I second xmpp + omemo, and would caution that as far as I can remember matrix leaks significant metadata when syncing between instances/services.

As a personal decision I got away from signal (molly in fact) more than a year ago.

I’m also keep jami working with my family, particularly for things not requiring immediate response. It’s a different beast, since it’s p2p, but there’s no server associated to it, no matter if decentralized or not. It’s easy as well, just not as responsive, in particular if looking for immediate responses… I like and keep both, hoping jami improves.

Ohh, I understand now what you’re saying. LOS (upstream) finally allowed uG to work on their images, though not pre-installed with them, it’s mentioned on LOS4uG FAQ, see question Why do we need a custom build of LineageOS to have microG? Can’t I install microG on the official LineageOS?, the answer includes a couple of references to LOS MRs. I was not aware of that, and that makes all derived ROMs inherit such ability from upstream LOS, including divestOS, so now I see what you were talking about. The answer in that FAQ doesn’t indicate that the official F-Droid client can be installed, and even better neither it or it’s lighter official client (that one never supported privileged extension) require privileged extensions to install apps in the background, so no need to install such extension through adb, and once installed the F-Droid client, one can add the microG repo to keep the uG apps up to date. Therefore no need for LOS4uG actually.

The sad thing is that divestOS images/ROMs are no more, since divestOS is dead. I hope LOS ports divestOS’ boot locking/unlocking mechanism from the still available divestOS repos, that would make LOS even better.

The other sad thing is that as LOS4uG signs with its own keys, different than the LOS ones, once you start with such images, unless you can backup everything, apps, apps settings and contents, LOS settings, and so on, without a google account, you’ll have to keep using it, until you change phone, or you are OK with a factory reset and having to set everything again, since moving to LOS implies different signatures and keys, which in turn implies factory reset and further cleanup to make the image work, :( That holds true if wanting to move to divestOS images as well.

Sorry I didn’t understand what you were saying. I’ve been using LOS before it was named like that (cyanogen), and as far as I can remember when uG showed up, LOS decided it didn’t want to support it, and it was until early last year that it decided to finally allow it, though not helping a bit providing it pre-installed, which is fine, because then the user can get to it, or rather Gapps. So I never read back about LOS criteria changing…

What do you suggest? If they get forced to use something encrypted, they won’t choose XMPP for sure, most probably something like whatsapp or telegram.

Being forced to use non standard protocols, and specially non federated ones is also a concern. Where I live, it’s assumed that all clients/users must use whatsapp, so they don’t answer your questions, you can’t ask them anything, you can’t share any doc with them if in need for support, it it’s not through whatsapp. And everyone seems happy with it.

e2ee by itself is not enough for privacy, metadata counts, and on proprietary communication systems one doesn’t even have a clue what data is mined by the company/owners or even worse if they have non disclosed mechanisms to do that or even worse to introduce back doors.

If I’d suggest something, that would be a standard and federated protocol with e2ee like xmpp + omemo. But again, I’d be naive to assume that’s a possibility, if forced to do something corporations will choose what’s more convenient to them not to the user, and that usually translates into proprietary abusive mechanisms.

Now about nerds using gnuPG/openPGP keys, ohh well, thunderbird chose what to me is the wrong path of not using gnuPG underneath (now by default all keys are exposed unencrypted, unless you choose to use TB’s master password for example, between several other limitations, the good thing is that there’s sequoia-octopus-librnp to the rescue), but that path allows them to offer a really easy way for users to interact with openPGP keys. On Android K9, now a days Thunderbird, has made it really easy as well to use gnuPG/openPGP keys when accompanied with openkeychain for example. There’s nothing obscure neither truly complex about current gnuPG/openPGP usage these days. I would agree like 15 years back one really needed to learn how to maintain the gnuPG keyring, how to add and manage public keys and how to manage your own private keys. But even then there was Enigmail, which after TB chose that path turned into just a shell to help move from Enigmail to the chosen TB’s librnp way, and Enigmail made it really easy to do all that gnuPG stuff. Besides thunderbird, which I wouldn’t say is a nerdy thing, there were/are several other easy alternatives to use and handle gnuPG/openPGP keys. So, not really nerdy, I’d think just willing to go a bit beyond what the corporations offer you, for “your own convenience”. But how many people even care? I’d say we’re a sleepy society, accepting everything imposed to us, even when there’s no need to, because of the hassle to look for truly privacy respectful, security respectful (from the user perspective, not just the corporations perspective), and also really important user liberties/freedom respectful, which Today’s corporations with the help of some communities and the banning culture we all embraced, have been successful in convincing us that’s unnecessary in favor of more “practical” alternatives, including proprietary ones…

Well, I think you already mentioned the key thing about encrypting disks. It’s not about protections when the block device is already decrypted and the filesystem already mount. At that point your disks are decrypted and anyone with or without physical access to your device, if gaining any access to it you’re toast. That’s true, but that’s not what disks encryption help you with, and you already mentioned. If you turn off your device, and someone steals it, or gains access to it, they can’t look at your contents, that’s it. That wouldn’t prevent malicious people, to instead plant something through UEFI for example, and you are right about that case. And if you never turn off your computer, and just do sleep to memory, then you depend on how strong your password is, or any other authentication mechanism you have…

Can you explain why if someone get access to your encrypted disk, they would have access to its contents?

