Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
immibis 9 hours ago

There used to be programs that would connect to multiple proprietary systems, like Pidgin. If we had this today we'd have one free-software app for WhatsApp, Signal, and Telegram (and some used in other countries, like IIRC Zangi?). However, the social and regulatory environment changed - now whoever made that app could expect to be charged with a crime.

rw_grim an hour ago | parent | next [-]

Pidgin is still here and does work (to some level) with all of those protocols. https://pidgin.im/plugins/?publisher=all&query=&type=Protoco...

We've been working on our next major release for a long time now to better support modern protocols. But as an unfunded Open Source project it's hard to get things done quickly when it's a "free time" only project.

palata 8 hours ago | parent | prev | next [-]

I don't have a definitive opinion on such messaging apps. I like that it bridges between different services, trying to free the users from the lock-in, but...

If I talk to someone on Signal today, I know that they are probably using the official Signal on the other side. With the guarantees that I know from Signal. Now what if half of the users of Signal were using a third-party app? How much can I trust this app?

Say Matrix has a bridge to Signal. I talk to someone over what looks like Signal from my end, but it goes to some third-party server that pretends to be Signal and then relays those messages to my friend on their Matrix client. As a Signal user, I cannot know it, but my conversation is not E2EE anymore. And it kind of defeats the point of using Signal entirely, doesn't it?

I guess my point is that in terms of security, there is value in making it possible to verify that both ends are using the official Signal app, by locking it as much as possible (e.g. with DRM-like technology). But of course it's annoying to be locked in. Even though I don't feel personally super locked into Signal: I could move to another similar app in a minute. But again people tend to be lazy and don't want to switch apps. It's a hard problem, I guess.

immibis 6 hours ago | parent [-]

That app already exists. It's called TM SGNL. The Department of War used it. It sent all their messages in plain-text to an Israeli server that was leaking memory dumps to the public internet (a la Heartbleed), 600GB of which were collected by hackers and sold on the dark web. Worst case scenario. That's not a fantasy, that literally happened. Do you still trust Signal?

palata 5 hours ago | parent [-]

That just reinforces what I said. It was not a problem in Signal, it was a problem with this third-party.

noisem4ker 8 hours ago | parent | prev [-]

The European Commission has recently put WhatsApp under scrutiny in terms of the Digital Services Act, and forced them to open up allowing interoperability with other messaging applications.

Perhaps we'll see a return of apps like Pidgin soon.

rw_grim an hour ago | parent [-]

We've never left. https://pidgin.im/