it is turned on. I don't think it will take so long that it is likely to matter amid the wash of other variables, but it will probably take a little longer than just flipping the switch.

I don't see a way around this, though. In order to have location privacy during regular phone usage, you're going to have to change some parameter when calling emergency services, because that's a situation where you actually *do* want your location triangulated.* I don't see how that parameter can be anything other than whether or not the modem is allowed to connect to cell towers.

* Which is also why, although dialing emergency services from a cell phone is better than not at all, you should instead use a landline if you have the option. https://www.verywellhealth.com/before-you-call-911-on-a-cell-phone-1298351

zigote
Offline
Joined: 03/04/2019

You keep describing this complicated setup and I can keep giving examples in which it fails (not only for special situations but for every day things). It simply cannot provide and equivalent to an actual phone. People don't want to flip switches or complexity. They want to be reachable 24/7 and no reasoning can change that.

BTW the switch from mobile network to WiFi is not necessarily a switch to a more secure or private network. WiFi also has GeoIP and when you connect to someone's router you really don't know what malware runs on it.

So I think our only solution can be strong encryption of phone calls which is easy to use (transparent, on by default, no extra education, switches etc).

> Sorry, I'm not sure what you mean by that.

https://trisquel.info/en/forum/librem5-and-why-i-am-no-longer-interested#comment-139422

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

Phone calls have actually been encrypted since the 2G, and the encryption was strengthened in subsequent generations. Encryption can solve man-in-the-middle snooping. Well, except that IMSI catchers exploit compatibility with previous generation to force a 2G encryption that is, nowadays, easily breakable.

Encryption is no solution to a backdoor in the operating system running on the modem. That system is always proprietary.

Also, the triangulation chaosmonk is referring to, and that allows to locate any phone rather precisely (if that phone is on), is a consequence of being reachable 24/7. No other solution is known.

So, again, either refuse to carry a tracking device (what I do) or take the least worse solution with modem isolation and a 100% free operating system running on the main CPU. That would be the Librem 5...

zigote
Offline
Joined: 03/04/2019

In the encryption of the mobile network protocol the mobile operator has the decryption keys, so even without MITM attack the communication can still be tapped by "authorities" (or the mobile operator itself).

I already wrote about the other things, so I won't repeat. :)

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

The operating running on the modem system being always proprietary, there is nothing that can be done on that front. In other terms, end-to-end encrypted communications are only possible over Internet, e.g., using the Matrix protocol.

zigote
Offline
Joined: 03/04/2019

You are confusing mobile network protocol encryption with E2EE. The later has nothing to do with 2G encryption (or the lack of it). Even if an IMSI attacker can turn off encryption of the mobile protocol completely (which is one of the attacks), as long as there is E2EE the data is safe. That's what E2EE is made for - to give safety in insecure networks.

So the modem software has nothing to do with the possibility of E2EE. It is not the modem that does E2EE, it is the CPU (or a crypto chip). So as long as the modem is isolated (as Purism claims) it cannot access the rest of the system but will transfer only the data which the root system instructs it to. So it is not the medium or the peripheral carrier devices that define the possibility for E2EE.

The issue with Librem5 is that it simply does not do E2EE for phone calls which denies the possibility of 2 people using Librem5 phones communicating securely through the mobile network.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

Some of your comments make me think that I have not explained my proposal well enough.

> They want to be reachable 24/7 and no reasoning can change that.
> It simply cannot provide and equivalent to an actual phone.
> I can keep giving examples in which it fails (not only for special situations but for every day things)

The user will be reachable 24/7. When they have WiFi access they will have the option of turning their modem off, but they will still be completely reachable. If they don't care about location privacy, they can leave it on all the time and still have communication privacy. They can have all the same functionality of a regular phone.

> You keep describing this complicated setup

An XMPP client like Conversations is indistinguishable from a typical SMS client. Android's client for voice calls has SIP support built in. The experience is the same as that of using a regular phone. I have been trying to explain the technical details to you, but the user doesn't have to be aware of them.

> BTW the switch from mobile network to WiFi is not necessarily a switch to a more secure or private network.

True, but there are ways of addressing the various security risks with WiFi. It isn't fatally flawed like the cell network.

> https://trisquel.info/en/forum/librem5-and-why-i-am-no-longer-interested#comment-139422

This would require the user to have a two phone numbers, one of which would be unreachable while the dumb phone was off. If it's not clear why this is the case I can explain, but if you aren't convinced that JMP is worth considering then you probably aren't interested in that detail, so I won't bother at this time.

> So I think our only solution can be strong encryption of phone calls which easy to use (transparent, on by default, no extra education, switches etc).

