Agreed on both points. XMPP is nowadays so much different than decades ago. I've migrated my family to Conversations and they're super happy with it.
Google's constant messanger churn tires regular users that just want to communicate instead of taking part in Google's internal political/promotion experiments.
The promise isn't for the content to be free, but for access to be unrestricted. I want to pay money and get a DRM-free file. Bandcamp delivers on that promise, so that's the only place I buy music from. Media you get via torrent is of higher quality and more useful than the DRM-encumbered media you get by paying. If you are even allowed to pay for it in the first place, that is.
Purchased (not streaming) music has been DRM-free for ages even on iTunes and other major platforms. But most other content like movies and TV shows isn't.
What other major platforms still sell music though? Since Google Play Music's demise, I haven't been able to find a single one selling music in my region (Czech Republic).
> Where is symmetric key cryptography used for nowadays in normal applications programming?
Practically every time you use asymmetric keys what they really encrypt with them is a symmetric key that encrypts the underlying data. Thus symmetric key cryptography is everywhere, just not directly exposed.
I don't know why but comparing Matrix.org Foundation with standardization organizations such as IETF seems just not right. Maybe it would be more correct to compare Matrix.org with XMPP Software Foundation?
I'd genuinely be interested to know what the difference is between something like IETF / IEEE / ITU / W3C and a non-profit which was created as a standards body for a specific standard (e.g. Matrix.org Foundation or XSF). Is it just that you're recognised as a peer by the other long-established standards bodies? Or is there a standards-body-for-standards-bodies somewhere?
I mean, yes? The IETF has additional cachet as having created the internet. ITU and IEEE are international orgs relied upon not only by companies, but by governments. The W3C isn't as important as it once was, because people stopped listening to them (WHATWG is the new org). But I would trust the IEEE and IETF like I would the ISO, and Matrix.org as far as I would trust Microsoft.
I'd agree that skepticism was warranted if we hadn't split out the Foundation and the protocol was de facto controlled by Element. But instead we made damn sure to create the Foundation independently and frankly protect it from being sabotaged by Element or any other commercial entity building on Matrix. To suggest otherwise is pretty insulting to the other Guardians/Directors whose only role is literally to oversee and ensure that the protocol isn't sabotaged by commercial entities.
I for one do not trust the ISO at all. They are a profit-seeking organization with an opaque standardizing process. That the ISO9660 standard (you might know it as the .iso file format) from 1988 is still locked behind a 140chf payment is a disgrace. And that won't even give you the full standard, because ISO loves doing this thing where a standard will reference 5 others, which themselves reference 5 others, etc...
IETF is one of the best standardizing organizations out there, I'll certainly give you that. They have fairly transparent process, and a really good track record when it comes to creating robust protocols.
Thing is, I don't see why Matrix.org would have any more or less "cachet" than WHATWG, or Khronos Group. In the end, the identity of the standardizing org doesn't really matter too much. What matters is that the incentives of the standardizing org are aligned with those of the community.
XMPP is actually managed by the IETF. The XSF just develops extensions to the protocol (but it's not the official steward of XMPP, confusing as the name is)
Indeed; that's why I think this model has worked pretty well. You get a nice core protocol and then if you want fancy features that keep up to date with proprietary offerings that can be developed in a lighter weight way. Certainly not perfect, but I'm glad the IETF is in charge of the core spec and not the newer, less experienced, foundation (though at this point the XSF is well established too, but in the beginning it was the close relationship with the IETF that let it build that institutional knowledge).
This is mostly for legal reasons and the "for X" where X is a trademark is a common theme. (just look at Google Play store "for Twitter" or "for Reddit").
Indeed that is likely but I wonder why didn't they at least require a Developer's Cerificate of Origin [0] that kernel.org uses. This is really lightweight (just append one line to git commit message) and supposedly provides a minimum legal base for the change. IANAL.
> they have been receiving legal letters from S440 SA demanding the removal of any negative articles and user comments from their websites about the UseCrypt Messenger app
I guess S440 never heard about the Streisand effect....
> To defend against an attacker sideloading a different OS, I rely on secure boot to only load my kernel and hence my userspace.
You could additionally seal the TPM key to specific PCR values so that only booting your kernel would allow using that TPM key.
> kernel, but potentially not root, could be able to change the tpm keys on an x86 system?
Depends on what do you mean by "change". They can't extract private bits but they can remove and add new ones. But if the data is encrypted using the old key it would become bit recoverable.
You may want to check out Dino.im. For easy XMPP there is also Quicksy.im that's a fork of Conversations (from the author of Conversations) but using contact book for people discovery.
I tried Dino, Gajim, Psi, Psi+, Empathy, but I still prefer the UI/UX of Pidgin. It knows all I need at the moment, with the exception of Transport commands.
Google's constant messanger churn tires regular users that just want to communicate instead of taking part in Google's internal political/promotion experiments.