LibreTorrent from @fdroidorg is looking very nice now with its new Material Theme. Goes hand in hand with the new magnet URI support in #Conversations_im
End-to-end encryption (E2EE) is important. However, on self-hosted or otherwise trusted servers, the client-to-server transport layer presents a much larger attack surface. It’s the first hurdle an adversary must overcome before they can attack E2EE.
That’s why #Conversations_im includes advanced MITM detection called Channel Binding. Turn it on today!
It’s optional for now because not all servers support it. Talk to your admins.
Neither @matrix nor @delta offer comparable protection.
The "Conversations" screen (which shows a list of open chats) has always been the main screen of #Conversations_im, following the behavior of Signal, WhatsApp, and Google's Messages (SMS) app. However, after sign-up, users were taken to the "New Chat" screen (which lists all contacts and group chats) on the premise that they have no chats yet and would likely want to start one. This may have confused first-time users about which screen is the main one.
I love @FrOSCon. It was the first conference I ever went to 2̶0̶ 19 years ago. But damn those start times are not hacker friendly. I'm so tired I just tried to put whole beans in my portafilter. Anyway see you there soon. #XMPP #froscon #Conversations_im
2.19.1 is in the pipeline with some minor bug fixes.
The next version will also show the 'Last Seen' timestamp a little more prominently for those who have Last Seen enabled. (and the underlying algorithm has been modified)
Do you think we should use the subtitle to show number of participants in public conferences now that we made subtitles a part of the UI anyway?
A couple of versions ago I introduced a setting in #Conversations_im to hide the avatars next to message bubbles.
I'm personally not a big fan of the look, but it does bring it closer to what Signal and Google Messages are doing.
The next version will split that out into two settings: One that controls the avatar on received messages and one on sent messages. (Indicating what account is being used.) Hiding only the latter is a decent compromise for those who use the app with a single account.
For the next release of #Conversations_im I’m switching the default for showing all messages, including sent ones, left aligned, to 'on' for all tablets.
Combine this with disabling 'Colorful chat bubbles' and this looks pretty clean and almost like a regular desktop app.
This post is also a reminder to existing tablet users that those two settings exist. Too bad there aren’t that many of you.
Conversations 2.18.2 is available on Google Play and has client side mitigations for a server side security issue that was recently discovered and fixed in #ejabberd¹ and #OpenFire²
Go update your server. But just in case that takes a minute Conversations has your back too!
This release also fixes an issue with restoring (importing) backups on recent Android versions.
#Conversations_im has the ability to fetch outage status information from an independent server and display that in case the regular #XMPP server can not be reached.
This is powered by XEP-0455 (xmpp.org/extensions/xep-0455.h…). TLDR: Server gives client a URL to a JSON file during normal connects, client will hold on to that URL and fetch the JSON file in case server is unreachable.
This document defines an XMPP protocol extension that enables server administrators
to communicate issues with the server to all users in a semantic manner.
You can put web+ap URIs into a message (or room description) and ideally a click on those will open your Mastodon client. However if no installed app supports those (the only app that I’m aware of is Fedilab) Conversations will open a browser instead.
Currently no app will create web+ap links but it is fairly easy to handcraft them.
For the next #Conversations_im release I’m refactoring how URIs are linked / made clickable. I’m adding a bunch of URI schemes like tel and mailto on top of the existing xmpp, http(s) and geo but removing support for "things that look like web URLs but aren’t actually URIs" (like 'example.com') to avoid some false positives.
Once the 2.18.0-beta comes out tomorrow or so let me know if you see things that isn’t matched and should be matched or vice versa.
If you're still recommending #Signal, you may have missed the tech oligarchs' takeover of the US government. The best time to recommend European alternatives was 8 years ago; the second best is now.
I'm skipping #FOSDEM this year, but the #XMPP Standards Foundation will be there! Stop by the Realtime Lounge¹ to chat about XMPP, pick up some merch, and maybe grab a #Conversations_im sticker—while supplies last! 🚀
I don’t usually do this kind of evangelism, but if you’re looking for a reason to try #XMPP on #GlobalSwitchDay, now’s the perfect time: #Conversations_im is currently free on Google Play!
I love open source, and I want young people to know there’s a career path outside of #FAANG. Open source can be financially sustainable—it just gets super hard if one of your key goals is making your investors even richer. #Conversations_im is about the same age as #Matrix. I never took VC funding, and I’m doing fine.
The abandoned fork of #Conversations_im has a critical security issue: attackers can bypass STARTTLS negotiation, resulting in an unencrypted connection to a fake server. This vulnerability is similar to the STARTLS attack discovered in various email clients¹
✅ Fixed in Conversations 2.13.1 (Feb 2024)
📢 Please migrate to Conversations immediately! It's free on Google Play until the end of the year and always free on #fdroid
Did you know that you can configure custom notification sounds per contact or group chat in #Conversations_im?
Apparently not many people knew that so the next version will make, what essentially is a native Android feature, easier to access via the overflow menu of contact or group chat details.
After the next #Conversations_im update have a look at our new Chat Bubble Settings. We are now providing a few customization options that, among other things, allow you to render all message bubbles left aligned.
In combination with the setting that turns off the background color, this is relatively close to what Dino or other team messengers look like.
In 2015 I spent a couple of weeks in Singapore and I still remember sitting at a café and implementing the feature that merges multiple messages into the same bubble.
Today this feature has been removed from #Conversations_im in favor of moving the bubbles closer together. This gives better control over per messages actions such as sharing, quoting or adding a reaction.
I installed #Signal and #Conversations_im on a clean install of #GrapheneOS on my Pixel 4a and measured the battery impact. The results are shocking!
Both messengers had only one contact: my regular phone.
I used my regular phone to send messages to the Pixel 4a (which was not used for anything else over the course of the experiment).
I always sent the same message via Signal and #XMPP (mixing up which app went first). In total I sent ~32 messages in intervals of 10mins to a few hours.
Constantly begging for donations or ratings is not something you will see #Conversations_im do. An instant messaging app should benefit its users not its developers.
Should #Conversations_im add stun.conversations.im as a fallback for #XMPP servers missing XEP-0215: External Service Discovery?
I’ve hesitated to add anything resembling "calling home" (no update checker, no metrics).
However, the main goal here wouldn’t be improving A/V call success (though it helps) but making P2P file transfers more reliable. Many servers still lack HTTP Upload, and the refactored Jingle File Transfer would benefit greatly from a fallback STUN server.
After upgrading to #Android 15 I was tracking down this bug in #Conversations_im where the color of the text in the status bar sometimes doesn't change with the app theme. Occasionally I would get white status bar text on top of a light theme. Then I noticed that other apps - including the clock app! - have the same issue. I'm absolutely convinced that the engineers working on Android are all using iPhones. I mean how does one not notice issues like that?
