On Mastodon yes, it is also compatible with a few other software like Akkoma. Your followers will get a notification that you moved and will automatically follow the new account. Works very seamlessly in my experience.

SimpleX is not suitable for larger group chats.

XMPP has a few quite popular privacy related public channels: https://search.jabber.network/search?q=privacy

(For those unaware: xmpp participant counts are actively connected users, not like Matrix or Discord that counts who ever joined the room years ago and never came back).

https://snikket.org/

It’s just an easy to setup XMPP server, so you get full federation out of the box.

It would be ok, but a bit lonely, no?

Better look into Snikket.

You can use https://webxdc.org/ apps with XMPP or Deltachat and shared grocery or task lists are a common use-case.

There are some clients that support the latest version of OMEMO, but yes, since the most popular ones do not, you end up using the older version most of the time. That said, the older version is not generally unsafe, it basically is the same as WhatsApp or Signal are using. The newer version is just somewhat better as it includes some lessons learned from earlier attempts.

E2ee is not everything, as most of the privacy sensitive metadata can still be collected. Sure it is nice to have, but even more important is that you can chose a trustworthy server operator or run your own. XMPP allows doing that, but it has some weaknesses with client implementations and so on.

I am a bit biased and would say all in all XMPP is probably the best option right now, but it depends on your specific priorities. It certainly has some rough edges though.

It would be also really useful to have a database of oil company executives and other shitty people that aren’t easy to recognize but worth refusing service etc.

Huh, it was still working when I posted it one hour ago… unlucky I guess 🤷‍♂️

https://en.wikipedia.org/wiki/Caucasian_race

It’s likely Cloudflare related. Some of the larger instances are behind that, but many of the smaller ones aren’t. Cloudflare isn’t only a problem for VPN users, so its a good idea to avoid those instances as a user. You can still interact with their communities via Federation.

No, they found some billionaires to do it 😉

Has a strong smell of: https://xkcd.com/1172/

There is also Google maps integration. Sure, it’s not mandatory anymore, but if you install the official Signal app on a phone with Google play services installed, you are effectively not running an open-source app anymore and this potential backdoor is also not noticeable with reproducible builds.

F-droid has strict rules in place to prevent these sort of things for good reasons, thus the original comment is not entirely wrong in saying that an app that claims to be open-source, but can’t be made available on F-droid is a red-flag.

The external Google dependencies I am talking about are loaded into the client not the server, so that’s an entirely different issue.

I’ll leave it up to you to decide if that is bad or not, but one of the reasons the Signal app can’t be put unaltered on F-droid is because it loads in external dependencies from Google at run-time, which can also be altered by Google at will with any Android update.

No, if your system can’t support 3rd party clients properly, it is inherently insecure, especially in an e2ee context where you supposedly don’t have to trust the server/vendor. If a system claims to be e2ee, but tightly controls both clients and servers (for example WhatsApp), that means they can rug-pull that e2ee at any point in time and even selectively target people with custom updates to break that e2ee for them only. The only way to realistically protect yourself from that is using a 3rd party client (and yes, I know, in case of Signal also theoretically reviewing every code change and using reproducible builds, but that’s not very realistic).

Now admittedly, Signal has started to be less hostile to 3rd party clients like Molly, so it’s not as bad anymore as it used to be.

Loads of people working for these companies are also on special visas that have been described as modern slavery… so maybe they are culpable of signing up for such jobs/visas, but once you are in such a setup the threat of immediate deportation to some 3rd world country is quite real.

There is the MLS standard now that was explicitly developed with e2ee group chat applications in mind. From what I have read so far, this new standard seems well regarded by cryptography experts.

Telegram’s encryption isn’t open source, so no one can verify it’s soundness or risks.

This is not true, it is available in the open-source Telegram clients.

What you probably mean is that it is using an unusual and not well studied encryption algorithm. This means you need to be a real cryptography expert to spot flaws in it.

Telegram justifies this with a bit of FUD about well known encryption algorithm being NSA sponsored etc, but when cryptography experts did look at Telegram’s homegrown algorithm they were less than impressed.