[HN Gopher] Wire is now on F-Droid ___________________________________________________________________ Wire is now on F-Droid Author : lucgommans Score : 180 points Date : 2022-01-28 17:08 UTC (5 hours ago) (HTM) web link (f-droid.org) (TXT) w3m dump (f-droid.org) | nimbius wrote: | no one came here for politics, this is HN. | | real questions for the hackers: how/why does this apk contain | nonfree assets in a GPL codebase? | | https://en.wikipedia.org/wiki/Wire_(software) | | Wire's source code is accompanied by the GPLv3 but the readme | file states that a number of additional restrictions specified by | the Wire Terms of Use take precedence | | the legal stipulations here seem to conflict with GPL3. | commoner wrote: | Section 7 of GPLv3 nullifies additional restrictions that are | attached to the client (with a few exceptions):[1] | | > All other non-permissive additional terms are considered | "further restrictions" within the meaning of section 10. If the | Program as you received it, or any part of it, contains a | notice stating that it is governed by this License along with a | term that is a further restriction, you may remove that term. | If a license document contains a further restriction but | permits relicensing or conveying under this License, you may | add to a covered work material governed by the terms of that | license document, provided that the further restriction does | not survive such relicensing or conveying. | | For example, all of the following are "further restrictions" | that are voided by Section 7:[2] | | > a. You agree not to change the way the Open Source App | connects and interacts with our servers; b. You agree not to | weaken any of the security features of the Open Source App; c. | You agree not to use our servers to store data for purposes | other than the intended and original functionality of the Open | Source App | | However, these terms are restated in the Wire Terms of Use.[3] | Any user who uses the Wire app or a modified derivative of the | Wire app to breach these Terms of Use while interacting with | the official Wire server instance is still in danger of | violating other laws like the Computer Fraud and Abuse Act[4] | in the U.S., with respect to how the app interacts with the | server. | | [1] https://github.com/wireapp/wire-webapp/blob/dev/LICENSE | | [2] https://github.com/wireapp/wire-webapp | | [3] https://wire.com/en/legal/terms-of-use-personal/ | | [4] https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act | vorpalhex wrote: | Looks promising. Happy to see a diversity in secure messaging | solutions and app stores. | vhsdev wrote: | It's always great to see new software titles land on F-Droid. The | rub with messengers is that for each new messenger we've further | fragmented our ability to communicate with one another. Rember | the telephone? You used to be able to call literally anyone and | you didn't have to ask which operator they were using. | TuringTest wrote: | Matrix.org should be able to function as the telephone exchange | that connects all communication services, as it is well posed | to work as a universal connector. | | If, at some time in the future, it manages to create a usable | bridge to connect between two popular private services (say | Whatsapp and Telegram, or Teams and Slack) it could start | accumulating network effects, and become a desirable target for | all other networks so that it is appealing for them to build | their own bridges to the Matrix services. | kitkat_new wrote: | > If, at some time in the future, it manages to create a | usable bridge to connect between two popular private services | (say Whatsapp and Telegram, or Teams and Slack) it could | start accumulating network effects | | Well, I think usable bridges for such apps are a thing | already. See e.g. https://element.io/element-matrix-store and | https://beeper.com | | Problems are: | | - it's a subscription based service | | - End to end encryption is not active for these services as | long as you don't run the bridge yourself (which in principle | is possible as well, see e.g. the description at the website | of Beeper) which stretches usable a bit... | | Both problems would likely be solved if these services would | provide an API for other messengers and would cooperate on a | common standard for E2EE like MLS, however the likelihood for | that ... seems pretty small. 1. | posterboy wrote: | Where I'm from, there used to be exactly one opperator. | sigg3 wrote: | This is essentially what signal achieves IMO: it's replacements | for sms, mms, audio with added security (plus video and group | chat). | | Using your telephone number as username the experience is | transparent and unlike all other messaging apps. I can write | texts to whomever and if they do have signal, it defaults to | encrypted coms. It's inclusive by design. | | Other services require usernames and email and whatnot, which | effectively ensures it will not be the default. (I understand | Apple users cannot change the default messaging app to only use | Signal, which is a choice in tune with the walled garden and | exclusive by design.) | npteljes wrote: | Signal doesn't achieve this at all. In this regard, they are | just another messaging service that's not compatible with | anything and also they are discouraging (to say the least) | unofficial clients from connecting official servers. They are | yet another fragment in the already fragmented ecosystem. | | What's a step forward in this regard is projects like | libpurple or Matrix bridges. Whose goal is to make already | existing networks interconnected. | stratosmacker wrote: | I think Element (https://element.io/) is worth looking at for | anyone who wants something decentralized. Unfortunately I have | exactly 1 contact who uses it, but that was true of Signal as | well 8 years ago | ncmncm wrote: | Some current problems with Element, and with the Matrix | protocol in general (there are a bunch of other clients, e.g | Nheko, Fluffychat) include that you need a "homeserver" to | store all your messages, and (1) there is no way to migrate to | another homeserver (I gave up on Matrix after the third one | went bust), (2) the homeserver has (!) plaintext access to all | traffic on it, besides all the delicious metadata the spooks | love and that (e.g.) Signal hands over to them with effusive | eagerness, (3) there is no concept of identity independent of a | homeserver, and (4) no effort at all to obscure metadata, who | you communicate with and when. I don't know of any clients that | let you manage separate identities at the same time, as many | mail clients do. (I was running Element and Fluffy to manage | two accounts, which is stupid. Maybe some do handle multiple | accounts, now?) | | Matrix defines a sort of end-to-end encryption, but the ends | are homeservers and clients. [Some people are saying not: that | homeservers don't see plaintext of E2EE traffic.] | | There is talk about self-hosting in the client, but I don't | know if it works yet, or ever will. Lack of encryption-at-rest, | wherever it is that messages live, seems like a stupendous | implementation design flaw, and makes me question all the | project's other choices. | | If, in fact, messages are, or can now be, stored securely, I | would welcome correction. Likewise, if client-side hosting | works now, or message-store migration, or a stable address | despite such a migration, or any effort at securing metadata. I | have not kept up since abandoning Matrix, but still want a | viable alternative to Signal. | | The Matrix protocol is extremely complex and getting more | complex with great speed as they try to get to feature parity | with Facebook and Twitter, making it hard to believe one will | ever be able to trust it, E2EE or no. | | Will we need to start all over again? A rigidly layered system, | with a provably secure basis, probably in a single, sandboxed | server talked to by all clients and gateways, with services | built on top, seems needed if we want both security and | features. | | As it is, it seems like clients -- i.e. application services -- | run in the same address space with what should be secure | message transport, necessarily compromising all security with | each bug added. | mintplant wrote: | > the homeserver has (!) plaintext access to all traffic on | it, besides all the delicious metadata the spooks love and | that (e.g.) Signal hands over to them with effusive eagerness | | What do you mean? Signal is known for providing minimal | information when requested by authorities, e.g., [0]. | | [0] https://signal.org/bigbrother/central-california-grand- | jury/ | ncmncm wrote: | Last I checked, it tied every single communication to a | pair of phone numbers. | kitkat_new wrote: | > (1) there is no way to migrate to another homeserver (I | gave up on Matrix after the third one went bust) | | partially true - while there isn't a protocol defined way, | you can invite your new account to your rooms, import your | encryption keys and leave the rooms with the old accounts | | > (2) the homeserver has (!) plaintext access to all traffic | on it | | hmm, isn't that unavoidable? | | > (4) no effort at all to obscure metadata, who you | communicate with and when. | | There is effort on it, e.g. by going P2P and eliminating | dedicated homeservers | | > I don't know of any clients that let you manage separate | identities at the same time | | FluffyChat, Syphon, and others I don't know the names by | heart | | > Matrix defines a sort of end-to-end encryption, but the | ends are homeservers and clients. | | The ends are the sessions in a room. The homserver is not an | end. How did you get that impression? | | > Lack of encryption-at-rest, wherever it is that messages | live, seems like a stupendous implementation design flaw, and | makes me question all the project's other choices. | | Isn't encryption at rest usually done by the operating | system? | mananaysiempre wrote: | >> (2) the homeserver has (!) plaintext access to all | traffic on it | | > hmm, isn't that unavoidable? | | Not only is it avoidable, it's not actually true AFAIU. | It's unfortunate (if historically justifiable) that Matrix | has a non-E2EE mode, but the thing it brands as E2EE is | actually deserving of the name, with messages accessible to | clients only and the associated hurdles (you literally | can't get access to message history in encrypted chats from | a new client on the same account unless you get one of your | old clients to cross-sign, even if the homeserver will help | mediate the prompt). | | Matrix is not free of problems, but it _does_ have | federated, multi-party, multi-device, end-to-end encrypted | chats with persistent history and forward secrecy. The | underlying crypto goes by Megolm[1]. It's slightly | weaker[2] (in particular regarding backward secrecy) than | the strictly two-party thing Signal does (however they | brand it these days), but nowhere near the point of | allowing the homeserver to eavesdrop. | | [1] https://blog.jabberhead.tk/2019/03/10/a-look-at-matrix- | orgs-... | | [2] https://gitlab.matrix.org/matrix- | org/olm/blob/master/docs/me... | kitkat_new wrote: | I understood it as the traffic that is received by | clients and other homeservers wether it contains | encrypted data or not. | heinrich5991 wrote: | > Not only is it avoidable, it's not actually true AFAIU. | | Note that new features apparently come unencrypted, even | in otherwise encrypted rooms. For example reacting to | messages with emoji sends the reaction non-E2E-encrypted | for both all home servers to see: | https://news.ycombinator.com/item?id=29656282. | kitkat_new wrote: | > Note that new features apparently come unencrypted, | even in otherwise encrypted rooms. | | I checked that. While reactions are not encrypted indeed, | a very recent feature - polls which are available in labs | on Element Android - is encrypted. | upofadown wrote: | >Matrix defines a sort of end-to-end encryption, but the ends | are homeservers and clients. | | Just clients I think. Otherwise it couldn't