If you have the impression that there’s a dominant, homogeneous “mass” sharing the same opinion, you are right there in the middle of an information bubble and a victim of those “algorithms”.

Would that make a difference?

I’d like to share your optimism, but what you suggest leaving us to “deal with” isn’t “AI” (which has been present in web search for decades as increasingly clever summarization techniques…) but LLMs, a very specific and especially inscrutable class of AI which has been designed for “sounding convincing”, without care for correctness or truthfulness. Effectively, more humans’ time will be wasted reading invented or counterfeit stories (with no easy way to tell); first-hand information will be harder to source and acknowledge by being increasingly diluted into the AI-generated noise.

I also haven’t seen any practical advantage to using LLM prompts vs. traditional search engines in the general case: you end up typing more, for the sake of “babysitting” the LLM, and get more to read as a result (which is, again, aggravated by the fact that you are now given a single source/one-sided view on the matter, without citation, reference nor reproducible step to this conclusion).

Last but not least, LLMs are an environmental disaster in the making, the computational cost is enormous (in new hardware and electricity), and we are at a point where all companies partaking in this new gold rush are selling us a solution in need of a problem, every one of them having to justify the expenditure (so far, none is making a profit out of it, which is the first step towards offsetting the incurred pollution).

Neither XMPP nor Matrix will ever become “the next WhatsApp”: the current internet has seen too much consolidation for the tech majors to permit it (and open and federated protocols can’t compete, do not have the marketing budget nor the platforms to promote their software, but I salute the EU’s Market Act attempt to shake-up the status quo).

But that doesn’t really matter IMO. What (I believe) is important in the grand scheme of things is that such protocols remain alive, maintained and secure, so that:

• small-scale instances can flourish and contribute to a more resilient/efficient internet (think of family-/district-level providers ; this is the kind of service I personally offer: family members and friends at large appreciate that the messages and data that we exchange aren’t shared over some cloud or facebook server for no good reason)

• IM identities can persist over time: if you are a business or an individual, you may want to look into having a stable/lasting contact address, that will survive the inevitable collapse of facebook/whatsapp/instagram/… If you are old enough, your current email address probably existed before facebook. Why not your IM address?

And yes, I hear you, this is rather niche, but what got me there (and on XMPP in particular) is having been long-enough on the internet to become tired of the never-ending cycle of migrations from service to service. More and more people will have a similar experience as time goes, so this niche will only grow :)

If you are curious, you should give XMPP a shot, it’s equivalent to Signal in terms of encryption, but anyone can host their own. Signal is ideologically opposed to anyone but themselves being in control of your account, and because of that I don’t want to trust them.

It really took me a second to figure out: https://www.bundespolizei.de/Web/DE/Service/Mediathek/Jahresberichte/jahresbericht_2020_file.pdf , click on the PDF link, hop to page 48. But even without that, do you really believe that the developer of the app, who’s making a living of it, would commit financial suicide by lying so openly about such a trivial thing? Either way, with or without Conversations, XMPP is used by millions of users daily: https://www.rst.software/blog/22-companies-using-xmpp-and-ejabberd-to-build-instant-messaging-services
https://xmpp.org/uses/instant-messaging/

A prime one is that the entity that you (have no choice but to) trust today will eventually turn against you at some point down the road.

How does that change with federation, you always trust someone. Why should I trust the shady person running software on their basement, even if you self host, you are trusting the developers not to ship bad or poorly written code.

Federation is different in that:

• you can chose amongst a very diverse pool of providers, including local ones that you actually have a chance to meet in person, those with shared ideals that enable long-lasting/mutually-beneficial relationships, some operating truly in the open and enabling a just and provable retribution for the offered service (i.e. “you are not the product”), etc

• you can be your own provider, and with “turnkey” self-hosting options like https://snikket.org/ , it’s never been easier to do it safely at small/medium scale, and cheaply (e.g. for a family/neighbourhood/association on a shared instance/RPi/…)

• choosing a provider never cuts you off from the rest of the network: you are not tied to anyone, and you can migrate with no drama nor loss of contacts/histories/data like is the case when the captive networks “flavour of the year” inevitably shut down.

using a 3rd party client is against Signal’s ToS

As far as it being against signals tos, molly exists and had not received any problems from the signal foundation to my knowledge, discord has the same clause and they don’t seem to give a rats ass.

You must be new on the internet to believe that this is a sustainable state of affairs. Google was letting you use GApps for free until it didn’t. Reddit used to be mostly usable and ads/clutter-free until it wasn’t. Recently Unity pulled a weird one against their users and customers for a quick buck. Examples are plenty, and more recently people have referred to this as “enshittification” or “the tyranny of the marginal user”. Such monopolistic networks are particularly prone to that phenomenon, by design. Personally I don’t want to live under the constant threat of a single entity potentially changing its mind/ToS, and I certainly don’t want to drag my family, friends and peers into the gamble.

pushing controversial features like crypto payments

The crypto stuff wasn’t great but you know what’s cool? You don’t have to use it. Simple as that. You don’t have to engage with it and you and I both know that. It’s buried in settings and you have to find it yourself.

fair but you missed the point: Signal already controls and enforce this aspect of your user experience, which only benefits themselves, in spite of the significant backlash. Sure you can feign blindness, but what’s next and what recourse will you have ?

Signal is an entity that’s incorporated in a jurisdiction and might be compelled by law or to degrade its encryption to comply with the local regulator.

I’ve always used integrity as a metric as to how trustworthy a service is, and in terms of signals e2ee, they’ve never lied about it, it’s been proven in court multiple times not having any data on their users, no government can compel anyone or any company for things they don’t have.

Integrity has nothing to do with that, Signal can absolutely be forced by law to suspend its service in some countries (e.g. to implement sanctions) and whole regions can disappear from the network overnight. In terms of resiliency, that’s pretty much how email (federated) just works from anywhere, but things like WhatsApp are blocked in e.g. China or allowed to work without E2EE (e.g. in some Gulf countries).

You can’t really confirm what any software can or cannot do

Sure, but you missed my point, in case of sealed senders and contacts discovery, we are not talking about zero-knowledge/E2EE but about Signal basically saying “trust us, bro, we ain’t looking at it” which can’t be proven one way or the other.

If everything is encrypted, what could Amazon tap? You do realize sealed sender and PFS take away any trust from the server correct?

I’m not sure that you understand what’s really going on. All your messages are routed through Signal. You can absolutely infer who’s talking to whom with enough frames by just matching packets popping out of X and being received by Y. Encryption plays no role in that because this takes place at a lower level. At least some protocols like XMPP let you host services entirely on Tor or to even skip the central server.

https://gultsch.social/@daniel/109828650796048124

FYI that’s an app that’s used by the German police and in several other “sensitive” contexts where users won’t just pull it from the play store :) ISIS even had their own fork at a point.

And since that time, XMPP has improved significantly (more integrated with other protocols, more efficient client and server implementations, bridges from and to activitypub, more approachable, easier to self-host…), but Signal.looks to have … stagnated? Well… the crypto payments/web3 shady stuff aside :)

It would, just looking at how much data gets transferred

Thanks for taking the time to reply. There are multiple issues with centralization.

• A prime one is that the entity that you (have no choice but to) trust today will eventually turn against you at some point down the road. In the case of Signal, the writing is on the wall already: using a 3rd party client is against Signal’s ToS, and Signal has been seen pushing controversial features like crypto payments that, as a user of their captive ecosystem, you have no choice but to engage with.

• Signal is an entity that’s incorporated in a jurisdiction and might be compelled by law not to provide service for certain users, or to degrade its encryption to comply with the local regulator. Using a centralized service like Signal makes you an easily identifiable/prime target in such a scenario.

• No matter what Signal says, nobody but themselves can verify what code runs on their servers, and what amount of logging/data processing goes there. Because every account checks in through them, because every message is routed through them, there is no technical barrier to knowing who’s who, who’s talking to whom and when, with the nature of the communication (text, video, image, …) from which a lot can be inferred. As far as I understand the American law, any agency could tap into that, either directly, or via Amazon on which the whole thing is running. I am not paranoid enough to believe that 3 letter agencies belong to one’s typical threat model, but with SGX contact discovery from phone number and sealed senders, Signal kindah panders to those? Either way, those are unverifiable mitigations to problems that decentralized systems do not have.

I could go on and on, but the first one is the main one IMO: we are past the need to trust anybody with our instant messaging and put a fundamental aspect of our lives at the mercy of (geo)political and societal woes. That’s practically a solved problem in the opensource world, and we can make it ethical and sustainable by just opting out of the dominative model of monopolistic and centralized systems.

And an objection by the author of a popular XMPP client: https://gultsch.de/objection.html

The page isn’t loading currently… What protocol is it using? and if neither XMPP or Matrix, then why even bother?

I managed to convince my family to use XMPP. Since about 2015. It’s been great, and apparently is getting better since more are joining :)

A truly better signal is one that’s not using a centralized service.

Ohh, so you were talking about finding communities in the literal sense. Most clients these days hook into the https://search.jabber.network/ API, so you can just go to the “discover channels” section of your client and type “selfhost” and find xmpp:[email protected]?join and xmpp:[email protected]?join

My point was more that creating a chatroom doesn’t create a community.

how would you define a “community”? And how big a deal is this effectively?
As far as I’m aware, communities (if defined as a list of rooms under a same namespace) are native to XMPP in the sense that MUCs can be namespaced at the domain level (e.g. “welcome@mycommunity.server.tld”), and then it’s up to clients to do something about it. I’ve seen some discussions going over jdev recently but there didn’t seem to be too much interest (even though clients have had a decades-long head-start to tease potential users).
IMO/IME, the “community” approach as found in discord & al. is rather detrimental and makes the relevant information hard to track because of excessive (per-server/community) rooms & notifications micromanagement. Decades old communities and projects have collaborated successfully on IRC over a single/couple of rooms and this doesn’t seem like a problem in practice.
More than the proliferation of rooms, I’m more interested in threading which is seeing a comeback as of late (e.g. in Cheogram), which is somewhat more comparable to zulip and “gentler”.

That’s kind of how we all get to use and enjoy the GPS today

Apparently they say it’s the Ukrainians shelling themselves…