XMPP is an example of a federated protocol that advertises itself as a “living standard.” Despite its capacity for protocol “extensions,” however, it’s undeniable that XMPP still largely resembles a synchronous protocol with limited support for rich media, which can’t realistically be deployed on mobile devices. If XMPP is so extensible, why haven’t those extensions quickly brought it up to speed with the modern world?
Like any federated protocol, extensions don’t mean much unless everyone applies them, and that’s an almost impossible task in a truly federated landscape. What we have instead is a complicated morass of XEPs that aren’t consistently applied anywhere. The implications of that are severe, because someone’s choice to use an XMPP client or server that doesn’t support video or some other arbitrary feature doesn’t only affect them, it affects everyone who tries to communicate with them. It creates a climate of uncertainty, never knowing whether things will work or not. In the consumer space, fractured client support is often worse than no client support at all, because consistency is incredibly important for creating a compelling user experience.
> addressing with user-owned identifiers like phone numbers
Phone numbers are owned by telecoms, not users. Sometimes they're transferable between telecoms, but not always. I, in particular travel internationally often and do not maintain phone service in the same country continuously. I've had to change phone numbers with Signal and Whatsapp a couple times now and have not found it to be a particularly friendly experience.
I got a free Google Voice number and might use that in the future, but I had to tie that to another US-based phone number. What will happen if someone else starts using that number, especially if they also connect a Google Voice account to it?
I don't know that I have a better design in mind, but using a phone number as an identity has some nasty edge cases.
Don't take things like that too seriously. That's just the result of the reality distortion field that comes with sitting on top a huge database of phone numbers.
Simple: usernames. Humans are not phone numbers. Phone numbers are the IP addresses of legacy phone networks.
A lot of countries require require registering the phone number to your name.
Relying on phone numbers as uniqie identifiers especially in "crypto" hipster apps (Signal) is stupid bordering on malicious
If said malicious actors pwn the phone of the person you were talking to, suddenly they have a pretty good way of mapping a contact called "My Best Friend" to a human through billing records.
Or even easier, they type the phone number into Google and find that the Syrian dissident they've just arrested has been corresponding with the NYTimes or BBC.
If they know only that they are talking to email@example.com they could, uh, get Google to release their IP address. Google are fairly unlikely to honour a legal demand for disclosure from Libya or North Korea or some other tyrannical/fucked-up hellhole.
I like Signal, but I'm not totally sure about the threat model.
* They're not portable. My username here is Zak. It is on reddit as well, but I think that's the only other place. If I don't discover a service within it's first week of operation, I won't get that username, and many won't allow it because it's "too short".
* They don't tap into users' existing contact lists. I've discovered several people I know using Signal because I had their phone numbers stored in my phone's contacts.
But if a new communications protocol is to replace the legacy phone network, which I consider desirable, it probably shouldn't use identifiers tied to the legacy phone network.
1) get US phone
2) register google voice to US phone
3) stop paying for US phone
4) you can't de-register you US phone, unless you register a new one
5a) if you never sign up for a US phone, anybody can get assigned that number and click "forgot password" on your google voice.
5b) you get a new US phone: go to 2.
that is true for every single service that ties you up to a phone number or that has phone number as recovery option.
I've also read using Google Voice is highly recommended for things that require a voice or text number since it's very difficult to get hold of someone at Google that can be socially engineered. Much easier to scream at somebody at Verizon, etc.
The cheapest I've seen slightly below $2/month, but all the super cheap carriers are very volatile businesses and you can't expect to keep them more than a few years.
Seeing as you don't really own phone numbers in the sense you own domain names, any permanence is limited by the life span of your service provider.
A really popular mobile Jabber client will suddenly have the extensions it supports become popular with everyone else. Conversations looks nice.
As for why some set of extensions hasn't been brought up to modernity, that answer's simple: nobody cares about xmpp enough. Maybe just some users, but fuck those guys, they don't build anything.
Man, xmpp has been out for twenty years now.
Until you have two popular apps that implement two different extensions that accomplish the same thing. Now everyone is stuck implementing two, three, four extensions to display the same content. God forbid there's a new version of an extension that's backwards incompatible.
IRCCloud is using only standard IRC features to implement their Slack gateway that offers all features of slack - including reactions and threads.
Federated protocols can move extremely quickly, I've seen that myself recently.
It would at least have been nice if the 'extensions' had a required way to be opaquely handled and saved as files so that other tools could use them.