be E2EE. AFAIK, | if you actually can manage to verify your correspondents with | whatever the identity numbers are called in Matrix, you get | effective E2EE. | ncmncm wrote: | If the homeserver sees plaintext, then it is by definition | an End. | nybble41 wrote: | By that definition _all_ encryption would be end-to-end | encryption, making the term useless. | | The person sending the message and their intended | recipient(s) are the "ends" in end-to-end encryption. The | server is not an "end". | | Incidentally, the client software is also not the "end": | If the system includes a component designed to forward | any data about the otherwise-encrypted content of the | messages to someone who is not the sender or their | intended recipient (unless at the direction of someone | who is an intended party to the conversation) then the | system does not implement end-to-end encryption. For | example, Apple's iMessage app does this with their | mandatory client-side scanning misfeature. | nyuszika7h wrote: | > For example, Apple's iMessage app does this with their | mandatory client-side scanning misfeature. | | There's a lot of incorrect information here. First of | all, it is not mandatory, it's opt-in - parents have the | ability to turn it on for children under 18 whose devices | have parental controls enabled. (Technically you could | argue that it is then mandatory for those children, but | that's no different from other parental control | features.) Also, it uses on-device machine learning to | detect and blur NSFW photos. They even removed the | feature that notifies the parents if the child chooses to | view a photo that was detected as NSFW anyway, so the | contents of messages are not sent to Apple or anyone | else. | | I think you're conflating it with the iCloud Photos CSAM | detection, which would have been mandatory and sent | results of on-device scans to Apple if you have iCloud | Photos enabled, but they seem to have scrapped that (for | now at least) as they quietly removed all mentions of it | from their website. | kitkat_new wrote: | it doesn't see the plain text of E2EE messages though... | NetOpWibby wrote: | I used to use Wire and then I got my friends to use Element. | It's been working great so far. I just wish it had support for | emoji skintones in responses. | lightspot21 wrote: | Not my intent to offend anyone and plus I'm not American so I | might not know your culture well enough, but please don't. | Why should we insert race in technology when 1) it's not | useful and 2) it's not relevant at all. I mean, who even | cares whether the smiley face is white or black or whatever | else? It's just a smiley face. IMHO there are more | significant areas to care for. | [deleted] | quadrangle wrote: | For clarity, Element is merely a client (the main one) for | Matrix.org. What matters is whether people are on Matrix rather | than whether they use the Element client. But most Matrix users | surely do use Element. | btdmaster wrote: | matrix.org is just one instance, it is very important that | people choose different instances so that interoperability is | kept. | tgsovlerkhgsel wrote: | Element on Android still doesn't support searching in encrypted | rooms. The UX is years behind Signal and I'm not sure if | they're catching up. | jokowueu wrote: | The usability and UI after all these years are just terrible | | Spaces was implemented but again the UI is just terrible | | Other clients are better as an im like fluffy chat tho | feanaro wrote: | "Just terrible" isn't very constructive criticism. I think it | has improved and continues to improve significantly. | kaladin-jasnah wrote: | It has improved tremendously, but it's still nowhere on par | with solutions such as Telegram or Discord. As much as I | like Matrix, the clients (which I think is where the UX | lies for me, as I think it's expected that it takes effort | to set up a homeserver), are horrible. | crossroadsguy wrote: | I think it was the original private and polished messaging app in | the recent times but Telegram went past it. | | While Signal is fighting tooth and nails to not be on F-Droid. | wjd2030 wrote: | I downloaded an app from F-Droid once, it was Spotify. Later that | week I started getting strange spanish songs on my recently | played. Checked my logged in sessions and there were several from | latam. I deleted the app. | marcodiego wrote: | I don't think Spotify has ever been on f-droid. Can you post a | link? | usr1106 wrote: | Spotify on F-Droid? F-Droid has only open source apps. Is | Spotify open source? I have serious doubts about this story. | | (Not a Spotify user, low-volume F-Droid user) | mdp2021 wrote: | Have you cross checked the signatures? | wjd2030 wrote: | Nope, and it was totally my fault, though at the time I tried | to find a way to report the app and I didnt see it (though I | could've missed it) | xanaxagoras wrote: | I have never heard of wire, I will check it out. Looks | interesting on first glance. One thing from the marketing page | stood out to me: | | > Organizations can set up customized alerts, bypassing silent | mode on all devices, and trigger responses for crisis teams. | | Not a knock against Wire, I guess this is just where we are as a | society, but I am not a fan of this whatsoever. I would refuse my | company access to do this on my personal device. Mail me a pager, | I'll turn it on when I'm up. | gowld wrote: | > Mail me a pager, I'll turn it on when I'm up. | | What's the point of hiring someone to be on call, if they | refuse to be on call? | tasha0663 wrote: | > What's the point of hiring someone to be on call, if they | refuse to be on call? | | Indeed. I've walked out of interviews over this. The list of | things that are actually _that_ critical is incredibly small. | fire wrote: | IMO things change quite a bit if you're actually being paid | to be on call | 2pEXgD0fZ5cF wrote: | This sounds like a feature that spawned from good intentions, | but it's obvious in what ways this would get abused once you | scale up the amount of Wire users. | lucgommans wrote: | > I have never heard of wire, I will check it out. Looks | interesting on first glance. | | It's basically Signal but without the popularity, despite | predating it. Why Signal took off and Wire stagnated, I am not | sure. The network effect is one part of it, probably caused by | Moxie being popular in the community, but another part is that | Wire does not seem to care as much about doing cool stuff like | private contact discovery that Signal put some real R&D into | (and no other service (Threema/Wire/etc.) even bothered to even | copy, let alone build upon). | | Main differences: | | - Signal is better with metadata | | - Wire needs no phone number | | - Wire treats devices equivalently. If you want two phones, | that's fine (Signal supports only 1 mobile device and N slave | desktop devices; can't have desktop without mobile or more than | one mobile) and is mostly feature-complete on each platform | (Signal misses e.g. gifs on desktop) | | - Signal's apps are a bit more polished than Wire's, slightly | better UX | | - Now that Signal has been gaining popularity and Wire, um, not | as far as I can tell, Wire seems to be focusing more on | corporate use. But it's still possible to register free | accounts: https://app.wire.com/auth/?hl=en#createaccount | | - I think Wire has a bots system that Signal does not (and is | generally more open to integrations), but I could be wrong here | tptacek wrote: | It's also Signal without the security model. Wire maintains a | serverside, plaintext directory of who's talking to who. It's | part of the whole premise of Signal not to do this. | | That doesn't make Wire bad, it just makes it suitable for a | different set of applications. | autoexec wrote: | > It's also Signal without the security model. Wire | maintains a serverside, plaintext directory of who's | talking to who. It's part of the whole premise of Signal | not to do this. | | Signal also permanently keeps user's information in the | cloud including a list of the people they talk to. It's not | stored in plain text, but it's there. I don't find signal | to be trustworthy at this point so for people looking for | secure communication I recommend Jami, but it lacks polish. | tptacek wrote: | You can just look at how Signal has responded to court | orders for information, and the FBI's documentation for | what it can obtain from different providers. Through | legal process (or, because Wire is hosted overseas, | without it, using CNE), the FBI can obtain the entire | Wire social graph. | autoexec wrote: | > You can just look at how Signal has responded to court | orders for information, | | Signal is very proud that once a long time ago the state | came to them asking for user data and signal could only | tell them they had no data to provide. That has changed. | Signal now collects and stores exactly the data they were | being asked to hand over. It's not clear at all that your | data with signal is protected. Security concerns were | brought up repeatedly and were ignored (see for example | https://community.signalusers.org/t/proper-secure-value- | secu...) | | Signal still brags about "that one time we had nothing to | hand over" though. They still have a page on their | website talking about it. They've never updated their | privacy policy to reflect that are collecting and storing | sensitive user data either. Not a good look for a company | you're supposed to trust with secure communications. | MajesticHobo2 wrote: | > Signal is very proud that once a long time ago the | state came to them asking for user data and signal could | only tell them they had no data to provide. | | Have you looked at https://signal.org/bigbrother/ | recently? There are five instances of this, one as recent | as November 2021. | autoexec wrote: | Signal has the data being requested but they'd have to | brute force a user's pin or use an exploit to get to it. | Routine requests aren't going to compel them to take | those actions and national security letters aren't going | to be published on their website. | ckozlowski wrote: | I've been using it for a number of years now. I have a few | groups of family and friends with persistent group chats we | have perpetually running on Wire. | | The fact that you can make a Wire account with no phone | number needed is a great benefit in my opinion. | | I find Wire's handling of media (Embedded YouTube, spotify, | gifs) to be better than Signal's, which was a key point to | win over my family members. I think some secure messengers | over look this. Us "privacy people" want strong encryption | and all, but good luck getting spouses and grandparents using | it if it's no fun. | | Wire was pretty flakey in the early days I feel, and I'd have | to "jiggle" the client a lot to sometimes get messages to | send. Fortunately that seems to have been ironed out, and I | haven't had any issues in quite a long time. | | It is odd to me that it hasn't taken off more, especially as | it was started by one of Skype's founders. But alas. | | I do like (and use) Signal as well, but I'm always glad to | see mention of Wire on here. | wolverine876 wrote: | The above discusses the marketed features, but essential to | security is the implementation. Based on what I understand | from people with actual IT security expertise (I have IT | expertise, but not specifically in security), Signal is on a | different level than the others, and really the only option | if you want real security (depending, of course, on your | needs). | unknown2374 wrote: | That convenience has to be let go when working on operations- | critical services. This feature is an absolute necessity in a | lot of cases, and of course employees can complain, but not | resolving certain issues urgently can mean that an entire | hospital's system stays inaccessible overnight, or worse. | brewdad wrote: | Missed the point. If that operation is so critical, give me a | workplace owned device to deal with it. My employer is not | getting superuser access to my personal devices. | Spivak wrote: | They need superuser on Android? On iOS I just give | permission for an app to send critical alerts. It's a hard | requirement for apps like PagerDuty. | 0xedd wrote: | vorpalhex wrote: | They do not need superuser, they can just request the | permission to bypass DND. I believe apps can't tell if | you gave them the permission or not, so there is no way | to "force" users into this. | unknown2374 wrote: | they do not need super-user permissions. That would imply | that the phone has to be rooted. over-coming certain | settings that apply to regular apps? sure. but that's a | very android/iOS specific feature-set that is exposed to | all app developers. | aero-glide2 wrote: | Recommend using SkyDroid to download Fdroid apps, much better | search and UI. | daptaq wrote: | Foxy Droid (https://github.com/kitsunyan/foxy-droid) is also a | nice re-implementation of the old UI. | piaste wrote: | I use Aurora Droid, mostly because the same org also provides | an anonymous Play Store frontend with similar UX. | TuringTest wrote: | And there's also Droid-ify, which uses a Material design | style (I haven't used it, I've just found it looking for | Foxy-droid) | simlevesque wrote: | Thank you for this. I love F-droid but I hate the app. | lkxijlewlf wrote: | https://www.skydroid.net/ ??? | | Oh!!! | | https://skydroid.app/ | smallerfish wrote: | Does it auto update? That's my main peeve with fdroid. | jasonjayr wrote: | I don't think anything other than Google Play can auto update | unless you've rooted your phone. | | F-droid has a package you can install to the system partition | to allow auto-updating. | boring_twenties wrote: | You don't need root AFAIK, you do need an unlocked | bootloader so you can flash the system partition though. | lucgommans wrote: | Exactly, this is only tangentially related to rooting. | Google doesn't need root on your device for their closed | Play Services to install software, but the component that | you want to have this installation capability does need | some system-level permission. Many people grant it that | by rooting the device, but installing something like | /e/OS (=Android with microG and a few other improvements) | is also a way to do this. | BizarroLand wrote: | On my Moto FDroid does a decent job of keeping my apps | updated. I still have to intervene about half of the time | though. | rhamzeh wrote: | Android 12 has a mechanism to allow an app that installed | an application to update it in the background, but the | client needs to be updated to support it. | | F-Droid hasn't yet, see issue here [1] - some of the other | F-Droid clients, like Droid-ify have [2]. | | [1] https://gitlab.com/fdroid/fdroidclient/-/issues/1836 | | [2] https://github.com/Iamlooker/Droid-ify/pull/159 | redsolver wrote: | SkyDroid can update apps without user interaction (even on | non-rooted devices) using a workaround which requires a one- | time ADB setup. You however still need to open SkyDroid and | click a button to start the mass-update process, but this is | an intentional design decision - it makes sense to check | which app updates are available before blindly updating | everything. | politelemon wrote: | This is a great news and an excellent addition to F-Droid. I hope | this is a little nudge to Signal to reconsider inclusion. I | believe they're mostly there, they already have an APK built as a | reproducible build (https://signal.org/blog/reproducible- | android/) with FOSS components (https://signal.org/android/apk/) | DarylZero wrote: | > https://signal.org/android/apk/ | | Direct link for those without javascript: | | https://updates.signal.org/android/Signal-Android-website-pr... | rhamzeh wrote: | Unfortunately Signal devs seem dead-set against F-Droid | (whether on F-Droid, or hosting their own F-Droid repository) | for some reason. | | https://github.com/signalapp/Signal-Android/issues/9044#issu... | | https://community.signalusers.org/t/signal-f-droid-repositor... | | [EDIT] Last response of theirs on this issue I could find: | https://community.signalusers.org/t/wiki-signal-android-app-... | asddubs wrote: | >For the vast majority of people, installing apps from third- | party app stores like F-Droid requires them to enable | "unknown sources". Signal's developers feel that normalizing | this kind of behavior would be "a reversion back to the | desktop security model" and that endorsing it through | participation would be harmful. The only reason they | distribute an APK outside of the Play Store is to reduce the | harm of non-technical people installing fake apps instead. | | I guess it somewhat makes sense that they're against the | desktop model of app distribution, but IMO the phone model is | not worth the added security. Signal may not have any | problems as a messaging app, but both google and apple have | some ridiculous rules that categories of apps have to comply | with. In particular if you're an app for any sort of art | community, prepare to tell your users to censor even mildly | suggestive artwork, violent content, content dealing with | drug use (even if not glorified), etc. That's not to speak of | countless other limitations. | | The desktop mode of distribution ain't so bad. at least | you're still in charge of your own device | tenuousemphasis wrote: | What's the benefit to having Signal on F-Droid vs. downloading | the APK? | 0xedd wrote: | Manage your version. Trust your APK source. | chasil wrote: | Presence in the main F-Droid repository requires the app to | be open-source. A downloaded APK might include closed-source | components. | | "The main repository, hosted by the project, contains only | free and open source apps... The website also offers the | source code of applications it hosts... F-Droid builds apps | from publicly available and freely licensed source code. New | apps, which must be free of proprietary software are | contributed by user submissions or the developers | themselves." | | https://en.wikipedia.org/wiki/F-Droid | lucgommans wrote: | The same advantage as having 30 updaters run in the | background versus running apt update | | Imagine every app you install, from your calculator to your | chat applications, has to have its own updater. That's why I | like F-Droid rather than downloading the Signal APK directly. | Already have to do this for Threema unfortunately, as they're | neither on F-Droid nor freely available on the Play store. | ancientsofmumu wrote: | To help clarify to GP (was going to help reply then saw | yours) F-Droid is both the name of the core website hosting | the APK repos and build infra, and the name of the Android | client which can connect to any F-Droid compatible repo - | there are a bunch of projects who host their APKs in their | own F-Droid repo, all you have to do is go to their website | and scan the QR code to add it or enter manually. | | Signal could run their own F-Droid repo and people just add | to their F-Droid client without using or touching the | F-Droid website or build infrastructure at all, which would | allow folks to do as lucgommans explains - one phone client | connected to many repos, no manual downloading. | | Example: https://www.bromite.org/fdroid | wolverine876 wrote: | I think Signal's direct-download APK version (i.e., from | signal.org, not from an app store) automatically prompts | for updates (can someone verify?). | c0mbined wrote: | Correct. I use it on LineageOS | daptaq wrote: | I think that Molly (https://molly.im/) is a good option if you | want to manage "Signal" via F-Droid. | gowld wrote: | Signal has a reputation that Molly lacks. If Signal team | doesn't want to post to F-Droid, it would help if they at | least made a statement of support or opposition to Molly. | dopu wrote: | I doubt they would ever endorse the use of a third party | interface to Signal. | DarylZero wrote: | In fact they have publicly whined about it already | alephxyz wrote: | Their webpage claims both: | | > Molly, like Signal, uses Google's proprietary code to | support some features And | | >Fully FOSS >Contains no proprietary blobs, unlike Signal. | | It's also not clear if it can be used as a drop-in | replacement to contact people using Signal | riedel wrote: | Molly does not seem to be included in the official fdroid | repo. You can also simply add the calyxos fdroid repo to get | signal via fdroid | | https://calyxos.gitlab.io/calyx-fdroid- | repo/fdroid/repo?fing... | pferde wrote: | Does it still send your password to the central server, as | mentioned in Wire's Wikipedia article? I do not see a mention | that they changed it. | lucgommans wrote: | I'd rather it keeps a username/password on their central | service, than authenticate with my phone number. | | End to end encryption is achieved through key verification, | same as on Signal, Threema, tg secret chats, PGP, etc. Your | password is just one barrier to accessing your account and the | security of the chats/calls does not depend on this. | deadalus wrote: | Fdroid is not neutral anymore. Gab has been banned from Fdroid | due to political pressure[1]. | | [1] https://reclaimthenet.org/f-droid-bans-gab-app/ | kmeisthax wrote: | >The censorship Gab has faced from those in the Fediverse | directly conflicts with the Four Essential Freedoms of Free | Software which people in this community supposedly uphold. Most | notably, censoring Gab goes against the first of these freedoms | - "the freedom to run the program as you wish, for any | purpose." | | No, this is not a Freedom Zero violation. Refusing to | distribute software is not equivalent to banning you from | running that software as you wish - unless there's some | vrmsPhone out there that only runs signed F-Droid packages. | Refusing to peer with a particular Mastodon node is also not | violating Freedom Zero - I mean, "do not connect to Gab" is a | valid way to use the software and plenty of people do not want | to talk with people who use Gab. Are we seriously saying that | having a blocklist in an app is a Freedom Zero violation now? | | Furthermore, not wanting to talk with someone is not, in and of | itself, censorship. If this were Google or Facebook, then maybe | you could argue that they have monopoly power, or that we | should have some kind of common carrier regulation on them. But | those are, at best, special cases justified by the outsize | market power of FAANG companies. The argument being put forth | by Reclaim The Net is that freedom of speech isn't about being | able to speak to willing ears, but about forcing people to | listen to you. | commoner wrote: | Yes, the argument is wrong. Freedom 0 allows User A to run | their own instance of the F-Droid server as they wish. It | does not allow User A to compel User B to run User B's | instance of the F-Droid server the way User A would like it | to be run. If the argument were true, any user would be able | to control another user's instance of a free software network | application, which would be a serious violation of property | rights. | | If User C's instance of the F-Droid server hosts a repository | with Gab in it, and User D connects that repository to their | F-Droid client, the client would be able to download and | install Gab. This shows Freedom 0 in action. | hartator wrote: | Fun that the first opportunity they had to make a difference | they choose censorship over openness. | npteljes wrote: | They are making the difference by providing their excellent | service. | vecplane wrote: | Why exactly did they ban Gab? | deadalus wrote: | F-Droid banned Gab for being a "free speech zone" that will | "tolerate all opinions".[0] Now Gab has been banned from | Google Play Store, Apple App Store as well as from F-droid | due to negative media pressure. | | [0]https://f-droid.org/en/2019/07/16/statement.html | dleslie wrote: | Here's their statement[0], and this is the meat of it: | | > F-Droid as a project soon celebrates its 9th birthday. In | these 9 years, F-Droid's mission was and is to create a place | where people could download software they can trust - meaning | only free, libre and open source software is available on its | flagship repository. As a project, it tried to stay neutral | all the time. But sometimes, staying neutral isn't an option | but instead will lead to the uprise of previously mentioned | oppression and harassment against marginalized groups. We | don't want and won't support that. F-Droid is taking a | political stance here. | | > F-Droid won't tolerate oppression or harassment against | marginalized groups. Because of this, it won't package nor | distribute apps that promote any of these things. This | includes that it won't distribute an app that promotes the | usage of previously mentioned website, by either its | branding, its pre-filled instance domain or any other direct | promotion. This also means F-Droid won't allow oppression or | harassment to happen at its communication channels, including | its forum. In the past week, we failed to fulfill this goal | on the forum, and we want to apologize for that. | | 0: https://f-droid.org/en/2019/07/16/statement.html | scarby2 wrote: | Basically - it became a go to for the Alt-Right, these guys | ruin everything. | | Sad thing about free speech on the internet is that while | i'm largely in favour of it mostly it does create breeding | grounds for openly hostile and harmful opinions/people. | | Given the lack of education in most of the world this is | sadly utterly terrifying and i have no idea what to do | about it. | dleslie wrote: | > this is sadly utterly terrifying and i have no idea | what to do about it. | | IMHO, accounts need to have non-trivial value, to all | users. Social pressure will do much of the rest. | | The problem with Gab, Twitter, Facebook, Reddit, even HN | and such is that accounts are free and do not | meaningfully increase in value with time and activity. | This allows bad actors to thwart social pressure by | simply switching accounts at their leisure. | | It also doesn't help that there _usually_ exists few | barriers to access to online communities; people tend to | have a romantic view of being open and welcoming, and | social networks have an incentive to keep access | generally open as it increases user retention. | chc wrote: | Their stated rationale is that Gab serves disproportionately | as a place to organize activities that reduce people's | freedom, such as harassment campaigns against minority groups | and anti-democratic activity like voter intimidation, and so | they felt that hosting it was less in the spirit of freedom | than banning it. | | Ultimately, it's a problem that all pro-freedom platforms | have to deal with: How much freedom should you give people to | take away other people's freedom? When one group of people | wants another to be less free, any action you take will | result in a loss of freedom for someone. | hellcow wrote: | > How much freedom should you give people to take away | other people's freedom? | | This is the very purpose of law according to John Locke who | heavily influenced America's founders. To John Locke, the | way to maximize freedom for everyone was by establishing | laws which restrict people's ability to remove others' | freedoms. | | Having platforms like F-Droid self-govern and establish | rules to try and maximize freedoms in the world is a pretty | interesting experiment and a great showcase of small | government, and thus should be widely supported by | conservatives :) | scarby2 wrote: | > Having platforms like F-Droid self-govern and establish | rules to try and maximize freedoms in the world is a | pretty interesting experiment and a great showcase of | small government, and thus should be widely supported by | conservatives :) | | Most modern day "conservatives" are not in fact | conservatives. They dont seek a return to or a | preservation of any traditional value at this point and | instead seek radical change into a new and uncertain | future. They have largely abandoned conservatism and | replaced it with something entirely more terrifying. | devwastaken wrote: | So what? Political neutrality doesn't exist. We all make | political decisions every day. Gabs owners and staff | intentionally make money off of lies, slander, and in general | being dishonest slimeballs. We as individuals actually do have | a responsibility to the truth and to prevent political scammers | like gab from profiteering off of lies. | svnpenn wrote: | Of course this comment, and all the children, leave out any | context of the other side, so allow me to: | | > Widely described as a haven for extremists including neo- | Nazis, white supremacists, white nationalists, the alt-right, | and QAnon conspiracy theorists | | https://wikipedia.org/wiki/Gab_(social_network) | mdp2021 wrote: | How can you create an unmoderated forum and not have it | populated by all sorts - especially those refused by | moderated forums. | | "Haven for all sorts" is the "destiny" of any unmoderated | communication platform. | hartator wrote: | This is unfair characterization. Because Gab sticks to a very | liberal (in the traditional sense) interpretation of the 1st | amendment, it's probably the home of marginalized voices. | However doesn't mean Gab supports their points of view. | monocasa wrote: | The CEO's public statements disagree with the assertion | that they don't agree with and support extreme far right | views. | | For one example of many, here he is decrying the evils | 'Judeo-Bolshivism', a literal Goebbels era Nazi propaganda | concept from the 1930s that somehow the Jews invented | communism as a part of their master plan to control the | world. | | https://www.dailydot.com/debug/andrew-torba-deactivates- | gab-... | | So it doesn't seem like that unfair of a characterization | to me. | ospzfmbbzr wrote: | cyborgx7 wrote: | The idea that people who dedicate a significant portion of | their lives to developing and maintaining free software | projects would be politically neutral is so funny to me. And | yet it keeps being an assumption that is made on here. | gruez wrote: | Why is that strange? Up until a decades