[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /tech/ - 35410

File: 1489184439955.png (54.16 KB, 300x292, anisec2.jpg)


Every month or so one of my friends tries to convince me to install the latest chat apps. I mean, if I install every chat app that people reccomended to me, it would be in the tens of dozens. It's annoying. So I either just flat out reject them, or begrudgingly install the app. Even a lainon convinced me to use pidgin, and another one mumble, I haven't even used pidgin since, nor had any wish to. I think about mumble every month or so but I don't want to bother.

My real issue though is that 99% of those applications are cookie cutter levels of similar. They are functionally the same thing when compared to ICQ from 1996. OK, some of them have some encryption, which may or may not be soykafty, and they really should have encryption but I am digressing. Others that have video or voice calls are functionally the same thing as skype from 2003. OK I myself avoid skype because muh M$.

Why do people get this excited over constantly discovering new chat applications? Most of them did exactly the same thing for decades.

Mods: Sorry if this rant is too aggressive, if needed I will delete this even myself.


I suppose they are somewhat misinformed about the pros and cons of each, and get caught in a hype train. It feels good when you spread something that you currently believe to be good, especially if you have a narrative of "fighting the evil facebook".
It's almost like those long commercials where they make a product that nobody ever needs in real life, but show 6-8 scenes of people using it in real life and it coming in handy. The impression of usefulness remains, and people who try to think positively (e.g. your lainon who tries to stop being depressed), will simply focus on the nice use-cases and deny/ignore 99% of use-cases where the thing isn't useful or not any better.


File: 1489188398515.png (1.65 MB, 140x200, 1488914723114.jpg)

I think you have to distinguish between client and protocol.

Having a fuarrrkton of different clients that use the same protocol is not a bad thing but rather creates competition.

Having many non-interoperable clients harms the goal of bringing the general public to adopt secure, decentralized communication.

In my opinion, XMPP with OTR or OMEMO is the best option as there are many different clients available for this.


In my opinion IRC beats all.


what do you guys think of tox


tox's crypto is complete garbage and they have no intention to fix it. I recommend people stay away from it.



I think you should give Pidgin a lot less flak, OP. It is actually the solution to your problem: a multi-protocol chat client where protocols can be added as plugins. By default, it supports XMPP/Jabber, AIM, Google Talk's custom protocol, IRC, and a few others. With plugins, it can do things like P2P video calls (with Jingle), tox (tox.dhs.org), and OMEMO encryption over XMPP (github.com/gkdr/lurch), and lots of other nice stuff, all in one client.


Could you elaborate on your criticism of Tox's crypto? Unfortunately, cryptography is not an area I am well versed in yet, and I've been recommending Tox since my understanding painted it as a decently secure, decentralized medium. Genuinely curious as to what you mean when you say their crypto is garbage.


Jesus Christ. Not that I could say much about the crypto aspect, but the general tone of the discussion makes me doubt the trustworthyness and reliabilty of anyone involved in this project. And irungentoos response along the lines of "Yeah, that is a problem, but if someone has your private key, they can do even worse stuff, so why bother fixing it?" is not very reassuring.


IRC works perfectly for a (semi-)public, group chat. But for a private chat, IRC failed to provide any end-to-end encryption. Yes, there are simple implementations of ECB (?!) block cipher and even OTR ports, but unfortunately nobody really uses them, and because of the diversity of IRC clients, it is not usable at all.

I prefer to keep an IRC client and a XMPP client with OTR / OMEMO plugin, and that's all, and no more.


he has a point. i understand why he thinks that way. the problem does not stem from the application but from the user


>the problem does not stem from the application but from the user

The problem always stems from the application and the user, and hardly stems from crypto algorithms and protocols IRL. It's hard to believe we still have people arguing about the security of 128-bit or 256-bit, while a "ptr++" can cause buffer overflow and remote code execution.


Tox team are going to fix the handshake problem. Just wanted to counter-weigh the period-relevant critiques about Tox ITT.


i think >>35413 is talking about private chat, in which case i agree. but irc's certainly best for chatrooms. i'm so fuarrrking sick of discord.


This whole thread is about ranting about random chat apps. That's what I think about it. The problem isn't even Tox, as much as the whole chat app world.
OK, I don't use private chats much. But irc somewhat supports private chats. And you can tor it.


I am >>35439 .
For me the beauty of IRC is that it's a dumb pipe protocol and with enough wit you can do a lot more with it than it was originally designed to do.


Finally got around to reading the source code for signal and why it uses play services / phone verification. Signal is as close as I've gotten to having all of my friends on one secure chat app.

User base is as much a part of what makes a communication app great as any other feature and I think people are dissatisfied with most messengers and so want to experiment. Plus apps like Facebook messenger , Twitter and Google's hangouts wall off their garden once they get big enough.