Cleanup 2.0 instant messenger page #1836

Merged
dngray merged 12 commits from pr-p2p_cleanup into master 2020-04-19 05:51:35 +00:00
6 changed files with 138 additions and 146 deletions
Showing only changes of commit 9e188228fd - Show all commits

View File

@@ -56,26 +56,27 @@
chrome="https://chrome.google.com/webstore/detail/keybase-for-reddit/ognfafcpbkogffpmmdglhbjboeojlefj"
%}
<div class="container">
<div class="container">
<div class="row">
<div class="col-md-6">
<h3>Advantages</h3>
<ul>
<li>New features and changes can be implemented more quickly.</li>
<li>Easier to get started with and to find contacts.</li>
</ul>
</div>
<div class="col-md-6">
<h3>Disadvantages</h3>
<ul>
<li>Centralized services could be more susceptible to <a href="#exploiting-centralized-networks">legislation requiring backdoor access</a>.</li>
<li>Can include <a href="https://drewdevault.com/2018/08/08/Signal.html">restricted control or access</a>. This can include things like:</li>
<h3>Advantages</h3>
<ul>
<li>Being <a href="https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165">forbidden from connecting third-party clients</a> to the centralized network that might provide for greater customization or better user experience. Often defined in Terms and Conditions of usage.</li>
<li>Poor or no documentation for third-party developers.</li>
<li>New features and changes can be implemented more quickly.</li>
<li>Easier to get started with and to find contacts.</li>
</ul>
<li>The <a href="https://blog.privacytools.io/delisting-wire">ownership</a>, privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on.</li>
</ul>
</div>
<div class="col-md-6">
<h3>Disadvantages</h3>
<ul>
<li>Centralized services could be more susceptible to <a href="#exploiting-centralized-networks">legislation requiring backdoor access</a>.</li>
<li>Can include <a href="https://drewdevault.com/2018/08/08/Signal.html">restricted control or access</a>. This can include things like:</li>
<ul>
<li>Being <a href="https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165">forbidden from connecting third-party clients</a> to the centralized network that might provide for greater customization or better user experience. Often defined in Terms and Conditions of usage.</li>
<li>Poor or no documentation for third-party developers.</li>
</ul>
<li>The <a href="https://blog.privacytools.io/delisting-wire">ownership</a>, privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on.</li>
</ul>
</div>
</div>
</div>
@@ -106,27 +107,28 @@
web="https://riot.im/app/"
%}
<div class="container">
<div class="container">
<div class="row">
<div class="col-md-6">
<h3>Advantages</h3>
<ul>
<li>Allows for greater control over your own data when running your own server.</li>
<li>Allows you to choose who to trust your data with by choosing between multiple "public" servers.</li>
<li>Often allows for third party clients which can provide a more native, customized, or accessible experience.</li>
<li>Generally a less juicy target for governments wanting <a href="#exploiting-centralized-networks">backdoor access to everything</a> as the trust is decentralized. The server may be hosted independently from the organization developing the software.</li>
<li>Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member)</li>
<li>Third-party developers can contribute code and add new features, instead of waiting for a private development team to do so.</li>
</ul>
</div>
<div class="col-md-6">
<h3>Disadvantages</h3>
<ul>
<li>Adding new features is more complex, because these features need to be standardized and tested to ensure they work with all servers on the network.</li>
<li>Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).</li>
<li>Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is utilized.</li>
<li>Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with users on those servers.</li>
</ul>
<h3>Advantages</h3>
<ul>
<li>Allows for greater control over your own data when running your own server.</li>
<li>Allows you to choose who to trust your data with by choosing between multiple "public" servers.</li>
<li>Often allows for third party clients which can provide a more native, customized, or accessible experience.</li>
<li>Generally a less juicy target for governments wanting <a href="#exploiting-centralized-networks">backdoor access to everything</a> as the trust is decentralized. The server may be hosted independently from the organization developing the software.</li>
<li>Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member)</li>
dngray commented 2020-04-18 05:10:27 +00:00 (Migrated from github.com)
Review
  • Users advanced enough to want to use another matrix client can find it themselves.
  • Kontalk, a fork of XMPP, yay more fragmentation. Does anyone actually use this?
  • XMPP, thinking of removing this when https://github.com/vector-im/riot-web/issues/6779 finally closes. We should in future not recommend clients/protocols that do not have E2EE on by default for private chat.
- Users advanced enough to want to use another matrix client can find it themselves. - Kontalk, a fork of XMPP, yay more fragmentation. Does anyone actually use this? - XMPP, thinking of removing this when https://github.com/vector-im/riot-web/issues/6779 finally closes. We should in future not recommend clients/protocols that do not have E2EE on by default for private chat.
dngray commented 2020-04-18 05:29:31 +00:00 (Migrated from github.com)
Review

Taking another look at Kontalk, it looks like it requires phone numbers, and additionally uses openpgp for group chat so that would indicate no PFS.

