privacytools / privacytools.io

🛡🛠 You are being watched. Protect your privacy against global mass surveillance.
https://www.privacyguides.org
Creative Commons Zero v1.0 Universal
3.12k stars 385 forks source link

🆕 Software Suggestion | Teamchat: The Lounge & IRC #1188

Open Mikaela opened 5 years ago

Mikaela commented 5 years ago

Basic Information

Name: The Lounge Category: Team Chat / IRC URL: https://thelounge.chat/

Description

Kind of open source https://irccloud.com/ that you can self host and alternative to Riot/Matrix using IRC, even with it's limitations.

Basic Information

Name: Internet Relay Chat (IRC) protocol Category: Team chat URL: https://ircv3.net/support/networks#networks

Description

The first instant messaging platform that is still widely used for open source software projects. I couldn't find/think of a better link, freenode is the biggest network nowadays. It can also be selfhosted.

Warning: many IRC users use it in plaintext without transport encryption.


Worth mentioning?

RyanSquared commented 5 years ago

Warning: many IRC users use it in plaintext without transport encryption.

This can be customized per-server, and I believe a custom instance of The Lounge would let you set up encryption by default. It's something that the people at @hashbang have looked into as well. As a non-active admin of the service, I can say that we've had reasonably good results with enforcing TLS only, and only had a single user who had issue with it.

blacklight447 commented 5 years ago

I don't think it would be wise to recommend people to choose options which are not encrypted by default.

RyanSquared commented 5 years ago

I think it's worth recommending a commonly used software that can be configured in ways that are TLS-only both on a client/server (more appropriately, "network", as most networks are configured by multiple servers) level and a channel level. That being said, I do understand the issue of promoting software that by default is not secure, and think that movements should be made to stronghand IRC software into being secure by default, though given it currently allows (and in some cases defaults to) insecure traffic.

Most importantly, IRC is still used in many tech communities and I think it's important to not only suggest secure solutions but also to do so in a way that can educate people on the optimal privacy and security capabilities of the implementations - if people are going to use the software anyways, it's a good idea to teach people how to make it secure.

Mikaela commented 5 years ago

IIRC currently some of our top recommenndations on the RTC page include Mumble and Rocket.Chat that also aren't secure by default.

IIRC it was agreed to target FOSS developers and similar who would currently go to Discord and Slack that are in centralized control of parties that don't appear to care about privacy particularly and I think IRC is currently a big platform that works as an alternative to those two, that we aren't currently naming

Mikaela commented 4 years ago

I have recently returned to IRC using selfhosted The Lounge and I am able to say some things.

I think for now it should go to worth mentioning under https://www.privacytools.io/software/real-time-communication/#teamchat like XMPP is in https://www.privacytools.io/software/real-time-communication/#teamchat with the warning that there is currently no E2EE https://github.com/ircv3/ircv3-ideas/issues/29.

Adjusting the original submission, I would suggest it only as a self-hosted solution as any big network likely has plaintext connections allowed and I think that is one of the concerns presented against IRC. I would also drop mentioning the "worth mentioning" from the original issue as I think readers nowadays would expect the server to store message history and mostly be unhappy with shell/bouncer setup not being so simple.


Idea:

Worth mentioning:

Mikaela commented 4 years ago

1651 questions.

Why I am making the suggestion

IRC is the oldest team chat protocol that is still alive and kicking, not everyone has moved to Matrix and I believe it's worth mentioning as an alternative to Slack, especially The Lounge.

My connection with the software

The Lounge: as I have previously reported, I have started using it and have been somewhat active on their issue tracker.

IRC:

If anyone wishes (me) to assign the Conflict of Interest label for which I opened #1651 as an alternative, I will do so (unless someone else does it first).