I haven’t been able to get an update from Sean and there hasn’t been any communication for several months. I don’t think we can count on that.
However, I came across purple-signald, a plugin for libpurple base on Signald.
So it could be compatible with Chatty but with Signald daemon running on the L5.
There is also libsignal-protocol-c Signal Protocol C Library.
I don’t know how much work it would take to code a libpurple pluging based on it but I think it would be more relevant and reliable in the long term.
Hello @Torrone, as you can see here and there, I have asked to Silence IM team and Purism team to discuss all together in order to link Silence SMS encryption protocol into Chatty (via libpurple).
I don’t know what will be the answer, if there is any, but I really hope it will be possible. The worst thing would be no discussion between them despite the huge opportunity here.
You have to ask yourself “is he doing good in this case?” though. However, you are correct, the subject definitely has to be assessed on a case by case basis.
I know it’s the hard time on purism .
But I disagree purism open a back to anorid. I think almost all on batch AnB donot mind of that because they add those on option. We just write a easier wiki to help them install for themself at this moment. Until we solve at this time before batch C. Hope it give a good news. Side story I read news from ARK compiler that’s released by huawei. Huawei adrealy broke down anorid system. Therefore huawei released ARKcompiler to open source . And also released M30 smartphone to Europe ban anorid system. And then let 3rd party lzplay lzplay.de to install full of anorid apps amazing great.
I feel some pin-gug{(from Goo or pine) is in our forums to post negative news and push us release more information. Especially on code . Purism do so hard work .,they just paste it . That’s not fair. Why? Purism is very small. Do this like a baby on the market. It won’t play political.
Today, Silence has nothing to do do with Signal.
It’s a pure SMS app for android. It doesn’t help for the Librem 5, Silence use Signal crypto library, the rest is android app.
The Silence dev has not enough time to maintained the android app.
Today nobody is working on a libpurple intergration.
Let’s put it rather differently.
Chatty is an official message centrre for L5, and it is backed by libpurple. By default it (L5) is shipped with sms and xmpp plugins. xmpp plugin in addition has omemo plugin (which is using Signal’s cryptography concept - double ratchet algo) but sms is just plain old sms.
So OP is asking to empower SMS by the same double ratchet algo encryption in the same way as Silence on android.
Yes of course. I understand that. I just don’t understand why you would want that capability when today offers much better communication capabilities.
Why, for example, if you are using Android, you would prefer Silence over Signal? The sub question being why you would prefer a Silence port versus full up Signal?
For simple reason, i don’t use signal. as well as telegram, wahtsup, whatsdown, whatsnot… i use xmpp. period.
But - sometimes internet is not available so it’s nice to have encrypted offline alternative. although doing kex over sms is going to drain mobile credit dry unless one has unlimited sms subscription
And same as one can communicate with users on different platforms using one protocol.
SMS is just a transport, same as xmpp is a protocol to transport omemo payloads. If you encrypted your message on one xmpp client you’d expect it to be decrypted properly on the other (hence XEP standartisation). Same if you sent encrypted sms from android it should be possible to decrypt it on librem.
In addition to what @ruff said, in many countries, SMS is a “free” (= unlimited included in the monthly fee) tool that is widely used by the population. Maybe you don’t feel it because in your country, it is technologically outdated in favour of messaging applications.
Signal encrypt you text content, then forward your message to their server, and sent it to your recipient. Nobody knows today if Signal has the ability to decrypt your message (their server part is closed-source). No one can say what they do with your unique phone number that’s supposed to identify you either.
Where Silence is very strong, it does exactly like Signal, but with the advantage that the content is unreadable on my operator’s server. I was able to verify it (the phone operator offered a service to register SMS in a webmail) : my recipient and I could read our messages in Silence, while my operator’s server displayed an unreadable encrypted message.
Some people, included me, use Signal or Telegram but don’t trust them. We use them because they are the only few alternatives to Whatsapp (and it is already difficult to convince someone to discuss with you with those alternatives). XMPP is the same problem : you have to chose a server that you don’t know. And if you want to setup your own, it is difficult to do it for a standard person like me.
I am a bit disappointed about this SMS aspect of the Librem 5 : they promote privacy and give you the ability to use SMS, but it is like they don’t want to use this open-source Text-Secure protocol to secure SMS while it is obvious that it needs to be secured.
It’s not about “they don’t want” - I’m pretty sure they do. It’s about resources and capacity. If silence implementation in C exists - someone (maybe even me at some time) will add it to libpurple (and thus to chatty). If it’s just in Java - it’s unlikely to be added any time soon.
Like ruff said, and because this really can’t be stated enough:
Purism is literally doing everything they can to push their social purpose. They are a small team working on very complicated projects. They need to prioritize.
You say SMS is a priority, but I believe internet based communication is far more useful. There are many people that may never even use cellular capabilities with the phone.
Signal really is the golden goose of the free software world. Financed for the indefinite future, and proof that free software can co-exist with proprietary software. I use rocket chat for my personal server with friends and family and thus never use signal’s voice or audio calling, but if I could self host signal without it being a real pita, I would prefer it. It has the mark of truly professional development and is better suited to informal communications. (RC is very professional as well, the RC team does amazing work. Signal and RC are complex projects, and RC is focused on team communication. RC also works as an effective cloud storage system.)
I believe, from everything I’ve read from Purism and from my own experience as a developer, that Purism really is doing all they can, within the financial constraints they have.
Myself for one. Last time i used SMS was like 15-20 years ago i think. Mostly because it blatantly insecure but also because it far from being realtime (that part might have improved, no idea).
Same for the calls, only spam from various surveys. So i always buy packages with internet, calls/sms is usually complementary service which i don’t use.
Could you give specifics? If you are referring to push notifications, that is of course platform specific and is obviously a non-starter for the Librem 5.
I don’t think so, here it says SMS is unsecured.
While here it says it actually mainly secure-sms application and is a fork from signal to re-enable sms encryption.
The only C library i found is from Richard Bayerle - which is the same person who developed OMEMO for libpurple. Is that what you’ve meant?