[social media] Community-driven, open (source) alternatives for "FresseBuch", TW;TR, WhatsApe etc.

[getopt]

I strongly recommend to use Signal messenger.

Only for those who are willing to give a phone number.
Has this changed recently?

 

[a6h]

Has this changed recently?

No but you don't have to give your real number. Create a pseudonymous Google account and Voice VoIP and use that in signal to receive confirmation SMS.

 

[getopt]

Google account

My ZEN work is a living without Google.

 

[a6h]

My ZEN work is a living without Google.

I trust in math too, thus I agree with you.

 

[Mjölnir]

The decision makers, managers & shareholders of social media platforms & associated companies do trust in math, too, and unfortunately their employees know how to handle it...

 

[Sevendogsbsd]

I used to use Facebook (wife wanted me to, enough said...) but I found it to be useless and the "friends" I had were anything but so I deleted the account. I have had a couple of Twitter accounts but the posts become so caustic (politics), I just get angry at them and I don't want to be angry all the time so I no longer have a Twitter account either.

I also used to have a LinkedIn account but since I am in InfoSec and used to work for the US. government, having those 2 things in my LinkedIn profile caused a large number of entities from adversarial nations to reach out to me. Too many contact attempts to list, and I am sure all of them were social engineering attempts to glean information from me. Needless to say I also no longer have a LinkedIn account.

Having said all of this, I am fairly anonymous on the Internet. Not completely because using Internet services makes complete anonymity nearly impossible or at least too difficult to be worth it. It's a question of balancing risk. I am more concerned about privacy than anything else so that is one of the major drivers for me to shun social media. I do love being able to communicate with others in forums like this though so appreciate that mediums like this exist.

I do have some people I communicate with on chat mediums (Telegram) and that is done anonymously as well.

Agree with others that although I do like open source variants of commercial social media, running them requires capital so as they get more popular, some get taken over by commercial entities.

 

[ralphbsz]

Alternatives? There is a german idiomatic expression: Du musst die Menschen da abholen, wo sie stehen. In English: You have to collect (or pick up) the people where they stand. Think of a bus: If a bus wants to transport people, it has to go to the bus stop, because that's where the people stand and wait for the bus.

AFAIC, good(?) alternatives for the notorious commercial social media sites exist:

• [social network] FresseBuch, InstaGrab --> ???

First, insulting Facebook (and its subsidiary Instagram) by misrepresenting its name doesn't change the facts.

I use Facebook to communicate with people. There is a relatively small set of people whose posts I actually see (many dozens, perhaps low 100, plus a few "community" groups that are defined by neighborhood, plus a few "interest" groups that are defined by hobbies (orchestral percussion playing). Those people happen to post on Facebook, and they expect my posts on there too. If I looked for their posts elsewhere, they wouldn't be there, and if I posted my updates elsewhere, nobody would see them.

This is an example of the "network effect": The efficiency of Facebook comes from the fact that a very large fraction of all people use it for the same purpose, which is open-ended social chatter, plus some highly targeted special interest groups. If 1% of all people were to use a different site, that site simply wouldn't work: nobody would use it because you won't find the people you're interested in there. Since I'm looking for a site where I can efficiently and quickly see updates from most of my friends, this requires a monopoly-like solution, so it's no wonder Facebook has a monopoly there. Or what I'm really saying: From my viewpoint, there is no alternative to Facebook for efficient quick checking of what my friends are saying or doing.

The interesting thing is that Facebook groups are making significant inroads into the area that used to be served by forums, such as this one.

I use LinkedIn, but only because lots of former and current colleagues use it as a sort of "address book": If I need to find my old buddy Adam Bob, with whom I used to work at Yoyodyne 15 years ago, I look on LinkedIn. LinkedIn is also vitally needed when job hunting these days, as many recruiters use it as their only communication tool. I never post anything on LinkedIn, nor do I spend much time looking at what other people post theree.

• [microblogging] TW;TR --> identi.ca, mastodon sites, sites driven by GNU social
• [blog] TM;BLR --> ???

I don't generally blog. If I want to publish something, I use my own web site (which is just a simple publicly visible server running Apache), but it usually doesn't have long texts on it (sometimes it does). If I want to blog on a particular topic (for example as part of a political campaign), I set up a dedicated web site; I own maybe a half dozen of those.

[music] Tune.fm --> libre.fm

For listening to free music, I simply use youtube. Sometimes I add soundcloud and other free music-sharing services. I've also been known to occasionally pay for subscription music services, when they have something specific that I want to listen to and can't find elsewhere. Most of the paid music I listen to on physical CDs that I rip myself.

