• 👁️👄👁️@lemm.ee
    link
    fedilink
    English
    arrow-up
    110
    arrow-down
    8
    ·
    edit-2
    1 year ago

    Crazy how decentralization improves both, but they are vehemently against that. I trust them in terms of privacy, but their insistence on centralization, blocking third party apps, removing SMS, and refusal to support fdroid, I’m not a fan of the direction they’ve gone recently.

    • InvaderDJ@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      4
      ·
      1 year ago

      Removing SMS support makes sense. The potential for a user sending something through SMS that they thought was going over Signal is high. Even for the savvier users who would install Signal in the first place.

      • 👁️👄👁️@lemm.ee
        link
        fedilink
        English
        arrow-up
        15
        arrow-down
        5
        ·
        1 year ago

        It killed adoption, since now it’s just another messaging app. Most of my contacts still use SMS, and will stay on it, so being able to use Signal was a smooth all-in-one experience. Now I have no point in keeping it installed because like 3 of my contacts use it, so it has no use to me, thus killing potential adoption.

        • teolan@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          2
          ·
          1 year ago

          They’ve never had more users.

          And if you had spent 3 minutes looking at r/Signal or the support forum before they disabled SMS you would have seen how many people were confused by the feature.

        • fkn@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          3
          ·
          1 year ago

          Exactly the opposite. Removing sms was the thing that finally made me recommend it to my friends and family. People understand sms replacements. People understand alternate messaging apps. People don’t understand encrypted sms.

          If you have people who love whatsapp, it’s super easy to get them to use signal instead.

        • jaspersgroove@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          5
          ·
          edit-2
          1 year ago

          Perfect, that keeps you off signal and lowers their operating costs.

          Because if you actually needed signal, you’d still be using it. Security and privacy is not about convenience or a “smooth all-in-one experience”. It’s about actual security and privacy. And that is what signal provides.

    • Lime66@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      3
      ·
      edit-2
      1 year ago
      • Signal wants to be as secure as possible
      • F droid has security issues
      • It makes perfect sense to me
    • interceder270@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      7
      ·
      edit-2
      1 year ago

      I mean, of course the company is against what will lose the company money.

      They’re not doing this because they care about privacy, lol.

  • u_tamtam@programming.devOP
    link
    fedilink
    English
    arrow-up
    95
    arrow-down
    8
    ·
    1 year ago

    A more accurate title could be “Privacy is Priceless, but Centralization is Expensive”: with the era of cheap money coming to an end, grows a lot of uncertainty regarding the future of some large internet services. Signal is no exception and this emphasises the importance of federated alternatives (XMPP, fediverse, …) for the good health of the future internet.

    • Goronmon@lemmy.world
      link
      fedilink
      English
      arrow-up
      81
      arrow-down
      1
      ·
      1 year ago

      Decentralization is expensive too judging by some of the sentiment I’ve seen around running Mastodon and Lemmy/Kbin instances.

        • pizzaboi@lemm.ee
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          1 year ago

          And why wouldn’t they? 90% of the software people use daily is free (as in beer), so of course being told that’s going to change is going to cause upset. It takes a lot for people to want to pay money for something that, to those who don’t value free (as in freedom) software, is no different than the costless alternative.

      • BaroqueInMind@kbin.social
        link
        fedilink
        arrow-up
        24
        ·
        1 year ago

        At some point society needs to figure out how we can subsidize the costs of data storage, remote servers, and provision of internet to people for free.

        • JustEnoughDucks@feddit.nl
          link
          fedilink
          English
          arrow-up
          12
          ·
          1 year ago

          The only real way to do that is government subsidized servers, but that will fall in the same category as literally every other government service: right wing political entities try to privatize it and make it as shitty and parasitic as possible.

        • pizzaboi@lemm.ee
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          1 year ago

          You pay for these things with your data. If the government is paying for privacy-respecting storage or safe internet access, then so are you with your taxes. I’d vote for that, but I’d guess the majority of people would not.

        • Venia Silente@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          There’s nothing to figure out, if the question is how “society” does it then the answer is literally taxes.

      • u_tamtam@programming.devOP
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        Yup, it has a cost, but there’s perhaps a one or two orders of magnitude cost difference between hosting instant messaging + calls with something like XMPP, and hosting mastodon/Lemmy/Kbin (or why I do the former but not the later, and why I’m ok to pay for the service, esp. considering that my instance’s business model isn’t, unlike Reddit, to re-sell influence and data).

          • u_tamtam@programming.devOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I laid it out elsewhere in this thread, but in short, costs grow non-linearly with scale: you can run thousands of users on a RPi, but a million users requires whole datacenters. Decentralization not only helps with not requiring “whole datacenters” in the first place, they also enable maximization of resources: if you have a NAS at home, or a RPi hanging around, a router idling somewhere, or an abandoned smartphone in a drawer, you can probably host enough accounts for all the people that you’ve ever met in your life. And there are hundred of thousands of such underused devices everywhere, which, put together, would be sufficient to host the whole world multiple times around.

            The other issue is sustainability: with this centralization comes single point of failure. It’s no big deal witnessing the disappearance of one or few providers of a federated network. Accounts and data can be migrated easily. For most users, it’s invisible. Now compare this to Signal running into financial issues: you are contemplating million of users losing access to their account and their data, and having to re-bootstrap their whole social graph elsewhere. This is another level of “cost”, or price to pay, for centralization.

            • Goronmon@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              1 year ago

              Who is maintaining all these “unused” devices that you will want working pretty consistently? Who is responsible for replacing hardware when it dies? Who is looking into it when someone stops receiving messages? What happens when the person hosting thousands of users just stops wanting to do it? Who migrates these accounts?

              Frankly, your argument sounds more like wishful thinking than anything practical. You’ve basically described the plan as “Magically some devices in someone’s basement will suddenly start running a messaging service, maintenance free, from now until the end of time”.

              • u_tamtam@programming.devOP
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                This isn’t wishful thinking, this is in defense of a model where our digital needs would be distributed at a level lower than that of the tech majors, which was commonplace before everything on the internet was so consolidated.
                I’m not saying that everyone should self-host, I’m saying that federated services could be hosted at family&friends/regional/national levels, simultaneously, and deliver a resilient service at a negligible cost. Hardware, which is very much a problem for Signal & al right now, wouldn’t be in a distributed model, and could be donated and repurposed easily. My example was perhaps a bit too extreme, but I think you get the gist of what I’m saying.

    • Avid Amoeba@lemmy.ca
      link
      fedilink
      English
      arrow-up
      33
      ·
      edit-2
      1 year ago

      Decentralisation would just spread the costs over more individuals. Those individuals would have to collect contributions from their respective communities. The total amount people who would have to chip in to make the system sustainable won’t change dramatically. Decentralisation isn’t some magic wand that makes infrastructure and labor costs disappear into thin air.

      • u_tamtam@programming.devOP
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        3
        ·
        1 year ago

        Decentralisation would just spread the costs

        …the costs and the risks: let’s jump forward a few years into financing issues, at what point does Signal become a liability and start operating against their stated mission, if the alternative is that they cannot survive? We are witnessing enough contemporary examples of enshittification to know that it’s a real possibility, and that all centralized providers, but in particular the ones not charging for service, are at risk.

        Some would even argue that this has already started in the case of Signal with their crypto payments and blocking of 3rd party clients which are clearly user-hostile.

        Those individuals would have to collect contributions from their respective communities.

        Perhaps, or perhaps not. Running costs get exponential with scale. You can host 1000 users on a shoebox computer/raspberry pi, but delivering a service for millions requires datacenter-level infrastructure and tons of engineering know-how.
        Most people into self hosting or having a NAS at home can already accommodate their families, friends and more, which means millions of potential users, without the problem of trust from a single organization

  • Poutinetown@lemmy.ca
    link
    fedilink
    English
    arrow-up
    49
    ·
    1 year ago

    The cost of these registration services for verifying phone numbers when people first install Signal, or when they re-register on a new device, currently averages around $6 million dollars per year.