Also looks like the encryption is some custom thing not documented. They were looking at doing OpenPGP, but now that's looking like OMEMO.

Taking another look at Kontalk, it looks like it [requires phone numbers](https://github.com/kontalk/specs/blob/master/register.md), and additionally uses [openpgp for group chat](https://github.com/kontalk/specs/blob/master/group.md#encryption) so that would indicate no PFS. Also looks like the encryption is some [custom thing](https://github.com/kontalk/specs/blob/master/encryption.md) not documented. They were [looking at doing OpenPGP](https://github.com/kontalk/androidclient/issues/633#issuecomment-469674332), but now that's [looking like OMEMO](https://github.com/kontalk/androidclient/issues/132).
dngray commented 2020-04-18 05:34:15 +00:00 (Migrated from github.com)
Review

Removing XMPP recommendations, as all future clients must support E2EE by default. This is something we've discussed in the past thoroughly.

While Matrix does not at this moment, https://github.com/vector-im/riot-web/issues/6779#issuecomment-614822531 is imminent, so we make an exception for that.

Removing XMPP recommendations, as all future clients must support E2EE by default. This is something we've discussed in the past thoroughly. While Matrix does not *at this moment*, https://github.com/vector-im/riot-web/issues/6779#issuecomment-614822531 is imminent, so we make an exception for that.
muppeth commented 2020-04-18 18:35:02 +00:00 (Migrated from github.com)
Review

Wait, so you will delist xmpp (a protocol) because not all clients have it enabled by default, but leave matrix because atm pretty much only one client has e2ee and all the rest does not even have a support for it not to mention having it by default?

At the same time keeping and promoting matrix with all it's metadata stored indefinatelly in the database?

Wait, so you will delist xmpp (a protocol) because not all clients have it enabled by default, but leave matrix because atm pretty much only one client has e2ee and all the rest does not even have a support for it not to mention having it by default? At the same time keeping and promoting matrix with all it's metadata stored indefinatelly in the database?
dngray commented 2020-04-19 05:40:37 +00:00 (Migrated from github.com)
Review

Wait, so you will delist xmpp (a protocol) because not all clients have it enabled by default, but leave matrix because atm pretty much only one client has e2ee and all the rest does not even have a support for it not to mention having it by default?

We are referring to Riot specifically because it will very shortly have E2EE on by default.

At the same time keeping and promoting matrix with all it's metadata stored indefinatelly in the database?

Individual XMPP servers also store metadata (or can). High security environments where that is an issue will operate non-federating Matrix and XMPP servers.

> Wait, so you will delist xmpp (a protocol) because not all clients have it enabled by default, but leave matrix because atm pretty much only one client has e2ee and all the rest does not even have a support for it not to mention having it by default? We are referring to Riot specifically because it will very shortly have E2EE on by default. > At the same time keeping and promoting matrix with all it's metadata stored indefinatelly in the database? Individual [XMPP servers also store metadata](https://infosec-handbook.eu/blog/xmpp-aitm/) (or can). High security environments where that is an issue will operate non-federating Matrix and XMPP servers.
muppeth commented 2020-04-19 20:10:12 +00:00 (Migrated from github.com)
Review

Individual XMPP servers also store metadata (or can).

Though on matrix they just DO regardless of whether you want it or not. And while others do it in logs, matrix does it in database.

We are referring to Riot specifically because it will very shortly have E2EE on by default.

Conversations already does have it on by default so not sure whats the logic behind it.

> Individual XMPP servers also store metadata (or can). Though on matrix they just DO regardless of whether you want it or not. And while others do it in logs, matrix does it in database. >We are referring to Riot specifically because it will very shortly have E2EE on by default. Conversations already does have it on by default so not sure whats the logic behind it.
dngray commented 2020-04-21 16:41:44 +00:00 (Migrated from github.com)
Review

Though on matrix they just DO regardless of whether you want it or not. And while others do it in logs, matrix does it in database.

The logic is if something can, then we assume it does. Particularly in a federated network. Better to assume that it does than pretend like it might not.

Unless you have a non-federating server there's really no way to know what remote servers do.

Conversations already does have it on by default so not sure whats the logic behind it.

Yes it does, but the issue is a lack of other high quality clients like it for other platforms.

Future discussion about XMPP should be in our issue https://github.com/privacytoolsIO/privacytools.io/issues/1838

> Though on matrix they just DO regardless of whether you want it or not. And while others do it in logs, matrix does it in database. The logic is if something can, then we assume it does. Particularly in a federated network. Better to assume that it does than pretend like it might not. Unless you have a non-federating server there's really no way to know what remote servers do. > Conversations already does have it on by default so not sure whats the logic behind it. Yes it does, but the issue is a lack of other high quality clients like it for other platforms. Future discussion about XMPP should be in our issue https://github.com/privacytoolsIO/privacytools.io/issues/1838
<li>Third-party developers can contribute code and add new features, instead of waiting for a private development team to do so.</li>
</ul>
</div>
<div class="col-md-6">
<h3>Disadvantages</h3>
<ul>
<li>Adding new features is more complex, because these features need to be standardized and tested to ensure they work with all servers on the network.</li>
<li>Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).</li>
<li>Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is utilized.</li>
<li>Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with users on those servers.</li>
</ul>
</div>
</div>
</div>
@@ -173,24 +175,25 @@
ios="https://itunes.apple.com/app/ring-a-gnu-package/id1306951055?mt=8"
%}
<div class="container">
<div class="container">
<div class="row">
dngray commented 2020-04-18 08:43:24 +00:00 (Migrated from github.com)
Review

The reason I left retroshare was because it appears to have continuous development. They haven't had a release in a while.

To be honest it looks more like a collaboration platform. It could very well be removed from this particular page. Maybe this would be better moved to another section in another PR?

The reason I left retroshare was because it [appears to have continuous development](https://github.com/RetroShare/RetroShare/commits/master). They haven't had a [release in a while](https://github.com/RetroShare/RetroShare/releases). To be honest it looks more like a collaboration platform. It could very well be removed from this particular page. Maybe this would be better moved to another section in another PR?
dngray commented 2020-04-18 10:21:23 +00:00 (Migrated from github.com)
Review

Retroshare is still listed as a self-contained-networks.html#L65 as it is appropriately a self contained network of its own, instant-messaging seems like it always a secondary functionality.

Retroshare is still listed as a [self-contained-networks.html#L65](https://github.com/privacytoolsIO/privacytools.io/blob/master/_includes/sections/self-contained-networks.html#L65) as it is appropriately a self contained network of its own, instant-messaging seems like it always a secondary functionality.
<div class="col-md-6">
<h3>Advantages</h3>
<ul>
<li>Minimal information is exposed to third parties.</li>
<li>Modern P2P platforms implement end-to-end encryption by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.</li>
</ul>
</div>
<div class="col-md-6">
<h3>Disadvantages</h3>
<ul>
<li>Reduced feature set:</li>
<h3>Advantages</h3>
<ul>
<li>Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.</li>
<li>Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.</li>
<li>Minimal information is exposed to third parties.</li>
<li>Modern P2P platforms implement end-to-end encryption by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.</li>
</ul>
<li>Your <a href="https://en.wikipedia.org/wiki/IP_address">IP address</a> and that of the contacts you're communicating with may be visible if you do not use the software in conjunction with a <a href="/software/networks">self contained network</a>, such as <a href="https://www.torproject.org">Tor</a> or <a href="https://geti2p.net/">I2P</a>. Many countries have some form of mass surveillance and/or metadata retention.</li>
</ul>
</div>
<div class="col-md-6">
<h3>Disadvantages</h3>
<ul>
<li>Reduced feature set:</li>
<ul>
<li>Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.</li>
<li>Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.</li>
</ul>
<li>Your <a href="https://en.wikipedia.org/wiki/IP_address">IP address</a> and that of the contacts you're communicating with may be visible if you do not use the software in conjunction with a <a href="/software/networks">self contained network</a>, such as <a href="https://www.torproject.org">Tor</a> or <a href="https://geti2p.net/">I2P</a>. Many countries have some form of mass surveillance and/or metadata retention.</li>
</ul>
</div>
</div>
</div>