Comment by palata
21 hours ago
I don't think that the proprietary office suites are needed. The alternatives are good enough for what people do, aren't they?
The problem is that people don't want to change, because it takes some effort. Why would people use WhatsApp instead of Signal otherwise?
To the average person, no. If you ask a regular user, you'll find that there is no alternative what Excel can do, the PowerPoint alternatives are missing loads of features, etc. Additionally, files created in MS Office still cannot reliably be used in the open source alternatives without something breaking. Until a non-technical user can open my PowerPoint presentation in LibreOffice and not have to apologize for the formatting, they aren't equivalent.
A huge part of this is fonts. Users prefer proprietary fonts, and when you open files using them in the alternatives it tends to look like terrible. You will not convince users that this is on them to fix, and to be honest they're right, it's not their problem.
There used to be programs that would connect to multiple proprietary systems, like Pidgin. If we had this today we'd have one free-software app for WhatsApp, Signal, and Telegram (and some used in other countries, like IIRC Zangi?). However, the social and regulatory environment changed - now whoever made that app could expect to be charged with a crime.
Pidgin is still here and does work (to some level) with all of those protocols. https://pidgin.im/plugins/?publisher=all&query=&type=Protoco...
We've been working on our next major release for a long time now to better support modern protocols. But as an unfunded Open Source project it's hard to get things done quickly when it's a "free time" only project.
I don't have a definitive opinion on such messaging apps. I like that it bridges between different services, trying to free the users from the lock-in, but...
If I talk to someone on Signal today, I know that they are probably using the official Signal on the other side. With the guarantees that I know from Signal. Now what if half of the users of Signal were using a third-party app? How much can I trust this app?
Say Matrix has a bridge to Signal. I talk to someone over what looks like Signal from my end, but it goes to some third-party server that pretends to be Signal and then relays those messages to my friend on their Matrix client. As a Signal user, I cannot know it, but my conversation is not E2EE anymore. And it kind of defeats the point of using Signal entirely, doesn't it?
I guess my point is that in terms of security, there is value in making it possible to verify that both ends are using the official Signal app, by locking it as much as possible (e.g. with DRM-like technology). But of course it's annoying to be locked in. Even though I don't feel personally super locked into Signal: I could move to another similar app in a minute. But again people tend to be lazy and don't want to switch apps. It's a hard problem, I guess.
That app already exists. It's called TM SGNL. The Department of War used it. It sent all their messages in plain-text to an Israeli server that was leaking memory dumps to the public internet (a la Heartbleed), 600GB of which were collected by hackers and sold on the dark web. Worst case scenario. That's not a fantasy, that literally happened. Do you still trust Signal?
1 reply →
The European Commission has recently put WhatsApp under scrutiny in terms of the Digital Services Act, and forced them to open up allowing interoperability with other messaging applications.
Perhaps we'll see a return of apps like Pidgin soon.
We've never left. https://pidgin.im/
For the context of this thread, WhatsApp and Signal are both American.
Just look to the federal United States government using it for communicating military strikes, and including journalists.
But it doesn't make Signal bad. If Americans blindly process our messages without knowing what's inside, it's worse than not depending on them, but better than showing your private correspondence to somebody.
At least we don't seem to have things which are close by UX and security at the same time.
Simplex is fine, but still feels a bit raw.
Everything else is either untrustworthy because of the closed code or no e2e encryption or custom encryption schemes (WhatsApp, Telegram, any Asian messenger) or unusable from UX perspective (Tox, Matrix).
Simplex is a project by a fervent COVID conspiracy theorist FYI. (Evidence: his Twitter page)
1 reply →
For the context of this thread, it's infinitely better to depend on Signal than to depend on WhatsApp.