    That’s pretty crazy. Wonder which third party providers they are using. Maybe the identity verification methods we have today is due for some significant changes?

    • verysoft@kbin.social
      link
      fedilink
      arrow-up
      43
      ·
      1 year ago

      Yeah, I wasn’t expecting that to be the bulk of their spending. Maybe they should remove the need for phone numbers now they removed SMS.

      • Poutinetown@lemmy.ca
        link
        fedilink
        English
        arrow-up
        18
        arrow-down
        2
        ·
        1 year ago

        SMS is dead, so they will need to move on eventually. Most carriers are moving towards high data plans now. I mainly use it for verification, although I’d rather use more secure methods.

        • u_tamtam@programming.devOP
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          1
          ·
          1 year ago

          Well, if SMS is dead then RCS is what we get instead, and there’s no difference to us (and probably higher costs for Signal & al.)

          And there are wayyyy too many things that depend on SMS for it to be dead any time soon, too :)

          • smileyhead@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            Also Signal cannot add RCS support, because Google Jibe servers won’t allow other app than Google Messages… And you must use them because native RCS support for Android is halted for years… And you cannot install some module with RCS support yourself because of anti-Unix monolitic Android userspace architecture…

            Man, there are so many things done wrong.

        • u_tamtam@programming.devOP
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          No, I think they are merely working on user ids no longer mandating to be your phone number (so that it can be pseudonymous, e.g. tja@signal instead of +xx0123456@signal), I don’t believe they hope to drop SMS verification at this point because of the spam issue getting worse otherwise

    • u_tamtam@programming.devOP
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      1 year ago

      Without SMS verification, spam would be so much worse that they’ve been kind of obliged to keep it, even though it defeats/undoes most of the privacy features they like to advertise about

      • Poutinetown@lemmy.ca
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        1
        ·
        1 year ago

        The article says it’s to limit spam. I don’t feel platforms like Lemmy (or the other platform) are particularly spammy though. On the other hand I get a lot more spam on Whatsapp, even though it’s phone number bound.

        Signal is pretty good in terms of limited spam, but I’m curious about the impact if they A/B test the removal and see how much spam would arise. Obviously that could only be implemented after they remove the need to add contact via phone number.

        • Balder@lemmy.world
          link
          fedilink
          English
          arrow-up
          22
          ·
          1 year ago

          If more people joined Lemmy you’d see the amount of spam this place would get. Now it’s only a bunch of nerds who will quickly report any spammy activity. It’s a small “friendly” community for now.

        • huginn@feddit.it
          link
          fedilink
          English
          arrow-up
          13
          ·
          1 year ago

          Niche communities don’t deal with spam.

          But the moment it’s big enough Lemmy will be rife with spammers and you’ll need full time moderation tools.

        • skillissuer@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          plenty of instances have email verification and or captcha, and those that don’t get defederated (sometimes) (this already happened)

  • Infiltrated_ad8271@kbin.social
    link
    fedilink
    arrow-up
    40
    arrow-down
    4
    ·
    1 year ago

    I would never have guessed that an app like signal would spend almost 20 million in salaries. I wonder what is the salary of the executives.

    • kariunai@feddit.nl
      link
      fedilink
      English
      arrow-up
      21
      ·
      edit-2
      1 year ago

      I wonder what is the salary of the executives.

      Wonder no more, they have it in their 2022 tax filing:

      Compensation

      Key Employees and Officers Base Related Other

      Jim O’leary (Vp, Engineering) $666,909 $0 $33,343

      Ehren Kret (Chief Technology Officer) $665,909 $0 $8,557

      Aruna Harder (Chief Operating Officer) $444,606 $0 $20,500

      Graeme Connell (Software Developer) $444,606 $0 $35,208

      Greyson Parrelli (Software Developer) $422,972 $0 $35,668

      Jonathan Chambers (Software Developer) $420,595 $0 $28,346

      Meredith Whittaker (Director / Pres Of Signal Messenger) $191,229 $0 $6,032

      Moxie Marlinspike (Dir / Ceo Of Sig Msgr Through 2/2022) $80,567 $0 $1,104

      Brian Acton (Pres/Sec/Tr/Ceo Sig Msgr As Of 2/2022) $0 $0 $0

      from https://projects.propublica.org/nonprofits/organizations/824506840

    • BlackAura@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      ·
      edit-2
      1 year ago

      I mean, without browsing levels.fyi or anything like that you can get 4 to 10 software engineers for 1 million (anything from 100k to 250k depending on location, experience, etc.).

      Not all employees are engineers but that would imply 80 to 200 staff for the 20 million they state.

      That’s only the component paid to the actual staff though. There are additional costs like Healthcare, unemployment, social security, etc, and other benefits that may not be included in wages (though some portion may be deducted from salaries), but they are including in that statement / summary.

    • wintermute@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      It’s not only salaries:

      about half of Signal’s overall operating budget goes towards recruiting, compensating, and retaining the people who build and care for Signal. When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.

    • justJanne@startrek.website
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      3
      ·
      1 year ago

      It’s an absolutely surprising amount, because Matrix spends less than that if you just count the people working on the open source offerings.

      And that project has significantly more features, is federated, and has a much larger scope.

  • choroalp@programming.dev
    link
    fedilink
    English
    arrow-up
    42
    arrow-down
    10
    ·
    1 year ago

    Step 1. Make it federative Step 2. Stop fucking hosting your shit on Amazon servers. Step 3. Profit

    • Kevnyon@lemmy.world
      link
      fedilink
      English
      arrow-up
      20
      ·
      1 year ago

      Even if they federated (which I doubt they will do), someone would have to foot the bill for those servers. Same thing on lemmy, someone’s eating the server costs here even if it isn’t a major corporation.

  • phoneymouse@lemmy.world
    link
    fedilink
    English
    arrow-up
    30
    arrow-down
    6
    ·
    edit-2
    1 year ago

    I kind of liked WhatsApp’s initial monetization model. It was free for the first year and then $1 per year after that. With 400 million users, that’s a good chunk of change. Assuming only 25% of people would pay, that’s still a good chunk of change. I think Signal should adopt something similar.

    • Scolding7300@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      1
      ·
      1 year ago

      I think just like Proton provides free services for the greater good, Signal should do something similar. Even special emojis works well IMO. They give you a badge at least

    • u_tamtam@programming.devOP
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      Agreed. Not ideal vs. a federation, because Signal would still be in a position of total control over the network, but with less incentive to go against its users.

  • Scolding7300@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    1
    ·
    1 year ago

    They should post a average price per user so we’ll know what’s the minimum to donate (probably 5$ which is the minimum in the app IIRC)

    • kariunai@feddit.nl
      link
      fedilink
      English
      arrow-up
      25
      ·
      1 year ago

      “As of January 2022, the platform had approximately 40 million monthly active users.”[0]

      In 2022 they had $30M expenses, so the cost is somewhat under $1/user/year.

      They said the minimum donation is there to reduce the viability of scammers using it to check if a stolen credit card number is valid.

      [0] https://en.wikipedia.org/wiki/Signal_Foundation

        • deur@feddit.nl
          link
          fedilink
          English
          arrow-up
          10
          ·
          1 year ago

          Its not about protection or even going unnoticed like the responders say. I’ve fixed unprotected payment systems on websites, the real problem is they use it to validate CC information as live. By raising the cost, you make other lower hanging fruit more appealing and keep scammers from using your service to test CC info.

          • Corkyskog@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            3
            ·
            edit-2
            1 year ago

            Is it just they know they can only charge like $800 before they get shut down and want that extra $4 for themselves? I am still trying to understand the rationale. If I had no morales and a stolen cc, why would I care if it’s a $1 or a $5 charge for validation?

            I feel like I am learning I don’t check my cc info nearly as much as other Americans…

            • pajn@lemmy.blahaj.zone
              link
              fedilink
              English
              arrow-up
              4
              ·
              1 year ago

              If there’s one service where you can check stolen CC info for $1 and another one for $5 you doesn’t go with the $5 one for no reason. The $4 extra dollars doesn’t matter in itself but that other places are several times cheaper does.

              • Corkyskog@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                1 year ago

                See I would go with the $5 one with the thought process that almost no establishment let’s you charge under $5, so if I ever saw something for less than that it would immediately be a redflag.

                • AlecSadler@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  Half my CCs don’t let me set transaction alerts for less than $5-$10, so a $1 or less charge would never notify me, I’d have to be actively checking it every moment of every day to see it immediately.

                  And yes, I have email/text alerts when possible for every. single. charge. on my CCs at the lowest threshold possible and it has helped at least three times thus far.

        • kent_eh@lemmy.ca
          link
          fedilink
          English
          arrow-up
          7
          ·
          1 year ago

          The point of scammers using a small value to test stolen numbers is they hope such small transactions go unnoticed for longer, allowing them a bigger time window to use and abuse the stolen card number.

    • beeng@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      21
      arrow-down
      10
      ·
      edit-2
      1 year ago

      Get with the times.

      Signal stands for privacy and not selling your data to be spied on and sold, and you’re STILL using SMS, spam ridden, high cost, old infrastructure, easily read, technology.

      I suppose you want email in your Signal client too?

          • KrummsHairyBalls@lemmy.ca
            link
            fedilink
            English
            arrow-up
            7
            arrow-down
            2
            ·
            1 year ago

            That’s great. Most older people aren’t juggling two apps.

            I’m also not sending baby photos because fuck kids, but if I wanted to send photos, it wouldn’t be compressed over signal or WhatsApp.

              • KrummsHairyBalls@lemmy.ca
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago
                • Any of the million storage options (Proton Drive, OneDrive, Gmail, Mega, etc)
                • Google Photos in full quality
                • Sending a public link that is self hosted on my NAS

                I dont use MMS, I use RCS, and even then, if I cared about quality, I am not sending it directly via any chat service as they will compress it.

    • Margot Robbie@lemm.ee
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      2
      ·
      1 year ago

      Especially when your identity on Signal is STILL only tied to a phone number, instead of a username, and there is nothing less private than actually giving out your real phone number.

      Absolutely baffling.

      • sergih@feddit.de
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        I heard they gonna introduce usernames for sharing your acc. but to make one u still need a phone to create an acc. which I understand.

      • miss_brainfart@lemmy.ml
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        1 year ago

        Giving out a phone number harms anonymity, which is something they never claimed to give you.

        I’d like not having to use my number as much as you, but lets be angry about it for the right reasons, at least

    • voxel@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      4
      ·
      1 year ago

      sms is useless tho?
      it’s basically a confirmation code delivery system, with some ads and spam

      • KrummsHairyBalls@lemmy.ca
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        5
        ·
        1 year ago

        It’s not useless in western countries. We don’t all have our entire country communicating via Metas WhatsApp lol

          • KrummsHairyBalls@lemmy.ca
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            3
            ·
            1 year ago

            Exactly.

            I also prefer not to have one of the most garbage companies apps on my phone (WhatsApp). The messages may be encrypted, but the location data and storage permissions you’re giving it aren’t.

        • voxel@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 year ago

          i live in Ukraine and I don’t know anyone who uses sms.
          also Whatsapp is not prevalent here either, basically everyone is using Telegram (or in case of older population, viber, which is installed on like 90% of devices)

          are there any countries in which sms is still used?

          • KrummsHairyBalls@lemmy.ca
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            Yes, North America between Android and iPhone.

            I use RCS with everyone except iPhone users, which defaults to SMS.

    • Joelk111@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      That is dumb that they’d remove a feature, but I tried it and switched back to a dedicated texting app. The feature wasn’t full featured enough for me to want to use it.

      • laurelraven@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Not being able to copy my SMS message history into Signal kept me from switching… Well, I might have anyway if googie didn’t make it so their app only lets you see your message history if you make it the default

    • polle@feddit.de
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      3
      ·
      1 year ago

      Lol, that was the worst feature ever. If you forgot disabling it at install, it was nearly impossible to see it’s going to be a sms or signal message. (Especially for people who aren’t tech savvy)

      • Goodie@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        To dislike the feature is one thing, to not understand why ithers valued it is a whole pther ball game of ignorance

    • u_tamtam@programming.devOP
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      5
      ·
      1 year ago

      XMPP

      As I wrote elsewhere in this thread, XMPP would be my preference. It just works. In fact that’s what the other messengers (at facebook, Google, …) already use, but chose to put behind a walled-garden.
      What matters is that whatever comes next (or, from the past in the case of XMPP) is federated, so no single organization has a single-handed control/monopoly over the network. Matrix and SimpleX are federated alternatives to XMPP, but I don’t see Matrix stabilizing any time soon, and SimpleX just isn’t ready yet. XMPP can offer you today an experience that’s comparable to WhatsApp/Signal/Telegram/…

      • Fisch@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        What’s the issue with Matrix? I’ve tried both Matrix and XMPP but stuck with Matrix because it just works. XMPP is also good but it lacks a good Android client (The available clients look very outdated, and honestly, pretty ugly). It’s also kinda hard to know if your client or server even supports all the extensions that are needed.

        • u_tamtam@programming.devOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          I’ve tried both Matrix and XMPP but stuck with Matrix

          And so did I but ended up with XMPP instead of Matrix. Self hosting my messaging was important to me, and the cost of doing so is prohibitive with Matrix, the protocol and its implementations are just that inefficient, and there has been no progress in this area for as long as I’ve been keeping an eye on it. In my eyes, Matrix is broken by design.

          Now, Element is indeed a decent client, and above the average of all XMPP clients, but what matters is for XMPP to have at least one great client per platform, which is undoubtedly the case. In practice, all my daily messaging happens over XMPP, the people I interact with are far from the nerdy type, and to them it’s pretty much equivalent to WhatsApp & al.

          Back to Matrix, besides the fact that after a decade there hasn’t been any progress towards diversifying implementations (it’s so messy, complex and changing that it’s basically the same people implementing both client and server sides, and there is only one viable implementation to this day, by one entity), which is a big fat red herring, the entity who’s behind 95% of the code of Matrix is now facing severe financing challenges. The future of Matrix is all but certain because of that, and there are reasons for concern.

          I don’t “hate” Matrix/Element/the Foundation, I just don’t understand why they painted themselves in the corner they are in today, and rode the pipe dream of their broken protocol for so long. Would they cease to exist, it would look like natural selection to me. They are just not competitive and sorry if it hurts.

      • electric_nan@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I love XMPP, but I can’t recommend it as a reliable alternative to Signal. I find that encrypted communication is hit or miss with it. I had a problem just this week with it. I got a message delivered to a dormant Movim account I use, and I received it in my mobile xmpp app, Cheogram. I received it fine, I replied once fine. I went to send another message and it failed. I went to Movim in my browser, logged in to my account and was able to send. This is pretty typical in my experience-- some kind of mismatch or failure to negotiate between clients.

        • u_tamtam@programming.devOP
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 year ago

          Sorry to hear. I’ve been using omemo (e2ee) without a single message lost since… perhaps 5 years ? I also don’t use movim (I don’t trust its model and level of stability/maturity, especially with regards to doing e2ee in the browser). I would not recommend “XMPP via Movim” either.

          Edit: a word

          • electric_nan@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I don’t really use Movim either. I set up an account some years ago while testing different federated social networks. However, I have had that same type of issue with more ‘normal’ xmpp chats. It seems to me that the development is a bit too fragmented. I am hoping for continued improvements though :)

      • soulfirethewolf@lemdro.id
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        My only problem with XMPP (and a lot of other federated protocols) is really the lack of quality clients. Most of them (especially on systems beyond Android and Linux) don’t really have that good of a UX, or their UI is kind of bland or dated.

        It’s something that I hope gets improved eventually. Because having a variety of choices doesn’t mean much if none of the choices feel particularly good.

        • u_tamtam@programming.devOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          What the other responders said (there are great clients out there, that fit mainstream and niche needs).

          Also, it is not a problem of “federated protocols” per se, but of community-led projects. On the downside it may lack consistence and direction, but on the upside you can step in and contribute feedback, tests, documentation, and why not, code :)

  • gr522x@lemmy.ml
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    9
    ·
    1 year ago

    Ended my donations to Signal after discovering they choose Google Hosting Services over open source and privacy respecting alternatives.

      • Tekchip@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I will preface this with, I may be wrong, but as I understand it xmpp is just a protocol. One that, unless it’s been revised, imparts no encryption at all. Signal, and Session, are full architectures that enable all of the afrementioned features from my initial post including server and client.

        • u_tamtam@programming.devOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Everything you might use relies on a protocol down the stack. XMPP happens to be the only one to date that is an internet standard (IETF), is extensible by design (past/present and future use-cases can be build into it, what makes it still relevant 25 years later), is federated (but not P2P, a good trade-off for mobile usage), has a diverse/multi-partite ecosystem of client and server implementers (sustainable and resilient), and is deployed successfully at scale (on billion of devices).

          unless it’s been revised, imparts no encryption

          Today’s XMPP uses the same E2EE as Signal/WhatsApp/Matrix/… XMPP had end-to-end encryption 10 years before Signal was invented

          • Tekchip@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            Sure, now which pre-existing piece of xmpp based software checks all the feature boxes as noted by both Signal adherents and myself regarding Session? Are you implying the lay user code their own? If that exists you could have just linked to it rather than engage in whatever this is.

            • u_tamtam@programming.devOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Sure, now which pre-existing piece of xmpp based software checks all the feature boxes as noted by both Signal adherents and myself regarding Session?

              All of those. Essentially you would have to go out of your way looking specifically for incompatible clients.

              And “incompatible clients” is simply the natural state of any technology that’s been around long-enough. The only way Signal fends itself from this is by mandating its own client and version (and banning anything else, technically or from its ToS) which is terrible for a bunch of reasons (you must agree with Signal’s direction and whatever features they might decide to add and remove for your own good, you cannot use Signal on devices/platforms that Signal has no resources/interest to support, etc). If Session is in any way open, and assuming it ever becomes successful, it will face the same challenge (just like Matrix does).

    • ironeagl@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      It’s not only salaries:

      about half of Signal’s overall operating budget goes towards recruiting, compensating, and retaining the people who build and care for Signal. When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.

  • Arthur Besse@lemmy.ml
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    18
    ·
    edit-2
    1 year ago

    waaahh centralizing millions of slightly-privacy-aware people’s metadata on Amazon’s servers costs a lot of money, waaah

      • Arthur Besse@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Which metadata? Please elaborate

        • When you are online
        • Where you are online from
        • When you receive messages (and their size)
        • When you send messages (and their size)
        • Who you are communicating with (including individuals, and what groups you’re in).

        Those last two are supposedly hidden by their “sealed sender” feature, but, that is a farce because you’re connecting to their servers from the same IP address to send and receive and you need to identify yourself (with your phone number) to receive your messages. So, the metadata-hiding property that “sealed sender” purports to provide cryptographically is actually relying on their (Amazon’s) network infrastructure not to correlate the information available to it.

        Signal says that they don’t retain any of this metadata, and I think it is likely that Signal employees are sincere when they say that.

        But if someone with the right access at Signal’s ISP (Amazon) wants the Signal metadata, they can get it, and if they can, then anybody who can coerce, compel, or otherwise compromise those people (or their computers) can get it too.

        One can say that the adversaries they’re trying to protect against don’t have that kind of capability, but I think it isn’t reasonable to say that Signal’s no-logging policy (much less their “sealed sender” cryptographic feature) is protecting metadata without adding the caveat that routing all the traffic through Amazon does make the metadata of the protocol’s entire userbase available in a convenient single place for the kind of adversaries that do.

        And if you’re completely confident that the adversaries you want to protect against are unable to compromise the server infrastructure, why would you need e2e encryption at all?

        note to lemmy regulars, if this comment sounds familiar...

        i copypasta’d bits of the second half of it from an earlier comment that I made on someone else’s now-deleted post