🆕 Software Suggestion | Rocket.chat #999
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#999
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Basic Information
Name: Rocket.chat
Category: software
URL: https://rocket.chat/
Github: https://github.com/RocketChat
Description
The ultimate Free Open Source Solution for team communications.
I second Rocket.Chat
Good software that can be self-hosted. Great alternative to Slack.
I still don't know why people keep using slack, that's mad !!
Edit 2019-07-30: Original comment is still below, but Rocket.chat does federate and even that doesn't safe it for being usable for 1:1 IM.
I think we would need a new category for Rocket.chat as I am under impression that it's currently centralized service, even if open source and you would need to selfhost it and get all your contacts onto it for it to be useful.
It's not really a chat app like SIgnal, so the contacts you're moving there are work ones. It's a replacement for Slack. So it's good for team collaboration chats.
I agree this would probably require a new category if it were added, like "Team Collaboration". Not the best fit for general Instant Messaging.
Maybe under productivity tools?
Perhaps, although I feel like if we wanted to do alternatives to Slack, Mattermost, Google Hangouts for Business, etc., there might be enough alternatives to warrant a separate category?
...maybe there aren't as many as I thought but that's just off the top of my head. Or I suppose these could be added to Productivity under a Real-Time Chat header or something, whatever works.
I would say that we should make a new category.
Please not three categories. We already have IM category and VoIP category, with most of the tools in both areas doing something that can be categorized as "voice-chat or at least voice-notes" and pretty much ALL of the tools handling basic IM-type-stuff.
If we add a third category for "productivity-chat" that is going to make things more difficult, not less. RocketChat is aimed at teams, just like WirePro and RiotIM and whatsapp4biz, but you can use signalapp for groupchats as well (in a corporate environment where the firm provides all employees with BoringPhones or work phones or whatever).
It is a distinction, but it is a distinction in how things are used (and what they are optimized for), not one that is a tool-category-distinction methinks. The category is "messengers" and the subcategories are
There is a separate category for file-transfer tools, because although you can transfer files with messengers, it is not optimal (and there are usually strict size-caps). You are better off transferring a large file using a dedicated tool like firefoxSend or magicWormhole, and then using your messenger-app to send the URL of that file-transfer.
If there have to be two categories, I would suggest one of them be "one-on-one messengers" that encompasses IM+VoIP between two humans (each having multiple devices that sync together). The other category would be "N-way messengers" which would cover groupchats and confcalls. Almost every one-on-one messenger can do some kind of voice-chat, and some kind of groupchat, but it is rare to see N-way end2end encrypted video-confcalls.
Sorry @five-c-d, #1065
Warning to Rocket.chat: End-to-end encryption is currently in alpha and not supported on mobile.
RocketChat stores the quasi-end2end keys, server-side. And does not implement perfect forward secrecy. More like protonmail's security-model than like signalapp. https://github.com/RocketChat/Rocket.Chat/issues/9999#issuecomment-380319382 Basically, if your decrypt-passphrase is every compromised (either by a trojan or a compromised server... or just, by you logging in from a browser or OS that is vulnerable to the badguys) then the badguys get your entire messaging-history, and that of every team you are on, correct?
I could not find any detailed technical documents on their website so I went looking at the code. Here is where the key generation happens:
https://github.com/RocketChat/Rocket.Chat/blob/develop/app/e2e/client/helper.js
The generateAESKey function creates a AES-CBC 128 bit key to use for encrypting the message data. The generateRSAKey creates an RSA 2048 bit key that is used for a user's public/private key. Essentially what happens is the message gets encrypted with a AES key, then that AES key is encrypted for all participants in a room with their public RSA key.
I have concerns that these keys are not very strong by today's computing standards and probably will not be considered safe within 10 years. With the open source options we have today with elliptical curve shared secret generation, perfect forward secrecy and ratcheting keys using these older encryption methods is disappointing and potentially dangerous.