[Instant-Messaging] What'sApe --> numerous; many clients support cross-posting

Again, I pick up people where they stand. This depends strongly on context and geography.

For work-related IM, I use whatever my employer provides. Every employer has provided a full-function IM service using internal servers, they typically are very well integrated with e-mail and the employee directory, and they have policies that prohibit using outside IM services for discussing internal matters (for reasons of information security).

For personal IM, I use whatever my communication partners want to use. I think in order that would be

1. WhatsApp, which is very good, highly reliable, good user interface, has excellent integration with audio and video calls, which tend to be very high quality even at reasonably low bandwidth, and the integration with my personal address book works well, since the cell phone number is the identifier. A nice feature is that I can use it both on my desktop machine and on my tablets and cell phones, completely interchangeably.
2. Facebook Messenger, similar to WhatsApp, although the audio/video quality tends to be worse, and using Facebook user names as identifiers causes some confusion. Same seamless portability between multiple distinct devices.
3. Skype. Some people strongly prefer Skype for message chatting. Which is strange, because its user interface is a bit clumsy. And in spite of the fact that Skype was the pioneer in IP-based phone calls, the voice quality on Skype audio calls tends to be atrocious. So I only use it if I have someone who has a strong preference for it.
4. SMS and voice phone calls (usually cell phone to cell phone), for those people who prefer not using dedicated IM applications but instead SMS. Fortunately, I can do SMS from my desktop machine too.
5. Google Hangouts and Apple Messages, but the number of people using those is relatively small. The big drawback of those is that they are device-specific: Hangouts only works on my Android phone, not the iOS tablet. Apple Messages only works on my Mac desktop (I have it disabled on my iOS tablet, it would work there, but I'm not interested).
6. Absolutely nobody I communicate with uses any IM service that's based on open protocols.

Are the commercial services in fact better than the ones driven by community (poll above)? The latter have at least one big plus: they respect privacy.

Do you have any evidence that Facebook (owner of Messenger and WhatsApp), Microsoft (owner of Skype), OS vendors (Android, Apple) for SMS, or Google and Apple (for Hangouts and Messages) look at the content of my IM chats? On the contrary, there is strong evidence that they do not.

IMHO the main reasons that so many sheep ...

I do very much object to being called "sheep". I do understand pretty well how privacy works, and how these services are implemented, and I don't use them because I'm a sheep. I use them because they are convenient and useful, and I understand the privacy implications. For example, when I post something on Facebook, I expect exactly zero privacy, after all I just posted it for the world to read.

do not use the community-driven, open services are

• avarice when it comes to money -- even small amounts -- & false generosity concerning privacy
• peer pressure: "all my friends are there, so what shall I do..."

It's not peer pressure. It's practicality. When I need or want to communicate with someone, I ask them how I can reach them. If they tell me "write to me on WhatsApp", I will do that. If they ping me on Facebook messenger, I will reply there. If they say "send me a paper letter in the mail", I would do that too (except that nobody has said that in about 10 years). Given that the two or three largest IM services (including SMS and the voice phone call network) all have very large market share, it simply makes sense to use them.

 

[Jose]

I'm occasionally forced to participate in the "social" media circus because work. I always create a new account, use it only for the job at hand, and abandon it thereafter. I'm not interested in having a for-profit corporation control my identity and censor my communications over the Internet.

I flatly refuse to use anything besides email and SMS in my personal life, and the latter grudgingly. Yes, this has cut down on the number of people I communicate with, but not so much as to make me regret the tradeoff.

I do not use my personal phone for any work related communications. I urge you to do the same if you live in the US. Your personal phone could be subpoenaed and searched if whomever you work for is involved in litigation.

...I really wish there was a common messaging standard worth using but XMPP is sadly not that standard...

You mean like SMTP?

 

[ralphbsz]

I do not use my personal phone for any work related communications. I urge you to do the same if you live in the US. Your personal phone could be subpoenaed and searched if whomever you work for is involved in litigation.

Excellent advice. Applies worldwide, not just in the US, and it particularly applies in Russia and China. Even if it means carrying two phones in the pocket most of the day.

The opposite is also true: If you use your work phone or computer for personal stuff, make sure that you do it in a fashion that leaves no traces. For example, if the keyboard on my work laptop breaks, I would just hand it to the service people, and they would give me a replacement laptop, and eventually get around to fixing it, and giving it to someone else who needs one. And while I'm sure they would wipe it, I don't want the service desk to see all the cat pictures I stored on the laptop, or the printouts of my bank account. So what I do is to do personal stuff through either browser windows to password-protected web servers, or via VNC-like technology (ssh to a personal server, run VNC to a personal machine, and so on).

By the way, we no longer have a cat (it was sadly eaten by a pack of coyotes), so I don't actually have cat pictures. And my bank account is boring (most of what is in there is the salary I get from my employer, which they know about), so the above examples are hypothetical.

I flatly refuse to use anything besides email and SMS in my personal life, and the latter grudgingly.

What makes you think that e-mail and SMS are any more or less secure than message systems such as WhatsApp? If you listen to what the national security apparatus can do and does, you would not think for a moment that SMS, voice calls, or e-mail is particularly secure.

 

[Jose]

Do you have any evidence that Facebook (owner of Messenger and WhatsApp), Microsoft (owner of Skype), OS vendors (Android, Apple) for SMS, or Google and Apple (for Hangouts and Messages) look at the content of my IM chats? On the contrary, there is strong evidence that they do not.

Well Google certainly has in the past. I'm not willing to bet they'll continue to be "good".

The opposite is also true: If you use your work phone or computer for personal stuff, make sure that you do it in a fashion that leaves no traces.

I avoid doing anything that could be considered personal business on any equipment provided by a client or an employer. I do occasionally have to field an email from wife, but we immediately negotiate another mode of communication and switch.

You should assume any activity you perform on corporate equipment is available to any employee of that corporation.

By the way, we no longer have a cat (it was sadly eaten by a pack of coyotes), so I don't actually have cat pictures.

Heck of a way to go. I'm sorry.

What makes you think that e-mail and SMS are any more or less secure than message systems such as WhatsApp? If you listen to what the national security apparatus can do and does, you would not think for a moment that SMS, voice calls, or e-mail is particularly secure.

I'm not worried about the national security apparatus. They certainly have the resources to get at my information should they want it. I'm worried about Tom, Dick, and Harry with a subpoena. All of the online providers will comply with subpoenas immediately. It'll take a search warrant to get to my server, and a court order to force me to hand over passwords. This is a much higher bar.

The privacy of telephone communications has typically enjoyed stronger legal protection than stored written communications. I would guess that SMS is a gray area. I did say I use it only grudgingly.

 

[getopt]

Why is it so painful for people to negotiate an appropriate communication channel? Latest clients usually find protocol and a common encryption after initial hello even with a crappy server. Humans fail on this because of emotions and beliefs.

Looks like there is a need for a human buddy-RFC procedure for finding a common ground to proceed with a communication. Sad - but obviously we deserve the world in what we are living.

 

[ekvz]

1,5 years were a long time in the sixties of the last century. All I could read is opinion without giving any reason.

I've seen some people trying Prosody and going back to ejabberd. OMEMO has become a choice next to OTR and both have different usecases. Some clients improved nicely.

I don't question that there probably has been some improvement and i fully agree that OMEMO is nice but it's more of a base requirement to even be considered on par with something as miserable as Whatsapp than any real selling point. Also as with pretty much anything in relation to XMPP it's just an extension. Who knows if your conversation partner supports it, one of the other 2 encryption standards or maybe nothing at all. At least it doesn't also depend on the extensions supported by the involved servers (i think)... As a side effect there is also no way to make it an enforced default (yes, i'd rather have a sane default that actually gets used on a broad scale than X super specific choices used by about 5 techies while being ignored by endusers since "it already works without it") .

Regarding not giving a reason: Well, what kind of reason do you want? In my opinion i've already stated my reasons. I just didn't go into much detail and to be honest i don't see a point in doing so but how about we just start with how that monstrosity is based on XML which is about as bad as it gets in terms of parsing and also pretty awkward when dealing with binary data? Or we could discuss how much abstraction is to much abstraction when your primarily goal is practically nothing more than transfer data between clients in an orderly fashion. Complexity also has a very real cost even if it happens to work and having each client/server basically define it's own standard in terms of supported extensions leaves you with something that will only work if the stars are aligned right.

I could also go on to give examples from practice where XMPP (or rather the servers and clients involved since what does XMPP even mean?) failed badly but that's not the point anyways. Even if it worked perfectly it would still be technical dept. Sure you can keep it but until you get rid of it you will always have to pay interest.

 

[ekvz]

You mean like SMTP?

