Some interesting thoughts - and questions - here. Seems you posted them in the wrong place, given the paltry response. Or possibly at the wrong time (i.e. 6 hours after the herd had moved on, a perennial problem with social media).

It isn’t based in XML, and modern devs don’t want to use XML. As I’m not a coder, I cant say how big an influence this has, but from what I have seen it seems to be a substantial factor. Can anyone explain why?

XML is space-inefficient with lots of redundancy, and therefore considered to be ugly. Coders tend to have tidy minds so these things take on an importance that they don’t really merit. It’s also just fashion: markup, like XML and HTML, is a thing of the 90s, so using them is the coder equivalent of wearing MC Hammer pants.

Crucial detail:

The backup archives are “stored without a direct link to a specific backup payment or Signal user account,” O’Leary says. You’ll use a recovery key to unlock your backups, but if you lose that key, the company “cannot help you recover it.”

And this reader comment was clarifying IMO:

This solves a user issue of changing a phone and their Signal message history is just gone, which to normal users, is not acceptable.

Keeping them definitely seems to increase possible risks, but for most people this is a requirement, so good move on their part (guessing it’s optional) - when it’s rolled out.

This kind of purity policing is deeply offputting IMO. And certainly won’t help build federated social media.

But it’s neither good nor better, it’s worse.

The Aurora Store, alas, will never be a sustainable solution to the problem of proprietary Android apps. It’s always going to be a clever hack that survives at the pleasure of the big corporate gatekeeper.

Getting apps via random APKs on the web is even less of a solution, and a terrible idea if you care about your security.

As things stand, web apps and PWAs are the closest thing to a sustainable solution if you need to access corporate services (but there aren’t enough of them and banks will never offer them). For the rest, use F-Droid or somehow get the apps direct from the developer, via Obtainium or similar.

This is a decent point. Ignore the inane downvotes you’re getting for simply expressing your opinion in a polite and good-faith manner.

Personally I share your take, but you’re not helping the cause by insulting people.

Between what the law says and what actually happens, there is a yawning gulf. It’s the same in basically all jurisdictions where there are animal-welfare laws. The meat industry is powerful and consumers are unrelenting in their clamor for cheap meat. With such incentives, the weakest link is always going to be animals, which by definition have no voice.

This is exactly my mental response to this kind of story. Total hypocrisy. Try to ignore the pushback, cognitive dissonance is a powerful thing.

Not another one.

First, I don’t want to denigrate your project. I think it’s great, so good luck to you.

But… As an end user of this kind of software, what I would like to see personally is for developers to work together more, in the spirit of FOSS. To pool their limited resources, instead of working in isolation on personal passion projects which (let’s face it) will probably go nowhere. Encrypted messaging in particular is a massively hard nut to crack: it’s technically difficult, and you’re up against the almost prohibitive barrier of network effects (nobody will use new software until everyone uses it). To make all this extremely plain, what I personally would prefer you do with your talent and energy is to devote it to an existing project with an existing codebase and genuine prospects of succeeding at this almost impossible challenge. For example, Matrix.

That said, I’m sure you couldn’t care less what I personally think, and if you insist on going it alone, then good luck to you all the same.

Yeah that’s true but in this scenario it’s your fault, not theirs.

Every social-media platform strips EXIF metadata before publishing the photo.

So the issue is the trustworthiness of the social-media platform itself. Personally I always strip the metadata before sharing anything anywhere.

A nuanced take in response to casually lobbed accusations of Nazism? How come you haven’t been banned?

OK. So this is just another XMPP-vs-Matrix debate. Assuming that the holy grail is a distributed, federated drop-in replacement for Whatsapp, then, as I understand it, Matrix is a far more advanced on that path. In any case, just as there are not competing protocols for email, the ultimate solution is clearly one protocol. Everyone jumping ship every 3 months will not get us there.

This exchange shows a clash of philosophies. While you are not wrong exactly, neither is your interlocutor. The “capitalist” mindset (as illustrated by your good-faith comment) is to treat this like shopping - “we’ll just go elsewhere”. But the whole point of FOSS is that we do the work, not “them”. So while it’s true that “not everyone can be working on everything”, ultimately that’s very much our problem and one that only we can solve.

We agree on more than you think.

It should go without saying that I agree with your description of things. Likely everybody else here does too, it’s why we’re all subscribed to a “privacy” community. I just don’t see the point of telling people what they already know, that’s it’s all terrible, that they’re right to think it’s terrible, etc etc. I’d prefer to hear ideas for solutions, personally.

But others will surely vote you up and vote me down, so I guess I’m in the minority.

A web browser is the space shuttle of consumer software. The Gecko rendering engine alone has an enormous attack surface. Which of these forks is contributing security patches to keep it secure?

There are two distinct things to optimize for here: your immediate privacy, and the future of a non-corporate web.

If all you care about is the former, then do… whatever. But if you also care about the latter, you cannot use a browser that supports the Chromium monopoly. That means using any Firefox fork. Personally I use Firefox itself because it’s Mozilla that employs a paid security team, whose work all the forks are freeloading off.