Hello, I’ve been in the free software cult for about a year now, and yet, I feel more lost than ever.
I have pretty much switched to all free software other than Whatsapp, which I only use to contact family and people that ignorantly don’t care.
I’m having troubles finding a mobile alternative to Signal, which I can talk to people with, but everything I’ve found is only available on computers.
I use my phone for communication, chess, searches, and navigation, so I’m tied to a device that actively spies on me, and unlike normies, I can’t ignore it.
Solution for all would simply be to just let them go, but I’m already in a shit-hole socially, so that’d just make things worse.
I’m still using a 5 year old lenovo thinkbook I got as a present, and I have plans of replacing it with something I can put GNU boot and use a functioning system with parabola on like a Lenovo Thinkpad T400, T500, X200, and X200T. However, I do mechatronics, so I’m going to have serious issues with CAD, compiling, and ethical machine learning, which I have to do for most projects. Even with a lightweight suckless dwm setup, it’s going to suck at everything.
That’s not even considering the security risks, which are especially bad considering I do activism on topics that are outright banned in countries that I live in / visit.
Have you experienced such a phase? I would really appreciate your advice on getting past this roadblock and finding a device to switch to both mobile and desktop for better privacy.
Edit: user asudox infromed me that matrix was available on mobile, so now I’m using a client called fluffy chat available on both andriod, IOS, web, and GNU+Linux systems which is great.
You must log in or register to comment.
Stop doing what you’re doing.
Your whole post is “I want to only do this but it messes up every other part of my life”.
Just stop doing what you’re doing. There is no ethical consumption under capitalism. You can’t weigh your devices and their softwares unfreedom against a feather and be admitted into gnu/fsf heaven.
There is no benefit to your everyday experience of life, something you have a very limited supply of, by going libre in all computers.
It gives purpose. A way of rebellion however small is still rebellion.
That’s not very well thought out. You can find purpose in things that don’t actively mess up other parts of your life.
Rebellion in an unsustainable way is not a contribution to a greater cause. Rebellion isn’t ontologically good in and of itself.
have been through something similar. What helped for me is to try to figure out your threat profile first… Because jumping straight into total lockdown mode on everything and frantically uninstalling anything that so much has any ties with GAFAM not only doesn’t actually help, it can take a toll on your mental health…
It’s also sometimes a good idea to “blend in” and have a few undesirable software (that don’t do tracking), just a thought.
If that doesn’t help, and you’re sure that your threat profile is clear as day, there’s also the option of getting a secondary phone or laptop (if you can afford it) and install all the unwanted/non-FOSS software there.
A good mobile alternative to Signal is Simplex, it works both on Android and GNU+Linux. It’s AGPLv3. You have it on F-Droid
I have a Thinkpad X220 myself with Libreboot (coreboot distro). But if you do think that microcode updates is bad you can go for Canoeboot. Always check the chipset in order to know exactly what kind of me_cleaner you have to apply.
Thinkpad X220 works out of the box with Linux-Libre (I use Guix). You probably will need a WiFi card that works with the free software kernel drivers, you can check h-node for hardware that works with free software drivers.
The thing is that that kind of laptops aren’t too powerful. You could check more modern Thinkpads supported at Libreboot.
There are also modern laptops from: System76, framework and Purism. Some support freesoftware more than others, but it’s a good resource. For example not all System 76 laptops have Open Source Bios and EC, most of them disable the ME though.
The phone market is a bit different everything runs on SoC. So unless you go Purism phone or Pinephone. But they lack a lot. I would recommend using a custom de-googled Android like GrapheneOs, CalyxOS or LineageOS.
**Since I’ve been there, take everything with calm. Change bit by bit, and don’t try to force yourself. **
Note: There’s also Briar as a replacement for Signal, but the synching is between devices, so if the other is not connected… I prefer Simplex for now. I really like the way you share chats (since there are no IDs per se). I’ve been testing it out and it works well, you can even call and everything.
Note2: Matrix is a bit shady since the only Matrix instance (public) is Matrix.org and for now their whole selling point is based on that, but we’ll see (I use it too though).
Appreciate the well-rounded advice. Rn it’s getting late, so I copied it for later to go through every point and address questions I might have. Thx
Always keep work on a separate device.
Signal is libre. If you’re already failing, stop making it harder. Getting others to care first, then go for decentralisation.
https://lemmy.world/post/21620691
Make them come to you. Keep your replies short. Make them ask more. If you give it all away upfront, they’ll forget by tomorrow.
https://lemmy.world/post/35312231
Start here but make sure you really understand it.
I get you, but my friend, the guy that started Signal gave up $850 million from Meta to go start Signal.
What’s more likely is your phone to get spyware on it that renders any E2EE worthless, regardless of what app you use.
For example; It’s hard to find mobile keyboards that arent spyware!
https://keyboard.futo.org/ is a good one!
Not really - have you looked at the F-droid shop? I use Heliboard and Simple keyboard on android which are both FOSS and cover all my language needs. Neither is spyware as far as anyone seems to know.
Simple Mobile Tools were bought by an Israeli ad company, use Fossify instead.
Ok I actually have those on my Android device and you are correct, they’re cool.
However on my ios device I’m fucked.
I don’t have any options other than my current spyware device, which I am in no position of replacing now or the near future, so might as well make the very little time I use it for communication ethical.
OK, so based on what you’ve posted here I think you might have a lot of misconceptions about what works and what doesn’t and what’s “good” and what isn’t. It’s not even clear what you mean by “Free.” I assume this means FOSS, but it’s hard to tell.
Edit: Speaking of Signal - it is FOSS, it’s the equipment that the network uses that isn’t because someone has to take care of it. That’s how every FOSS project works. You can, if you like, fork your own version of Signal if there’s something about you don’t like. But the thing about E2EE is that once the message leaves your device, it’s encrypted, so worrying about server location isn’t worth it. Otherwise go see what ISIS or Russia uses and go use that. Remember how they all used Telegram, which wasn’t secure at all and the EU is about to try and pass a law making Signal and other E2EE positions illegal because they can’t see the messages?
This is a much larger conversation, but I would expect that you’re placing far too much emphasis on big-picture labels and geography without understanding where nuance exists that might make something worth using. So you’re possibly trying to balance very unbalanced notions.
I think you have a misconception of free software. Refer to fsf.org.I might “seem to be putting much emphasis on big-picture labels and geography without understanding where nuance exists that might make something worth using…”, but I think you’re over complicating simple disagreements. I would address my concerns about signal, but I already have addressed them, and it seems me and you disagree on what we see as acceptable, so it would be meaningless.
No misconceptions - it’s a word that has more than one meaning, especially in this context. That’s why I said I was unsure which version you meant. I’m not attacking you or doubting you, there’s just not enough information here. Not just about what you mean, but also to ensure you have fundamentals reasonably covered to the point where worrying about where Signal’s servers are should be a sticking point for you.
Free as in no money needed to install? Free as in freedom from proprietary software? Free as in free from specific geographic snooping? Free from centralization under a single entity? When the start and end of FOSS are “Free” and “Software,” I am free as well to see 2 words next to each other and understand there’s ambiguity left to sort out and just ask what you mean. Seems like you mean all of those things - correct me if that’s not accurate.
I’m also not having a disagreement with you, at least not that I’m aware of. I’m trying to get you to take a step back and see if your concerns really bare themselves out, and if the balance you note in the title is actually a search for balance at all. Your post title is about balancing convenience and privacy, but the point of the post is to just ask “What is an E2EE messaging app that doesn’t touch any equipment in the US?” Which is an entirely different question.
Also, there’s no balance if you have a “spyware phone” and find some unicorn app that uses quantum entanglement to send the messages if your keyboard on that spyware phone is giving up what you’re typing anyway. Which is a very real possibility and I’m not seeing indication or not that you’re using non-default keyboards. Or even what phone you’re using as we might say “spyware” but what and how deep Apple and Google track users are fairly different. Balance can’t be found if a vulnerability undoes all your security improvements. If I have a rootkit on my laptop, virus scans of incoming PDFs doesn’t undo the rootkit, right?
