i am largely writing this for normies who still think open source means less secure.
another reason why i refuse to use lamestream chat programs like telegram and signal is because i can't be sure if they're secure. yeah, signal or pavlov fuckangsndiesnmnesnki may have said it's secure and private, but how do i prove that? just a simple lock isn't enough for me. i cannot even see the encryption keys that is being used to "encrypt" my messages. how can i be sure that billy boy isn't emailing my messages directly to the fbi so they can see if i'm a cYbErcRiMiNaL or not? how can i see that it isn't phoning home and sending a billion requests to google analytics? how are be sure if my messages are even being encrypted in the first place?
the answer is simple. i don't. that fucking paddle lock gives me a false sense of security and nothing else.
also, they literally contradict themselves when they say it's private since they ask for the user's PHONE NUMBER when they sign up. even worse, signal doesn't even have usernames. you literally have to know your contact's phone number to shoot thema message.
anyone remember MobileCoin? that shady ass cryptocurrency? yeah signal implemented it into their app. and when i say that it's shady, i mean it. when they first added mobilecoin onto signal, they of course got backlash. it was so bad that the mobilecoin.foundation website went offline for a period of time. thehatedone made a good video about that.
at least telegram has usernames but it also requires a phone number (which are literally bound to passports in russia, where telegram originated and in some cases can flat-out replace them) and it's not open source. plus to encrypt a conversation you'd have to start a "secret chat" where as in Signal all of your conversations are encrypted by default.
i know there are forks of signal like Threema and Session but it's still centralized. the government can take down signals servers any microsecond and you would be able to do bat shit about it.
first, both xmpp and irc are well-documented and open protocols. no, not apps, protocols. these are messaging protocols that developers can integrate into their clients.
p.s: don't use irc for any super secret conversations. irc is incredibly insecure since it was the first ever chat protocol made in the '80s. some networks support ssl but most of the time you're chatting in plaintext. for support and general chit chat, it's fine but if you need to be secure use xmpp instead.second, both xmpp and irc are decentralized. that means you aren't sending and recieving messages through a central server like in pretty much any mainstream chat app, but instead you are sending and recieving messages from a wide network of servers hosted by many different people. you can also run your own if you want.
this means the government can't just take down xmpp, there are literal thousands of servers out there so it'd just a be a waste of time.
second, xmpp (but not irc!) is "federated". that means you can add contacts and join group chats (or as it is called in XMPP-speak, "multi user chats") from any server out there. in irc, if you joined a channel from EFNet for example, you are only gonna be able to join channels that are also hosted on EFNet. in xmpp, you can make an account on e.g: blah.im and join a group chat from e.g: nuegia.net. this provides all of the advantages of decentralization without the drawbacks.
some other decentralized and federated protocols include: email and matrix.org.
third, as i have said before, both irc and xmpp are open source. that means if you think something fishy is going on, you can make sure by looking at the source code.
but kantraa! you may say. because it's open source that means it's less secure right?? hackers can just look at the source code and make their pesky viruses based on it!!1!to that i say, no. a thief doesn't need to know how a lock works in order to open it. vulnerabilities are easily able to be found and patched. in fact, when you make proprietary software, you're betting that your devops team is better than literally any other developer on the entire planet.
but how do they patch it??first of all, they need to "fork" the repository which basically means cloning it and putting it on your profile. the original author will still be shown, in the format of "(forked from (app name) by (developer name))". then, you need to create a pull request which means asking the developer to merge your branch with the existing one. the developer will be able to see exactly what you changed in the pull request, and will able to decline it if they want.
plus, if there is no binaries for your operating system, you will be able to compile the code yourself.
and last but not least, it doesn't require your goddamn phone number.
i hope yall understand what i'm saying.