I am sorry i left out the "instant". I hope you can forgive me.

In case you just wanted to see me rant some more: SMTP is also horrible. It's stoneage stuff held together by tons duct tape because it's to big to replace. In that case i am actually happy about dragging it on though. Whatever it would be replaced by is sure to be 100% scary bad so i'd rather keep it.

 

[ekvz]

No but you don't have to give your real number. Create a pseudonymous Google account and Voice VoIP and use that in signal to receive confirmation SMS.

How would i even go about doing this? As soon as i try to sign up for anything google they ask for a number.

 

[a6h]

How would i even go about doing this? As soon as i try to sign up for anything google they ask for a number.

i haven't opened a google account for a long time. I can't help you on this subject, but I'm sure there's online tutorial on the net. Also I'm not a google consumer. I hate Google and Apple. I can't provide you some rational. It just my feeling and instinct. I don't have similar feeling toward Microsoft or Amazon. For whatever reason everything about google disgust me. Its CEO and their policies, its API's (Angular, etc) and products UI/UX (Drive, etc) and Google Thumpers.

 

[ekvz]

i haven't opened a google account for a long time. I can't help you on this subject, but I'm sure there's online tutorial on the net. Also I'm not a google consumer. I hate Google and Apple. I can't provide you some rational. It just my feeling and instinct. I don't have similar feeling toward Microsoft or Amazon. For whatever reason everything about google disgust me. Its CEO and their policies, its API's (Angular, etc) and products UI/UX (Drive, etc) and Google Thumpers.

I see. I also remember it being possible to just skip entering a phone number but it seems this is no longer the case. Maybe it is depending on client IP but even looking around the web for howtos just resulted in outdated material. It's not like i really want a google account anyways. It's just stuff like their Voice numbers that would be handy now and then to use for throwaway purposes.

I was a Google user for about one day though. I had made an account because i wanted to upload some videos to youtube. My first action was trying to upload a single test video (30 seconds of black screen with "THIS IS A TEST" written on it). It failed. The next day Google told me they had detected "suspicious activity" and blocked my account... I have nothing more to add when it comes to Google.

 

[unitrunker]

Too many contact attempts to list, and I am sure all of them were social engineering attempts to glean information from me. Needless to say I also no longer have a LinkedIn account.

You should have created an account for a fictitious co-worker named "Honey Potts".

 

[Jose]

I am sorry i left out the "instant". I hope you can forgive me.

If "instant" means "reasonably fast" (and it does for me), SMTP is more than adequate most of the time in my experience. Notable exceptions are when you run afoul of my SPAM mitigation measures. This is a feature.

In case you just wanted to see me rant some more: SMTP is also horrible. It's stoneage stuff held together by tons duct tape because it's to big to replace. In that case i am actually happy about dragging it on though. Whatever it would be replaced by is sure to be 100% scary bad so i'd rather keep it.

That's one way to look at it. Another is that nothing better has emerged in 48 years. Many have tried. Personally I think that no one has matched the decentralized, federated nature of the SMTP protocol. Sure, naive assumptions about who would use the protocol led to the SPAM nightmare, but again, SMTP has been there done that. I feel like a lot of the problems XMPP is experiencing right now are SMTP in the early part of this century.

There are no presence features in SMTP. I don't miss them, and they could be added if anyone really cared. The only thing SMTP needs is a modern client that does away with the outmoded metaphors of 20th-century desktops. How many people alive today have actually seen a physical inbox? Why are we needlessly bound by the idea that messages live in folders?

 

[getopt]

Personally I think that no one has matched the decentralized, federated nature of the SMTP protocol. Sure, naive assumptions about who would use the protocol led to the SPAM nightmare, but again, SMTP has been there done that. I feel like a lot of the problems XMPP is experiencing right now are SMTP in the early part of this century.

Decentralized and federated designs of infrastructure are known to be the most robust. Other protocols than SMTP do utilize this as well. And yes I'd prefer this design for any communication. And yes SMTP cannot be fixed anymore (i.e metadata problem) and should be abandoned.

'Naive assumptions about who' would use a protocol *should* not affect it's reliability. Can you give an example please?

Spam is both a result of user behavior and bad server security. I use email addresses with zero spam in a decade. No need for spam filters here.

'Experiencing a feeling' is an upmost personal arousal. What's the purpose of talking of 'a lot of problems' and not listing at least a few of them?

Opinion talk without reasoning is at best low level entertainment.

 

[Sevendogsbsd]

Definitely not a lack of education or ignorance on my part. I just don't CARE about social media, which is why I answered that way.

 

[Sevendogsbsd]

Statistics as a whole is largely misunderstood...trying to derive any sort of statistic from an Internet forum without a controlled population is pretty useless but I think most people in this situation just want a "gut feel", which is obviously not scientific...I don't mind polls and actually enjoy answering them.

 

[ekvz]

Decentralized and federated designs of infrastructure are known to be the most robust. Other protocols than SMTP do utilize this as well. And yes I'd prefer this design for any communication. And yes SMTP cannot be fixed anymore (i.e metadata problem) and should be abandoned.

I agree, decentralization and federation are very much desirable features for communication protocols but in the case of SMTP it won't help much.

https://blog.filippo.io/the-sad-state-of-smtp-encryption/ has a nice write up on how the STARTTLS duct tape never was exactly tight and now is waiting for another layer of DNSSEC duct tape after 20 years of being semi lose... Like the author says: It's a sad state.

 

[mickey]

Looking at the interim result of the poll:

An overwhelmingly Don't know / don't care reflects either a lack of education or ignorance. Quod erat demonstrandum?

Or a lack of interest in social media in it's entirety...

 

[Mjölnir]

Well, it's pretty obvious that the answers in this forum are by no means representative. I enabled the poll because... it's there, why not use it?!

First, insulting Facebook (and its subsidiary Instagram) by misrepresenting its name doesn't change the facts.

of course not, but given the number & consequences of all the commonly well known affairs & scandals with facebook, twitter, google etc.pp. I took the freedom to express my disapproval through cocophony and I commented that.

[...] Those people happen to post on Facebook, and they expect my posts on there too. If I looked for their posts elsewhere, they wouldn't be there, and if I posted my updates elsewhere, nobody would see them.

Modern clients support cross-posting to several platforms, and once influencers start to use alternative platforms, they will convince others to follow.

[...] Do you have any evidence that Facebook (owner of Messenger and WhatsApp), Microsoft (owner of Skype), OS vendors (Android, Apple) for SMS, or Google and Apple (for Hangouts and Messages) look at the content of my IM chats? On the contrary, there is strong evidence that they do not.

Are you serious??? It's well known that they do, with linguistic AI software, and "human resources" read the posts where some flags go up, and censor where their policy is violated. In some cases, this is good, in some it's bad. Additionally, they're much after the metadata (who knows whom and such), that's their business model, there have been and will be numerous misuses of metadata, and you know it. Don't play dumb, please.

[...] It's not peer pressure. It's practicality. When I need or want to communicate with someone, I ask them how I can reach them. If they tell me "write to me on WhatsApp", I will do that. If they ping me on Facebook messenger, I will reply there. [...]

While it's perfectly ok to act this way, I feel that persons who have more knowledge than average Joe about IT, what is possible & what not with today's computing resources & state-of-the-art AI, can take responsibility and tell about such misuses & the dangers it implies, and point others to reasonable alternatives. EDIT: Feel free to do a quick search on the mental health issues the censors are suffering from, because they're regulary confronted with weird things like pedophile and/or overly violent topics. IIRC, most of them live on the Phillipines.

 

[getopt]

I feel that persons who have more knowledge than average Joe about IT, what is possible & what not with today's computing resources & state-of-the-art AI, can take responsibility and tell about such misuses & the dangers it implies, and point others to reasonable alternatives.

Good boy! Seven years after Snowden my enthusiasm for educating others got to a reasonable level. That is I inform only when asked for. No more crusading.

And what is most important: No more to anyone unseen. I won't teach potential adversaries and people acting against my interests anymore. There are so many dumb people outside on the Internet that I'm thankful that they gather at places I strictly avoid. And I love it meantime that security agencies scan this places. And it is a pleasure seeing that they get commercially exploited there. At least the dumbest deserve what they get there, but if Bezos, Zuckerberg & friends do a great job on this, they have to pay their taxes on their profits like every blue-collar is forced to do so.

BTW Snowden made this ruling by the U.S. Court of Appeals possible:

U.S. Court: Mass Surveillance Program Exposed by Snowden Was Illegal

Seven years after former National Security Agency contractor Edward Snowden blew the whistle on the mass surveillance of Americans' telephone records, an appeals court has found the program was unlawful - and that the U.S. intelligence leaders who publicly defended it were not telling the truth.

www.nytimes.com

A satisfaction that took seven long years. If US justice finally got it, why should I care about those who still don't care?