9mo ago

we fell for the corporate propoganda rule

68 comments

Any tool that calls itself “open source” and uses proprietary encryption that they refuse to let any neutral third party review, should absolutely not be trusted.
- It's open standard, not open source
  
  but we need to trust them that the standard is actually implemented
  
  The definition of words are indeed, critical 👍
  
  Too many people misunderstand open source and free to use.
  
  So can I write my own implementation and talk to other people via rcs? If not, then I don't think it deserves being called an open standard
- Wonder if maybe there could be some organization that could fill that need. Independent, or a collection of industry vets, who look through the code and say if it’s safe or not. With the assumption details won’t be leaked or something to protect anything actually proprietary?
  
  there could but it would take cash
  or one could make it truly open source for free

Signal > Matrix/Element > RCS > SMS.
iMessage isn't in the equation because it only works on a single platform.
- signal protocol is basically the opposite, open source but the company is hostile to 3rd party client development
  
  They can't prevent 3rd party apps, so what's the issue?
  
  There's a few clients for Signal, nobody is preventing developers from creating apps; there's Molly, gurk-rs, Axolotl, Flare, signal-cli, Pidgin (with the Signal plugin.
  The problem is 3rd party clients don't implement all features because it takes a lot of work and they're created/developed by volunteers - just take a look at Matrix and how many clients support all features or even just group end-to-end encryption (E2EE). Last I checked many third party Matrix clients didn't support encrypted group messages, primarily just Element, the reference client built by the matrix developers. So you have the same problem on Signal that you have on Matrix.
- Now to convince Grandma to use Signal
  
  We successfully managed. Good times over here.
- Matrix/element > signal > xmpp > telegram > RCS > SMS
  
  I could settle for this but remove telegram as it's not even E2EE by default. It's basically facebook v2.
- What about XMPP?
- Where's the XMPP commenters.. The floodgates will open

disclaimer: i barely know what im talking about here so if any of the language in this post is inaccurate feel free to reach out
- It's correct, although I'm surprised that there isn't even a FOSS implementation of the unencrypted part.
  Hopefully you made this in GIMP
  
  impgflip.com, with full love to the community GIMP is ass at making memes
- Rcs isn't a open source but an open standard. Two very different things.
  Open standard: anyone can use the standard but could be proprietary/closed source
  Open source: anyone can edit/review the code and forket it if they want to.
  The issue with RCS currently is that Google won't release the API for it on android and only allows Samsung to use it for their app. Another part is that their encryption is based on signal and released a white paper about it.
  Now it's understandable why people would distrust Google. But apple is currently trying to add e2ee to the open standard (google also tried in the past but failed).
  Mind you the only reason apple is even implementing RCS is because China is forcing them to. Since any new 5g devices must support rcs to be certified in china.
  I hope this helps. Also have a android turtle from the blob!
  
  this true, ty for the clarification
  ill leave the meme as is (in quotes) since that was the thrust of the propaganda i saw 18 months ago
  seems like a term that is intentionally thrown around to make things sound secure and cool when it’s not.
- I'm not sure I understand it fully either, but what I do know about this topic is certainly disappointing
  Typical Google fuckery
  
  "Android is open source"
  puts kilos worth of proprietary software into it, so people can still be tracked

-switches to signal or Matrix-
- XMPP is better despite it's flaws privacy-wise, since so much data gets "hogged back" to matrix.org (tbf it's a similar case with lemmy.world but Lemmy at least didn't receive funding from a company most likely linked to Mosad). Also has more lightweight servers in general.
  
  what data gets hogged back? most stuff can be turned off and are features that would be missing anyway from xmpp, like identity servers or integrations server. also you can selfhost your identity server and add integrations manually
  
  Isn't like the entire point of Matrix that it's end to end encrypted, thus rendering any data servers acquire useless?
  You could make the metadata argument, but having one node aware of even most transactions is better than having one node aware of all of them.

So it isn't locked down on Google-approved devices?

Did people call RCS open source? I'm not a huge follower of the standard, but I don't think I ever heard that said. In fact, I've heard people complain about not just the proprietary encryption but lack of E2E and carrier/Google control.
Its only advantages are that it is better than SMS and supported by the carriers, Google and Apple sometime this year.
It's a shitty standard but given how shitty SMS is, I'm willing to hold my nose and jump in.
- yes sorry when i called it “open source” that was an overstatement that others have since corrected
  “open standard” is correct—nevertheless doesn’t excuse google’s deceptive marketing to force this as industry standard instead of investing in something actually open source and aproprietary

68 comments