Open Source duel: Kontalk vs Signal


#44

There is an interesting ongoing discussion on Signal regarding federation and decentralization.

I would recommend reading both the blog entry and the comments on twitter, especially the responses by Signal.

Is Signal right? How easy would it be to do the same on a Kontalk network of servers?


#45

That’s an interesting issue.

As Signal team said on Twitter, in case of a federated network, censors would simply block all servers (which are in a limited amount anyway). To counteract censorships I only see two possible ways:

  • a P2P system (IMHO I believe the world is not ready for that yet)
  • something that changes so often (and unpredictably) that censors would find it hard to block (e.g. some sort of “IP address fronting” (you get the meaning), but the question to be able to resolve it from a hostname would remain)

The case for Kontalk is a very delicate one at the moment because of the single server involved (the second one has been inactive for some time now). Besides the distributed load factor for needing multiple servers, censorship can cause real damage to Kontalk at the moment.


#46

p2p seems to be getting there slowly but steadily, with applications like Briar, Ring and Tox all being active.

It’s great to have these as alternative solutions, especially for people that have to worry about censorship, aggressive surveillance and even internet services being blocked.


#47

I’f just found https://delta.chat/

This looks for me like a good addition to XMPP system (with OMEMO for perfect security).

This “messenger” is SMTP based and uses autocrypt.

I think a system like this is hard to block by governments.

And it’s absolutely platform independent and compatible to every mail client.


#48

Yes and no. It works only when you have pop or imap. With webservices only (like the Mailfence.com free accounts) it does not work.
I’ve been playing with it with my accounts from Gmail, Yandex and Mailbox.org and it works good. In your accounts you get an extra folder called Chat.


#49

I said “platform independent” not “mail provider independent” :yum:


#50

It’s not platform independent, it’s only for Android


#51

Because you can use every Mailclient it’s … :wink:


#52

Hello,
I read this topic, which is a security app now ?
I used Signal, but now i use Lineage os without google as i read Signal cant work without GSF (i install from yalp store and work i dont know what the matter is)
Now i found this Kontalk, how much this app is secure, is it possible for someone to read my conversations? conversations images audio are they being stored on a server or anywhere?
Is everything encripted? Whether the government or my internet provider has insight into my messages?
Im not an expert, but im worried about my communication, i have nothing strictly confidential, its just not nice when know someone can read it or everything is stored somewhere. Thanks
Sorry for my poor english


#53

Hi and welcome to Kontalk.

My english is also very bad :wink:

But still I will try to answer.
All messages are End to End PGP encrypted.
And after receiving the message it will deleted on the server.
So nobody then you and your chat buddy can read the messages (including audio an pictures)

For more privacy stuff (like phone number using and so on) you can read this:

https://github.com/kontalk/network/blob/master/docs/privacy.md

At the moment it’s only available in english.
But I will translate it into german as soon as possible.

I hope I could help.
If you need more informations feel free to ask again.


#54

I wanna help for translate, im from Balkan.
Can you send me private message for info?


#55

Hi @poskok,

thank you. We can need all the help we can get :+1:

For this special document we have to wait fir the developer (@daniele_athome).

But if you like to translate the App or the Wiki you can do it on your own.

For translating the App you have to create a Account for Weblate.

Just take a look to see do your language already exist and are there untranslated strings:

https://translate.kontalk.org/projects/kontalk-androidclient/app/

And for translating the wiki you need a GitHub Account.

The wiki can be found here.

https://github.com/kontalk/androidclient/wiki

If you need some more infos, I will try to help as good as I can.


#56

BTW.
I have sendet not a private message about that, because I believe this way, more people can benefit from my post.

And so I have to write it only on times :grinning:


#57

I’d like to know how Signal doesn’t need “trackers” in the Google app store to work, but Kontalk needs it (not in f-droid). I was answered by email about this:

As for the trackers, those are in the Google Play version in order to use push notifications and crash reports (you can opt-out of both if you’d like, but push notifications are a big battery saver and message content is not shared with Google, it’s just a signal for the app like “hey, there are new messages, go connect and dowload them!”).
Another difference is map providers: the F-Droid version has only
OpenStreetMap, the Google Play version has both OSM and Google Maps."

Yes, I use the F-droid version and also my wife, but if I want some friends out there (using the Google App store) to use it, they won’t follow my steps to download it from F-droid (you know…). I’d be more happy if Kontalk avoids all those “trackers” because other apps (like Signal) don’t need it to work.
Opinions?

https://reports.exodus-privacy.eu.org/en/reports/45028/
https://reports.exodus-privacy.eu.org/en/reports/51066/


#58

Weird. Firebase analytics should be disabled. I’ll investigate.

As for Crashlytics, we use it for statistics purposes and automatic crash reports. You can opt-out of both of them, and recently we’ve been considering abandoning analytics in general and leave only the crash reports (they are much more detailed than the Google Play ones and they help fixing bugs a lot).
I was recently looking for an alternative since the Google acquisition, but it’s going to take some time for it to be replaced completely.

As for Signal, I didn’t check the source code but they probably have their own crash reporting (or use just the Google Play one).


#59

It is disabled. This is something that probably has to do with the build process. It won’t activate for sure.
I’ll check it out.


#60

Thanks for the answer!
Exodus look only for code signatures, maybe the code is there but it’s not activated.