🌐 Website Issue | Team chat category #1065
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1065
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Our current recommendations for instant messengers are:
We consider the following as worth mentioning:
We have open issues for including:
In the Rocket.chat issue there are three comments that we need a new category (and one that we don't).
I wondered in the context of my website whether these all are instant messengers and reached the conclusion that at least Riot.im and Keybase are more of team chat apps.
Riot.im is missing the basic feature of every instant messeger chat, contacts list. It treats everything as a room and there is nothing to prevent you from adding another user into 1:1 chat.
Keybase describes itself:
I don't think it has a contacts list either, it has following system and doesn't require mutual befriending for exchaging messages, so I think it's like Riot. It also compares itself to Slack directly and Slack has nothing to do with 1:1 chat, their homepage is full of advertising itself for a team chat.
Thus I propose that we create a separate page for team chat and populate it with Keybase and Rocket.chat and Riot if we won't delist it (https://github.com/privacytoolsIO/privacytools.io/pull/1047). We could also start considering inclusion of Mattermost.
On Matrix, I don't know if anything else has implemented contacts list, I only know that Fractal is going to split into two apps, one for 1:1, one for team chat or at least I never heard about cancelling that plan. On XMPP, all apps that we list have a contacts list and others than Gajim are "Telegrammy" by which I mean they have all private and group chats in one screen and you get a full contacts list for starting a new chat.
Worth adding Wire Pro to the mix, as it is for "team collaboration and messaging".
We use it at our company for internal communication, and it works pretty well across all platforms we tested, i.e. macOS, Linux, iOS and Android.
A feature that we love is their secure guest room, which gives you a temporary channel where you can invite people for things like job interviews or client calls — everything is encrypted.
Worth every penny.
I am not sure as it costs, but I guess there is no harm in putting it to worth mentioning and linking to the pricing page. I am assuming that it shares the same client and server as the free version or is it different/propietary?
Thanks for the suggestion
I know at least that their clients are the same because their release notes include Pro and Personal updates.
I don't see why cost would be an issue for a team messenger, to be honest.
Their client is the same, and server should be as well, unless you are using Wire Enterprise — in which case, you host it yourself.
Per my comment in #1078 ...the distinction between "this is software for groupchats" and the seemingly-distinct "this is software for teamchats" is without much substance. Wireapp and signalapp are both good for teams (the latter is what I use in two different team-setups from different sectors of life).
Almost all of the 'teamchat' packages are also used for non-enterprise things as well: plenty of people have RiotIM for general-purpose private messaging, Wireapp can be used for teams without paying for wirePro (and my understanding is the APK is the same codebase you just get the freemium features and inserting your credit-card unlocks the commercial upgrades). Whatsapp4biz and skype4biz are pretty much identical: they are primarily normal messengers, but you can also use them for corporate stuff.
Like the difference-without-much-difference-nowadays between voip-apps (even XMPP+OMEMO has reliable voiceNotes now) and "just" instant-messaging-apps, there is a very large overlap between teamchat and messengers-with-groupchat -- which is ALL messengers, to be clear here. There is a marketing distinction, and in some cases there are feature-distinctions such as wireapp supporting confcalls which are a "teamchat" type of feature, but there is not any privacy-distinction here. The tools are just tools. If you want to transmit audio, some of the tools are more capable. If you want to have groupchats, some of the tools are more capable. But all of them handle SOME kind of audio and SOME kind of groupchat.
The topThree IM apps are signalapp + wireFreemium + selfHostedRiot (or XMPP/OMEMO). The top3 voip apps are wireFreemium + signalapp + selfHostedRiot (or linphone). And, unsurprisingly, the top3 teamchat apps are selfHostedRiot + wirePro + signalapp (or mattermost or perhaps keybase). They are the same category, but with different marketing-emphasis. They are not distinct ENOUGH in the real world.
teensy categories considered harmful
Keybase lists their primary competitors as whatsapp, signalapp, slack, and iMessages -- of which only slack is a teamchat. https://keybase.io/blog/keybase-chat That was in 2017 but they still see signalapp and whatsapp as their primary competitors in 2019 == https://keybase.io/blog/chat-apps-softer-than-tofu (archiveDotOrg has the original version where signalapp was in the blogpost title and attacked by name).
RocketChat does not concentrate on comparing themselves to signalapp, because they weren't even using end2end crypto until 2018 it looks like. https://forums.rocket.chat/t/end-to-end-encryption/204/8 Is it still off-by-default? Does it actually provide end2end crypto for attachments yet? These are not optional nice-to-haves :-)
Point being, there is a big risk when a new category... very similar to an old one but with a slightly different marketing-emphasis ...gets created, which I call the "Gartner Trick".
If you slice the category tiny enough, then any software can seem to be in 'the magic quadrant' because the category is defined small enough -- and actual competitors excluded from being listed! -- so that there is a pre-determined outcome of who is on top. Later you can completely change up everything, by drawing the category-lines in slightly different ways: top three 2019 messengers with encrypted confcalling for the EU oil&gas industry, will give you winners A+B+C. Then you can go with top three 2020 messengers with encrypted calling combined with teamchat and get A+D+E instead... so it looks like A is the market champion, but the reality is that A was just gerrymandered into winning two teensy weensy itty bitty categories that have no basis in realworld decision-making.
Don't slice the categories into tiny little fiefdoms please. When people are looking for messengers to use in their teams, sometimes they need strong privacy (e.g. political groups should be using signalapp), sometimes they need integration with programmer-oriented things (rocketChat or riotIM), sometimes they need confcalls (wireFreemium or wirePro or a combination of jitsiMeet + signalapp), sometimes they need screen-sharing or collaborative document editing (which are NOT messengers at all... privacyToolsIO has a separate category for note-taking and a separate category for document-collab which is a warning-sign to my avoid-tiny-categories heuristics at least :-)
What does team chat mean to you? When I think of team chat, I think of Finnish Pirate Party where I am a IM manager and the team chat is a mess, which I attempt to open below. Sorry for going so much in details of one particular case, I just don't know how to communicate otherwise.
What I expect from a team chat is that using it the team can be managed somehow under central control, see also my thread at Feneas forum about federated instant messengers with easy access control. Going by this criteria:
From the services that I didn't mention yet, but you mentioned:
And on Skype and WhatsApp for business I have no experience from manager side.
Now that I have explained what is and isn't a team chat from my perspective, I am curious, what is your view on my concerns and especially
what kind of team-setups are you using Signal in? Surely at least nothing aiming to be transparent or public bigger organisation or a FOSS project?
"enterprise IM", normal weakly-encrypted IM, and low-cost privacy-oriented teamchat
There are three kinds of teamchat:
extremely expensive enterprise packages (encrypted and usually self-host-capable), for instance a lot of healthcare firms use things like this because disclosing private medical info is illegal. Wikipedia lists some of the bigname firms here, but there are lots of little specialized options in various industries.
the "normal" way things are done: irc (no end2end crypto), telegram (no end2end crypto for groupchats), discord (no end2end crypto), facebook 'secret' groups (I believe like discord the optional end2end crypto only applies to 1-on-1 chats here), slack (no end2end crypto just 'enterprise key management' if you pay enough to deserve it), web forums, email-based mailing lists, unencrypted conference calls, and so on
more privacy-respecting alternatives, which tend to be less-than-perfect, but are perfectly possible to utilize. Depends on the size of the team, the turnover rate, and the amount of discipline/trust that the teamchat participants have. If you need PRIVATE teamchat, though, you cannot use the 'normal' tools. But you can use -- again, depending on your exact requirements -- things like the following:
These all give you encrypted cross-platform groupchats, which means you can use them for teamchat with a bit of discipline and 'social control-levers' like peer pressure and pre-existing leadership, as opposed to centralized technological control-levers.
Many of the offerings have 'consumer versions' and distinct payware versions where you get more centralized administration, centralized transcripts for compliance reasons, sometimes (but not always) the one-button-merge-groupchats-together feature, and so on.
If you are wanting NOT to pay money, AND to have some metadata-privacy, you have fewer options:
...and I think that it it. If you trust whoever is getting the metadata, then you can use wireapp, and if you are okay with closed-source also keybase, skype, or fbWhatsapp. If you don't mind paying for additional feature-sets you can purchase wirePaid, and if you don't mind closed-source either you can use whatsapp4biz, threema, skype4biz/msftTeams, wickrPaid, maybe keybase, plus all the ultra-expensive 'enterprise IM' things.
teamchat does not REQUIRE one-button-merging, it is a nice-to-have
You just mean, there is not an easy one-click centralized way. If you have team X with 5 people and you have team Y with 6 people and you want to merge them into a larger team of 11 people, with a "true teamchat" there is a server-side admin way to tap a button or drag-n-drop or whatever. This is awful for privacy, of course; if team X was discussing something sensitive, suddenly everybody on team Y becomes aware of it.
But it is straightforward with any system that supports groupchat, iff you have actual teams with leadership (as opposed to "a bunch of people all chatting"). If you are on signalapp or wireFreemium or riot or xmpp or whatever, you just instruct people "okay we are merging this groupchat with this other one as of yyyy-mm-dd at hhmm so please make it happen". After a bit of decentralized clicking and tapping, suddenly the teamchats have been reconfigured. It takes a few minutes for small team, but it is not a dealkiller for most use-cases, because
A) teamsizes ARE usually small,
B) actual teamchats DO usually have leadership,
C) teamchat members WILL usually cooperate.
but if we cannot have central control there will be chaos
Yes, the groupchats in these tools assume that participants are not adversarial with each other. If you have a participant in a signalapp groupchat that you are using as a teamchat, it is presumed they are on the same team as you. :-) Same for wireapp. If the assumption is they are your adversary, you have way more problems than "how to removed them from the teamchat" because they have the list of all member-metadata as well as all the message-bodies since the point the person was added.