Phoenix is not a browser, is it? AFAIK it’s a similar user.js to Arkenfox… They claim to be better, and have their on comparison, but I don’t know:

https://codeberg.org/celenity/Phoenix/wiki/Comparison

Arkenfox has been like the default user.js for privacy… Perhaps phoenix already is better…

Well it’s a bit confusing. On Guix’ wiki General features you can read:

Guix keeps track of these references automatically so that installed packages can be garbage collected when no other package depends on them - at the cost of greater storage requirements, all upgrades in Guix are guaranteed to be both atomic and can be rolled back.

The roll-back feature of Guix is inherited from the design of Nix and is rarely found in other operating systems, since it requires an unorthodox approach to how the system should function (see MicroOS).

And then on its wiki Guix System (operating system) Roll-back you can read:

This is accomplished by a combination of Guix’s functional package manager, which treats each package and system configuration as an immutable and reproducible entity,[58] and the generation system which maintains a history of system configurations as “generations.”

So the system configurations on a Guix system are actually immutable, as opposed to regular gnu+linux distributions, which can change the system configuration on the fly. What else is immutable on Guix, I can’t tell, but at least you can not change its system configs. What is atomic is the upgrades.

I’m not sure, but as Guix borrowed these properties from Nix, I’d think this applies to Nix as well.

In other words, at least the Guix system has immutable components. And further, the system config which is immutable, is also declarative. Combining those two things might be intimidating, since it’s not like on the fly one can go and change the system config, which might be required when debugging some misbehavior, and it’s what most distros document, then one needs to learn about guile, and a bit about functional programming I guess or at least their basics… Deploying systems might take advantage of such declarative configurations though…

Regarding omemo, dino is getting there, see its closed issue 1609. Not sure why it has taken them too long for a new release, but they have the stuff already merged.

I’m interested on what changed that make it differ from Mull in a non recommended way. Are you referring to their 1st MR? where they outline:

• Replaced Arkenfox & Brace preferences with ones from Phoenix 2025.01.06.1…
• Added support for Google Safe Browsing (Safe Browsing is disabled by default and can be enabled by setting the following preferences to true in about:config)

I understand Mull was using arkenfox which is sort of the go-to reference, and now ironfox move to phoenix. The safe browsing is the same approach Librewolf follows, though I don’t like their comment on a proxy. I don’t like their choice of the brave search engine, but I always replace that with searxng tweaked a bit.

The MR doc doesn’t look too terrible, but don’t know about the changes themselves.

As mentione SMS is by no means secure, and although silence hadn’t gotten any update, still works as a champ on Android 15.

https://gitlab.com/ironfox-oss/IronFox/-/issues/7

https://gitlab.com/fdroid/fdroiddata/-/issues/3457

Ohh, so it changed for being webkit, to be a FF based browser. At any rate Librewolf keep being like the closest, FF but with better defaults, and without the need to configure the arkenfox stuff.

It’s a webkit engine based browser, actually it uses webkitgtk. Now webkit is the engine on which safari (apple) is based as well, and it’s been there for some time. blink, which is what chromium based browsers use, is a fork from webkit with its own extras.

So it all depends, chromium based browsers are all blink engine based browsers, which are pretty related to webkit engine based browsers (midori is not the only one BTW). As well as there are a ton of blink based utilities such the electron ones (chromium in disguise), there are still quite a bit based on webkit, specially gtk applications.

gecko as opposed to the other major web engines never had some sort of toolkit that would make it easier for other applications than the mozilla ones to be based on it, and it seems there will never be such toolkit, even less with the dominance of blink based browsers and applications, and in a lesser way but still high use webkit applications and browsers.

If looking for actual alternatives to what dominates the market, I believe gecko is the option at the moment, and if the FF defaults are unsane, I’d strongly suggest using Librewolf, which is essence is FF with much better defaults, it partially uses arkenfox configs, but it’s independent and has its own decisions, and also removes very few blobs like pocket at build time.

Eventually servo might become the web engine to look for, and perhaps verso the web browser based on servo. But they are still in early stages as to be considered for day to day regular use. I’m not sure if servo is both a web engine and also offers itself as a toolkit so other applications besides a web browser can be based on it, similar to webkit or blink, but I believe that’s not the case, at least not yet, though I wouldn’t put my hands on fire for this, :).

Bottom line, you might want to take a look at Librewolf.

Unfortunately divestOS is retiring, and Mull, something like Librewolf but for AOSP based devices, has ceased development. I’m really hoping someone capable of forking it does it…

Totally unrelated, mull is pretty cool in the sense that it brings arkenfox configs for the user, and it strips some binary blobs. To me the AOSP privacy browser with no actual alternative. Some say it’s like librewolf for AOSP.

Bottom line, no, totally different things.

Yet Another Call Blocker?

The only reasons I sometime back looked into betterbird was thunderbird breaking TbSync and its companion “Provider for Exchange ActiveSync”, which I really need for work, and because of their tray support (I don’t like the modern way which rejects the benefits of the tray functionality, or notification area which is how it’s also called now a days).

For the first thing, I was able to live with thunderbird by reverting the upgrade and keep its package from upgrading at all, until the two extensions I required eventually supported the new thunderbird version which broke them. I looked into betterbird as an alternative since someone suggested it given betterbird wasn’t moving as fast at that time as thunderbird was, and at that moment they were not breaking the extensions I’m force to use if wanting to use thunderbird as email client at work.

For the tray, ohh well, it doesn’t work on wayland if you don’t use gnome or kde (I use wayfire), so it couldn’t help me at all. I found a bug reported on mozilla (not sure why not also on betterbird) which matches my case, so no luck with their tray support, :(

Other than that I really didn’t find a compelling reason to use betterbird instead of thunderbird. But if I were a gnome or kde user, perhaps its tray support might be compelling enough.

They don’t, I mean registering your username/basename is not a requirement, they chose the registration as the default to make it easier to be found. But you can get away with not registering your username/basename and instead exchange with your contacts you ID number, and with that besides able to choose whatever username/basename, there’s no central directory to find you, which is good depending on your use case, but the Jami guys are right to say that makes it virtually impossible for others to find you and establish a conversation unless you exchanged somehow your ID numbers, but that’s not actually finding, :)

That option is a one time choosing, when creating the account though.

It is open source, which is good, but ultimately it depends on the service provider as usual, what it logs and for how long. The good thing, is that by design there’s not much which can be collected.

But for a mechanism that is supposed p2p distributed, unified push, their proxy stuff (which also helps reduce battery usage), make the app not such p2p, but the gain in battery life might be your priority. DHT is as well a point of gathering several connections, and also to collect metadata, but to be honest, DHT is so good for this purpose, that I don’t complain.

The thing is that on the phone by default you don’t get a pure p2p experience, which is BTW really hard, as requiring both ends being present if pure p2p, and it’s really hard to actually contact the other end at any time. Although if wanted, jami can be configured as such, except by the DHT part I believe.

First of all, it’s been a while since it’s no longer his code, and the contributions from whatever amount of people must be respected. That was used some time back as justification to never moving to GPL3 or latest.

Second, there’s now a huge foundation behind it. Although he has gating approval for whatever he wants, the money coming from big enterprises would cease. Remember now MS already claims it loves linux.

Third, although it’s pretty linked to second, the project is not an independent community project anymore. Even risc-v people took care not to create a so nation specific project (even though its origins are totally linked to the academy from a particular one), that it doesn’t matter which country imposes sanctions to others, no country can prevent another from using its open ISA to build their own stuff. Linux, and its linux foundation failed on this, and as it’s pretty dependent on the big tech and enterprise, now it has no options to be compliant. Which you could see recently from banning developers and the legal reasons involved (well done, as risc-v, that would have had minimal impact, or better yet, if a community project not linked to any country, then that would have gone differently).

All in all, linux’s success has lead it to be a non community driven, non independent project, and I would guess the enterprise and big tech, which is pretty reliant on linux now a days, wouldn’t let linux go away unless they already have an alternative.

Though never say never right? But my take on this is both, no single person owns linux, so no single person can take it away, and there’s too much reliance on it from big tech and enterprises as to let such important project, and key on their software supply chain (years back thinking on software supply chain was in no one’s mind) or so they say.

If ever getting to administrate non systemd boxes, and in need to deal with the system logging mechanism, then syslog-ng comes close to the most probable mechanism use. And no, non systemd gnu+linux distributions are not legacy, there are quite a few out there, just not the major or mainstream ones, like Artix, Void, Guix, and several others, not to count non gnu+linux OSs like BSDs…