Also, if you’re on Android do you have Whatapp sandboxed in a separate profile? If not, then you’re already giving up enough that Signal’s servers are the least of your concerns. Anything that you do where that’s a concern shouldn’t be done on your phone in the first place. Your device isn’t trustworthy enough, and changing one app isn’t going to fix that. And that’s OK - my phone does things I can’t change and so I have to ultimately just know that it’s rated for no conversation more sensitive than what’s for dinner and what time do we meet for someone’s birthday. It’s something I just have to accept.
Look, you’re asking for help and I’m trying to provide some based on partial information. So you can either help us all in this community with information to help you, or not and come away frustrated and angry with no results.
I’ve had similar feelings before. You’re not the only one to struggle with this. You are pushing against the grain and doing something, aligned with your values, that 99% of people don’t know about.
What helped for me is separating what I can control from what I can’t. Everything on my device, that I personally choose to use, is under my control. So that is all free software, downloaded from system repositories, because I care about that. Meanwhile, everything I can’t control, I just gradually try to improve over time.
Here are the things I feel I can’t easily control:
I bought a laptop many years ago without free firmware for wifi, bluetooth, microcode etc. I like using devices as long as I can. Ok, no worries, lets just replace it with a Thinkpad next time.
My employer requires me to use Zoom, and some proprietary VNC client on my own device (on top of a load of proprietary software that I run on their devices). I don’t really have a choice here, unless I quit my job. So, I give in the short term, but do what I can to minimize the damage, running it in a dedicated VM. For the long term, I try and keep an eye on FOSS job boards and also network with people in the FOSS world (I’m quite bad at this, but trying to get better).
Likewise, some of my friends haven’t switched over to XMPP, which is my network of choice. Eventually, the people closest to me did, but many did not. So, I bridge those who haven’t into XMPP (via Matrix, for now, but looking to remove it eventually), and decided that I don’t want anyone “new” to contact me through the proprietary networks (I haven’t set up “enforcement” for this, an autoresponder probably, but this is the plan). The good news is that the proprietary networks always screw up eventually. When they do, your friends will get pissed off for their own reasons, and that is your chance to offer them the alternative. I never push, but let people know that I use XMPP. Some become genuinely interested, others you have to wait until they get screwed over by the proprietary networks.
Now bear in mind I am more interested in software freedom than security. So your priorities might be different. But the short story is: don’t beat yourself up over this. It’s a journey and you are pushing against the rest of society. What I do is just try and improve my setup, whatever that means to me, gradually over time.
That is super relatable and exactly what I’m experiencing now. So, on your next device, do you plan on getting a thinkpad that can run GNU boot? How do you plan on dealing with the performance I plan on getting a portable X200T when I can as a portable device and a desktop at home, but I still don’t really know of a desktop that is as free as possible, while still being able to handle CAD and ethical machine learning, which as mentioned before, are necessary. Also, why are you not using matrix? As an alternative for signal, I downloaded and plan to use a matrix client called “fluffy chat”. I have also heard of XMPP, but why use it over matrix, which is more well-known and (based on my knowledge) easier for normies?
My next laptop will probably be a Thinkpad T480 from Minifree. But I reckon it will be a while before this one breaks in an irreparable way.
CAD + ML is certainly difficult, maybe that needs a dedicated machine you only use for that? But that will increase costs overall. I’m also not sure how to find PC parts that I know won’t need dedicated firmware. So that part is definitely more tricky, I’m sorry I can’t be more help here :(
As for Matrix and XMPP, I started off with Matrix and found it pretty good for bridging lots of different networks together. But, over time, I came to prefer XMPP for a few reasons:
- Ultimately, I just don’t trust Element, and they do so much of the work. They complain that people are dependent on them and don’t give back, but they were the ones that created this dynamic in the first place. They are a single actor who own the dominant server, clients, and flagship instance, and can really push around the ecosystem in a way that works for them.
- XMPP is more community oriented, no one person can push through changes either at client, server, or server operator level. XMPP is based around extensions and there is an expectation that not every client or server implements every extension. That brings the con of inconsistent experiences, but at the same time, it is much more resilient over the long term (Matrix is now having to deal with the same fragmentation problems that XMPP started experiencing, and building solutions for, 20 years ago).
