It will be open source, end to end encrypted using Signal’s double ratchet encryption protocol, and he plans to make it easy for fediverse platforms to integrate it. The beta will release later this month.

He’s also the creator of https://fedidb.org btw

  • Jackthelad@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I just saw this on Mastodon and was about to post it here. 😄

    Pretty cool idea. Though I’m not looking forward to trying to convince my friends to switch to yet another new platform. 😂

  • ren (a they/them)@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    While I doubt I could get my friends and family on yet ANOTHER messaging app in the year of our lord 2023.

    Sup. Is a fucking brilliant name.

    • garretble@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I personally hate the name, but only because I had a roommate in college who would start every conversation with “sup.”

      On text messages, IMs, in person, you name it. It really started to get under my skin.

      But I hope the software is good.

      • Magiwarriorx@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I remember idly wondering how DMs worked in Lemmy, and I was kinda shocked when I realized they aren’t secure.

        • Aloso@programming.dev
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          “secure” is relative. They may not be e2e encrypted, but they are still encrypted via TLS, like any HTTPS traffic. It’s the same encryption used for online banking. If you care about your instance admin being able to read your messages, you should use Signal or a Matrix client though.

          But remember that only a few years ago, almost nobody used e2e encryption, and it wasn’t much of an issue.

  • PineapplePartisan@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’m not leaving Signal until someone implements keeping data at rest encrypted on both ends and requires multi factor unlock (bio+pin is my choice).

    So sick of E2E clients that leave the data in plaintext on the devices and then back it up in plaintext to the cloud.

    • outdated_belated@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 year ago

      Does Signal back up in plaintext in the cloud? (If so that doesn’t sound like E2E encryption… unless the ‘ends’ are uh… also constituted as the cloud itself which is… defeating the purpose).

      Where do the pub/ private keys live, exactly, tbh. (Assuming it is asymmetric encryption that they use?)

      Edit: ah, misread. I thought you said that you were not joining it due to it storing plain text in the cloud.

        • XaeroDegreaz@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Hm… If they’re not being stored on the cloud, that means offline users would never receive messages, unless Signal is purely P2P. I haven’t looked at the project, or the source, but I find it hard to believe – you can’t really do user lookups without some sort of middleware in the cloud.

          • dinckel@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            All the data they have on any specific user is the account creation date, and the last online timestamp. They’ve already done loops around this topic in the DOJ.

            And I thought it should be obvious that an online service doesn’t work if you’re offline

            • XaeroDegreaz@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Yeah, but messengers, such as WhatsApp for instance, will send you missed messages once you’re back online. That’s what I was referring to.

          • ᗪᗩᗰᑎ@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            You’re right, Signal is not P2P. The way Signals messaging pipeline works is like this - note I’m oversimplifying it for accessibility.


            Sending a message to Bob

            1. You press Send.
            2. The message is encrypted on your device with a key that can only be unlocked by Bob.
            3. The message is then “sealed” so that there’s only a “deliver to” field visible (not a “from”).
            4. The “deliver to” field is addressed with a hashed/salted label for Bob - this means Signal’s server can see its a unique user, but not what their name is.
            5. The message is finally sent to Signal’s servers.
            6. Your message sits on Signals servers until it can be delivered to the intended recipient.

            you can’t really do user lookups without some sort of middleware in the cloud.

            See their blog post about Private Contact Discovery, they’ve spent a long time figuring out how to engineer a method to know as little as possible about you.

  • vacuumflower@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Desktop fscking client, please. Not electron based would be nice, yes? QT is good.

    ICQ-style or old Skype-style user directory would be wonderful too. VoIP is not something I’d care about, file transfers are.

    This is cool.

    • exapsy@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      1
      ·
      1 year ago

      Chill, you’re not the only one here.

      VoIP in a mainstream messenger is something that most people use nowadays to avoid calling people from their SIM cards which costs them much.

      Video calling too is something I personally use too especially on iMessage or Telegram.

      I’m a software engineer, I appreciate some old school things that work perfectly well like ICQ or Vim or emacs or working only with shortcuts. But you know what’s also a shortcut? Not having to use 50 different messengers just because this one doesn’t have VoIP and I can’t bring my friends or my mom here but I can bring only my nerd friends”.

      This is all business and target audience oriented. You are not the only target audience out there and especially when you don’t demand from a messenger to be able to have VoIP. Even Instagram has VoIP these days. A photo-video-media sharing app. Let alone a messenger.

        • exapsy@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          0
          arrow-down
          1
          ·
          1 year ago

          I talked about various audiences not just myself. The person I replied to talked as if the app was made for him explicitly. “VoIP is not something I’d care about, file transfers are” like this kind of talking is like bruh, the app is not made only for you.

          • mckean@programming.dev
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            yeah, the app is made for you and him. So doing the math we have a -1 “VoIP is not something I’d care about” and a +1 “Video calling too is something I personally use…” which results in 0% significance. So let’s just talk, voice our opinions, and chill.

            • exapsy@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              0
              arrow-down
              1
              ·
              edit-2
              1 year ago

              No, the app is made for everybody who wants to use a messenger. Not just you and him. It’s supposed to be under the standards of the feddiverse.

              The comments here are not a poll. Providing especially personal comments about a nerdy user like me and the guy I replied about “I would like it like ICQ” and such shit, would not help the creator make a good choice. Most people nowadays, especially zoomers, dont even know what ICQ is or how it works or how to even login to it. Most people, proven by ehm … the success of messenger, discord, whatsapp, telegram, viber, signal everything … want a messenger that provides what the mainstream messenger wants with most of the features that everybody provides and are mainstream used while having ease of access.

              I could say the same with the guy I replied to. Again, I’m a software engineer with nerdy-influences towards Vim, Arch, barebones are much as I can, shortcuts only, i3wm, etc etc. But I’m also a UX/UI designer after-work for my own projects and I try to get in the shoes of the average user. Do you think the average user would want i3wm for their own window manager? Or Linux? Or Matrix with its own messy half-baked two-step verification? There’s UX/UI department for a reason. There’s no such thing as “you and me”, there’s “this audience and this audience”. And the nerd audience is a very small one.

              We should try to help the creator. Not misguide him. Again, the comments are not a poll, they’re supposed to help to make a constructive conversation. And when you talk as if the app is made only about yourself, you’re not really helping.

  • randint@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Your link, https://mastodon.social/@dansup/110836811082599292%20sup.%20is%20an%20open%20source%20encrypted%20fediverse%20instant%20messenger,%20similar%20to%20whatsapp,%20made%20by%20pixelfed.%20%20The%20beta%20will%20be%20launching%20later%20this%20month,%20and%20btw%20most%20fediverse%20accounts%20will%20work,%20not%20just%20Pixelfed%20%F0%9F%98%89 is broken. I think you accidentally copied the body text as well. Cleaning up the link results in https://mastodon.social/@dansup/110836811082599292, which works fine.

    • tate@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      1
      ·
      1 year ago

      Not blank for me. I see a bunch of graphs and statistics about the fediverse.