Hacker News new | past | comments | ask | show | jobs | submit login

Right now I'm not really bothered about end-to-end encryption. If a government wants to track me, they will find a way. I'm more concerned about Facebook/Google/Microsoft/Apple tracking me, reading my private conversations, and selling my data to the highest bidder. I'd like an open source, decentralised messaging platform, that has good mobile apps.

Are suggestions?




"If a government wants to track me, they will find a way."

So just hand the data right to them?

"I'm more concerned about Facebook/Google/Microsoft/Apple tracking me, reading my private conversations, and selling my data to the highest bidder."

End-to-end encryption is the only solution to that problem. Open source software and decentralization is nice and all but to become a mobile app it'll have to be compiled and run on a closed platform and will almost certainly use APIs of that platform.


That's potentially a valid concern, but this attitude is why most people just use Messenger, iMessage, and WhatsApp etc.

I don't want something that is perfectly secure, I want something I can run on servers I control, so that every message I send doesn't go through, and be stored on, servers controlled by the big four.

TOX is a great example, as all the services like this try too hard to be perfectly secure, rather than trying to be user friendly. Most people just want something that lets them easily message their friends, and are willing to sacrifice privacy (quite possibly because they are oblivious to it) to have that.

Even OTR + ICQ/AOL/MSN Messenger were better than what we have now in terms of security and privacy, but people gave those up for simplicity.


-- "Open source software and decentralization is nice and all but to become a mobile app it'll have to be compiled and run on a closed platform and will almost certainly use APIs of that platform." --

That's not necessarily true. End to end encryption doesn't need to be a compiled mobile app or send messages over a closed platform.

We built a decentralized, open source, freely distributable, browser-based Twitter client utilizing end-to-end encryption at www.seecret.io specifically to address that.


I know this is a lofty goal... We need an open mobile platform.

Presently, mobile devices aren't (effective) general purpose computers. That must change.


riot.im [1] (which is based on matrix.org) seems a good, decentralized, open messaging app. They have relatively nice mobile apps and they promise to soon release end-to-end encryption based on the OLM [2] ratchet which is similar to the Signal encryption. In contrast to Tox, Matrix relies on federated servers. Tox is pure P2P which, in my experience, never works very well on mobile devices.

[1] https://riot.im/ [2] https://matrix.org/docs/spec/olm.html


> Tox is pure P2P which, in my experience, never works very well on mobile devices.

That's (UX) my biggest concern, honestly. UX is just too important, and it's becoming an increasingly fast moving bar. Simple things like hitting up arrow to edit your message, to more complex things like stickers and gifs, these are (unfortunately) requirements for me in my peer circles.

They sound silly, i know, but Telegram has (mostly) a great UX, and for such an important tool i can't currently give up features.. let alone convince my friends to likewise give up features.

(Fwiw, i love Matrix in design)


I totally agree. My hope is that because Matrix has an open protocol, there will be more competition in the client space which will lead (eventually) to good UX.


We (ZeroTier) do P2P on mobile just fine. I just randomly pinged my phone over a virtual network to check.

Granted it depends on how chatty a P2P system is and how much it depends on intermediate nodes for network assist. Ours is pretty idle when nothing is happening, so it doesn't impact battery life or bandwidth quotas very much.

The best design for a P2P network with more involved nodes would probably be to allow nodes to elect their level of availability to perform network assistance roles. Another alternative would be to build a network with two kinds of nodes: 'large' and 'small.' Large nodes could assist small ones.

It's a solvable problem. To some extent "you can't do P2P on mobile" is a dated idea that came from the era when phones were pretty tiny CPU and RAM wise, networks were slower, mobile OSes were more restrictive to background processes, and the battery cost of things like CPU and network I/O was higher. All these things have improved dramatically in recent (past 1-2 years) phone models. The iPhone 7 and the latest Samsung phones have near-desktop-class processors and radios have become more power efficient.

You do have to do a few things differently. One thing we do is to temporally group / quantize background I/O. Instead of sending packets whenever we feel like it, we do it in longer spaced batches when the network is otherwise idle. This saves a lot of battery power by causing the radio to only wake from sleep once for a batch of routine network traffic instead of waking constantly.


Thanks, that looks like it is what I'm after! I saw Matrix a few months ago but didn't realise there were mobile apps. Now time to get my friends on board...


I second that, so far so good. And the federation is cherry on top.


> If a government wants to track me, they will find a way

Things like OTR: https://en.wikipedia.org/wiki/Off-the-Record_Messaging Actually stops these people though, and is even labelled in some of the Snowden Files as being "Catastrophic" to their efforts. But you are right, if they can't get chat on you they can just target you inside the Internet and send a malware payload disguised as an update to your browser.


For high value targets yes, they can't really be safe but for avoiding mass surveillance it's good.


Maybe https://wire.com/ could allow decentralization someday?


Do you (or does anyone) know if the wire protocol is open source as well? I see from their website that some of the apps are...but not sure of the protocol...? Because if so, then "someone" could technically retrofit it to "allow decentralization someday".



Thanks!


That's from wire terms of usage: http://dump.bitcheese.net/images/nexikud/wire.jpg


Citations, please! I haven't heard that decentalization is a goal of theirs.



I think your distinction between gov't tracking and corporate tracking is misguided.

Tech that provably prevents one will provably prevent the other.


Look at cloudmask.com




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: