sup is like Facebook Messenger, but for the fediverse.
Connect all of your fediverse accounts on one app, and connect with people on other platforms or protocols, like IRC.
It's also going to be fully open source, and modular with a simple plugin system to add support for other fediverse platforms and more.
A universal, open, federated messenger.
Built by @PixelFed ✨
[#]sup
=> More informations about this toot | More toots from dansup@mastodon.social
@dansup @PixelFed will it also use the signal protocol?
=> More informations about this toot | More toots from shnoorg@infosec.exchange
@dansup @PixelFed federated signal servers would be sick.
=> More informations about this toot | More toots from shnoorg@infosec.exchange
@shnoorg @dansup @pixelfed Really hoping to see more E2EE in the Fediverse!
=> More informations about this toot | More toots from rea@mastodon.online
@rea @shnoorg @dansup @PixelFed
Does it exist now? As far as i know, "direct" messages aren't really even private on this platform. (At least, tagging a person in a direct message to someone else will bring the tagged person into the conversation, not something most people would expect for "direct" messages)
=> More informations about this toot | More toots from RnDanger@infosec.exchange
@RnDanger @rea @dansup @PixelFed "more than 0" is still more.
=> More informations about this toot | More toots from shnoorg@infosec.exchange
@shnoorg @rea @dansup @PixelFed
"That's happened a number of times!"
"Oh yeah, how many times did that happen?"
"Zero is a number."
=> More informations about this toot | More toots from RnDanger@infosec.exchange
@RnDanger @shnoorg @dansup @pixelfed I counted Soatok’s proposals and the various discussion on Mastodon’s git repo. Might take some time to mature, but who knows
=> More informations about this toot | More toots from rea@mastodon.online
@shnoorg @dansup @PixelFed one could argue that matrix is kind of a federated signal.
I doubt that federating in that sense will be possible without signal opening up for it. The only thing I see possible would be a bridge still requiring you to setup an account on signal server... Like it's with the matrix-signal bridge.
So yes, in the end I would simply recommend to use matrix if you want a federated encrypted messenger that also can connect to signal today.
=> More informations about this toot | More toots from TheGymNerd@mastodon.social
@TheGymNerd @shnoorg @dansup @pixelfed What's the argument that Matrix is like federated Signal?
=> More informations about this toot | More toots from tilde@infosec.town
@tilde @dansup @PixelFed @shnoorg because it is centered around private communication, has (as far as I can tell) secure E2EE and is federated...
So from a function perspective it does all for me that signal does + it's running on federation.
=> More informations about this toot | More toots from TheGymNerd@mastodon.social
@TheGymNerd @dansup @pixelfed @shnoorg Aaah, I see what you intend. I disagree. Matrix has substantially different cryptography from Signal, and a design which relies more heavily on the good behavior of severs. It also has what I'd call bad "security smells": issues indicative of larger underlying problems in design & implementation, like this one. I don't think it's reasonable to characterize Matrix's security as equivalent to Signal's.
=> More informations about this toot | More toots from tilde@infosec.town
@tilde @dansup @PixelFed @shnoorg
Ok IDK what the problem with the servers should be but if you don't trust a server you can setup your own so you only need to trust yourself.
For me it looks like the article is mostly complaining about an issue in a library that some clients use and that is deprecated and no longer used by matrix.org.
All I can say is there was a professional security audit founded by German government in that no issues were detected. https://element.io/blog/bsi-funds-security-analysis-of-matrix/amp/
=> More informations about this toot | More toots from TheGymNerd@mastodon.social
@tilde @dansup @PixelFed @shnoorg but perhaps matrix has the edge if we go on a very theoretical level.
So Matrix could perhaps work on getting more security audits while signal could perhaps work on getting federated (I don't think they have any intentions of doing this, leading to a new vendor log-in)
From my POV it appears that matrix is save enough to be used in everyday business. If state level authority wants to spy you, they will probably hack the phone first and read before encryption.
=> More informations about this toot | More toots from TheGymNerd@mastodon.social
@TheGymNerd @dansup @pixelfed @shnoorg If you are using Matrix, a sophisticated adversary doesn't need to hack your device. They can attack your server(s) and manipulate group membership and transcripts directly.
Matrix is federated. Its security and privacy properties are not equivalent to Signal's. That doesn't mean "don't use it"; it means that Matrix is not "federated Signal".
=> More informations about this toot | More toots from tilde@infosec.town
@tilde @dansup @PixelFed @shnoorg so your point is that federation is always less secure by Desi, because there are more stations that can be maintained badly and attacked?
Because you would also have to trust that the devices of others or the one signal Server are not compromised.
But obviously Matrix is not federated signal, because nothing is federated signal.
