GNU Jami (Signal/WhatsApp/Telegram replacement)


#42

@epinez
Signal is a better option as maybe others. I agree end-to-end encryption should be default. Yet Signal still requires a phone number where Jami does not. Signal is not bad but Jami is already in line with the privacy guidelines with Purism and is already GNU certified. Worth a look. :sunglasses:


#43

For the record, telegram chats are encrypted by default, just not end to end. Though if I am wrong, please do tell me.


#44

i find it disturbing when i don’t see the license of each software on the home page of the site …


#45

@Gavaudan actually, Telegram encryption is NOT default. That’s not the only concern but a good one. Jami has all this issues covered and addressed very well.

“Telegram is partially open-source and while their app is capable of some genuinely cool stuff, it takes a little extra work to maximize security. For example, the default encryption scheme is server-to-device encryption rather than true end-to-end encryption. You can turn on end-to-end encryption and even set conversations to self-destruct, but this isn’t the default.”

  • Firstly, you should keep in mind that Telegram doesn’t encrypt chats. Moreover, a social graph is not secured, which means that your contacts are stored on the central server.

  • End-to-end encryption is not working for the group chats. E2EE is supported only on the mobile version but not desktop.

  • Moreover, Telegram doesn’t allow anonymous registration for its users.

“So, if your goal is secure messaging, the only way out is secret chat. Secrets chats are encrypted but are not available from all Telegram versions — some desktop clients lack it. When using mobile activate secure messaging by clicking New Secret Chat.”


#46

SIgnal has been working fairly well. I must give my phone number but how could I else get messages from other people ? The Messages app in Android can be used but I prefer to have Signal as my default.

Jami is interesting but it must handle also messages from the post office and transport companies etc. to be really useful.


#47

No, it must not? :smiley: I have different requirements (privacy, speed, notifications) on the communication with my peers than I have for delivery notifications from the post office. So why should I handle both with the same tool? Not to mention that the post office would mostly be interested in delivering advertising.


#48

Anyway I must have the possibility to receive messages from the post office when I get a package. SMS is the most important way of sending a notice that I have a package that I should fetch from the office. I do not know about other countries but in Sweden I must give my phone number when I order something so I can get a delivery notice. Email is another possibility but it is not as well supported. Paper mail notice is very slow.


#49

@reC do go on, my interest is piqued, and I have no idea what you meant. (I’m n00b on this) Like what’s a link to a good example and a link to a bad example?


#50

it’s quite simple actually … the GPL (general-public-license) version 3 (the latest) is quite clear on what is permitted or what is NOT permitted when it comes to software that pretends to respect users freedom … as such there are many public licenses that are open-source but not pure free-software GPL compliant. the GNU project makes every piece of software clear in this regard - in the sense that you can without much fuss find exactly what kind of license each piece of software is released under and rest assured that there are no component parts that are not GPL compliant. this is not always the case with other open-source projects.


#51

@nhu
Jami is NOT an SMS replacement or substitute. Signal shouldn’t be either. Like Signal, Jami is a separate app from SMS. I really don’t think you understand what Signal, Telegram, Wire, Jami, are. They are Voice/Video over IP apps. They have instant messaging too, but they don’t replace SMS. The SMS app on Librem is Chatty/Chats. That is a separate application. Just like Signal on your phone is separate from your SMS app. So you can create accounts without a phone number and still use it to make calls to your contacts within the app itself. It is separate, like Signal. Giving your phone number to the post office has nothing to do with this software. That is a separate issue.


#52

haha ! smooth !

i wonder … if it’s not to much to ask … would you be willing to assist with the question @merupp posted above in regards to GNU/Jami vs other similar apps ?

i do think it’s a good thing your brought this software to our attention and i’d like to avoid hijacking the thread or over-generalising about software distribution licenses.


#53

Yes, I understand that. But I use Signal instead of the Android message app. It is just that I have no need for an app that requires the person at the other end to have the same app installed. I do not know people that would be willing to install such an app.

What I could use is a telephone app that works over Internet. The problem is the missing “telephone book”. How can I reach a person without having him first install a new app on his phone ? It is the general problem for all kinds of VoIP systems. I would like to have something like Jami but we have no decentralized phone book covering more than a few people. In fact we have the possibility to make SIP calls without any operator but how do we get the SIP addresses with large coverage ?

The old phone operators have created a system with phone numbers and nowadays electronic phone books to handle this. What is our alternative ?


#54

The line that says “default is server to device encryption” is the same thing I said. Server to device encryption is still encryption, but rather than each device having the keys, the server does.

Now a question could be is the data encrypted at rest? I don’t know and you haven’t said that much.


#55

That is exactly the problem. If the keys are on the server then your content can be accessed by anyone who has access to the servers. Just ask Microsoft. They use server-side encryption.


End-to-end encryption is far more secure as the keys are on your device. YOU are the only one how has access. So no, all encryption is NOT equal. If you are fine with using with server-side encryption, then feel free to use it.


#56

@nhu
Then the issue is simple. Keep using Signal. Who you know and who from those people are willing to make a change is not the topic at hand. The topic here is what does Jami offer and does it fit inline with Freedom & Privacy. 1) Does Jami meet the criteria for GNU? It does. 2) Does Jami offer End-to-end encrypted communication for better security? It does. 3) For better security, can a person create an account WITHOUT using their personal phone number? Yes, they can. 4) Is Jami cross-platform? It is. This is something people are very interested in. I do find it interesting that in another post, cryptometer, you discuss the importance of security. But in this post you give your personal number, through Signal, to your post office. That is anything but secure. That defeats the purpose.

I really don’t think you understand the purpose of security. I would not want operators or an electronic phonebook out there with my contacts. All the reasons you don’t like Jami are the very reasons it protects freedom and privacy. You might as well not use Signal. Just use your phone and SMS apps. This way no one will have to install any new software to talk to you. Problem solved.


#57

I am only trying to discuss the problem of security versus usefulness. I do like the four points you mentioned but I would like to see them combined with more general use. Unfortunately that problem is not solved.


#58

lol. yeah !

if you keep the freedom/privacy/security bar high enough it is expected that access to the masses will suffer at least until everybody becomes more skilled …


#59

I didn’t say all encryption is equal. I said telegram is encrypted by default, because your initial statement was that it wasn’t.

You’re making good points, but don’t put words in my mouth to make your argument, particularly when I’m the only one of us who so far hasn’t been wrong.


#60

I know it is tough to demand both security and general usefulness at the same time. In fact I would like to encourage work like GNU/Jami while reminding that the ultimate goal is to have any not-so-skilled user to be able to use it. Although Signal is not perfect it is possible to use fairly good security when communicating with another Signal user. We are moving in the right direction also with email (I use tutanota.com which can encrypt email messages).

Jami is adding more good features and I hope that it will be useful for the masses at some point. It is however not an easy task to develop a system with all the desirable features.


#61

@Gavaudan
I didn’t put words in your mouth. I quoted you.
Server to device encryption. This means device to server is not encrypted.
Therefore - not encrypted. Thank you for pointing out that my initial statement was not clear.
I have since edited the statement as to better reflect what I am addressing.
Much appreciated. Cheers :sunglasses: