I’m not really tech savvy

That’s how they get you ;) There is a trade-off between privacy and security on one end, and convenience and ease of use on the other. Microsoft, Google and all the others profiting off of your data know this and offer you convenience and ease of use in exchange for you giving them all your data. So be prepared to give up a little of that convenience and getting a little more tech savvy.

I recommend you take a look at https://nextcloud.com/ - it’s a self-hosted cloud service solution that offers file storage, calendar, notes, and a lot more. If you don’t feel comfortable hosting your own just yet, there are providers out there that will host one for you for a few $ a month.

If this crap actually goes through (which it looks like it will, the maintainer seems hellbent on pushing it and completely unwilling to listen to criticism) I absolutely expect one or more forks to appear with all the google surveillance completely stripped out.

I’m not a Go developer myself, but I get the impression that trust in the project was already wearing thin after the whole GOPROXY debacle; this just might push enough people over the edge to get the needed momentum behind a new fork.

Also, I really hope package maintainers with the larger distributions start shipping with all this nonsense disabled by default. Apparently Fedora already ships Go with goproxy disabled.

Small team of 3 according to git; but yeah it’s a risk.

Yes I did some testing, looks really good (polished, responsive UI) and works great as an instant messenger. Also tried setting up a group server, works fine too - although the group functionality is a bit immature yet. There are some challenges; offline messages are a no-go due to the peer-to-peer nature of the protocol, and by design it has no presence indication or stuff like that (which is fine by me). It can also be a bit sluggish, depending on your route and who’s DDOSing TOR nodes at any given time…

I love the multiple (ephemeral) identities feature; you can make as many identities as you need and keep them around as long as you need them, and switching between them is painless. Only thing missing is all my contacts switching over I guess.

Interesting read, freedom of association is a double-edged sword though. Yes it means private social media platforms are free to exclude and censor, but it also means bakers are free to refuse baking cakes for gay weddings and all that.

There’s also the issue of Section 230 protection. Once you start curating content, there is an argument to be made that you can no longer claim to be a “common carrier”, and so you will be liable for the content that is published on your platform.

Then there are utilities such as payment providers. Should they also have freedom of association? PayPal is notorious for refusing service to individuals and organizations based on political or religious beliefs. In an increasingly cashless society, is this OK? And what about other online utilities such as domain registrars, DNS, ICANN etc?

And lastly - where does freedom of association end? The civil rights act put an end to businesses discriminating by race, so there are some limits.

If used correctly, I’d say it’s probably as secure as you’re going to get short of airgapping. It’s not a replacement for good OpSec, and as with all security, there is a trade-off in terms of usability.