Paying a tutor or a class might be a good accelerant since you could ask fundamental questions in your native language. Once you have the grammar scaffolding, you could then use flashcards to start building vocab or looking for natives to share conversations with. Note also: immersion rarely works without some foundations to build on (unless the language in question is basically the same as your native language like Dutch is to English). The TL;DR is apps are more entertainment then education.
XMPP is battle-tested* and thriving*
I don’t think you know how many commercial use cases are relying on XMPP, nor how much the community has been working on updates. Older technologies tend to have maturity is spec but also in implementations where the servers are robust & already at the point of optimization over chasing features. We see this with how little specs it takes to run a server & have Conversation forks on Android have some of the best battery life & data plan usage in the chat space. The network is massively decentralized too… unlike Matrix where almost everyone is on Matrix.org or a server provided/hosted by Matrix.org giving them all the metadata.
client or server that doesn’t support the same encryption protocols
Outside of TLS which most any server uses by default, XMPP or not, the server is not responsible for E2EE. Conversations Compliance & Are We OMEMO Yet have existed for a long while & I never see anyone recommending a client not on these lists so while certain features may be fragmented, the communication essentials have been more or less established for years now. XMPP is an extensible format, and some applications that aren’t for chatting with your friends/family, don’t need many of these features which allows the protocol to morph into something stripped down for the task… which is why the base spec is basically barren, & community XEPs are what folks get behind for adding new features for different use cases.
Not everything proprietary is inherently bad, but you did more than most ever could. It’s those megacorporations & anything “free” you have to worry the most about.
Steam is a weird one since it is proprietary, & you could lose access to your digital game copies but a) most work if you just download them for long-term storage, b) they provide a decent service with deals & synced saves, c) they are privately-held so they don’t need to chase quarterly profits for shareholders, & d) they have done more for Linux gaming than almost anyone else (even if the selfish goal was to break Microsoft’s shackles & later have a hardware device they could sell you that happens to be mutually beneficial for both sides with so many patches).
Deleting everything Microsoft & Google is very difficult. The former I am locked since too much free software thinks it can sleep in the dragon’s den as GitHub. Google, well good luck finding an employer that isn’t using it in my experience & when it comes to using your own email for instance, there’s like a 90% chance the person on the other end is using a Google or Microsoft email account without encryption to get them the whole message anyhow.
With the right intel you could piece back some of the pieces, especially with some pieces from other sources, with just that metadata. With metadata, it’s about putting together lots of sources to see the picture clearly which is why Facebook bought WhatsApp for just the metadata (& address book). The thing is that you, can skip Signal & you will still have several free software messaging alternativ where nothing is on a US-based server where they can subpoena.
Those components are not really meant for self-hosting, its open to be looked at. You would need to patch out the SIM requirement, point the hardcoded server/clients elsewhere, find some way to sideload modified clients to those using iOS lol, & it’s not federated so you would need a separate app for just this task. At this rate you are 100% better off using a choosing systems where server & clients are actually built with this in mind… Signal’s chat features are not novel
Signal & WhatsApp are not secure enough. Meta/Facebook regularly give data & metatadata to the cops & Signal is centralized & not self-hosted by your crew so while messages are encrypted, the metadata still isn’t. If you must use Signal, I would pick Molly as an Android client since you can a) encrypt the messages under a separate password for storage on seizure & b) you can use the UnifiedPush version to make sure your notification metadata isn’t going thru Google’s Firebase servers. Protests are the ideal place for Briar as it is works via mesh net so internet & SIM cards are not required (but years ago wden I tried it, the app was a major battery drainer).
That’s the Apple price you pay tho. It’s not a popular platform for FOSS or otherwise ethical software since you have to use their overpriced hardware to develop on & there are fees to publish apps (even with EU opening up alt stores, many won’t see it as legitimate for a long time–difficult enough with F-Droid eco). Have you considered upgrading to a Linux or Android phone? (/s, but kinda not)
Signal also requires you surrender to the Android/iOS duopoly to install the app on a device with a SIM to create that account. You can’t create an account on a SIM-less tablet; you can’t have a Linux phone. I’m not entirely sure if it behaves like LINE tho, where they will check in to see if the phone is still activated else it will kill access to your account from other platform–I have to keep Signal installed to talk to my family currently.
I use XMPP every day to talk to friends & self-host a Prosody server (may move to ejabberd in the future).
The client & server situation can be a bit loosey-goosey since the base XMPP spec isn’t large, but involves a ton of opt-in XEPs. Luckily the Conversations compliance helps define a common set of expected specifications for servers & in many senses, I’m happy to see there is a zoo of clients you can find that fit your need from a CLI, to TUI, to web, to native clients that something will meet your needs & written in several different languages so you could find something that fits your interest for contributing to if you have the skills.
- @toastal@lemmy.ml to
- •
- 24d
- •
Everything after Hello is encrypted tho. The metadata is important, but takes some leaps of assumption to know what that data means—moreso than the metadata of say WhatsApp since the payload could be just about anything & from anywhere, not just a P2P text/multimedia message. And DNS over HTTPS does exist now & has support in all browsers & mobile operating systems. If it’s the hostnames you are worried about, a simple SSH SOCKS5 proxy with remote DNS could work with many older technologies. Not saying there isn’t some worry, but there are solutions now, the ISP is getting close to nothing, & for most folks subscribing to a comericial VPN is not worth giving monthly money to these actors that you probably can’t trust.
You can go to the Blink + V8 engine without using Google Chrome; in fact that’s exactly what you should be doing as Google’s browser has way more spyware built into it.
The thing that killed it for me was the lack of PWA support
I hear ya. I’m still butthurt about Fx killing SSB (site-specific browser) before it even had a chance. They had the feature locked behind a flag & then removed it due to low usage. It seems a lot of folks hadn’t even heard of it til the news was out about it being removed. It would have been great to use since you could run something akin to firefox --ssb https://url (I forget exactly the command, & you’d want to write it to cover Gecko forks), but it means you could ship some apps with just exec. Since the process was pooled with the main browser instance too, it wasn’t as taxing on resources as Electron.
Brave Search has been alright, tho I’m not entirely sure how their algorithms are working & they index much slower so they probably aren’t doing full aggregation themselves nor does it seem that they are just using Bing like DuckDuckGo. Yandex is great for image search & I use their translation service even if it’s a little weaker just to spread my data across services instead of centralizing. Even if I preferred content written by a human, a lot of general queries it seems I am more prone to reaching for an LLM …even tho it could be a hallucination, a lot of the content written by folks on the highest SEO sites are just as much bullshit.
By who? Who is auditing the auditors? That’s not to say audits aren’t good, but when the code is proprietary, a lot of trust is required. I would prefer banking on solid, open tech which the TLS standard is. There is still use cases for VPNs, but outside like streaming piracy, you might be better served by the Tor network.
What metadata? The headers are as encrypted as the payload. That there was a key exchange between you & a server isn’t too useful.
“Usually” is a strong word for DNS as well since all OSs let you change it & the megacorporations like Google & Cloudflare have already compelled a lot of folks to use their DNS ta resolve faster since the ISP ones are slow (& the smarter, curious folks used that as a launching point to find other provider or self-host). Some platforms have even been shipping DNS-over-HTTPS to get around some of these issues (since the payload & headers are encrypted under TLS).
Didn’t watch the video, but… Traffic is often already encrypted with TLS or other encryption & you don’t have to use the ISP for DNS. This would cover a lot of the data you would be discussing. Instead if using these advertized commercial VPNs you are giving the data to those corporations instead which is hardly better in many cases—luckily most of your traffic is encrypted with TLS & you don’t have to use them for DNS …which takes us back to the previous statement for concerns.
There’s still value in VPNs for a several online activities (censorship, piracy, activism, etc.) & threat models to certain folks, but assuming the ISP is the bogeyman in most common scenarios for non-niche use cases is incorrect—but it isn’t how these commercial VPNs are selling themselves. If the ISPs possess the ability to break TLS encryption we’d have bigger issues to worry about & VPNs wouldn’t help. I would assume the video goes in this route but chooses the clickbait title for views.
With a little customization I able to generally get a setup I liked except for a persistent terminal-friendly top row from AnySoftKeyboard (Ctrl, Tab, |, /, Arrows left, up, down, right, Esc). I don’t do too much terminal work, but when you do, it’s so handy—but eventually I noticed how handy it was outside the terminal as feature like Ctrl+V or arrows being faster than using menus or long pressing the screen. Tab is really great for typing accessible code snippets too.
It’s a bit sad the dictionaries are held on a pirvacy-respecting, German nonprofit-held, free software Codeberg repository, but the main repository is tied to the US-based, megacorporate, proprietary repository. Not even a mirror.
The biggest selling point is how unlike AnySoftKeyboard, you don’t need to get an Android+Java environment setup just to add or tweak a new keyboard. Being a JSON file & having many to-JSON options, users are hardly shackled to a specific or difficult-to-work-with option. Even if not perfect, ultimately I might give this a fulltime go when I have time to write out the three language keyboards I need—which is not a phrase I could say about other options since the time to set up for & learn the basics for Android was a task too large.
This would be a good use case for private posts on self-hosted Movim + XMPP. Only your followers can see the posts but they persist unlike messages which tend to fade either due to expiry or just being too far back in the history. The XMPP platform’s clients come with OMEMO for double ratchet E2EE & Movim has a slick progressive web app for anyone that doesn’t want ta install some app while being able to comment on posts, participate in DMs+audio/voice calls, as well as MUCs (multi-user chat).
If I had a kid, this was my plan.
Signal is pretty broken. A chat app shouldn’t require a SIM card & an iOS/Android device just to create & maintain an account (too bad Linux or KaiOS users or folks that otherwise don’t want a smart phone). Multi-devdice setups seem to have issues. The desktop app being Electron is a waste of resources. They still don’t want to support UnifiedPush while highly encouraging you download the app from the Google Play Store & send notification data thru Google-controlled FSM. There’s also the missing history of the server code which is probably has something to do with US intelligence injecting code.
Is it better than a lot of things, sure, but it should be put on a pedestal nor seen as exemplary for private chat in UI or philosophy.
I got recruits to buy me coffee while I ranted at them about the tech industry. That was cool, but wasn’t worth how much noise is in the inbox nor the privacy concerns of having your data & network stored with Microsoft, so I deleted my account a few years ago.
I’d love to delete all accounts associated with Microsoft, but we need to bully projects off of MS GitHub that refuse to acknowledge the privacy concerns (as well as the mental health issues caused as a result of turning a code forge into a social media platform that your job probably makes you uses). npm falls in this same category but is easier to avoid.
Movim has public posts that can be commented on in a decentralized fashion but can also restrict comments to followers