I understand that it may be problematic sometimes but this was very smooth. I didn’t even say anything.
A: what’s your number for the whatsapp group Me: I don’t have whatsapp because of facebook. B: ok, we have to use signal then A: ok
And that was it. Life can be very easy sometimes
Surprised that happened. Very rare to see that these days.
There may have been discussions around it beforehand. I didn’t ask why it went so smooth.
What you didn’t realize is that your value to the company is way more than you realized.
Often times people have resolved all the rational arguments to act on a decision but lack on an emotional excuse to figuratively pull the trigger. I’d bet on someone high up had already made up their mind and you not using WhatsApp was the perfect excuse to just have the whole team finally migrate.
Maybe OP works on infosec and the team was like yeah, makes sense?
Let’s say I work in an IT area (but not infosec)
Should have used Matrix
Not great
For a team of 20 people matrix is way overkill imo
I once setup a entire matrix server for my school club that comprised of 4 people because one of our members couldn’t use discord lol
XMPP on the other hand…
There would be room for expansion. What about an IRC then?
Depends. Since this is seen as an out-of-band coms option for work, there is a good chance you will want encryption for only folks in the room either for accidental company secrets leaked or to shit talk folks outside the room. IRC, the best you get is TLS.
deleted by creator
I’m going to join OP’s company next and say I can’t use signal because phone companies. Then they’ll upgrade to Wire or Matrix
No, Matrix isn’t the best in terms of privacy. It is a metadata disaster and most other platform are a lot more performant.
Matrix’s E2EE does not, however, encrypt everything. The following information is not encrypted: Message senders, Session/device IDs, Message timestamps, Room members (join/leave/invite events), Message edit events, Message reactions, Read receipts, Nicknames, Profile pictures
Matrix is developed by a for profit entity, a group of venture capitalists and having a spec doesn’t mean everything. The way Matrix is designed is to force into jumping through hoops and kind of draw all attention to Matrix itself instead of the end result.
XMPP is the true and the OG federated and truly open solution that is very extensible. XMPP is tested, reliable, secure and above all a truly open standard and decentralized it just lacks some investment in better mobile clients.
What most fail to see is that XMPP is the only solution that treats messaging and video like email: just provide an address and the servers and clients will cooperate with each other in order to maintain a conversation. Everything else is just an attempt at yet another vendor lock-in.
People need to get this through their heads, XMPP is the only solution for their problems.
People need to get this through their heads, XMPP is the only solution for their problems.
On the contrary, you need to understand that your own needs and priorities do not match everyone else’s, and that XMPP is not a good fit for every use case.
(Your rant was amusing, though. I hadn’t seen one like that in a couple weeks.)
While I agree with your point just tell me what Matrix does better? It’s better at being overly complicated? Or at being more propriety?
Convinces clueless FOSS communities to move off IRC. Onto a unusable protocol designed around netsplits they never cared about, yes, but it’s n o v e l!
Nobody owes you their time or their patience. If you want help understanding something, I suggest you tone down the fearmongering, manipulative, adversarial comments. If you’re just looking for a fight, kindly go elsewhere.
Omemo sucks
XMPP is great but it’s dead.
It is as dead as we want. There’s no reason to reinvent the wheel, probably the only thing that XMPP lacks is a bunch of money into a very good, cross-platform (but native) client like Telegram has that actually works 100% of the time and a bunch of large scale public servers to handle regular users who don’t want to host their own. Also… easy registrations and setup on said client.
For a regular user and most privacy aware people, they just don’t care if the protocol is Matrix, Signal or XMPP - they just want a good end user experience and a solid thing, that’s what XMPP lacks today and it’s all client side.
Bottom line is: XMPP as a protocol is great, lacks someone with vision and money to drive it into mass adoption.
Does XMPP support voice/video calls?
I’m pretty sure an encrypted chat platform is possible with ActivityPub. In fact, sup is an instant messenger that will be encrypted and federated using the ActivityPub protocol. It’s being made by dansup, the creator of PixelFed.
XMPP isn’t any better in terms of metadata. OMEMO is an afterthought that slaps on to XMPP. Many metadata are still attached to the message. The threat model only protects the content and doesn’t guard aginst metadata and traffic analysis. Even OMEMO extension is still in experimental status. Not to mention, users still need to signup an account using their email.
Honestly, I think SimpleX is better in everyway. No account required, minimal metadata (at least from the technical whitepaper and other sources I read), fully open source (AGPLv3), an ok mobile and desktop client, and audited. The register friction is almost non existance. You just need to install, set a name, and off you go. The only worry I have with them is they took VC funds.
ADD: XMPP is still better for company internal communication, especially when compliances require conversation archiving.
I think SimpleX is better in everyway.
A few SimpleX shortcomings beyond what you noted, in no particular order:
- No multi-device support.
- Adding contacts requires sharing somewhat large links (as either text or QR code) which can be inconvenient.
- Messages are lost if not retrieved soon after they’re sent. (I think it’s 21 days by default. I’ve had vacations longer than that.)
- No group calls.
- Group messaging is full-mesh, meaning that as a group grows, the network traffic will balloon faster than it would with any other topology. This is generally bad for high-traffic groups, but it might be okay if they stay small or everyone always has great unmetered connectivity.
- The claim to not have user IDs is misleading at best, and outright false in group chats.
- The desktop app uses Java, which will be unappealing to more than a few people. (To be fair, several other messengers use Electron, which is also unappealing to more than a few.)
It does have some neat design ideas. I don’t consider it ready for general use, but I look forward to seeing how it develops.
agree with your general sentiment. I’ve actually been using it and its very rough around the edges, in addition to being “slow” feeling overall, and I’m just testing it out between one other person and myself on other devices. it’s not something I can recommend to anyone yet, but definitely keeping my eye on it.
XMPP is way more open and interoperable than all the solutions available, it works like email any user can can talk to any other and doesn’t depend on a some proprietary / closed service centrally owned by anyone. That’s a good selling point.
XMPP doesn’t really force users to sign up with email address, it just happens that XMPP addresses use the same format, many public servers will give you an address like [email protected] that is never mapped to a real email address and only works for XMPP. The decision to actually ask people for their real addresses is up to who owns the server and won’t be directly exposed on the XMPP network.
They only realized that when he said that? What a weird infosec team. I guess they also could use SimpleX if they wanted the most secure, private and anonymous option, but I think Signal is pretty well balanced as a messenger. Good privacy and usability.
I think you’re over estimating people who works in infosec. All the people I know that work in infosec in corporations are just regular windows support people assigned to keep the security updates on day.
I wish my family was that easy to change, and there are only five of us.
If only everyone was like that…
For people wondering how to do this in your own lives, have two phones. Have a phone that you install work stuff on, including proprietary apps like WhatsApp. Just tell the people around you hey you can contact me on WhatsApp, but I only see it when I’m at my desk during business hours. I do use more privacy focused platforms on my personal device that you can reach me anytime, such a signal or simple x or matrix. And you’ll find a lot of people are very flexible as long as you give them some reason, and you’re not being unreasonable yourself.
There is an app on f-droid called “shelter” that gives you access to Android Work Profiles. This is a sandboxed area of your phone that makes it function like a second phone. You can install apps that are only accessible from within that sandbox. You can install a second, sandboxed copy of an app. You can shut down all your sandboxed apps simultaneously.
I have a bunch of bullshit, garbage apps I very rarely use installed in my sandboxed “work” profile (Facebook, restaurant apps, and some other assorted trash apps) so they won’t harass me at random.
Shelter is great, and work profiles are an amazing tool to have.
My intention with having two phones, one always at your desk for work items, is to set coworkers expectations that your not available on corporate systems 24/7. If they want to reach you outside of business hours, they will need to use better platforms. This demonstrates your being reasonable and using Whatsapp (or whatever) to be on the main platforms, but you have a real motivation to use the better platforms (like signal, etc)
Good recommendation!
Having two phones absolutely sucks. Didn’t work for me at all.
Have you tried embracing the dope boy chic?
I disagree. I absolutely love the fact that I can just turn it off after office hours and throw it in a corner during holidays and weekends. Sure, it’s a bit cumbersome to take two phones with you, but it’s also cumbersome to take the laptop and everything with you all the time. Just put it in the same bag and you’re good. Good to note, my employer provides me with a phone, so I didn’t need to buy a second one. It also means that if I switch jobs, I just return the phone and still have my personal device.
But if it doesn’t work for you, by all means, don’t do it. For me the good outweighs the bad.
I have a second sim card for my phone. I just turn off that sim when I’m not working, and set my status as away for group chat.
In this context, there isn’t any tangible benefit to having a second phone.
