Hacker News new | past | comments | ask | show | jobs | submit login

Okay, it seems the server is open source? And the protocol supports federation? Could I just run my own server and it will just work™ with users on a different server?

Are you basically presenting me with an option next to xmpp/otr?

When I looked at it (which is already a couple of months ago), federation wasn't “just works™”. A new server needed to be explicitly permitted into the federated network by WhisperSystems. Every server has a full copy of the list of clients and on which server they are and servers trust other severs completely when they claim “we serve the user with phone number 555-123456”.

Thanks a lot (also: Hi, I regularly bugged you on prosody's muc I guess).

So in that case I'll stick with xmpp for my use case - self-hosting is just something that I wouldn't want to give up.

Aww, that is a shame. I was imagining something like the XMPP server "cloud" where everyone can easily setup their own server, eg for a more private setup with their closer friends (who would then be motivated to use that server).

I would think it should be possible to make a decentralized back-end where servers don't need to be trusted.

Not if you want it to be “SMS based”, by which I mean: use phone numbers as identifiers. A server can’t easily prove to another that it serves the user with a specific phone number. There’s no cryptographic proof possible, there’s no hostname part like in email. You can verify by sending a text message, but that gets expensive if you need to do it often.

This is trying to combine 3 points on Zooko's Triangle [1]: You want human-meaningful names (which phone numbers are, because they map to existing things), so you have to make a trade-off between decentralization and security. WhisperSystems opted for security for some reduced decentralization. For something that’s aiming to replace text messaging, I can’t really blame them for that choice.

[1] = https://en.wikipedia.org/wiki/Zooko%27s_triangle

It's a shame there isn't a standard means to associate keypairs with existing phone numbers in a way that doesn't involve establishing new trust. A <your_phone_number_here>.yourcarrier.com DNSSEC secured subdomain provided by your existing carrier that can be coupled with BrowserID perhaps. All you need is a cryptographic tie-in, right?

Getting carriers on board to make a texting replacement? Well, you can dream. ;)

That sucks. Is hosting a separate, smaller and unconnected network feasible?

Sounds a lot like IRC

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact