Happy Birthday to #InstantMessaging and #RealTimeCommunication with #XMPP!

Emerged from the #Jabber #community in 1999 and originally designed to provide an open and #decentralised alternative to #ICQ and #MSN, XMPP evolved to an independent alternative for todays #chat apps.
#rtc #whatsapp #signal

OS: daily driving #Linux for ~2 years.

Email: #Proton for ~6 years, #Tuta for ~1 year (recently switched my business to Tuta)

Password Manager: Proton Pass for most things. Self hosted #Bitwarden for my homeland stuff.

Search: Used #DuckDuckGo and #StartPage for a long time but recently moved to a self hosted instance of #SearXNG

Messenger: Using both #WhatsApp & #Signal.

Der #Signal #Messenger ist schon ganz gut.

Aber wieso er in Bezug auf den #DigitalIndependenceDay immer wieder als empfehlenswerte #Alternative genannt wird erschließt sich mir nicht.

Da gibt es meines Wissens doch Andere mit wesentlich weniger digitalen Abhängigkeiten.

RE: gultsch.social/@daniel/1158023…

I guess they are not answering any questions? 🤷‍♂️

#39C3 #Signal

Daniel Gultsch

2025-12-29 10:21:12

Meredith Whittaker (@Mer__edith) has been invited to speak at #39C3 later today. If you make it to the mic in time, here is an interesting question for her: "If I’m put on a boycott list by the Trump regime because I’m openly anti-fascist or oppose war crimes, will you adhere to US laws and block my access to #Signal?"

#DigitalSovereignty #DIDit

Meredith Whittaker (@Mer__edith) has been invited to speak at #39C3 later today. If you make it to the mic in time, here is an interesting question for her: "If I’m put on a boycott list by the Trump regime because I’m openly anti-fascist or oppose war crimes, will you adhere to US laws and block my access to #Signal?"

#DigitalSovereignty #DIDit

When Big Tech clouds fail, are censored, or collude with the (US) government, which would you choose for private messaging?

#privacy #security #decentralization #securemessaging #matrix #xmpp #simplex #deltachat #signal #poll #polls #askfedi

• Matrix (10%, 8 votes)
• XMPP/Jabber (24%, 18 votes)
• SimpleX (2%, 2 votes)
• DeltaChat (62%, 47 votes)

I've mentioned this before but SimpleX is more private secure and anonymous that signal threema and session.

SimpleX is decentralised meaning taking down a single group of servers or org wouldnt destroy the simplex network, people can run completely anonymous simplex servers over tor, this puts simplex ahead of Signal and Threema

SimpleX has quantum resistant encryption which puts it ahead of Threema and Session, the UK military[1] and NATO[2] both consider quantum computers to be a threat now because of store now decrypt later attacks

SimpleX has no user identifiers not even random strings, its essentially like having a "burner phone for every contact". Two or more compromised contacts could corroborate your messages by linking them to your signal username or your session id, but with simplex your contacts can't prove your identity even between eachother. This fact puts SimpleX above Signal Threema and Session

These technical details about the simplex protocol can all be found on the project website including the whitepaper

[3]
[1]ncsc.gov.uk/whitepaper/prepari…

[2]nato.int/docu/review/articles/…

[3]isdb4l77sjqoy2qq7ipum6x3at6hyn…

#SimpleX #Threema #Signal #Session #PSA #Privacy #Security #Anonymity #NATO #UnitedKingdom #Tor #QuantumResistantEncryption

so many protocols out there, but none gives you that sassy feeling as chatting over #email 💅🫦

#ArcaneChat #DeltaChat #XMPP #Signal #Matrix #Telegram #IRC

RE: fosstodon.org/@arcanechat/1157…

#ArcaneChat doesn't have delivery receipts, only read receipts, the only automatic responses the app does in your behalf is to handle invite links, for that to be abused you first have to share your invite link with a malicious contact, you can get in contact with random/public entity via their invite link and be safe, as long as it is not you the one sharing your invite link!

In #Signal / #WhatsApp as soon as you contact someone or they guess your number you are vulnerable

ArcaneChat

2025-12-14 09:39:00

"Tool allows stealthy tracking of #Signal and #WhatsApp users through delivery receipts"

cyberinsider.com/tool-allows-s…

Another privacy vulnerability caused by the dependency on phone numbers.