=> More informations about this toot | More toots from TheGymNerd@mastodon.social
@TheGymNerd @dansup @pixelfed @shnoorg No, my point has nothing to do with federation in general. It is about the design of Matrix's cryptosystem in particular: a design which gives servers a great deal more latitude to add unauthorized participants to private conversations (among other things) than I think is reasonable in a notionally E2EE system.
The whole point of calling something E2EE in my opinion is that nobody but your intended recipients (or their devices) can influence message confidentiality and authenticity; intermediaries at most can impact availability (by not working slash not delivering messages in general). Matrix forces you to rely on servers also behaving well and not attempting to compromise your communications secrecy. In Signal, you very explicitly do not have to rely on the good behavior their infrastructure to guarantee confidentiality. This is not about federation; these are the designs of two different cryptosystems, which offer different guarantees!
It would in principle be possible to build something which takes Signal's actual cryptosystem, adds a key transparency system like the one that @soatok is designing for fedi, and build federation on top of that. Something like that could reasonably be called "federated Signal". Matrix is not that. It's it's own thing with different (weaker) security promises to Signal.
=> More informations about this toot | More toots from tilde@infosec.town
@TheGymNerd @dansup @pixelfed @shnoorg "You can just run your own server." should be all the illustration needed for why these two things are not equivalent. But alas, that does not actually solve the issue. Even if you're using your own server, any channels hosted on other servers are vulnerable to those servers' manipulation. You need to rely on every server you have channels on. And if you don't have conversations on other servers, well, now it's just worse than Signal and you have to host it yourself, still no federation.
That issue I pointed out is not only so much worse than you characterize, but fundamentally indicative of poor development practices which produce many more problems which the developers are not well-suited to detect. Read the whole article. Which is why I'm not pointing at that issue as an active unfixed vulnerability, but as a "code smell" indicative of deeper and more pervasive issues.
=> More informations about this toot | More toots from tilde@infosec.town
@dansup if this exists, I would like to try and test this for accessibility. I have mastodon for now, is this what you had in mind, assuming of corse you are the developer. Hehaha. happy wednesday in either case.
=> More informations about this toot | More toots from ke7zum@glitchsoc.bg-presents.us
@dansup @PixelFed This sounds really exciting.
=> More informations about this toot | More toots from fiend_unpleasant@mastodon.social
@dansup @pixelfed
.mp4
=> More informations about this toot | More toots from hj@shigusegubu.club
@dansup @PixelFed @tinker
Why wait to make it open source?
=> More informations about this toot | More toots from FritzAdalis@infosec.exchange
@dansup @PixelFed Is that a teaser? I guess there so nothing to check out yet?
=> More informations about this toot | More toots from glukozavr@mastodon.gamedev.place
@dansup https://pixelfed.social/pixelfed So this is a beeper alternative?
=> More informations about this toot | More toots from ibc_tarii@mastodon.social
@dansup @pixelfed Why not just use XMPP w/ OMEMO or Matrix?
=> More informations about this toot | More toots from x51@social.lol
@x51 that will be supported, but this is just a client
=> More informations about this toot | More toots from dansup@mastodon.social
@dansup 😂 the name is such a good play on words
=> More informations about this toot | More toots from GuillaumeRossolini@infosec.exchange
@dansup
Dan, when is the release planned?
@pixelfed
=> More informations about this toot | More toots from artem@social.anufrij.de
@dansup @PixelFed So cool, can't wait!
=> More informations about this toot | More toots from futuredrstevie@mastodon.social
@dansup @PixelFed
Noice 👍🏻
=> More informations about this toot | More toots from EloPup@mastodon.social
@dansup @PixelFed I can't wait, this will be amazing! Are there still plans for encrypted messages? If you're looking for a solution, please consider integrating #xmpp or the ability to connect to an external account maybe?
=> More informations about this toot | More toots from lps@mograph.social
@lps @dansup @PixelFed
Note, that there is already an #XMPP-#ActivityPub gateway as part of #Libervia by @Goffi. I tried it for direct messages and it worked. Unencrypted, of course, atm.
[#]Jabber
=> More informations about this toot | More toots from debacle@framapiaf.org
@dansup @PixelFed @tinker So you're saying it's not "Yo"? 😂 Because the logo and name reminds me of "Yo".
"Yo" was hilarious for me for a couple of days. 😉
But, seriously, this sounds pretty cool.
=> More informations about this toot | More toots from elight@tenforward.social
@elight @dansup @pixelfed @tinker
Yo should be the encryption layer.
That way, if you use both...
=> More informations about this toot | More toots from Frances_Larina@sfba.social
@dansup @PixelFed elder here….so sup would be like fb messenger while not being owned by a corporation or intrusive , censorship and advertising as well as being in the fediverse. You could say , link a Bluesky account with your mastodon?
=> More informations about this toot | More toots from lillyfinch@mstdn.social
@dansup game changer! Sweet
=> More informations about this toot | More toots from dch@bsd.network
@dansup https://xkcd.com/927/
=> More informations about this toot | More toots from remidu
@remidu @dansup feels like you need to use one of the 14 standards and make it compliant with the other 13
=> More informations about this toot | More toots from Cattail@mastodon.social
@dansup @pixelfed E2EE encryption support? No one should be using a messenger without encryption in this day and age.
=> More informations about this toot | More toots from thestrangelet@beige.party
@dansup @PixelFed E2EE?
=> More informations about this toot | More toots from orbitalmayo@mastodon.social
@dansup @PixelFed you’re doing so much good work, Dan, that I’m worried you’re going to start your villain arc soon 😂
=> More informations about this toot | More toots from SecurityWriter@infosec.exchange
@SecurityWriter @dansup @PixelFed you have to be rich first in order for that to happen 😅
And a 40k Donation Campagne is not nearly enough for this. Till now, I think nobody got rich from the Fediverse... Even if many would definitely deserved it.
=> More informations about this toot | More toots from TheGymNerd@mastodon.social
@dansup @PixelFed seems awesome
=> More informations about this toot | More toots from kameleonnn@mastodon.social
@dansup @PixelFed
[#]Soon?
=> More informations about this toot | More toots from joenepraat@todon.nl
@dansup @PixelFed These projects are look pretty cool and I know I can use a web UI for some of them, but are you considering putting the apps into FDroid, I haven't seen them there. Cheers
=> More informations about this toot | More toots from z3r0fox@mastodon.social
@z3r0fox @dansup @PixelFed - there are 3rd party Pixelfed clients on F-droid though, e.g. PixelDroid and Pixelix
=> More informations about this toot | More toots from TotalSonic@mastodon.social
@z3r0fox @dansup @pixelfed you should be able to get the APK from the site and github as well as alternative apps that can connect to the platform.
=> More informations about this toot | More toots from slax@hometech.social
@dansup @PixelFed - Matrix and XMPP support in this would be great to see as well.
=> More informations about this toot | More toots from TotalSonic@mastodon.social
@dansup @PixelFed how does it compare to Matrix? The description is almost identical. Bridging them will probably be easy.
=> More informations about this toot | More toots from cos@fosstodon.org
@dansup @PixelFed
[#]Sup #WhatsUp #BigBangTheory #TBBT
=> More informations about this toot | More toots from TheManyVoices@mastodon.social
@dansup @pixelfed Having difficulty grokking this. Is sup supposed to be a multi-protocol chat program? Basically @pidgin but a web-app? :gutkato_scivola:
=> More informations about this toot | More toots from jadedctrl@jam.xwx.moe
@dansup @PixelFed okay 😊
=> More informations about this toot | More toots from kelvincostner_01@mastodon.social
@dansup @PixelFed assume this isn’t out yet. How can I find out more information?
=> More informations about this toot | More toots from gqlen@mastodon.social
@dansup @PixelFed
I no longer want anything universal.
Never understood the attractiveness of having a whole bunch of "fediverse accounts." Seems like a bug not a feature.
Plus, I don't install apps anymore if I can help it.
Finally, whenever I see the word "fedi" I pronounce it as "Fido" (as in FidoNet 2.0).
Good luck. 🤷♂️
=> More informations about this toot | More toots from brianstorms@mastodon.social
@dansup That sounds great! Can I use it on my laptop? I don't use a smartphone.
=> More informations about this toot | More toots from mongoose@vmst.io
@dansup @PixelFed Do you WUPHF!!?
=> More informations about this toot | More toots from PostGrowthMalone@mastodon.social
@dansup @PixelFed cool! Keep up the good work. Don’t foget to enjoy life.
If there any work being done to bridge all the chat apps? Like something where I can send a Signal message to whatsapp, or wire to delta, etc?
This is not my domain of expertise. Mostly because the user acceptance to use the apps is low if the rest of your friends are not using the same app.
=> More informations about this toot | More toots from Chiquidrakula@infosec.exchange
@dansup @PixelFed if this isn't E2EE - then that'd be a NO for me.
Signal is still the best of the cross-platform E2EE services.
=> More informations about this toot | More toots from rpf@mastodon.social
@dansup @PixelFed
What?
;-)
=> More informations about this toot | More toots from SpaceLifeForm@infosec.exchange
@dansup @PixelFed so interesting and cool, can't wait 🤩
=> More informations about this toot | More toots from NidzjoKawai@mastodon.ml
@dansup @pixelfed "going to be open source" so it's not already? how does that?
=> More informations about this toot | More toots from big_louse@todon.eu This content has been proxied by September (3851b).Proxy Information
text/gemini