This does not offer location privacy. If all you care about is communication privacy then the kill switch is unnecessary in my proposal, in which case any cell phone or mobile operating system will do. Your suggestion on the other hand, will probably either require one of the following:
(a) Users have to buy a new phone with an encryption chip, and convince the people they communicate with to do the same, before they can begin using encryption. This will be way harder to get people to adopt than JMP.
(b) Mobile operating system developers would have to implement encryption in their software, push that update to every phone. This is probably only possible with smart phones, and it requires Google and Apple to start caring about their users' privacy.

Implementing encryption for the existing SMS and voice call protocols in a way that gives us a half a shot at actually getting people to adopt seems unrealistic. With a federated protocol like XMPP for which there are free software clients, we don't require new hardware or the cooperation of privacy-hostile companies to get started; many clients already have OMEMO enabled by default. I'm less familiar with SIP but am not aware of any reason the same couldn't be possible for SIP clients.

My proposal would require users who want *location* privacy to buy new hardware or adopt an inconvenient setup,* but unlike with communication privacy they don't need to convince other people to do the same, so it's not as large as an obstacle. Your suggestion to encrypt voice calls doesn't address location privacy at all, so perhaps you only meant to discuss communication privacy and my talk of location privacy is off-topic. In this case, everything I've said about the kill switch is unnecessary. Users just need an XMPP client, a SIP client, and a data-only plan.

* Another thought I just had is that with good modem isolation it might be possible to forgo the hardware switch and just have the modem remain disconnected by default and automatically turn on whenever the user loses WiFi access or dials emergency services. A hardware switch is only necessary when the software is untrusted. Again though, if we are only talking about communication privacy then none of this is needed.

I'm not saying the JMP idea is perfect or easy to implement. The roadmap for success is nontrivial, but at least there is one. The only way I see encryption of voice calls and SMS working is if several large companies decide to make a big change, or for many users to be willing to make a more expensive or invasive change than adopting JMP

I don't really have time to keep up with this thread any longer. I know I said that before, but I wanted to make sure that I had communicated myself well before leaving because it seemed that you might have misunderstood what I was saying. Hopefully I have clarified, and if JMP still seems like it's not worth considering then we don't need to talk about it any further.

I would like your input on one last thing though. In my paragraph beginning "This does not offer location privacy. If all you care about is communication privacy then the kill switch is..." I argue that your proposal to encrypt voice calls would require users to buy new hardware or for the functionality to be implemented by companies who don't seem to care about privacy. However, I might be wrong about this. Are there other possibilities I'm overlooking?

zigote
Offline
Joined: 03/04/2019

Alright. Now people have to move from Facebook-integrated-SMS to what you described. :)

You see, it is not about convincing me but about general acceptance. As long as there are 5 people using whatever method capable of E2EE and 50 million whose devices cannot do that - it doesn't really matter if 5 people are convinced. So the ability to scale the technology is essential. Otherwise all we get is privacy for 5 people.
================

> This does not offer location privacy.

================
Any radio emitter can be located, that's physics. So I don't see how can a radio signal based device (mobile phone, WiFi adapter) possibly give location privacy. Introducing more and more proxy entities (WiFi access points or other) increases complexity and with that the vulnerabilities.

If:

- the WiFi AP is open and verifiable hardware and software, without side-channel vulnerabilities
- same for client device
- the MAC address of the client device is always randomized and no other identifiable information is revealed to the WAP
- all communication is additionally tunneled through TOR network or similar
- encryption algorithm itself has no backdoors

then perhaps location privacy is possible with WiFi. However the above does not exist as of today and I don't see it happening any time soon.
================

> If all you care about is communication privacy [...] (a) [...] (b) [...]

> The only way [...] is if several large companies decide to make a big change, or for many users to be willing to make a more expensive or invasive change than adopting JMP

================
I think a better approach is to democratize telecommunications (and everything else) rather than rely on tech behemoths to save us from the misery they keep creating.

You have explained everything well about JMP, thanks for your time.
================

> I would like your input on one last thing though. [...] Are there other possibilities I'm overlooking?

================
Perhaps a powerful enough CPU which does the encryption would not require an additional chip. Even if that may mean a short lag in voice communication, that would still be better than what we have. I say "perhaps" because I don't know how much "enough" is. In any case adding a crypto chip to new phones and dumping current ones is a good idea too and doesn't sound difficult, considering how many phones are sold and thrown away each year.

Let me know if this is the input you were looking for or I need to clarify. With all the noise in this thread it is really starting to be tiresome to keep a sane discussion. Sadly not many seem to agree.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> Let me know if this is the input you were looking for or I need to clarify.

Nope, you have been clear and informative. Thanks for the discussion.

Dmitry Alexandrov
Offline
Joined: 03/07/2019

someone wrote:
>> From all the people I have invited to contact me through XMPP rather than through Facebook (where I login extremely rarely) zero have done it.

By the way, could anyone enlighten me, why there is so much encouragement for XMPP? I seem to have missed it completely: from its promising rise through its peak, when everyone from Livejournal to Google supported it, to its present decay.

What exactly are (was) its advantages? Not over Facebook or other proprietary network that impose nonfree software on user, I mean, of course, but in general. From the outside, it looks like a thing that ventured to deprecate IRC, email and SIP at once, and failed with any. Is there still a reason to recommend anyone to adopt it?

zigote
Offline
Joined: 03/04/2019
chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> Is there still a reason to recommend anyone to adopt it?

I adopted it because JMP's relay bridge allows the user to use XMPP to
send/receive SMS messages. If JMP used a different chat protocol I would
have ended up using that. I use the same XMPP account to message
Diaspora users, as Diaspora's chat functionality uses XMPP. I have one
friend who has a regular XMPP account that she uses to chat with me.
We went with XMPP for this out of convenience; her Disroot email address
came with an XMPP address, and I already used XMPP for SMS. Otherwise we
might have gone with something else.

Matrix seems comparable to XMPP. I'm not into the Signal/Wire/Telegram
thing. Federation is important to me.

Dmitry Alexandrov
Offline
Joined: 03/07/2019

Mason Hock <name at domain> wrote:
>> Is there still a reason to recommend anyone to adopt [XMPP]?
>
> because JMP's relay bridge... Diaspora's chat... one friend...

So the answer is basically ‘no’? Thanks for exhaustive explanation. :-)

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

On 03/13, Dmitry Alexandrov wrote:
> >> Is there still a reason to recommend anyone to adopt [XMPP]?
> >
> > because JMP's relay bridge... Diaspora's chat... one friend...
>
> So the answer is basically ‘no’? Thanks for exhaustive explanation. :-)

Not no, just that I haven't explored other options. Matrix looks viable,
but I've only glanced at it. What do you recommend instead of XMPP?

Dmitry Alexandrov
Offline
Joined: 03/07/2019

Mason Hock <name at domain> wrote:
> On 03/13, Dmitry Alexandrov wrote:
>> >> Is there still a reason to recommend anyone to adopt [XMPP]?
>> >
>> > because JMP's relay bridge... Diaspora's chat... one friend...
>>
>> So the answer is basically ‘no’? Thanks for exhaustive explanation. :-)
>
> Not no, just that I haven't explored other options. Matrix looks viable,
> but I've only glanced at it. What do you recommend instead of XMPP?

Nothing, I seem to be way less eager for exploring technological fashion than you. My point was, basically, that ‘instead of XMPP’ does not make much sense, as it’s simply not there — failed. While those three standards, it had, to my impression, been promising to press, are still there: IRC at worst is alive, email and SIP are alive and well.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

On 03/14, Dmitry Alexandrov wrote:
> > What do you recommend instead of XMPP?
>
> Nothing, I seem to be way less eager for exploring technological fashion than you. My point was, basically, that ‘instead of XMPP’ does not make much sense,

Fashion? I need a tool with which to have one-on-one chats and send SMS
messages without a SIM card. If I replace XMPP with nothing I won't be
able to do that. How is wanting something that does a useful job
"fashion?"

> as it’s simply not there — failed.

What's your definition of "failed?" Not very many users? The only
on-one-one chat protocols I'm aware of that seem to have substantially
more users than XMPP are proprietary and/or unfederated. If such
platforms are beating XMPP, that's a reason *to* recommend XMPP, unless
another free and federated protocol is likely to compete better. Do you
know of one?

> While those three standards, it had, to my impression, been promising to press, are still there: IRC at worst is alive, email and SIP are alive and well.

I also use IRC for freenode, SIP for VoIP, and email for email. But they
have nothing to do with this discussion, as they are not a replacement
for XMPP's use for one-on-one chats and sending SMS messages. Again, I'm
open to alternatives, I just haven't had a need to explore any so far.

Dmitry Alexandrov
Offline
Joined: 03/07/2019

Mason Hock <name at domain> wrote:
> On 03/14, Dmitry Alexandrov wrote:
>>> What do you recommend instead of XMPP?
>>
>> Nothing, I seem to be way less eager for exploring technological fashion than you. My point was, basically, that ‘instead of XMPP’ does not make much sense,
>
> Fashion?

ICQ → Skype (yes, as a text messenger) → Whatsapp → Telegram → Discord. Wait for a few years, and they will have moved to another locked-in network. Jabber was somewhere between ICQ and Skype at this timeline.

> I need a tool with which to have one-on-one chats

That’s where I miss the point. What exactly a ‘one-to-one chat’ is, so it requires some special protocol other than email?

> and send SMS messages without a SIM card.

Not a tool, but a service required for that.

> If I replace XMPP with nothing I won't be able to do that.

I said nothing about _replacing_ XMPP where it’s still used. I asked, whether it has some advantages on its own, so its worth adopting where is is not. That is, with no (barely present) network effect taken in account.

>> as it’s simply not there — failed.
>
> What's your definition of "failed?"

Went out of fashion.

> Not very many users? The only on-one-one chat protocols I'm aware of that seem to have substantially more users than XMPP are proprietary and/or unfederated. ...that's a reason *to* recommend XMPP, unless another free and federated protocol is likely to compete better. Do you know of one?

Sure. Email has had substantially more users than XMPP even at the XMPP’s best times. Moreover, I believe, is still has larger userbase than _any_ other one-to-one messaging protocol.

>> While those three standards, it had, to my impression, been promising to press, are still there: IRC at worst is alive, email and SIP are alive and well.
>
> I also use ... SIP for VoIP, and email for email. But they have nothing to do with this discussion, as they are not a replacement for XMPP's use for one-on-one chats and sending SMS messages.

How they are not? SIP is the natural protocol for SMS. Not every SIP provider supports it (rather, supports SMS at all), but many do. Some of them claim to have SMS ↔ email gateway too.

As for ‘one-to-one chat’ distinct from email, I already confessed to being bewildered.

> Again, I'm open to alternatives, I just haven't had a need to explore any so far.

Again, I do not try to persuade you (or anyone) to drop XMPP.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

On 03/15, Dmitry Alexandrov wrote:
> That’s where I miss the point. What exactly a ‘one-to-one chat’ is, so it requires some special protocol other than email?

Chat is real-time. There is too much delay between the sending and
receiving of an email. Otherwise people would already be using email for
this purpose, and chat protocols would not need to exist.

> Sure. Email has had substantially more users than XMPP even at the XMPP’s best times. Moreover, I believe, is still has larger userbase than _any_ other one-to-one messaging protocol.

Absolutely, but XMPP competes with other real-time chat protocols, not
email. The fact that every AIM/Whatsapp/Signal/XMPP user has also used
email shows that these tools have different functions. Gmail's web
client has a chat client built in so that Gmail users can chat with each
other in real-time, not a feature that would make sense if email on its
own were suitable for this purpose.

Email is an effective, established, federated protocol. I really wish
that it were suitable for chat, but it's just no replacement for the
proprietary and unfederated protocols that currently dominate.

Dmitry Alexandrov
Offline
Joined: 03/07/2019

name at domain wrote:
> On 03/15, Dmitry Alexandrov wrote:
>> That’s where I miss the point. What exactly a ‘one-to-one chat’ is, so it requires some special protocol other than email?
>
> Chat is real-time.

What ‘chat’ is real-time? I don’t know any. In any event, vanilla Jabber is not one of them: afair, it works the same way as email do: you first type the message, then send it.

> There is too much delay between the sending and receiving of an email.

How much exactly? I never experienced such a problem since POP3 went out of use. You might have misconfigured your server.

> Otherwise people would already be using email for this purpose, and chat protocols would not need to exist.

People have been using email for this purpose (to send messages to each other) for decades.

Chat protocols were developed for many-to-many conversations. Though, it would be strange not to implement so called ‘private messages’ on top of them as a border case, and they did indeed were implemented. Is not extending the word ‘chat’ itself to one-to-one written conversation a quite recent innovation? I see, that, e. g., Merriam-Webster dictionary still does not list it:

| chat verb
| \ 'chat \
| chatted; chatting
|
| intransitive verb
| 1. : chatter, prattle
| 2.a : to talk in an informal or familiar manner
| .b : to take part in an online discussion *in a chat room*

(emphasis mine).

>> Sure. Email has had substantially more users than XMPP even at the XMPP’s best times. Moreover, I believe, is still has larger userbase than _any_ other one-to-one messaging protocol.
>
> Absolutely, but XMPP competes with other real-time chat protocols, not email.

I’d like repeat my claim, that XMPP does not compete with anything, since is’s dead.

When it was evolving, though, it _did_ compete with email, at least from my evidence: I got regular suggestions to move our dialogue to Jabber (actually, a specific Jabber server, mostly GTalk or QIP, was usually named instead).

> The fact that every AIM/Whatsapp/Signal/XMPP user has also used email shows that these tools have different functions.

Actually, no, it does not show that. It only shows that email is more useful, and even if you have signed up for all these networks, you still need an email.

But yes, of course, they have another functions: (a) proper chats, that is group talks¹, so they are (were) competing with IRC too², (b) real-time voice (video) calls, so they are also substitutes for SIP / phone.