In #ArcaneChat (and other #chatmail clients like #DeltaChat) you don't need a phone number (or any private data at all!) to register, so such attacks are simply impossible, keep your family safe, join arcanechat.me

Tool allows stealthy tracking of Signal and WhatsApp users through delivery receipts

A new tool named Device Activity Tracker exposes a privacy flaw in WhatsApp and Signal that lets attackers covertly monitor user activity.

^{Alex Lekander (CyberInsider)}

"Tool allows stealthy tracking of #Signal and #WhatsApp users through delivery receipts"

cyberinsider.com/tool-allows-s…

Another privacy vulnerability caused by the dependency on phone numbers.

In #ArcaneChat (and other #chatmail clients like #DeltaChat) you don't need a phone number (or any private data at all!) to register, so such attacks are simply impossible, keep your family safe, join arcanechat.me

Tool allows stealthy tracking of Signal and WhatsApp users through delivery receipts

A new tool named Device Activity Tracker exposes a privacy flaw in WhatsApp and Signal that lets attackers covertly monitor user activity.

^{Alex Lekander (CyberInsider)}

A few things #deltachat apps are doing positively different from #Signal apps

- easiest onboarding ever; not depending on phone numbers or other private data

- support for multiple chat profiles/identities

- decentralized servers, not depending on US-based GAFAM etc.

- migration from one app/platform to any other

- easy multi-device support for any chat profile

- developers have chances to get their PRs merged :)

- mini-apps support via webxdc.org

anything missing?

webxdc - web apps shared in a chat

no logins, no coins, no platforms 🎉

^webxdc.org

Fortunately, getting killed by the CIA by means of predator drone strike is not everybody's threat model. For others - certain French judges for example - a real threat can be getting sanctioned by the US government and completely locked out of US services.

So yes, know your threat model when picking between #Signal and #Conversations_im.

elegiría mejor #DeltaChat

Quedó comprobado que #Signal utiliza los servidores de Amazon que, al momento de sufrir un colapso, la mensajería quedaría fuera de servicio.

🚨 3.5 billion users: Entire WhatsApp directory publicly accessible

Source: theregister.com/2025/11/19/wha…

Here are our best #WhatsApp alternatives: tuta.com/blog/best-whatsapp-al…

Conclusion: Choose #Signal

Researchers claim 'largest leak ever' after uncovering WhatsApp enumeration flaw

: Two-day exploit opened up 3.5 billion users to myriad potential harms

^{Connor Jones (The Register)}

@bogo It's a good idea. But I have there ca. 500 people and almost all of them don't want to move to either #fediverse or #Signal (or any other "rational" messaging system). They are typically non-IT people and use Facebook and WhatsApp (and possibly Instagram or TikTok).

I am collecting other contact information from them (e-mail addresses, phone numbers...), but it's a long-distance run. When done (in the future), I will leave Facebook completely 😎

1) there are bridges ("matterdelta") which provide interop with Matrix, XMPP, Telegrram, ssh and anything that Matterbridge provides. It doesn't preserve end-to-end encryption and so bridging bot choice is tricky.

2) There are growing efforts around 3rd party #chatmail clients chatmail.at/clients. Interoperability is "free" between all chatmail clients (#deltachat being the prominent one). Unlike #Signal we welcome third parties to the party :)

Chatmail: Clients

Chatmail provides FOSS infrastructure for interoperable, secure, speedy and reliable end-to-end encrypted messaging. Check out clients as Arcane Chat, Bots or Delta Chat today!

^chatmail.at

Countering toxicity and fake takes is not just a technical question (moderation, admins etc) but one of social curation both collectively and privately: which people and groups do you/we trust for what. No tool can automate that.

#deltachat is for private e2ee messaging and mutually curated group chats, and not random social media propelled onboarding. We are with #Signal here and not with #simplex and #matrix who offer public anonymous discovery of large chat groups with lots of unknown folks.

#Signal for Desktop v7.78 release notes:

* This update improves accessibility for screen reader users by skipping repeated timestamp announcements when new messages arrive in a thread.
* We also fixed a bug that could prevent notifications from appearing on Windows.

🎉 There's a new beta version of Signal!

Signal for Desktop v7.78

Check out the Signal Community thread for more info: community.signalusers.org/t/be…

#signal #signalapp #signalupdates

Beta feedback for the upcoming Desktop 7.78 release

Hello everyone! The Signal team is releasing a new version of Signal Desktop, v7.78.0-beta.1. If you’re interested in participating, join the beta here.

^{Signal Community}

...but there is one thing that #Deltachat does not provide while it works perfectly fine with #Signal ... the desktop client that works on #FreeBSD and is available in #FreeBSD pkg(8) packages.

The 'web' approach (such as web.whatsapp.com for WhatsApp) would also satisfy my needs - I can use a client in the browser - but if there is no 'native' client and no browser client option for #FreeBSD - that means total NO-GO for me.

I find it bold stating that #DeltaChat doesn’t need a hyperscaler like #Signal does when it is based on… email servers. Where there is no audio/video calling. Where every sender and recipient server knows who is communicating with whom. Where you need to trust every decentralized server to not keep that information. Maybe be less smug if you can’t provide metadata protection. 🙄 @delta chaos.social/@delta/1154540411…

Delta Chat

2025-10-28 22:01:00

Signal's president claimed it takes billions to replicate the availability and reliability of "hyperscalers" (AWS/Google/Microsoft/Cloudfare) that Signal uses.

#chatmail and #deltachat are about disproving this claim by

1) making relays super cheap (DONE)

2) enabling chat profiles to use multiple relays redundantly (WIP)

3) distributing relay knowledge among chatters (TBD).

Fat servers, corporate overlords and billionaires: not needed and better to not exist for a convivial e2ee future :)

TIL that the president of Signal believes that people who run Mastodon and/or Matrix servers do so "in most cases" on hyperscaler* infrastructure.

This is my Mastodon server. And its UPS. And its networked KVM for when things get really hairy.

It's also my Matrix server. And Nextcloud. And Git. And Home-Assistant. And Jellyfin. And SearXNG. And Peertube.

When people objected to her claims, she doubled down and proclaimed condescendingly that we "don't have a clear understanding of this space".

TIL that I don't feel confident in recommending people to use Signal. Something's very off here.

*) "hyperscaler" basically means the big cloud infra providers with provisioning APIs that allow you to scale your resources up/down automatically with usage

#Signal #Mastodon #Matrix #SelfHosting

☁️The recent AWS outage showed how fragile “cloud-based security” can be.

When one datacenter faltered, global communication tools — including Signal — went dark 🌑

🕸️Matrix-based messaging systems kept running because they don’t rely on a single provider.

Resilience = decentralization

Let's invest in open, federated platforms.

#AWS #Signal #Matrix #Resilience #CyberSecurity #Decentralization #OpenSource

Our project is one of constant exit planning and circumvention considerations ... as times and tech are getting more shitty.

We don't bet on a single basket, and not a single state or jurisdiction, and certainly not AWS/Google/Microsoft US clouds which run #Signal servers.

No single hoster, platform or language (we do a lot of Rust, granted) and no single device or vendor. At #chatmail protocol levels we regard nothing as holy, and look for simplicity and robustness, and convivial community 🖤

Been working on getting Slidgnal, a #XMPP to #Signal gateway built on #Slidge back up and running with a mix of Go and Python; after a recent spree of work, we have fairly good support for 1-on-1 chats with reactions, attachments, etc. all working. Couldn't have been done without the great work by @nicoco and tulir (tulir.fi on bsky).

If you're running your own #XMPP server and are looking to bridge your #Signal contacts over, give it a go, repo is here codeberg.org/slidge/slidgnal and Docker/Podman or PyPi-based installs are well-supported! Group support is up next!

slidgnal

A feature-rich Signal to XMPP gateway

^Codeberg.org

Today's AWS debacle is the perfect example of the reason why in the last few years I started to be less enthusiastic about Signal, and more oriented to federated or even P2P solutions like XMPP and Jami. I wrote about it already:

gagliardoni.net/#im_battle_202…

Signal was down for few hours today, after an outage that affected AWS:

mastodon.world/@Mer__edith/115…

Let's ignore for a second the blind reliance on AWS or any other cloud provider. In a decentralized system, this would not have happened, or at least it would have not impacted so many users.

