The list of features at conversations.im is impressive. Despite the fact that nobody I know is using it, I wanted to have a quick look but it's a paid app (I know, GPL, etc). And one I know I won't be actively using. There is too much friction to try it out.
Asking for money in return for binaries of GPL/FLOSS apps uploaded to the app stores of proprietary platforms seems like a decent way to fund FLOSS development. Folks there are used to paying anyway. Folks interested in FLOSS will be using platforms like Cydia, F-Droid or Debian/Fedora anyway.
I'm not arguing about the validity of the method that was chosen. I agree it's a valid method.
What I'm saying is that, if the goal is widespread usage, there are little small roadblocks before users can actually be using the app.
I cannot ask my family and friends to install F-droid or pay for an app that I'm not even sure they will like. So realistically, I will never mention it to them.
Maybe I misunderstood what is the target audience from the beginning. You're telling me it is the 0.0001℅ of the population that uses 3rd-party app stores, Linux, etc. That's fine too but it comes with its own limitations.
I'm not familiar with ChatSecure, but from what I can tell:
It ChatSecure is an XMPP client; XMPP being an open federated protocol.
Signal uses Google infrastructure; while this isn't an issue for security purposes (because everything is encrypted), some people don't like it, some people like to run their own servers. With a "centralized" protocol like Signal, running your own server means you are cut off from everyone on the main server; with a "federated" protocol like XMPP your server can communicate with the other servers, so you can chat with users on other servers.
The innovation with ChatSecure over other XMPP clients is that it has implemented an XMPP extension (XMPP is an extensible protocol) called "OMEMO" that implements encryption, by borrowing substantially from the Signal protocol. This is an improvement over OTR, the status-quo way of doing encrypted XMPP, which the linked page explains was designed around desktop usage and doesn't work well with phones.
That's correct. Our main differentiator from Signal/WhatsApp/Wire/Telegram/etc is that we have no centralized messaging infrastructure. Users are free to run their own servers, or connect to any 3rd party providers they trust. We also have integrated Tor support, but plan to remove that once iCepa reaches maturity.
Most public servers are pretty bad in terms of modern XMPP features [1]. Trust is also a big issue, but one of our goals is to solve this problem by making it much easier to run your own server. We currently default to Dukgo for new registrations but they don't support many of the XEPs required for a good mobile experience (0198, 0313, 0357).
Basically ChatSecure is a nice clean XMPP client (turns out XMPP is not actually that scary, and choosing a network is no worse than choosing an e-mail provider), that supports OTR (and now OMEMO, which is much better). For Android, there's conversations.im, which was the first one to really support OMEMO.
Basically means you can choose your client, networks handle the messages, and it's up to the client each person is using to handle the crypto.
Thanks! It's been quite the rollercoaster. We're extremely grateful that Moxie resolved the App Store / GPL license issue with their Signal Protocol libraries.
Thanks for testing so thoroughly. Some of these problems are likely related to server incompatibilities, but others are definitely client bugs like the QR code stuff. Please report individual issues here [1]. Thank you!
Yay! Amazing! I literally checked out ChatSecure yesterday due to the WhatsApp issues and looked at the GitHub issues to see if it supported OMEMO, and here we are! Thank you so much, it's like Christmas :)
Last I heard was that the past Android version of chatsecure was being abandoned. Conversations would become the new Android client. Any future work on the original Android chatsecure will go to the Zom project:
MAM will be in 4.1, but there's currently no timeline for that release yet. We plan to do a 4.0.1 release soon to resolve some bugs, and then start working on 4.1. If you signed up for the 4.0 beta, you'll get notifications for the next beta as soon as its ready.