> Gmail's web client has a chat client built in so that Gmail users can chat with each other in real-time, not a feature that would make sense if email on its own were suitable for this purpose.

Of course, it makes a perfect sense! That is, to lure users from an open network to Google’s locked-in one. Let check that hypothesis: does the client for the latter (it’s called ‘Hangouts’, am I right?) has a built-in Gmail client? If these two services indeed target different use-cases, that would be logical, wouldn’t it?

-
¹ I by no means am trying to say, that email cannot be used for that purpose. But due to historical reasons it is not.

² Much more successfully than with with email, to my knowledge.

J.B. Nicholson-Owens
Offline
Joined: 06/09/2014

Dmitry Alexandrov wrote:
> What ‘chat’ is real-time? I don’t know any.

The Unix "talk" program implemented real-time 2-party chatting -- one saw
their own keystrokes and the other user's keystrokes on-screen as those
keystrokes were typed. There were some programs (such as ytalk) that worked
comparably and offered extended functionality. As far as I knew, talk
didn't record anything and talk had no facility for recalling anything that
had already been typed. You really had to keep up with what someone typed
as it went along or you lost it when it scrolled away.

https://en.wikipedia.org/wiki/Talk_(software) has some more information and
a screenshot.

calher

I am a member!

Offline
Joined: 06/19/2015

I'd like to use talk.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

On 03/15, Dmitry Alexandrov wrote:
> What ‘chat’ is real-time? I don’t know any. In any event, vanilla Jabber is not one of them: afair, it works the same way as email do: you first type the message, then send it.

This is what I mean by "chat."

https://en.wikipedia.org/wiki/Online_chat

> > There is too much delay between the sending and receiving of an email.
>
> How much exactly? I never experienced such a problem since POP3 went out of use. You might have misconfigured your server.

It is common for email to take up to a minute. Sometimes more. It's
just not intended for real-time communication. XMPP is fast enough to
feel instantaneous to the use.

Hopefully this clarifies some of what I've been saying. It sounds like
real-time one-on-one chat is just not something you find useful. In this
case, there is indeed for you to use XMPP or find a replacement for it.
However, many people do have a use for something real-time one-on-one
chat. That's why XMPP's proprietary and unfederated counterparts are
very popular.

> > The fact that every AIM/Whatsapp/Signal/XMPP user has also used email shows that these tools have different functions.
>
> Actually, no, it does not show that. It only shows that email is more useful, and even if you have signed up for all these networks, you still need an email.

The second part of what you say is true, but the converse is also true:
Even if they have email, many people still need or want some of those
networks. Maybe you don't, but they do, and it would be better for their
freedom if these networks were free and federated.

> But yes, of course, they have another functions: (a) proper chats, that is group talks¹, so they are (were) competing with IRC too², (b) real-time voice (video) calls, so they are also substitutes for SIP / phone.

Most people I know use many of these networks almost exclusively for
one-on-one chats and small group-chats.

> > Gmail's web client has a chat client built in so that Gmail users can chat with each other in real-time, not a feature that would make sense if email on its own were suitable for this purpose.
>
> Of course, it makes a perfect sense! That is, to lure users from an open network to Google’s locked-in one.

I agree that this is almost certainly Google's motivation for adding the
feature, but that is not the user's motivation for using it. They use it
because it is is better for quick, back-and-forth communication that has
the flow of spoken conversation. It is true that the result is getting
locked-in by Google, which is why it is so important to support a free
and federated replacement.

Telling a Facebook Messenger user to use email instead is like telling
a Google Calendar user to use LibreOffice Calc instead. For some users
it might work (I actually do have one friend who uses a spreadsheet as
her calendar) but many users would laugh at the suggestion. I have
actually had people laugh at me for asking them to send an email because
I don't use Facebook Messenger.

You began this question by asking why you should recommend XMPP over a
free alternative, not over a proprietary one. My answer is basically
that no one is using a free alternative. The only one I know of is
Matrix, and as far as I can tell it is even less popular than XMPP
(although I don't know this for a fact.) I wouldn't go so far as to call
XMPP "dead," since many clients are under active development and people
use them, but unfortunately you are right that compared to other chat
protocols virtually no one uses XMPP. It is also true that among desktop
users virtually no one uses a free one, but that is not a reason to give
up.

It seems to me that we might have been miscommunicating by using a
different definition of "chat.: Hopefully it is now clear what I meant,
and why email is not a replacement for the kind of chat that I am
talking about and which many people I know use. I get the sense that
you don't find this kind of chat useful, so there is indeed no reason
for you to use XMPP, but for many people it is useful, and it is good to
recommend XMPP to them unless/until a free and federated alternative
like Matrix proves to be more viable.