- XMPP’s network is less centralised, there’s not a mega-server like matrix.org with a lot of power. When matrix.org goes down (which happens semi-regularly), there is a big impact. If a single XMPP server goes down, it doesn’t cause nearly as big a problem. And, there aren’t those mega-instances with scaling problems, so the servers don’t go down as frequently anyway.
- XMPP evolves more slowly and gracefully IMO, as it is already more established (might be a con depending on your worldview). I run debian stable and an update across the Matrix network broke images on my Matrix client. That just doesn’t happen on XMPP, you can lag behind the leading edge for a couple of years and things don’t break even as the network evolves.
- I find XMPP easier to self-host - again subjective, but I could just install
prosodyvia Debian’s archives, and once it was set up, I didn’t have to touch it. I update it with the rest of my server every 2 years, and I don’t fall behind the rest of the network or miss out on much in the meantime. Meanwhile, I have to pay much more attention to my matrix server, I get the software from upstream and not from my distribution, and there are more regular changes that I have to pay attention to.
As for advantages of Matrix:
- They have a flagship client that is available everywhere and has a decent and consistent UX. That name recognition makes it easier to get people to sign up. The XMPP community have done a lot of work to make signups work easily in a decentralised way, and projects like Snikket aim to solve that name recognition and consistency problem, but it is not 100% perfect yet.
- Bridge software to proprietary networks is more actively maintained in Matrix. There is work going on to improve this in XMPP, but I think many in the XMPP community moved focus from bridging to making the first-party experience better.
Many of the pros and cons are based on values (e.g. living on the leading edge vs using something more mature, preferring community based solutions vs commercial ones etc.), so I totally understand and support people who use Matrix instead. Ultimately, both ecosystems can cooperate, learn from each other and are millions of times better than the proprietary networks. That said, above is why I came to prefer XMPP.
I agree. Great analysis btw
I’m not the person you replied to, but a lot of my friends that pushed us to initially use Matrix have grown unhappy with the direction it’s gone and really dislike the clients. I personally host a private Matrix server and I am fine with it for now, but I’m able to avoid most of the drama and bugs by simply not moving to the latest and greatest. I always liked XMPP in the past, but I haven’t used it in a few years. I am glad to see it picking up support and hope that some of the things I didn’t like about it (which I can’t seem to recall at the moment :) ) are no longer problems or at least may get some traction on resolving.
Someone replied to me with https://hackea.org/notas/matrix.html and it really changed my perspective on matrix. I’ve heard good things of it, so that’s what gave me the idea of switching, but after learning that, I’m looking at XMPP now
I’d take that page with a grain of salt, especially since it is quite old and not all of it valid anymore, but I agree that generally you hear the good things about Matrix. Even disregarding what that site has to say, I’d give XMPP a look. XMPP likely isn’t all rainbows either, but I like the traction it is getting and it did a lot of things right in my mind.
Signal is on mobile
I know, but it is American-backed, centralized platform that can’t be self-hosted, and no one knows what code is running on their servers
That is true, but the clients have been audited by crypto experts and it is probably way more secure than a random chat application just by the sheer amount of eyeballs on signal
With that logic, whatsapp is more secure than a random chat application just by the sheer amount of of eyeballs on it. It just doesn’t work that way
What? Whatsapp clients aren’t free software. What even is your point
To clarify my original reply to this more, I thought you were just comparing chat platforms in general and not considering if it was libre or not. Again, total misunderstanding from my side.
It seems like there’s been a misunderstanding, I’m speaking of signal alternatives not whatsapp alternatives. As much as I limit and isolate whatsapp, I need to use it to communicate with my family. However, it is possible to replace the main chatting program that I use.
I think what they’re saying is that, to a lot of people (myself included), Signal is currently the best option despite being centralized. The decentralized options have UX issues, too small a user base, or aren’t well known enough to have gone through robust security/privacy reviews. While you can’t see what’s running on the signal servers, the app is open source and so far it looks to be encrypting the information correctly and it’s not sending anything but the minimal data to their servers.
‘A lot of eyeballs on the code’ is only relevant for open source apps. They were making a comparison between Signal and the many other open source mobile messaging apps.
