Sure you can always just encrypt your messages but even that could have exploits. (either intentionally or accidentally) and then you have governments around the world basically teaming up to get rid of encryption with laws. The next option is a vpn, but really it is not because it also uses encryption so it would fit a legal definition of using encryption.
But maybe not all hope is lost, you could maybe use a proxy server in combination of the Tor browser (for now) sure the contents of your messages but not your ip address. Neither of those use encryption and are not targeted by these laws. Just be sure to use that proxy since the very creation of your messaging accounts till the very end because any small mistake (such as using an app with your own ip address can expose you) can ruin you if you post the most illegal of messages.
I know encryption isn’t just about illegal and harmful activity because it’s being used by people in heavily controlled countries to communicate about shifting the government from stepping in peoples lives.
Sure it’s legal but the smallest mistake can expose you making your privacy online much much weaker especially when you have a bad server that your data bounces in out of all of the severs in tor that reports your activity as they see fit. This is why you should not support such forced changes in the law that go against encryption.
What about offline encrpytion? Well this question is more complicated to give an honest answer because, what ever you store on your phone is hosted offline on your sd card or hard drive. Becaus e it is not hosted on a pubic service such as Facebook it would be harder to enforce this law on any company because it’s stored on that individuals phone. Now if it set to back up to the cloud then that’s when any actually legal concerns would come up in the us. If you are in Australia can you please confirm that for that area. And if you use an open source encryption app seperate form what’s built into your phone offline it’s even more difficult to have someone in trouble for not scanning encrypted messages because it’s not hosted on a public server and no specific company is involved if everyone just keeps copying and pasting that code.
I use Tor, yes, and some other methods to help with online privacy while using an Android. As for sensitive information I believe requires offline encryption, I only do so on a computer(which alone doesnt guarantee anything) that I can make more suitable for doing such. None of which I would put in a “Cloud” of any sort.
Encrypted communication, eh I rather not if possible as it requires both parties to do everything absolutely right at times so there’s that “Trust issue” again…
Also, Tor Browser does use Encryption. A simple proxy does not though.
I agree with your post though, especially how one mistake is all it takes. More often than not, it’s user error and not the software used for privacy.
Having a little trouble understanding your last paragraph so excuse me if I replied with something you already explained.
Looks like quite a few choices left
I don’t feel like online messaging privacy is decreasing. In fact, I think it is the exact opposite. More people I know currently use secure online messaging than at any point in the past.
What I think is happening is that more people are becoming aware that what they used to assume was secure online messaging was never secure.
In my personal case I run both encrypted XMPP and Matrix servers, which both have clients available on F-Droid (Conversations and Element).
And for our ios friends there is Monal for xmpp
Or Snikket (based on Siskin)
I am told OMEMO with XMPP is secure but I don’t have the knowledge to verify it. It is probably the best thing we have. I would probably only suggest open-source apps.
I would like the ability for Conversations (or any open-source xmpp app) to export chat history as a text file so it can be stored in plain text, away from the app itself. The chat history on the device can then be deleted, while still having a copy off the device that can be read almost anywhere. This is the ‘security’ I want.
Backups can be extracted to plaintext: GitHub - iNPUTmice/ceb2txt
As usual domain knowledge is needed
Some info: OMEMO Multi-End Message and Object Encryption
And the audit: https://conversations.im/omemo/audit.pdf
Can anybody link a nood friendly guide on how to build a personal XMPP VPS from scratch please. Like what specs are required for a VPS to run let’s say Prosody to support a 1000 users. what OS is more suitable for it. And how much more more efforts will it take to host it as an email server at the same time? What software is required to implement an email service as well.
Linux as usual
snikket (aka prosody on docker): Snikket Chat | Snikket Server
Load testing an ejabberd 19.02 instance on RPi3+/1Gb yielded almost 1000 (simulated) users on SD card, postgresql, and file upload available. So any hardware better than that will be enough imho. But that’s without Audio/Video, since that needs a TURN server (included in ejabberd or using coturn/eturnal for prosody/snikket) which uses more CPU/bandwidth.
Wow thank you for great response!
Been kind of wondering how well a RPi could run an instance for such but being that i rarely use any messenger lately i have not checked.
Thanks for the great info.
a Raspberry Pi 1 can run ejabberd for a family and a group of friends just fine.
The only quirk I ran into is that if ejabberd starts before NTP sets correct system time, it’ll be funky.
So either get an RTC addon for your RPI or set ejabberd to delay via systemd or whatever.
An RPi1/256Mb can handle less, yes, say about 80 users, in my load testing same as above.
And maybe just one video call at a time, or 2-3 audio.
I noticed certain quality hardware made for Raspberry’s like DAC hats or ham radio hotspots made to pair with pi’s include their own clocks. I know for audio it can vary where in why it improves the sound quality but in the case of ejabbard or tor which ran on pi’s can in some cases issues, is it a software issue, or more of an issue with the pi’s hardware?
If so could a rtc hat solve such issues in these cases?
Audio is not processed by the xmpp/turn server, just passed around. Also it’s encrypted so…
I understand that i just used it as an example to ask whether a rtc clock hat could solve some of the issues mentioned.
The clock helps only with the networking part yes, if that is a separate thing or comes with DAC it does not matter
Thanks. Yeah i know the clocks in those devices wouldn’t help in this case but just remembering many devices including them made me wonder if it a plain clock hat would solve some issues the included clock may cause.
Also i just realized why my question makes me seem so stupid, i just saw skeweds reply and did notice he already answered it by saying to add an RTC addon… I swear to god I do not remember reading that earlier…