
Jami – FOSS, Distributed Instant Messenger - danskeren
https://jami.net/
======
spiraldancing
Here's a first-hand review. I posted this as a reply a minute ago, then
decided to make it a primary comment.

Wire has been my go-to communications app for 2-3 years now. Running it on a
Google-free phone, it has gradually become more buggy, and less reliable over
time, and sadly, still the best secure/encrypted app I could find.

Testing Jami. I tried Ring 8-10 months ago. Text worked, audio/video did not.

In the past few days, trying Jami, audio-only works very well - clear, crisp,
no lag - much better than Wire. Video was a bit buggy, but still decent.

Connectivity was an issue, calls froze, or got cut off a couple times.
Tentatively, it looked like switching from a local WiFi to phone ISP was at
least part of the problem.

Also, using the same account across multiple devices is a bit buggy. Contacts
established on one device are not available on the other.

All things considered, the basic quality of the connection is very good,
better than Wire, maybe better than Skype. Reliability of the connection, and
the various 2ndary features that people take for granted, still need work.

~~~
cheez
How have you built a Google-free (and presumably Apple-free) phone?

~~~
KAMSPioneer
Not GP, but I assume he doesn't mean a phone with /nothing/ Google on it, but
more likely that the phone connects to no Google services and lacks Google
Play Services. I do something like this by running AOSP on a Pixel device,
which makes my choices of apps that work...less numerous. I'll have to give
Jami a try, based on GP's good experience.

~~~
floatboth
AOSP derived ROMs without gapps are pretty much "nothing Google". Unless you
count AOSP itself as "Google", which it kind of is I guess, but it's not
Google _proprietary_.

------
vallode
My pessimistic side is really just thinking Yet Another Instant Messaging
Service.

I never understood what the benefit here was, you'll never convert the
majority of your friends/connections to use these niche messaging services and
so you will inevitably end up having to install one of the major ones
(WhatsApp, Messenger, et al) at which point you lose any benefits of
anonymity, right?

How do you fight this? Do you simply cut off people who won't swap to these
services or maintain contact via other means?

~~~
nh2
That's a good question (and the downvotes are unjustified), but

> you'll never convert the majority of your friends/connections to use these
> niche messaging services

isn't true -- it's certainly possible, if you are pushy and refuse other apps.

I pushed most of my close contacts to use Signal and now they use that (among
other tools).

Unfortunately Signal is not very good, because it's not very reliable (calls
fail ~40% of the time, sometimes messages don't arrive) and the engineering
practices lack (almost no tests, no CI, "bug bankruptcy" closing of all issues
on the bugtracker) so I don't have high hopes for reliability to improve.

This made it harder to convert people, but it worked nevertheless.

~~~
vallode
Interesting! I might want to try and preach some app to my friends to get them
all to go in to. Thanks for the anecdote!

------
jamesponddotco
Been using Wire for team communication for while instead of things like Slack
and Skype, really like it, but I wanted to try Jami instead as I got
interested in the project.

It works beautifully for me on iOS when using just for personal stuff, but it
seems they do not support group chats right now, which is a block for team
communication.

Does seems like they are working on it, tho:
[https://git.jami.net/savoirfairelinux/ring-
project/wikis/Gro...](https://git.jami.net/savoirfairelinux/ring-
project/wikis/Group-chat-feature-\(design-draft\))

Being an official GNU project with EFF backing it makes it quite interesting.
Definitely worth keeping an eye on it.

------
nh2
Found the list of things that work and don't work yet:

[https://git.jami.net/savoirfairelinux/ring-
project/wikis/fea...](https://git.jami.net/savoirfairelinux/ring-
project/wikis/features/All-features-by-client)

Looks like the traditionally hard ones "Group chat" and "Chat history shared
across devices" are still in the making.

I wish best success; I find that a reliable, safe, featureful, cross-platform,
high-quality instant messenger is very much needed.

------
gigatexal
I know it's FOSS -- but is there an independent reviewer or body that confirms
such a service does not spy on its users and that the code is clean -- a
service that would save me the time in having to read through all the C-code?

~~~
mathieubordere
Such a service would need to review every source code update for a whole bunch
of projects, which seems like an enormous amount of work. My best guess is
that such a service does not exist.

~~~
gigatexal
I’d support one that did.

~~~
abstrct
Agreed. That's my biggest concern with any product that promises security and
privacy. They're great features to put on a product that offers neither.

I feel like funding would be easy, but who would you trust being behind such
an initiative though?

~~~
gigatexal
A loosely coupled set of highly trusted and capable security engineers who
formed a group to audit such things that upon successful audit could place
their seal of approval on a version I would support with a subscription in no
time.

A large group of individuals would guard against any one or a majority being
compromised by bribes or otherwise. Not entirely make such fraud impossible
just less likely.

I see this similar to the Jepsen set of tests for a given database. A similar
code test would be nice. But tough since patches and things would nullify the
approval. Some tweaking to the idea would be nice but in general it’s almost a
never adopt for me for security focused products because I don’t know if I can
trust the creators. Why would I? I don’t have anything to go on.

~~~
draik
There is another problem with that. Who will review the reviewers?

Can we be 100% certain that no one can buy such an approval from the reviewers
and so on.. That is sad :| P.S. I'm probably just paranoic.

~~~
gigatexal
It has to begin with people that hat are above reproach. I’d submit the
openBSD folks.

------
boudin
This app was previsouly known as Ring

[https://jami.net/ring-becomes-jami/](https://jami.net/ring-becomes-jami/)

~~~
correct_horse
And the logo is the same now as it was then.

------
jessedhillon
I'm just replying to the demo animation showing on the front page:

\- the user gets a notification from Bárbara, and taps it, then

\- the tap triggers Jami to open to the list of all contacts, presented in
some order that apparently is not by recency of communication, because

\- the user scrolls through the list down to Bárbara, who is below the fold,
and whose list entry shows no obvious indication of unread messages

\- the user taps Bárbara's entry and goes to the chat pane

\- then, the user clicks the phone button to call Bárbara, which is beside a
camera icon

\- yet the next screen looks like a video call

My take: a person would have to value privacy and openness of source very
highly to put up with this unobvious UI. It doesn't seem like it should be
necessary to have to trade-off security guarantees for good design in theory,
but in practice it frequently seems like that's the choice given.

------
rv-de
now I use:

\- Telegram

\- Signal

\- Threema

\- Wire

\- Matrix

\- Keybase

\- SMS

\- email

\- and ... Jami

I avoid anything from Facebook like the plague and never try to push people
towards using any of my odd messengers. I actually avoid discussing this as it
will have me labelled a missionary and just naturally fall back on SMS and
email.

the price is being forgotten every now and then and missing out on some
events. I don't like that but I consider it as a part of slowing down social
interactions and subjecting those to some natural selection. I believe that
has some healthy benefits on its own.

------
lame-robot-hoax
Why would I switch from Signal to this?

~~~
olah_1
Jami uses no centralized servers at all. Even for identity management they use
a blockchain.

You have to trust Signal.

~~~
gingabriska
I thought blockchain doesn't solve trust issues, you still need to trust the
developers of the blockchain.

~~~
ronsor
You have to trust any code you didn't write yourself, even if it's just the
compiler and OS.

------
nh2
Is their Gitlab broken? For me all relevant subrepos are "Not found".

Clicking "Features -> Gitlab -> jami-project", which brings me to
[https://git.jami.net/savoirfairelinux/ring-
project](https://git.jami.net/savoirfairelinux/ring-project), and clicking:

* client-gnome => "Not found" * client-android => "Not found"

That is e.g. [https://review.jami.net/ring-client-
gnome](https://review.jami.net/ring-client-gnome) which shows "Not found".

~~~
danskeren
You can find working links to the client repos here:
[https://git.jami.net/savoirfairelinux](https://git.jami.net/savoirfairelinux)

------
aitchnyu
Their landing page loads 2M in 42 requests and uses Google fonts and two other
CDNs. That's so un-GNU. Guile landing page loads 902 K in 26 requests.

~~~
jancsika
Oops, that was from a forum bot I wrote while learning Guile LISP. I
accidentally posted it here on HN.

Sorry for the noise.

------
upofadown
The tile is a bit misleading. This is primarily an internet phone app. The
instant messaging is incidental to that. It evolved from a SIP phone program.

------
snvzz
So, it's yet another tox.chat clone with less maturity.

edit: Does this thing even end-to-end encrypt? That's the basics.

------
martin_a
Instant Messengers feel pretty much like this now:
[https://xkcd.com/927/](https://xkcd.com/927/)

So, we got WhatsApp, FB Messenger, Threema, Signal, Telegram, Riot/Matrix,
Jabber/XMPP, maybe Slack or even Skype and now Jami.

I'm _so_ looking forward to another messenger and trying to onboard
users/friends to that, because _this_ now is the final solution to all our IM
problems.

~~~
hjek
You forgot IRC :-)

Pidgin has extensions[0] available for all of those except for Jami. One
messenger app to rule them all.

[0]:
[https://developer.pidgin.im/wiki/ThirdPartyPlugins](https://developer.pidgin.im/wiki/ThirdPartyPlugins)

~~~
Y_Y
Do they actually work though?

------
pmlnr
Fails to login with SIP accounts of eg sipgate, but works a linphone account.
Regularly crashes on desktop.

I came back trying gnu ring every couple of months only to realize nothing
changed.

I wish ekiga got revisited instead.

------
akerl_
How does Jami handle key exchange and message authentication?

------
atemerev
I don’t see “end-to-end encryption” among advertised features. Is it true, or
encryption is implied these days?

~~~
lame-robot-hoax
“Benefit from encrypted and secure text messaging, without any central server,
utilizing a distributed network.”

------
akvadrako
Any first hand experience reports?

~~~
onli
I tried it out a while ago when it was still Ring. It did not work, and that
wasn't as advertised. The linux client had dependencies making it impossible
to run on a non-mainstream linux distro, the android client could not reliable
add other users (we were in the same room) and after it worked, it could not
reliably send and receive messages. Often needed restarts to receive messages.
Voice and video did only work for seconds.

Would be interested to know whether it works better now.