Yes, I am a cryptographer myself, I know that Signal's encryption is the best. But encryption is not everything. Availability issues, geopolitical troubles, risk of enshittification, limitations on users' freedom to use and control the software lead to a lack of trust, even in a supersecure solution. And I say that with honest admiration for the folks at Signal, who are doing a great job.

May they prove me wrong over and over again.

#signal #im #aws #amazon #privacy #security #digitalsovereignty #selfhosting #fediverse #federation #p2p #enshittification #xmpp #jami #politics #opensource #freesoftware #libre

Meredith Whittaker

2025-10-20 08:00:15

PSA: we're aware that Signal is down for some people. This appears to be related to a major AWS outage. Stand by.

What a timing: while I'm sitting at a #CloudAbolition workshop, #AWS takes down major centralised services like #Signal, #WhatsApp and #Teams.

People continue happily texting me on @matrix though 💚

There is no single central #Signal server. Signal uses #AWS cloud, plus Google Cloud, Microsoft Cloud and Cloudflare, all under US legislation. If any of these clouds goes down or becomes otherwise problematic, chatting degrades or fails.

With #deltachat you can choose #chatmail relays ( chatmail.at/relays ) which distributes the risk across a wider network. We are currently working on the multi-transport feature to finally remove any central point of chat failure chaos.social/@delta/1153621448…

Chatmail: Relays

Chatmail provides FOSS infrastructure for interoperable, secure, speedy and reliable end-to-end encrypted messaging. Check out clients as Arcane Chat, Bots or Delta Chat today!

^chatmail.at

With @signalapp having a problem because AWS us-east-1 is having trouble, I'm looking at installing @delta as a side-channel for situations like this ... does anyone know if it does video?

I know it's a chat function, and I'm not asking for miracles. It's a genuine question about capabilities.

I see there are web apps, and capabilities to integrate things, so I'm wondering what's available in the base install.

My investigations begin ...

#Signal #DeltaChat

When not using Google Play services (e.g. #GrapheneOS, #LineageOS users), #Signal can be a real battery drain. @mollyim with @unifiedpush on the other hand is extremely battery efficient.

Here's how to set this up, using #Nextcloud as the UnifiedPush provider: kroon.email/site/en/posts/moll…

The #Signal App gets only a 9 out of 10 for #Privacy protection, and it's not just because it requires a phone number.

"While most of Google’s analytics are turned off in the Signal app, it still uses the Google Maps API to handle location data. Calls to Google Maps turn over a bunch of metadata, including the IP you’re connecting from. For a project that’s so invested in privacy, it’s surprising that Signal doesn’t use an open source alternative such as Open Street Map."

They call a Google API with location data and hand over the IP? Seriously?

mozillafoundation.org/en/nothi…

#cybersecurity

Signal App Review 2025: Privacy, Pros and Cons, Personal Data

Read our privacy expert's review of the messaging app Signal. Signal is widely regarded as the “best in class” private messenger app. Unlike most messaging apps, Signal takes a completely hands-off approach to your data.

^{Mozilla Foundation}

🇷🇺 Russia wants China's Great Firewall

After Tuta Mail, it's now also blocking #Signal & #WhatsApp to stop its citizens from using #encryption

Together with @torproject, @fightforfuture and others we are standing up to say: Stop! ✊

Everyone deserves #privacy.

Read our open letter: 👉 tuta.com/blog/tutanota-blocked…

Proč už nevěřím Telegramu

Je to deset let, co jsem začal používat Telegram. Za tu dobu jsem přesvědčil hodně lidí, aby ho začali používat, obhajoval jsem ho, ale v poslední době mám čím dál větší pocit, že jsem se v něm mýlil. V tomto blogpostu se pokusím vysvětlit proč.

#Durov #IM #instantMessaging #Signal #Telegram

blog.eischmann.cz/2025/09/04/p…
(reakce na tento příspěvek se může zobrazit jako komentář pod článkem)

Proč už nevěřím Telegramu

^{Sesivany's blog}

Everyone is now realizing that WhatsApp is evolving towards its latest form (archive.md/L3W74). If you value secure messaging, you may want to check out @signalapp or @matrix (wich is #federated). EPFL also has its own Matrix instance at matrix.epfl.ch (use @element as a client).

#SecureMessaging #WhatsApp #WhatsappAlternative #Signal #Matrix #Element #Privacy #SelfHosted