It’s only a minor hassle, lots of people manage it easily
Lots of people do lots of things.
Why would a workplace need a group chat? Aren’t there any enterprise tools in place to achieve that?
Emergency team chat when there is a outage of corporate systems
Chat for social work stuff like team building or off-site gatherings.
Being about to shit talk about corporate stuff off the reservation is nice.
It can be a big sms group chat, signal, discord, whatever your team likes.
…to which for privacy reasons your team shouldn’t like SMS, Discord, Telegram, Slack, and probably even Signal (somewhat for privacy, & more for accessibility)
What do you recommend?
XMPP. A business can self-host, there are public servers, or there are many businesses which offer customised xmpp hosting as a service.
I can be federated with other xmpp servers or be a locked-down work-only service, or federate with chosen other servers (such as a client company’s xmpp servers).
The main problem is, you need to have someone good enough to setup a proper firewall when selfhosting.
Sure, it might not take $$$$, but it will take $, which is definitely more than nothing.
Snikket exists for this type of user. If money is an issue, since XMPP is actually lightweight unlike Matrix, you can host multiple things even on the cheapest VPSs so it isn’t dedicated to one taskl or self-host out of your home (which is what I do, but also with some small sites, a feed aggregator, Mumble, terminal sharing, Darcs/Pijul version control systems, & Nix remote builder).
Skill issue, not money issue.
But when you are a business, everything can be converted into a money issue.
If that’s the main problem then that’s easy to solve! Simply use a free public xmpp server.
I mention the self- and paid-hosting options because businesses tend to like having a sevice agreement backed by a contract, and may have additional specialised requirements not provided by free services (xmpp or otherwise).
Cannot access work intranet (Teams etc.) from personal phones. Don’t have work phones. They all use WhatsApp so reluctantly, so do I.
I would never join a group chat like that. If they need to get ahold if me after hours, they can call me.
BTW Teams doesn’t live on Intranet. There’s no reason they wouldn’t be able to open up Teams to BYOD beyond incompetence.
Really depends a lot on the groupchat. I was apprehensive but it’s quiet there and overall the things that get sent there are either in office hours (e.g. “internet might be out intermittently we are working on a fix”) to links to pay for something someone paid for outside of work like food or drinks.
I don’t mind it that way, maybe once a week a couple messages
That requires a business login on your personal device, which is typically against company policy.
Although, so should be sharing work info outside of corporate channels, so what do I know.
I know Teams doesn’t live on the intranet, but I’m not going to put work software on my own phone. Policy needs it to set up a work profile and I then can’t use fingerprint, face or a 4 digit pin. And all the shite that flows through Teams would be be piling up, just like it does on the PC at work, brilliant when you’re only in a couple of days a week. They want me to use a phone? Provide one.
The WhatsApp group is for us to send updates about traffic, if someone can cover a shift etc. it’s not an official work thing. I could of course not use it and just text people. That’s really just making my life difficult whilst sat up here on my high horse with a self righteous look on my face, whilst I miss the chance of an extra shift.
Denying putting work stuff on your phone is absolutely valid. The company should provide a company device in that case. And if you do agree to put company data on your phone, they should give a monthly stipend towards your phone bill. That’s how every org I’ve worked at has approached it.
In these companies, does anyone check the licenses in details to make sure using them is ok for the company?
Meta will get at least the metadata: meaning they will record who was in which call connecting from where.
For example, if one member is visiting a client, Meta may be able to infer the relation between the 2 companies.
If any of the people in the room click “report”, then the discussion is sent for review without the encryption protection
I’m pretty sure their user agreement translates to “you agree to let us do whatever the f*ck we want with the data you’re purposely disclosing to us”.
And last but not least: if Meta decides to wipe the archives, any info get lost?
There a reasons large companies ban unauthorized apps to talk about work.
Like I said, it’s for us to talk about shifts and what have you.
I used to work for a small PPI claims management company. Our accounts team had a WhatsApp group for social discussion outside of work.
All of our internal work comms were handled through Slack.
Small companies and startups like to save money
At first from the title it seemed like they changed app to avoid you
yeah, some title gore going on here.
That’s exactly what I thought as well from reading the headline. It definitely could have been worded better.
I wouldn’t be surprised if that’s how it plans out.
A regular group chat and another signal one for when you specifically need to talk to OP.
yeah, that was funny. Creating a group without OP wasn’t enough, they had to change apps lol
Probably they were on the edge already, but it’s good that they have made the switch
Before Signal made the boneheaded move of removing SMS support, it was so much easier for me to pitch the idea of using Signal to my friends and family, most of which eventually did make the shift from SMS to Signal messages for reasons like ease of use when it came to group chats, sending images/videos, voice clips, etc.
But now? Now it’s one of those embarrassing moments where I hear back from people basically all saying "your tech recommendations are usually on point but uh, what happened with Signal???" because the app just abruptly stopped supporting SMS and ruined the seamless appeal. SMS support was the perfect way to ease people into shifting towards Signal messages and now the only damn people I know who still know Signal are my most privacy-minded friends/family, while everyone else has switched back to WhatsApp.
Clearly I’m not bitter…😅 But I mean like, come on. I had the most notorious luddites in my social circle make the switch to Signal and they loved it. The shift from SMS to Signal messages was so smooth so many of them didn’t even have that "I miss [SMS stuff]", plus they LOVED that Signal could be used on their laptops in addition to their phones. Ahhhhhhhhhhhhhhhhhh this annoys me so much.
What were you using SMS for?
SMS is still the dominant message format in some countries
Doesn’t every phone have an SMS app? What’s the benefit of having SMS in signal?
Not having to guess which app has the person you’d like to contact.
The benefit is that Signal displaces the default sms app and is also Signal. Rather than having to jump between 2 apps.
Well, they partly took that “feature” away because people thought they were sending encrypted SMS messages which is not true. False sense of security.
They just took the secure high road and ditched SMS. It also made the app leaner with a smaller attack surface.
I think they did the right decision. Signal is the secure choice for the masses.
Having said that, I’m using Molly-Foss as it has less footprints, no Google messaging framework, leaner than Signal, with no crypto payment, and an encrypted database at rest.
the core benefit was in adoption. it was easy to get parents, for example, saying that they jist have to bother with one app for all of their messaging.
the minute they have to contend with sms and signal, they don’t mind adding whatsapp in the mix as well.
I mean, if the main draw-card is convenience, then signal isn’t going to have much holding power (especially when combined with the network affect problem and attentions grabbing design of other message apps).
Signal will only really succeed if there is a critical mass of people in your circles who care about security to some degree (it works well for me for this reason).
Conversely, they do mind having multiple apps and only send sms
Sms is also not secure, kinda not what signal is…
Signal started out as textsecure, an sms/mms app that encrypted your text messages. It quietly started sending messages over its server at one point after an update, but before that sms is what it was about.
That’s interesting, I was always under the impression they were moving away from sms because they wanted a more secure client.
But you are already on Signal.
Also I live in a country where SMS is very common
Why did they remove SMS support?
Think it was related to the messages being insecure and signal didn’t want people to be confused.
If your using signal your messages should be secure. SMS messages aren’t secure. It may have been clear to you when Signal send an sms or an encrypted message, but they need to cater to everyone.
That just feels like shooting themselves in the foot. Just inform the user SMS isn’t secure. That’s it.
Not being willing to trust the user with the information so they can make a choice is asinine. It’s the same reason why I stopped using Tuta. Complete privacy and security are great but if there’s no option to make things a little more open for the sake of convenience or interconnectivity, I’m just not interested.
Security and privacy shouldn’t be a prison.
You can’t target UX to the average person. It won’t work for most people. You need to target those that struggle with technology the most to make it accessible.
Signals main unique selling point is its security, not its ease of use. If people fall into useing signal in a insecure way, it can be hard to say signal is a secure messaging app. As many people may be using it insecurely.
https://www.howtogeek.com/787957/why-sms-needs-to-die/
SMS is bad, and on the way out. Besides that, I barely noticed when Signal stopped allowing SMS.
I guess in some circles it matters, but seems like most people use messengers nowadays.
Bad? Yes, on the way out? Maybe(mostly gone outside the US), but it’s really slow here in older less tech savvy demographics.
Which is a BS argument because the app was VERY clear about it
I think you underestimate how oblivious many users are when it comes to using software.
Honestly that was the initial appeal. Grandma didn’t notice or care that the old SMS app was hidden & just thought there was an update. That ignorance meant she was talking in an encrypted fashion where possible even if accidentally. And since you will need a SMS app anyhow for OTP & other one-off notifications, might as well have it all in one spot. The fact it is different is probably more confusing to some users.
