[liberationtech] Time to Switch to Discord & Mozilla Firefox?
Julian Oliver
julian at julianoliver.com
Tue Jun 25 19:08:15 CEST 2019
..on Tue, Jun 25, 2019 at 04:42:41PM +0100, Rory Byrne wrote:
> FWIW, we experimented about a year ago with getting a three of our civil
> society organisations running internally on Matrix (via Riot.im) vs
> Mattermost. The main feedback against Matrix/Riot was UI/UX issues. A lot
> of users just felt overwhelmed with the options around things like security
> (of course personally I love that). So all of the orgs ended up going with
> Mattermost. Which is still a decent system but obviously still lacks e2e
> encryption at the moment I think.
Yes it does lack it. You need to trust the sysadmin (it's not a
'zero-knowledge'/trustless platform in that sense) and ensure there's solid
on-disk encryption (say, AES-XTS block/cipher, 512bit key length). At-rest
encryption at the database is an option, also. However, as Mattermost makes a
mass migration from Slack so painless, and as being so easy to pick-up and use,
it's more likely that folk will make use of it, rather than defaulting back to
pro-surveillance corporate platforms.
Cheers,
Julian
>
> On Tue, 25 Jun 2019 at 15:37, Yonatan Miller <mathsolver24 at gmail.com> wrote:
>
> > What are your thoughts in terms of usability between setting up mattermost
> > and riot for developer and non developer audiences?
> >
> > On Mon, Jun 24, 2019 at 10:12 PM Julian Oliver <julian at julianoliver.com>
> > wrote:
> >
> >> ..on Mon, Jun 24, 2019 at 12:28:26PM -0700, Yosem Companys wrote:
> >> > Internet Freedom Festival uses Mattermost:
> >> >
> >> >
> >> https://medium.com/iff-community-stories/were-not-a-conference-9cf252199652
> >>
> >>
> >> Definitely go with self-hosted Mattermost or RocketChat or RiotIM. The
> >> former
> >> FLOSS 'team edition' is *astonishingly* performant. I installed and
> >> sysadmin a
> >> server with many thousands of members (at risk groups) spanning over 160
> >> teams.
> >> It's extra-ordinarily fast - barely expresses any load on the system, and
> >> is
> >> used heavily day in and out.
> >>
> >> Discord has among the worst privacy ToS in the chat space, openly
> >> presenting
> >> their service as a data harvest for downstream buyers.
> >>
> >> "By uploading, distributing, transmitting or otherwise using Your Content
> >> with
> >> the Service, you grant to us a perpetual, nonexclusive, transferable,
> >> royalty-free, sublicensable, and worldwide license to use, host,
> >> reproduce,
> >> modify, adapt, publish, translate, create derivative works from,
> >> distribute,
> >> perform, and display Your Content in connection with operating and
> >> providing the
> >> Service."
> >>
> >> https://discordapp.com/terms
> >>
> >> Discord are actually even worse than Slack as regards our basic rights
> >> online,
> >> which is itself quite an achievement. Not sure I can think of a worse
> >> partner
> >> for mass team chat!
> >>
> >> Cheers,
> >>
> >> Julian
> >>
> >> >
> >> >
> >> > On Mon, Jun 24, 2019 at 12:14 PM Petter Ericson <pettter at acc.umu.se>
> >> wrote:
> >> >
> >> > > On 24 juni, 2019 - axel simon wrote:
> >> > >
> >> > > > On Sun, Jun 23, 2019 at 10:17:02PM -0700, Yosem Companys wrote:
> >> > > > > Discord: what Facebook is trying to become.
> >> > > > >
> >> > >
> >> https://www.theatlantic.com/technology/archive/2019/03/how-discord-went-mainstream-influencers/584671/
> >> > > > >
> >> > > > > Why to switch from Google Chrome to Mozilla Firefox.
> >> > > > >
> >> > >
> >> https://www.siliconvalley.com/2019/06/21/google-chrome-has-become-surveillance-software-its-time-to-switch/
> >> > > > >
> >> > > >
> >> > > > Hi,
> >> > > > Discord is interesting in that it's popular and offers people the
> >> > > possibility to have their own community (which they call "server", I
> >> > > believe), but there's nothing free and open source about it.
> >> > >
> >> > > As of this writing, Discord has, as if to prove this point, been
> >> globally
> >> > > unavailable due to Cloudflare issues.
> >> > >
> >> > > > Matrix, and its main client Riot, are much more interesting to me
> >> > > currently, as they are (ambitiously) trying to solve multiple
> >> problems at
> >> > > once: a modern chat system, with voice and video and file sharing,
> >> with
> >> > > end-to-end cryptography, while maintaining a decentralised network
> >> > > architecture so that anyone can run their own instance, join and
> >> federate
> >> > > with the rest.
> >> > >
> >> > > Well, to harp on about long lost battles - XMPP did it first. I firmly
> >> > > believe that if all the effort spent on Matrix clients had instead
> >> been put
> >> > > into improving XMPP, then it would far surpass the current standards
> >> of
> >> > > both. Even so, XMPP is the protocol with several independent and
> >> mutually
> >> > > compatible server _and_ client implementations, as well a
> >> well-established
> >> > > protocol (and protocol extension process).
> >> > >
> >> > > > Current versions of Riot might not be entirely as slick as Discord,
> >> but
> >> > > they are getting better and they are very usable.
> >> > > > Incidently, Matrix has bridges to connect to other chat network (and
> >> > > ideally, bridge them together, hence the name), and can bridge to
> >> Discord.
> >> > > So there's a possibility of getting everyone to play nice with each
> >> other.
> >> > >
> >> > > Bridging has, time and again, shown itself to be a Much Harder Problem
> >> > > than may be apparent, with massive amounts of boring corner cases and
> >> > > exceptions. We'll see.
> >> > > >
> >> > > > Regarding Firefox vs. Chrome, Firefox has been the only browser
> >> (with
> >> > > any relevant market share) that isn't the product of a for profit
> >> company
> >> > > for a while. While Mozilla have made questionable descisions at time
> >> (and
> >> > > outright mistakes at others), that alone should be a strong argument
> >> to
> >> > > consider where one gets their browser from. I recall reading a
> >> statement in
> >> > > an article around Chrome's release about 10 years ago by then-CEO Eric
> >> > > Schmidt explaining that at the end of the day, if you want to be able
> >> to
> >> > > really control and see what users are doing, you need your own
> >> browser.
> >> > > This was when people couldn't quite understand why Google would build
> >> its
> >> > > own browser when Firefox had manage to end the Internet Explorer dead
> >> lock
> >> > > and they had a good relationship.
> >> > > > That passage really stayed with me (and if anyone were to find it,
> >> I'd
> >> > > be very greatful, I can't seem to do so).
> >> > > >
> >> > > > So yes, it's not that surprising that, when push comes to shove, the
> >> > > engineering teams working on Chrome have to bow to the business
> >> priorities
> >> > > of Google, the world's (more or less) biggest advertisement company.
> >> > >
> >> > > I'm in complete agreement.
> >> > >
> >> > > > Cheers,
> >> > > >
> >> > > > axel
> >> > > >
> >> > > > --
> >> > > > axel simon
> >> > > > mail/matrix: axelsimon at axelsimon.net
> >> > > > twitter: @axelsimon
> >> > > >
> >> > > > --
> >> > > > Liberationtech is public & archives are searchable from any major
> >> > > commercial search engine. Violations of list guidelines will get you
> >> > > moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe,
> >> > > change to digest mode, or change password by emailing
> >> > > lt-owner at lists.liberationtech.org.
> >> > >
> >> > > --
> >> > > Petter Ericson (pettter at acc.umu.se)
> >> > >
> >> > > --
> >> > > Liberationtech is public & archives are searchable from any major
> >> > > commercial search engine. Violations of list guidelines will get you
> >> > > moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe,
> >> > > change to digest mode, or change password by emailing
> >> > > lt-owner at lists.liberationtech.org.
> >>
> >> > --
> >> > Liberationtech is public & archives are searchable from any major
> >> commercial search engine. Violations of list guidelines will get you
> >> moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe,
> >> change to digest mode, or change password by emailing
> >> lt-owner at lists.liberationtech.org.
> >>
> >>
> >> --
> >> Julian Oliver
> >> https://julianoliver.com
> >> https://criticalengineering.org
> >> PGP https://julianoliver.com/key.asc
> >> Beware the auto-complete life
> >>
> >>
> >> --
> >> Liberationtech is public & archives are searchable from any major
> >> commercial search engine. Violations of list guidelines will get you
> >> moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe,
> >> change to digest mode, or change password by emailing
> >> lt-owner at lists.liberationtech.org.
> >
> > --
> > Liberationtech is public & archives are searchable from any major
> > commercial search engine. Violations of list guidelines will get you
> > moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe,
> > change to digest mode, or change password by emailing
> > lt-owner at lists.liberationtech.org.
>
>
>
> --
> Rory Byrne
> CEO & Co-Founder,
> Security First.
>
> Checkout our new, free online digital security training courses at:
> https://advocacyassembly.org/en/partners/securityfirst/
>
> Download Umbrella App on Android from:
> Google Play Store:
> https://play.google.com/store/apps/details?id=org.secfirst.umbrella
>
> Amazon App Store:
> https://www.amazon.com/Security-First-Umbrella-made-easy/dp/B01AKN9M1Y
>
> F-Droid Repo:
> https://secfirst.org/fdroid/repo
> F-Droid Fingerprint:
> 39EB57052F8D684514176819D1645F6A0A7BD943DBC31AB101949006AC0BC228
>
> Github Repo:
> https://github.com/securityfirst
>
> Mobile: +44 (0) 79 80489841
> rory at secfirst.org
> Skype: rorymbyrne
> Twitter: @_SecurityFirst
> Facebook.com/secfirst.org
> Keybase.io/rorybyrne
> Peerio: rorybyrne
> PGP: 2C1D3B4D (3354 4E0E 69FB 21A1 1D66 1763 FFB9 B5BE 2C1D 3B4D)
> XMPP: rorybyrned at jabber.ccc.de <rorybyrne at jit.si>
> OTR: (9CBC6FA9 BA4F508D DAD41939 E549A481 BACA2F70)
>
> ----------------------------
> Global Security First Ltd. Company Number: 08737382.
> Registered Office: Ground Floor, 2 Woodberry Grove, London, N12 0DR, UK.
>
> ***** Email confidentiality notice *****
> This e-mail and any files and attachments transmitted with it are
> confidential and/or privileged. They are intended solely for the use of the
> intended recipient. If you are not the intended recipient, please note that
> any review, dissemination, disclosure, alteration, printing, circulation or
> transmission of this e-mail and/or any file or attachment transmitted with
> it, is prohibited and may be unlawful. Please contact the sender and/or
> rory at secfirst.org if you believe you have received this email in error -
> then delete the email. Global Security First Ltd may monitor email traffic
> data and also the content of this email for the purposes of security.
>
> Please consider the security of the information and the environment before
> printing this email.
> --
> Liberationtech is public & archives are searchable from any major commercial search engine. Violations of list guidelines will get you moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, change to digest mode, or change password by emailing lt-owner at lists.liberationtech.org.
--
Julian Oliver
https://julianoliver.com
https://criticalengineering.org
PGP https://julianoliver.com/key.asc
Beware the auto-complete life
More information about the LT
mailing list