You might also find this chart helpful if you’re looking for other alternatives. Personally, I found Signal to be the best one to get my friends and family onto
I got you now. Before, I misunderstood what was initially said. I believed that the point being made was just speaking from a user perspective not from a foss one. The UX doesn’t really bother me since I just need a bare-bone messaging platform to just speak on. I found this matrix client called fluffy chat available on all the platforms that I see relevant.
Regardless, thank you for you assistance.
Consider the extra security to be had with Molly the signal fork. I love it and the devs
Uh, never heard of it! Looks very promising. Are third party clients officially allowed by Signal?
I’ll check it out.
matrix, threema or simplex
I think you need to step back and review your threat model. Grab a pen and paper or open a spreadsheet. List all the tech you use for various things. Then determine what threats you are protecting yourself from for each. Try to use a scoring system to rank importance/criticality and convenience. Then try to find the balance, which ones you’re willing to sacrifice convenience for and ones you are willing to compromise. Then take action one by one.
It’s a weird time to tech-aware.
If fluffychat gets buggy(I’m told it’s decent now), I strongly recommend schildichat and schildinextLookup alternatives at alternativeto.net. Signal is probably the best but there are others. Problem with chat, both people have to use. F-Droid is a good resource too.
I would not call FOSS a cult any more then unions or the civil rights movement.
Device-wise, have you considered separating your project and personal computer? You could coreboot a small light Chromebook as a personal, ultraportable device, and get a hefty laptop or even a desktop for the hard stuff.
Chatwise, there’s Matrix, XMPP and SimpleX at least. And Briar and Session. But Signal with its phone number registration is the easiest for others to jump to.
And yes, it’s a constant balancing act between privacy and convenience… and the IA of the security triad, and open source principles. Just like with most things, there’s no perfect solution, you just learn to live with the least bad ones.
Amazing advice. Chatwise, I used session, but security-wise, it’s pretty bad and it’s still pretty new and not well-known. I decided to go on with a matrix client called fluffy chat.
As for device, that’s a great idea, which I havent thought about. I could use a portable touchscreen Thinkpad X200T for just everyday portable computing and as for at home, I’ll figure it out one step at a time.
Matrix.
There’s no sane reason to switch off of Signal. It is what you want to use given what you are saying.
I’ve been been deepdiving the cryptcom privacy space over the last week, refreshing my knowledge that was last updated about a decade ago. Signal spooks me because of the number requirement and centralization, but the tech is fine. Matrix is the new hotness but the clients kind of suck. I wonder if there are any i2p based apps? But Signal (or in my case, Molly-FOSS) seems to be fine for most purposes. Unless you’re the secretary of defense… There’s always Tox if you don’t mind the fact that it’s in dev and unaudited.
On matrix, while I at first planned to use it, I read https://hackea.org/notas/matrix.html, and turns out matrix really sucks. I’m going to check out XMPP.
Matrix?
There are a bunch of clients available for it on the web, android, ios, and linux desktop
I was aware of matrix, but I thought it was only on desktop. I’ve heard great things of it, so I will switch to it. Thank you.
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
Matrix is great, but not the best, recently, less than a week ago, the Matrix.org server went down due to a drive failure, so they had to recover all the server data using a backup, so you are better off using a homeserver that is not matrix.org.
Also, all clients of matrix kind of suck. Element desktop is extremely laggy and sluggish to use. Element for Android is deprecated, ElementX, their new android client is not completed and lacks basic features. There is other clients but all of them have their downsides.
Good point and other than the clear security issues there are the privacy issues that I’ve recently learned about in https://hackea.org/notas/matrix.html. I’ll be checking out XMPP
Soatok also has a very good post about XMPP
You will at least want to consider þis before jumping over. Matrix is not “private” WRT metadata. IM (long) E, Matrix’s cryptography is borked, at least þe user experience. I’ve lost so many encrypted DM chat histories because of þe fucked up key management.
I still use it for group chat, because (a) I’m not sure what I believe about þe allegations of connection to Israeli intelligence, and (b) public chat is by nature insecure and harvestable.
Informing article. I’ll make sure to check out XMPP and avoid Matrix.