And without that appeal, the missing server code history, the US government funding, centralized service, the requirement of a SIM card (which many places now require ID to get so they can register you in a database), as well as the requirement of bowing to the mobile duopoly (can’t use the service if you have a KaiOS, Linux, or other phone—or without a phone), I don’t know there is much of an appeal. In hindsight, I wish I hadn’t gotten my family on it since I would love to ditch Android.
I guess what I want now is a client for both protocols that works like the old app. That would cater to me - I don’t remember which person is on which app so I keep ending up on SMS because it has everyone.
Yup
They expected to get a marginal number of additional users from vendor lock-in of existing Signal users
I totally agree. And to make matters worse, one of their arguments was that supporting SMS was taking resources away from developing other features. But what mind blowing features have come out since they dropped SMS? Usernames, I guess, which they were working on anyway. New app icons…
Heck yeah! I got a small work group to use Element instead of slack or discord once. I was so proud of them. Kudos for you.
Now tell them you just switched to matrix and see if they’ll follow
deleted by creator
Its a joke if that wasn’t obvious.
Matrix can be pretty unstable at times
I like Mattermost but it isn’t federated
I don’t have to. Matrix is coming anyway. It’s not an if but a when.
For official (internal) company communication though I will advertise matrix instead of signal. I’ll report back once I’ve talked to the right people about it.
Nice
@GravitySpoiled I love this, I had a very similar situation with my sports group, litte questions asked as well! Best thing was the reaction from the leader “I you are kind of right anyways, we should get rid of WhatsApp.”
Problems only appeared later down the line with people complaining that they don’t get notifications and it’s not a habit for them to check it, so they don’t see new messages.This headline sounds a lot funnier if you assume “it” means Signal, like I did.
Fuck this one guy in particular.
What’s wrong with Signal: https://github.com/dessalines/essays/blob/main/why_not_signal.md
TLDR: Funded by the CIA, centralized in the US and phone numbers make you personally identifiable.
Isn’t that the guy who invented Lemmy? Reminds me of TG’s founder doing the same.
I’m assuming OP didn’t just accept a position with the fucking Hezbollah, so Signal probably fits his usecase
It’ll be fine. If the fucking CIA wanted OP to spill the beans they’ll just send an agent with a wrench directly to OP’s kneecaps.
Yeah if you have nothing to hide, what is the problem with spying?!
Why don’t you use WhatsApp?
Meta owns it, and meta is one of the large, evil tech corps.
They are probably the easiest one for most people from English-speaking countries to cut from their lives.
Because it’s proprietary garbage. If there are FOSS alternatives, I’m most definitely going to use them instead of proprietary software, let alone proprietary software by companies like Meta. And since there are plenty of those alternatives: No WhatsApp for me.
I work in cyber security and this is dogshit.
Most of it debunked thanks to the EU also.
Well, WhatsApp is owned by Facebook. They are a large player, so they are under a bunch of scrutiny.
But at the end of the day, WhatsApp clearly states it takes all this information. They only claim to keep your messages end-to-end encrypted.
I wonder if this applies to text messages only, or to things like voice memos, images/videos, gifs, etc. as well.
WhatsApp doesn’t let you send documents if you don’t give it full access to your files. Sure, maybe they pinky-promise don’t do anything but this is Facebook we’re talking about.
The same caveat goes for photos and videos - you can’t even send a photo if you don’t give it the camera permission and gallery access, something it clearly doesn’t need just to send a single picture.
Additionally, WhatsApp loads previews of websites. Sure, on the privacy violations list that’s pretty low-priority but I’d still like to not have a link contacted before I can take my 3 seconds to look at it and decide wether it’s worth clicking. Especially since a lot of my contacts send obvious scams (“send this message to 10 contacts for a chance to win a free iPhone” type bullshit mostly).
Revoking WhatsApp’s contacts permission will not show peoples’ nicknames - it will only ahow numbers. Yet you have to give yourself a nickname on WhatsApp, so they clearly have some interest in your contacts. Otherwise they wouldn’t block it outright when it’s an already implemented feature to show nicknames for numbers not in the contact list.
All quite suspicious if you ask me. Although I don’t work in cyber security so it’s clearly just incoherent rambing from me.
You must be lost
Nope just well informed and educated, not a shrieking pearl clutcher “cUz fAsEbuK”
Lol
Sure and then Santa gave everyone free librebooted thinkpads.
