[Replicant] Using signal/textsecure
Kurtis Hanna
kurtis at riseup.net
Mon Nov 9 23:52:59 UTC 2015
Hey all,
It'd probably be best to have a bunch of federated "LibreSignal" servers instead of having FOSS versions of Signal that all still use the walled garden / silo server that Signal uses. People could just compile and run this on their own servers then whitelist other people's servers if they want to federate with them: https://github.com/WhisperSystems/TextSecure-Server
@xmikos from twitter said that the Signal server currently only white lists one other server, which is the CyanogenMod's WhisperPush server. https://twitter.com/xmikos/status/649651620188409857
A second best option, if we don't go the federated servers route, would be for Open Whisper Systems to agree to whitelist even just one server for people who use @JavaJens's fork. This would give us more of a degree of autonomy and might relieve Moxie of his frustrations since we wouldn't be taxing the Open Whisper Systems' server with our users. It'd be great if Open Whisper Systems were to develop a list of criteria for LibreSignal servers to become whitelisted.
Here's the most relevant microblog thread I can find on the topic of Moxie's feelings about forks: https://twitter.com/thegrugq/status/644497238803116033
Here's some of moxie's statements in the thread:
@moxie: @xmikos If you feel you can do better, we're happy our software can facilitate your attempt. Just use your own name and servers. @thegrugq
https://twitter.com/moxie/status/644653505077116928
@moxie: @xmikos If you don't like how we do things, you can use our code to run your own servers with your own name. But you're not entitled to ours https://twitter.com/moxie/status/640409526592630784
@moxie: @xmikos If you're going to fork TS, could you please a) call it something else and b) connect to your own server? It's already confusing ppl https://twitter.com/moxie/status/640352451502039040
People that use @JavaJens' fork seem to all already be using a different name other than Signal, so that part is taken care of. The next issue is the server. If the user agent string that websocket-reborn clients talk to the server is already changed so that OWS can see the people who use their servers who aren't using the canonical Signal, this means that they have power over FOSS users and can ban us at the flip of a switch. We need to enter in to a dialogue with OWS about how we can get users of @JavaJens' fork off of the OWS servers in a way that works for everyone. It'd be a damn shame if OWS ends up not being willing to federate with any other servers at all, but I think it'd be best for FOSS Signal users to start the migration now instead of having a situation where OWS bans us all randomly some day and we have to start the migration then.
Currently, OWS' Signal is a walled garden / silo and a few of us little birds are able to fly over the wall. Who here might be willing to ask Signal to build a door in their wall (by federating with a LibreSignal server) before they turn the wall into a dome that not even us birds can get in? Federation is already built in to the Signal servers. Let's do something beautiful with this feature in a way that is amicable with OWS! It would be truly disappointing for us to approach OWS and ask them about how we can federate with their servers and for them to say that there isn't any way for us to do so after they've gotten nearly 1.5 million from the US Federal Government: https://www.opentech.fund/project/open-whisper-systems Hopefully the Open Tech Fund isn't funding an org that decides to be a walled garden / social silo.
The #indiewebcamp community really has helped open my eyes on this issue. Here's a relevant page on their wiki: http://indiewebcamp.com/silo Hopefully we don't need to add Signal to the list they have compiled.
Lastly, if you all clicked on @johns_FSF's tweet that he posted on this thread a few days ago, you might have seen that moxie responded by posting this link in which he challenges us to build solutions instead of just complain: https://news.ycombinator.com/item?id=10498745
He also said:
@whispersystems: @johns_FSF I'm not sure we've ever said that, but if anything this tweet is actually demonstrating that it might be true. https://twitter.com/whispersystems/status/662315060664991744
In Solidarity,
Kurtis
@captainkurtis
On Mon, 09 Nov 2015 20:39:10 +0100
Simon Josefsson <simon at josefsson.org> wrote:
> Tyler <tyler at hack.ink> writes:
>
> > I personally recommend just building from source. Moxie and xmikos had a
> > fight over naming shit, I don't want to piss off Moxie any more than we
> > already have because I want to keep using his software. Piss off moxie
> > enough and he may decide to make our lives harder and blacklist us from
> > the main TextSecure Server which then means you'd have to start running
> > your own server infrastructure and distribute custom apks to your
> > friends so they could talk to you.
>
> Having a centralized server infrastructure can be a
> security/privacy/foss concern as well. Are there any free software
> Signal servers out there? If one person has the ability to ban
> arbitrary people from the network, that raise a red flag to me.
>
> /Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20151109/2da3ddd3/attachment-0001.asc>
More information about the Replicant
mailing list