Dmitry Alexandrov
Offline
Joined: 03/07/2019

Was your message intended to be non-public? If yes, why? If no, feel free to remail my reply to list as well.

Mason Hock <name at domain> wrote:
> On 03/15, Dmitry Alexandrov wrote:
>> > There is too much delay between the sending and receiving of an email.
>>
>> How much exactly? I never experienced such a problem since POP3 went out of use. You might have misconfigured your server.
>
> It is common for email to take up to a minute. Sometimes more.

I had not witnessed such lags for a very long time. More than a decade. May I ask, where did you?

> It's just not intended for real-time communication.

I sill not quite understand, why do we keep calling this ‘real-time’, while it’s obviously discrete, but anyway — times change: Unix-like OSes were not intended for personal computers, but became so. Linux® was not intended for pocket computers, but now they’ve outnumbered all other machines running that kernel by many times. Android was not intended for lightbulbs, but now it’s no longer laughable. Email was not intended to be delivered faster than it could be read, but now it is.

>>> The fact that every AIM/Whatsapp/Signal/XMPP user has also used email shows that these tools have different functions.
>>
>> Actually, no, it does not show that. It only shows that email is more useful, and even if you have signed up for all these networks, you still need an email.
>
> The second part of what you say is true, but the converse is also true: Even if they have email, many people still need or want some of those networks.

Not necessary. They might want one of those _clients_ instead. Note, that none of those Skypes, Whatsapps, etc advertises itself as a network, always as an ‘app’.

>>> Gmail's web client has a chat client built in so that Gmail users can chat with each other in real-time, not a feature that would make sense if email on its own were suitable for this purpose.
>>
>> Of course, it makes a perfect sense! That is, to lure users from an open network to Google’s locked-in one.
>
> I agree that this is almost certainly Google's motivation for adding the feature, but that is not the user's motivation for using it. They use it because it is is better for quick, back-and-forth communication that has the flow of spoken conversation.

Again, what ‘it’? A client — sure, I have no doubt, that in the light of the said purpose Google is fully capable of making it more usable than their client for Gmail. A network — I do have doubts, that Gmail-to-Gmail communication is notably faster than Hangouts-to-Hangouts. Did anyone test it?

> Telling a Facebook Messenger user to use email instead is like telling a Google Calendar user to use LibreOffice Calc instead.

Sorry, I didn’t get a joke. (Presumably, because I never used neither Facebook Messenger nor Google Calendar.)

> I have actually had people laugh at me for asking them to send an email because I don't use Facebook Messenger.

Pardon for inquiring, but did they explain their laugh in any way?

> You began this question by asking why you should recommend XMPP over a free alternative, not over a proprietary one. My answer is basically that no one is using a free alternative. The only one I know of is Matrix, and as far as I can tell it is even less popular than XMPP (although I don't know this for a fact.)

Matrix? That’s curious in the context of our discussion, since when I tried it not so long ago, Matrix per se had _not_ been operating on top of a live connection, it had been _pulling_ new messages by establishing connection ab ovo — up from TLS handshake — every certain interval. Hello, POP3!

False impression of ‘real-time’ was created by a mere fact that it pulled very _often_; and, of course, by an immense progress in networking since the day we first met email, that made this mess possible. Given their protocol architecture — it is designed on top of pure HTTP, I have doubts about future improvements on that.

That is, Matrix as a protocol seems less suited to ‘real-time’ conversation than IMAP. By extension, matrix.org seems less suited for ‘real-time’ conversation than a decent gratis email service.

Networking aside, this misdesign is sill a problem with regard to energy consumption. So, for the couple of their recommended Android client (Riot.im) and their own ‘canonical’ server instance (matrix.org), they mitigated the issue... by using Google’s proprietary notifications aggregator (FCM), which demand running nonfree (and even nonredistributable) ‘Google Services’ client on your Android machine.

By the way, you have to solve a Google’s ReCAPTCHA to sign up there (on matrix.org, I mean).

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

Sorry for the confusion. Normally when I reply to a message from a
mailing list, my email client automatically addresses it to the list.
For some reason that didn't happen here.

I think I understand your perspective at this point and don't have time
to discuss it further. However, I did not intend to make the
conversation private, and your last message has some good information,
particularly about some problems with Matrix, so I am copying this to
the list. (Not that the majority of members who use the forum will be
able to follow it, since most of this conversation has probably been
buried in the Purism thread, and this message will likely appear as a
new thread without that context.)

On 03/18, Dmitry Alexandrov wrote:
> Was your message intended to be non-public? If yes, why? If no, feel free to remail my reply to list as well.
>
> <name at domain> wrote:
> > On 03/15, Dmitry Alexandrov wrote:
> >> > There is too much delay between the sending and receiving of an email.
> >>
> >> How much exactly? I never experienced such a problem since POP3 went out of use. You might have misconfigured your server.
> >
> > It is common for email to take up to a minute. Sometimes more.
>
> I had not witnessed such lags for a very long time. More than a decade. May I ask, where did you?
>
> > It's just not intended for real-time communication.
>
> I sill not quite understand, why do we keep calling this ‘real-time’, while it’s obviously discrete, but anyway — times change: Unix-like OSes were not intended for personal computers, but became so. Linux® was not intended for pocket computers, but now they’ve outnumbered all other machines running that kernel by many times. Android was not intended for lightbulbs, but now it’s no longer laughable. Email was not intended to be delivered faster than it could be read, but now it is.
>
> >>> The fact that every AIM/Whatsapp/Signal/XMPP user has also used email shows that these tools have different functions.
> >>
> >> Actually, no, it does not show that. It only shows that email is more useful, and even if you have signed up for all these networks, you still need an email.
> >
> > The second part of what you say is true, but the converse is also true: Even if they have email, many people still need or want some of those networks.
>
> Not necessary. They might want one of those _clients_ instead. Note, that none of those Skypes, Whatsapps, etc advertises itself as a network, always as an ‘app’.
>
> >>> Gmail's web client has a chat client built in so that Gmail users can chat with each other in real-time, not a feature that would make sense if email on its own were suitable for this purpose.
> >>
> >> Of course, it makes a perfect sense! That is, to lure users from an open network to Google’s locked-in one.
> >
> > I agree that this is almost certainly Google's motivation for adding the feature, but that is not the user's motivation for using it. They use it because it is is better for quick, back-and-forth communication that has the flow of spoken conversation.
>
> Again, what ‘it’? A client — sure, I have no doubt, that in the light of the said purpose Google is fully capable of making it more usable than their client for Gmail. A network — I do have doubts, that Gmail-to-Gmail communication is notably faster than Hangouts-to-Hangouts. Did anyone test it?
>
> > Telling a Facebook Messenger user to use email instead is like telling a Google Calendar user to use LibreOffice Calc instead.
>
> Sorry, I didn’t get a joke. (Presumably, because I never used neither Facebook Messenger nor Google Calendar.)
>
> > I have actually had people laugh at me for asking them to send an email because I don't use Facebook Messenger.
>
> Pardon for inquiring, but did they explain their laugh in any way?
>
> > You began this question by asking why you should recommend XMPP over a free alternative, not over a proprietary one. My answer is basically that no one is using a free alternative. The only one I know of is Matrix, and as far as I can tell it is even less popular than XMPP (although I don't know this for a fact.)
>
> Matrix? That’s curious in the context of our discussion, since when I tried it not so long ago, Matrix per se had _not_ been operating on top of a live connection, it had been _pulling_ new messages by establishing connection ab ovo — up from TLS handshake — every certain interval. Hello, POP3!
>
> False impression of ‘real-time’ was created by a mere fact that it pulled very _often_; and, of course, by an immense progress in networking since the day we first met email, that made this mess possible. Given their protocol architecture — it is designed on top of pure HTTP, I have doubts about future improvements on that.
>
> That is, Matrix as a protocol seems less suited to ‘real-time’ conversation than IMAP. By extension, matrix.org seems less suited for ‘real-time’ conversation than a decent gratis email service.
>
> Networking aside, this misdesign is sill a problem with regard to energy consumption. So, for the couple of their recommended Android client (Riot.im) and their own ‘canonical’ server instance (matrix.org), they mitigated the issue... by using Google’s proprietary notifications aggregator (FCM), which demand running nonfree (and even nonredistributable) ‘Google Services’ client on your Android machine.
>
> By the way, you have to solve a Google’s ReCAPTCHA to sign up there (on matrix.org, I mean).

Dmitry Alexandrov
Offline
Joined: 03/07/2019

Dmitry Alexandrov <name at domain> wrote:
> A client — sure, I have no doubts... A network — I do have doubts, that Gmail-to-Gmail communication is notably faster than Hangouts-to-Hangouts. Did anyone test it?

Oops. s/faster/slower/, of course.

GrevenGull
Offline
Joined: 12/18/2017

> Federation is more important to me

Federation? BTW I believe there are some issues with Telegram and Signal, whilst there is is seemingly none with Wire. So to equalize them would be kind of unfair I think?

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

On 03/13, name at domain wrote:
> Federation?

Are you asking what federation is? Think email. A Disroot user writes
an email in Icedove and sends it to a Gmail user who opens it in Gmail's
web interface and replies, cc'ing a user with their own email server,
who opens it in Mutt. This is possible because email is federated, which
allows email users to user whatever client and whatever server they want
and still be able to communicate with all email users. You can modify
Icedove all you want, you can run your own mail server in order to
control your own data, and there are no social costs.

