@kkarhan xmpp has almost no good clients and yet the ux is still better with it compared to element or any other matrix client
@hexaheximal @kkarhan i already use cinny
@hexaheximal @esm Why would anyone want that anyway?
There are native #XMPP+#OMEMO client for literally any relevant platform!
https://mstdn.social/@kkarhan/111404942780525408
Any #E2EE #Messenger with #SelfCustody of all Keys should be considered security-sensitive and thus should not he used as a #WebApp.
Also #ChromeOS supports #Android-Apps and if you don't have administrative privilegues on a machine then consider it insecure and nit trustworthy for yourself as a user!
@kkarhan @esm Not all chromeos devices do. (e.g. ones where apps are restricted by management), and there are still other scenarios where a web app is the best/only way to do it. #ArgumentValid
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world
You may call me a #minimalism evangelist but
everytime something that could've been barely Megabytes as an #AppImage, #FlatPak, #Snap or Kilobytes as a #CLI tool instead shoves yet another entire half gig copy of the #Bloatware-#Browser that is #Chromium onto the Desktop despite using not even 0,1% of it's featureset
I call this a systemic failure in Software Architecture.
Browsers are the most attacked applications on #Linux beyond CMSes and Webservers...
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world ...and even if we think local #WebApps are a legitimate way to handle sensitive comms - they ain't but let's just assume they are for the sake of argument - WHY would you do anything beyond a .desktop file that includes startup parameters for #Firefox (or even #Chrome if you're that kind of Cyber-Masochist!) that specify the browser, and the file to load.
Because any good #WebApp should be reduceable as #HTML5 + #JS6 + #CSS3 and measured in kB or maybe a few MB.
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world Shit like #Discord is an abomination and #Microsoft only won because regulators are systematically dysfunctional, corrupt and staffed with #TechIlliterates, otherwise all the #GAFAMs, #Adobe and #Autodesk among others would've been forcibly disbanded the same way #StandardOil was.
Microsoft feared #Linux but nowadays they basically gave up on #Desktop and #Server OSes since #Xbox, #Office365 & #Azure make the real profits & margins!
https://blob.cat/objects/29e2ce65-026f-4fb6-aa2a-2de2c1ebe4c5
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world Like #Atlassian & #Adobe & #Autofesk before them, #Microsoft is working hard to forcibly #Subscription-ize & #Cloud-ify (aka. #Enshittify) their products and subsequently cancel any #OneTimePurcase, #OnPremise / #SelfHosting and #LocalInstall options until there's only #Microsoft365 / #Office365 as a #WebApp with no control over anything whatsoever...
And OFC that'll be weaponized against anyone and everyone!
https://twitter.com/frank_rieger/status/999319383917957121
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world
So yeah, don't trust any #WebApp where it's trivial to siphon away credentials.
And don't trust any #Service, because they WILL LIE TO YOU just like the #Honeypots of #ANØM and @protonmail did/still do.
Keep your keys in self-custody and encryption as well as decryption locally or don't even bother at all!
And I'd certainly not do critical comms from an insecure device where I don't have full control!
http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/547af5650b3853a3b24e
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world @protonmail I do work on getting that part fixed...
https://github.com/KBtechnologies/PocketCrypto
In the meantime, learn #OpenPGP / #GnuPG (#PGP/MIME) and/or #XMPP+#OMEMO...
Tools like #enc make it even easier to do so...
https://github.com/life4/enc
Just like #gpa and #Kleopatra on #GUI Desktops or #OpenKeychain on #Android...
@kkarhan Wait, what did ProtonMail do wrong?
@hexaheximal@blob.cat @protonmail @esm @hexaheximal@wetdry.world
1. People said the same about #CryptoAG...
And sadly my gut feeling and the Intel I get is way more reliable than marketing lies.
Let's just say if I was wrong I'd already be dead a dozen times...
2. It's not dead, because I can just open it, even on Mobile.
@hexaheximal@blob.cat @protonmail @esm @hexaheximal@wetdry.world
YOU LITERALLY EDITEC THAT POST AFTER I REPLIED TO YOU!
Now fuck off asshole!
https://blob.cat/objects/571db7e3-9625-431c-bdd1-22c3d71a7726
@hexaheximal@blob.cat @protonmail @esm @hexaheximal
3. Why would I want to self-host #Matrix when it doesn't provide me with any convincing benefits compared to #Zulip, #XMPP+#OMEMO or even #IRC.
4. It's easier to audit a small, native app and even sandbox it into a single user that has literally 0 privilegues because a higher layer that doesn't allow said user to interact with it constricts it.
[Thats's literally done with #Webservers and #Databases where they're run as dedicaded users which have no privilegues excpet their own use-cases
@kkarhan @hexaheximal@blob.cat @esm @hexaheximal@wetdry.world
There is no comparison between Crypto AG and us. Our encryption occurs client-side, our cryptographic code is open source ( https://proton.me/community/open-source ), and our tech can and has been independently verified. More about this here: https://proton.me/blog/is-protonmail-trustworthy.
@hexaheximal Yes, PGP has its limitations. However, PGP allows for interoperability and, being open source, it has security advantages. We are working on improving it too: https://proton.me/blog/openpgp-crypto-refresh
@kkarhan @hexaheximal@blob.cat @esm @hexaheximal@wetdry.world I don't think it's failure but intentional since those corporate higher ups wants cheap, inexperienced web developers who can create a half-ass app that can cut corner better instead of actualy native app developers who can optimize their apps for most users. Users are nothing to those people, they just ask them for upgrade their hardwares or say f* them instead
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world
Apparently you do care - on grooming your escalating commitment to excuses to not use or even try out something...
But that's your decision.
It's okay to be wrong...
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world
So the problem is solved then...