ago, the ACLU fought | for both communists[1] and nazis[2]. If you're fighting for | software freedom (ie. the narrative of freeing people from | the oppression of google/apple app stores), it makes sense | for your position to be "software freedom for everyone", not | "software freedom for everyone, except nazis because fuck | them". | | [1] https://en.wikipedia.org/wiki/American_Civil_Liberties_Un | ion... | | [2] https://en.wikipedia.org/wiki/American_Civil_Liberties_Un | ion... | joomooru wrote: | Funny thing is with these "free speech" advocates, allowing | hate speech (antisemitism, racism, sexism, etc.) on your | platform is anything but politically neutral. It's obviously | capitulating to hateful groups like white | supremacists/neonazis. | vorpalhex wrote: | You can always not read/watch/support people you dislike. | | Censors are biased like everyone else. There are always | extra casualties. | joomooru wrote: | Tell that to the victims of the Pittsburgh synagogue | shooting victims: https://en.wikipedia.org/wiki/Gab_(soci | al_network)#2018_Pitt... | vorpalhex wrote: | Well good thing no bad person has ever posted on | Facebook.. or Twitter.. or Instagram.. or written a | manifesto and sent it via USPS. | | Facebook has literally been used to livestream rape and | murder! | | And your own source says Gab turned everything over to | the FBI. What, exactly, is the fault here? Them not | having a time machine? | francis-io wrote: | Of course it's politically neutral. Inaction is neutral. | joomooru wrote: | Sorry, political neutrality doesn't exist. | | Inaction in the face of injustice, means you are | advocating for the status quo. E.g. the white moderate | from Letter from Birmingham Jail. | young_unixer wrote: | Then radical left speech shouldn't be allowed either, but | many Mastodon instances allow communists (like, they | literally call themselves communist) without any issue. | monocasa wrote: | Once again, the goal isn't to be politically neutral. | hartator wrote: | Well for some alternative app store named f-droid, you expect | them to be the home of all the rejections of the Play Store. | What the point of jailbreaking your phone if you end up with | the same limitations. | commoner wrote: | F-Droid specializes in free and open source software. It | does not specialize in software rejected from other app | stores. F-Droid is also available on all Android phones, | rooted or not. Android allows apps to be sideloaded if no | app store meets the user's needs. | rvz wrote: | Telegram is a brilliant alternative and a free libre and open | source software (FLOSS) which is used by tons of users. | | However, like Gab, it has all the same "oppression and | harassment", or everything that F-Droid has quoted: | | _' Things like racism, sexism, verbal abuse, violent | nationalist propaganda, discrimination against gender and | sexual minorities, antisemitism and a lot more things become | popular on such instances.'_ | | Those same people that are on Gab are also on Telegram. So why | have they not taken a 'political stance' against it or 'banned | it' like they have banned Gab? | lucgommans wrote: | I did not mean to make this a political discussion when I | submitted this news. | | If there are other open source app stores that Wire is on, feel | free to add those in a comment and/or a submission. Coming here | just to hate on f-droid for a past decision does not seem | productive to me. | npteljes wrote: | Are they claiming that they're neutral, or have they violated | any such promise, code of conduct, ethical statement or | anything? If not, then I'd consider this a moot point. | eole666 wrote: | I bet if fdroid was censoring an app mainly used by antifa and | persons from the radical left you'd be quite happy. But they | rather sensor a social network used almost uniquely by alt- | right / fake news writers / neonazi / hateful people, and now | you're here complaining about it not being neutral.. Go create | your own free right wing app store if you want Gab in it. | [deleted] | young_unixer wrote: | I'm not parent comment, but I wouldn't be happy either if | they started censoring antifa or any kind of speech. | px43 wrote: | Opposition to Gab has nothing to do with politics. It is very | specifically a platform for spreading hate speech and fostering | collaboration for hate groups. Believing that black people, | Jewish people, Muslims, women, LGBT, etc are inferior subhumans | who don't deserve rights is not a legitimate "political | viewpoint". | | While it is absolutely true that hate groups have been doing | their darndest to infect Republicans and conservative Americans | with their hatred, that does not legitimize their hatred, and | it should never, ever be tolerated in a civilized society. | gruez wrote: | >Opposition to Gab has nothing to do with politics | | >[...] is not a legitimate "political viewpoint". | | Can you apply this on the other side as well? eg. "believing | that people don't deserve property rights (ie. communism) is | not a legitimate 'political viewpoint'". | wanderingmind wrote: | https://wire.com/legal/licenses/ | | gives Error 404, so we have no idea what license they are under | and we are supposed to trust and use them. | zksmk wrote: | Why would you follow that link in particular? You can find all | the license information here: https://wire.com/en/legal/terms- | of-use-personal/ , scroll down and click on license | information, there's like a 100 different licenses for the 100 | different things they used in the software. | wanderingmind wrote: | Because that is the link given in their main github repo. I'm | not ready to trust someone with my privacy who can't even | properly manage their weblinks. | wanderingmind wrote: | License link provided here: https://github.com/wireapp/wire | karussell wrote: | Server is AGPL: https://github.com/wireapp/wire- | server/blob/develop/LICENSE and clients are GPL it seems. ___________________________________________________________________ (page generated 2022-01-28 23:00 UTC)