My last job used #GoogleMeet and #Zoom. I wouldn't wish those on anyone either.
Wish my undergraduate studies in #UX and #database design had better prepared me to create a world-conquering team #messaging solution that would put #BigTech out to pasture, but no one was handing out giant bags of money when I earned my diploma. #capitalism
#CyberSecurity#Privacy#Messaging#Encryption: "From September 2022 through May 2023, we analyzed popular messaging apps–including Signal, WhatsApp, Telegram, Messages by Google, Apple Messages and Meta’s Messenger–across a range of dimensions, including technical security, user experience, how the apps engage with users and developers, and their policies, terms and conditions. We sought to understand how people form mental models of their own individual or group digital security and corresponding threats, ways in which the technical and design decisions that the developers of encrypted messaging apps make can leave users vulnerable, and potential solutions that encompass technical, design, and policy adjustments.
To answer these questions, we adopted principles from frameworks such as Privacy by Design and Design from the Margins. We completed a technical review of selected apps; a detailed user experience and user interaction design analysis; and a comprehensive policy review. We interviewed a range of experts, and conducted field work with at-risk users including abortion rights activists in New Orleans, Louisiana and journalists in Delhi, India."
"Testing a new encrypted messaging app's extraordinary claims"
"There's no longer any real distinction between cleartext and encrypted messages – nothing is meaningfully encrypted. For your security, you shouldn't use Converso to send any message that you wouldn't also publish as a tweet."
At #JoinJabber we aim to grow sustainably. As part of that we put high standards for inclusivity and safety to all of the communities we collaborate with. You will never see us at a police conference asking for money for example. ;)
If that sounds like what you want you can join in https://joinjabber.org or host an #xmpp server next to your mastodon server https://joinjabber.org/tutorials/integration/mastodon/
Just learned about @simplex and I must say it looks fairly promising as a future #InstantMessaging app to replace #Signal in the long run (I do like #Matrix but it's good to see an alternative and their tech looks solid).
I was not 100% sure about #SimpleX ToS, though, and couldn't find out who the company was, nor their business model (though donation is at least a part of it).
Instant messaging is more complicated than you'd think. Sending a message from one device to another seems simple, but it's hard; especially on mobile. NAT, Firewalls, smartphone battery optimisation are all technical challenges, but then you also got user expectations. Users expect to see the same messages in the same order on every device. They want to be able to send photos, files, locations, voice messages and much more. On top of all that, full end to end encryption is a must have nowadays. Especially if you let average people run their own servers.
Matrix seems overly complex, but once you attempt to reinvent it, you end up with the same level of complexity.
At what point are the #Democrats going to start engaging in coordinated #messaging, and pushing content to combat the flood of #rightwing bullshit? The clock is ticking, and we can't afford to wait til the night before the election to suddenly realize that effort is needed to inform the voters of the facts.
#CyberSecurity#Privacy#Messaging#Metadata#Encryption: "When stored, aggregated and analyzed, this metadata provides ample information that could potentially incriminate someone or be submitted to authorities. When WhatsApp and Facebook Messenger enabled end-to-end encryption for messages, of course it was a welcome and widely celebrated change. But it’s important to remember that not all end-to-end encryption utilizes the same standards, some implementations are more secure than others, so it’s something that shouldn’t necessarily be accepted at face value. More importantly: collecting and storing an obscene amount of metadata should invite global scrutiny, considering this data is often combined with whatever other information companies like Meta harvest about your identity (which is a lot.)
This is one of the many reasons why we need to resist giving out our phone numbers just to access an app, especially to do something as personal and intimate as private messaging. Even though users can sometimes mask their numbers with a username, their identity on the app is still fundamentally tied to their phone number. App operators have access to this, as well as user contacts. Additionally, with a simple modification to the app's source code, the contacts may also gain access in some cases. This should raise more concerns about privacy, and it makes the need for anonymity difficult to achieve." https://simplex.chat/blog/20240416-dangers-of-metadata-in-messengers.html
#SocialMedia#Messaging#Telegram#Privacy#CyberSecurity: "Taking the company public would change the power structure and force greater disclosure, although Durov could maintain voting control by issuing dual class shares.
Monetising messaging apps is not easy. Users do not want adverts to pop up in their private messages. Signal relies on donations and Meta does not give profit figures for WhatsApp.
Telegram is not yet profitable. It told the FT that it makes “hundreds of millions of dollars” in annual revenue via digital ads, crypto payments and premium subscriptions. It is planning an AI-powered chatbot, but then who is not? Server costs are large. Durov described costs as less than 70 cents per user, which translates to around $630mn a year. Revenue is below that.
Selling tokens linked to its own blockchain effort could have funded the endeavour but it was shot down by regulators. However, Telegram still facilitates use of the tokens, called Toncoins, after developers took on the project. Toncoin’s price has climbed about 60 per cent in the past year. Talk of a possible IPO is proving lucrative in more ways than one."
#Cybersecurity#Telegram#Messaging#Geolocation: "A recently launched tool allows anyone to search a specific set of coordinates for Telegram users that have a certain setting enabled, and then plot their approximate physical location on a map, according to 404 Media’s own tests. The tool, dubbed “Close-Circuit Telegram Vision” or CCTV, piggybacks off an intended feature of Telegram called “Find People Nearby” which is disabled by default. The typical purpose of that feature is to find other Telegram users nearby to the current user’s physical location. The new tool, meanwhile, lets anyone search globally for people who have the setting turned on.
The news presents a recontextualization of data which users may consent to being available in one context, but which is now being presented in another.
“They have a protection mechanism but it's not enough to protect,” Ivan Glinkin, a cybersecurity professional and creator of CCTV, said in an online chat."
#CyberSecurity#Surveillance#Encryption#Messaging: "The current crop of suggestions seem to concede that governments shouldn’t have direct access. Instead, they want services to backdoor themselves and act as gatekeepers to law enforcement. That’s not an improvement; it’s still centralized, and it makes these companies responsible for any misuse of the data that they have access to, requiring everyone on the planet to trust a few big tech companies with our private and most intimate conversations – hardly a direction that society wants to go in in 2024. ‘Trust me, I’m in charge’ is a poor model of governance or security.
These ‘solutions’ also ignore the reality that the ‘bad guys’ will just use other tools to communicate; information is information. That will leave law abiding people giving up their privacy and security for little societal gain." https://www.mnot.net/blog/2024/04/29/power
In search of a self-hosted messaging client for my Jellyfin users
Good morning /c/selfhosted!...