Remove ChatSecure because OTR on mobile sucks

[psivesely]

As discussed in #211, OTR on mobile sucks and shouldn't really be recommended. Further, XMPP in general should be phased out from our guide in favor of Signal and Tor Messenger.

Signed-off-by: Noah Vesely fowlslegs@riseup.net

[harlo]

I'm not for removing ChatSecure from the doc, because it is the only viable mobile solution for OTR over these targeted transports. I wouldn't say that OTR sucks on mobile, but I definitely have been kind of disappointed when my jabber servers experience outages, or when having too many sessions open over Google Hangouts prevents OTR handshaking. So, In my experience, I've had much more success using other Jabber accounts on ChatSecure than with my google identity.

ChatSecure has a number of features that make pure jabber-based chat really easy, in addition to adding the option to torify connections, which is a hard feat to pull off on mobile without a rooted device. That's valuable to users, and for that reason, we should keep it.

ETA: documentation will have to change once Zom is actually a thing (it's still in the works), but in the meanwhile...

I'm happy to include Tor Messenger, which is a great alternative to Pidgin/Adium/Jitsi, and only going to become greater. That said, it's only for desktop, and it still offers the exact same features as Pidgin/Adium/Jitsi, with the added benefits of enforcing OTR on all chats, and torifying connections out-of-the-box.

Also, it's not replacing XMPP, and it wouldn't be accurate to say Tor Messenger provides an alternative to that protocol. XMPP is one of its supported transports, and IMHO, if you choose the right jabber server to host your account, is far better than GTalk and Facebook for privacy. It is also worth noting that TM is in beta, and still has a few rough edges to work out, especially for non-linux users, so I'd like to see a caveat emptor added to the wording.

[psivesely]

Thanks for bringing this all up. I had seconds thoughts about this PR after making it, but didn't have time last night to follow up on it.

I'm not for removing ChatSecure from the doc, because it is the only viable mobile solution for OTR over these targeted transports. I wouldn't say that OTR sucks on mobile, but I definitely have been kind of disappointed when my jabber servers experience outages, or when having too many sessions open over Google Hangouts prevents OTR handshaking. So, In my experience, I've had much more success using other Jabber accounts on ChatSecure than with my google identity.

My main XMPP account is at Calyx Institute and I've at least never been online during an outage or had problems with OTR handshaking. My main problem is that you have to keep a consistent Internet connection or the conversation is stalled. My phone doesn't do that. I feel like asynchronous messaging is really a must for a good mobile experience.

ChatSecure has a number of features that make pure jabber-based chat really easy, in addition to adding the option to torify connections, which is a hard feat to pull off on mobile without a rooted device. That's valuable to users, and for that reason, we should keep it.

I 100% agree with this, but we should add instructions on using Orbot + ChatSecure (which is a fantastically easy process, so shouldn't require much writing). I don't know if you read this article, but I think it clears up a lot of misconceptions about how apps like Signal protect your privacy. In fact, I think we should add a section on confidentiality vs. anonymity.

Orbot + ChatSecure is really a unique mobile combo because you can actually have both. Plus it's possible you just need to use OTR to talk to someone sometimes.

Thoughts?

ETA: documentation will have to change once Zom is actually a thing (it's still in the works), but in the meanwhile...

ChatSecure will also greatly benefit from building on top of the Conversations core. OMEMO is fantastic--I was thrilled to see a decentralized, non-walled-garden take on Axolotl. And combining that with Tor will provide strong privacy and usability. Unfortunately, the rebase will be for Android only, so, again, we'll just have to check the status of these projects 6 months from now.

Also, it's not replacing XMPP, and it wouldn't be accurate to say Tor Messenger provides an alternative to that protocol. XMPP is one of its supported transports, and IMHO, if you choose the right jabber server to host your account, is far better than GTalk and Facebook for privacy. It is also worth noting that TM is in beta, and still has a few rough edges to work out, especially for non-linux users, so I'd like to see a caveat emptor added to the wording.

I was confusing TM and TorChat for a minute there with that commit message. Anyway, I wasn't saying we should add TM to the document yet. Maybe in 3-6 months, but I agree it is not best to advertise beta software, esp. considering the goals of this guide.

Anyway, I'm going to close this PR and make a new one for Orbot + ChatSecure. Let's keep the conversation going regarding the threads above though.

[harlo]

My main problem is that you have to keep a consistent Internet connection or the conversation is stalled. My phone doesn't do that. I feel like asynchronous messaging is really a must for a good mobile experience.

Me, too. I think we should address that in this section-- feel free to add that wording in another issue + PR.

I don't know if you read this article, but I think it clears up a lot of misconceptions about how apps like Signal protect your privacy. In fact, I think we should add a section on confidentiality vs. anonymity.

I did! Let's open an issue and follow up with a PR about this very issue.

Unfortunately, the rebase will be for Android only, so, again, we'll just have to check the status of these projects 6 months from now.

You've identified a lot of great improvements in the space, and EW is a living document. Once these projects are ready, we'll revisit this and recommend them. Closing for now, in favor of two new PRs, tk.