If you are organizing your soccer-team in a competitive league, and the coach Alice tells one of the players Bob "okay please move to the varsity teamchat instead of this JV teamchat from now on" then that is what happens. It doesn't need the coach to have some kind of software-imposed ACLs. They are the coach, and team-players do what the coach says. If Eve is able to infiltrate the groupchat, spying on their strategy and which people are in what position on the varsity-team, the coach is not able to "click a button to remove Eve from the teamchat" ...but the coach can instruct the loyal players "hey this groupchat is compromised by Eve so everybody move to this new one". That is not 'efficient' like with the typical tools where member-kick is a hotkey and team-oriented tools where mass-migration of people from chatroom to chatroom is easy.
But if the point of the teamchat is privacy, then you will almost never need to "kick out a groupchat member" because you won't AddMember anybody not on the team aka not fully trusted with all the team's sensitive info.
privacy-oriented teamchat, versus transparency to the public
Transparency to the public, and privacy-oriented teamchats, are usually opposites :-) If you want a transparent public teamchat, there is little point in end2end crypto. You can use it, but you will just be immediately uploading the plaintext afterwards to the public website where meeting-transcripts are kept.
Teamchat is not restricted to bigger public orgs, doing transparent discussions with hundreds or thousands of participants. If you have a group of political activists, they divvy themselves up into teams for specific projects/events, and each of the teams will need a teamchat to coordinate and plan and communicate. Similarly, if you work in a business of any sort, you don't just lump everybody from the janitor to the CEO in one enormous OurFirm groupchat... you form teamchats that are concentrating on some specific thing.
Pretty much any software in the list above, is suitable for use with 9-member teamchats, which need end2end crypto. Very little of the software is suited for use with 99-member teamchats, that is a hard problem. And I would argue absolutely none of the software above is helpful with 999-member teamchats -- because that is no longer a "team" -- that is a "broadcast".
If you need central copies of all things that are said, e.g. for compliance reasons, or because the CEO wants to be able to know which employees to fire, then you simply include ChuckFromCompliance as a member of each teamchat. Or equivalently, you stored encrypted backup-blobs on a central server, and give the backup-decrypts to Chuck for use as-and-when-required. You can also use a linked desktop that gives copies of all messages to Chuck "without" adding them to the teamchat list, and so on.
Transparency in a larger sense, is simultaneously super-easy and nigh-impossible. You want financial transparency? Okay, post what is spent and who benefits. You want transparency in the final decisions? Okay, post what people voted what way, on what issues/projects. You want perfect transparency, where there are no conversations happening off the record, no money changing hands under the table, and no possibility that such things even COULD occur? Then you need mass surveillance, the opposite of privacy. Normal teamchats that are unencrypted, give good transparency... but it is easy enough to use a privacy-respecting comms on the side like signalapp or tutanota/protonmail. And if you have people in a private teamchat, yeah, they are doing at least SOME things in a non-transparent fashion -- that is the whole point ;-)
At the time of this writing, instead of recommending libre-licensed software with respected crypto, https://deploy-preview-1067--privacytools-io.netlify.com/software/teamchat/ is suggesting a new category which instantly catapults RocketChat and Keybase into "top3" status, despite closed-source server of the latter, and recently-grafted-on crypto of the former. If you want something that is better than gmail-as-a-teamchat-tool, then those are guaranteed to be better :-) But that is a low bar. If you want something better than slack, discord, telegram... none of which have ANY kind of e2e for groupchats... then again, almost ANYTHING is a step up.
But if you want serious privacy for your groupchats, then you start with tools that are good at privacy as a pre-requisite. Tools that are good at 'groupware' or tools that have a specific narrow feature-set ("if there is not a one-click merge-groupchats admin-button it is not a true teamchat") are a mistake, because you end up creating a micro-category that has a top3 list defined by those no-true-scotsman feature requirements.
For example, what if I said no true privacy-oriented teamchat has a closed-source server? Well, then keybase is out. Or what if I said, no true privacy-oriented teamchat has crypto without an independent third-party audit? That eliminates rocketChat as well. My point is that, I can create a micro-micro-category by adding on restrictions. And it is The Wrong Way, because merely by juggling my req-list, I determine my top3 outcome. It is too subjective and at risk of slice-n-dice.
The realworld category here is chat&messenger software. It makes sense to SAY in the descriptions of chat-software, which of them are GOOD at privacy-respecting teamchat, and which of them are okay-but-not-great, and which of them are okay-but-only-if-you-pay-or-do-a-lot-of-work. That process will not result in a spinoff micro-category.