Because of #Electron abandoning support for 32-bit PCs, this bug in #Wire is unlikely to be fixed, and I may have to give up on trying to use the Wire desktop client on my 32-bit laptop:
github.com/wireapp/wire-deskto

So having convinced a bunch of my family and friends to set up accounts on Wire and install it, I may have lost the main thing that made it attractive (a #FreeCode desktop client for 32-bit GNU/ Linux where voice calls work properly). At what point do I just give up on trying to be a #SoftwareFreedom purist, and buy a 2nd-hand MacBook for comms (and video editing, and ... and ... and ...) :(

@alexl see the 2-3 length discussions I've had here over the year about chat apps. TL;DR Wire is #copyleft #FreeCode on both client and server side, and has plans to support #federation between Wire servers. #Electron is a downside, but they are ok with community-created clients without Electron to connect to their server (unlike #Signal, don't know about #Telegram)

@strypey Telegram made a challenge and the best clients became the official ones: a Qt desktop client for Windows, Mac & Linux, two clients for Android, one for iOS, a web client and one specific for Mac, all Open Source, plus community clients including a CLI one. 200 mln of users, 15 bln of messages/day. E2E encrypted chats (optional) and calls.

@alexl @strypey ...but for some obscure reason, the server code is still closed source, even though they said they would open source it years ago. telegram.org/faq#q-why-not-ope

Follow

@stragu @strypey

Obscure reasons? telegram.org/faq#q-why-not-ope

Keeping Telegram fast and secure while switching to a federated architecture is a tech challenge. See Matrix, it's the state of the art of decentralized instant messaging and can't deal with Telegram's performance.

ยท Tusky ยท 5 ยท 0 ยท 1

@stragu @strypey

"Our architecture does not support federation yet. Telegram is a unified cloud service, so creating forks where two users might end up on two different Telegram clouds is unacceptable. To enable you to run your own Telegram server while retaining both speed and security is a task in itself. At the moment, we are undecided on whether or not Telegram should go in this direction."

@alexl if parts of what is linked are false, the other arguments still stand.

So it remains: telegram is not to be trusted.

@alexl @strypey but making it open source doesn't mean switching to a federated architecture, the official apps can still prefer the official servers. The idea was to open source it for people to review it and reuse the code creatively.

@alexl @stragu no, it isn't. #XMPP is much more advanced than #Matrix when it comes to server performance. But what's key is whether the company recognises that having servers they control at the centre of the entire service is a bad idea (#SinglePointOfFailure) or not. Wire does. Telegram hasn't even released their server code.

@strypey there is no point in releasing server-side code for an instant messaging platform if there isn't support for server federation. It's just a marketing thing, no benefit from security point of view

@alexl

Yeah, I've begun to think of that sort of architecture as being a vehicle for its developer's own "performative software freedom".

@strypey

@deejoe @alexl the benefit is it allows the whole system to be studied independently, including for security audits. You can stand up your own version of the server, check it for backdoors, and see whether messages are actually secure when you connect clients to it. It also gives the user community the freedom to run their own service for private use, and to fork if the original developer is exposed as a bad actor. So it's quite important.

@deejoe @alexl imagine how much work could have been saved in building the #fediverse if FB or the birdsite released their whole server stack under AGPL.

@strypey zero, there is no value in Facebook/Twitter codebase... Reddit was Open Source, but its federated version, Prismo, is being built from scratch

About Wire, I specified "instant messaging" because using your own server mean you and your contacts need to trust the same server managed by you or one of your contacts that maybe don't know each other... so at that point is better to trust a third-party company like Wire that has low interest in your conversations...

@strypey ...and even if independent developers can audit the code and make it more secure you still need to trust Wire because you have no idea of what they are running on their servers. They could run a branch of the Open Source repo with optimized performance, with additional security holes... so the important part in e2eE systems is just clients being Open Source and secure

@alexl @strypey open-sourcing doesn't necessarily mean switching to a federated architecture, it should be trivial for the Telegram developers to restrict the official clients to the official servers, even if others open new servers based on the original code. What it _would_ allow though, is some public review of the quality of the code, to check for code quality and confirm the privacy claims. And it would allow others to creatively re-puprose, and learn from their valuable work.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!