Suppose that you want to do the same with Wire. You are free to modify
the client, but if you want to connect it Wire's servers you have to
abide by certain restrictions. This is Wire's right, as they own their
servers and don't have to let anyone connect to them if they don't want
to, but it creates a problem for you. If you run a version of the client
that you or someone else has modified in a way that Wire doesn't allow,
then you can't use their server.

Fortunately, Wire's server-side code is free software too, so you can
set up your own server, but now you run into another problem. Since Wire
isn't federated like email, you can't communicate with other Wire users
anymore. In order to use your modified client to communicate with other
people, you have to convince them to join your server. This won't be at
all easy to do, because most people will prefer to keep using Wire's
servers where all the other users are. Even if you are successful and
convince a substantial number of people to switch to your server, that's
not ideal either because now you and Wire are competing instead of
cooperating.

Wire's server- and client-side code are both released under free
licenses, so you can exercise all four freedoms without legal
consequences. However, because it is not federated, you cannot exercise
all four freedoms without social consequences. The Signal developer[1]
has said that he has no plans to federate, because he feels that he
needs to maintain control over how the app develops in order to compete
with proprietary platforms. Theoretically it's possible for a large
group of users to create and begin using a federated fork of signal, but
Moxie seems confident that this won't happen. Thus, he intends to use
the short-term social consequences for exercising freedoms 1 and 3 to
have control over his users, whether or not he is successful. He
believes that his reasons for doing this are valid, but many disagree.

As far as I know Wire is not avoiding federation for the same reason
Moxie is. For all I know they will federate at some time in the future.
Until that happens, though, I feel more comfortable sticking to a
federated protocol. The one I am most familiar with is XMPP, but I am
open to alternatives.

> BTW I believe there are some issues with Telegram and Signal,
> whilst there is is seemingly none with Wire. So to equalize them would be
> kind of unfair I think?

Hopefully after the above explanation, it is clear that the reason I
avoid Wire is lack of federation. I'm not saying they are as bad as
Signal. For example, Signal has proprietary build dependencies, which
means that you can only exercise freedoms 1 and 3 if you are willing to
run proprietary software. As far as I know Wire does not have this
problem, so in that respect they are better. I'm not as familiar with
Telegram.

[1] https://signal.org/blog/the-ecosystem-is-moving/

GrevenGull
Offline
Joined: 12/18/2017

Thank you :)

cuvtixo
Offline
Joined: 09/10/2018

This is fascinating, especially for me as a non-technical person. I know very little about programming or electronics, I just appreciate FOSS in a sociological way. While "federated" becomes clear when its defined in the signal blog and your it would be a little easier to appreciate if they used the term "ecosystem" more. It's more intuitive.
As far as Librem is concerned, I think some of the "deception" is overconfidence. The using the i.MX8 instead of i.MX6 in their phone, for instance. They were overconfident that they could make this upgrade: and, for their typical prospective customer, this is a bigger concern. Also, the marketing angle I got for the laptops were that they were a privacy and security-focused, and Open Source happens to be the the most secure software, and in this case firmware, too. The TPM and Coreboot issues, and I think they actually raised awareness of Intel firmware insecurity. Certainly they're flawed, but I think you're being overly harsh. I'm curious as to your opinion of Red Hat, for example. How un-libre are they?

calher

I am a member!

Offline
Joined: 06/19/2015

On 3/12/19 6:59 AM, Dmitry Alexandrov wrote:
> someone wrote:
>>> From all the people I have invited to contact me through XMPP rather than through Facebook (where I login extremely rarely) zero have done it.

Yeah, nobody is going to use XMPP or encrypted email if you just beg
them to get it. Now, if you physically go to their house and configure
their device for them to use XMPP and encrypted mail, you may have a
chance of getting them to use it. But be sure to back their stuff up to
a plain, unencrypted FAT32 flash drive. You don't want them to say "I
can't open your emails. My computer crashed."

But honestly, the only surefire way to chat with common people is to use
SMS and tell them "I don't have Facebook. Just text me, please." You can
use SMS with free software using Gajim and JMP Chat's SMS bridge. You'll
be able to send/receive texts, images, and voice messages right from
your chat program. It's been a lifesaver for me.

> By the way, could anyone enlighten me, why there is so much encouragement for XMPP? I seem to have missed it completely: from its promising rise through its peak, when everyone from Livejournal to Google supported it, to its present decay.

Facebook, Kik, iMessage and WhatsApp use XMPP. We just can't talk to
people on those XMPP instances, because the owners are mean.

I hate IceDove's rich text editing. It's hard to manipulate quotes.