Introduction

The purpose of this document is to analyse communication options such as mail, social media, chat, calls and video calls from the perspective of a privacy conscious individual. I also care about freedom of speech and would like to avoid vendor lock in.

Max Tegmark:

“…[Robots] are coming to hack us. It’s kind of humbling that we are hacked by this dumb machine learning algorithm.”

Network effects

Network effects appear when friends encourage you to choose a particular platform. It is hard to resist the pressure from peers, friends and family who describe how convenient the software is and how nice it would be to write, talk, share pictures and videos on that platform. Network effects are natural, I suppose. They can apply to any form of communication.

Silos versus freedom

Through communication tools such as Skype, Whatsapp or Zoom you can only communicate with people registered at the same company. Incompatible tools split our digital expression into silos. These silos lock us to a particular platform and limit our freedom of expression. Once a silo has managed to attract a large number of users, network effects pushes those users to attract more peers inside.

Our communication doesn’t have to be locked into a particular platform. The internet protocols were conceived with neutrality at the core.

Mail

Email

Email is an open protocol and that is good because it means you can exchange emails with someone who uses an email server from a different company. In other words there are no communication silos with email. But the security aspect of email exchanges is fundamentally broken.

Most emails are encrypted at the transport layer. End-to-end encryption would be better, but it’s usage is rare.

Thunderbird

  • Backup Thunderbird Emails for Beginners https://support.mozilla.org/gl/questions/1395205

    That is correct. Everything is in the profile. Copying what you described includes everything. Two reminders:

    • do the copy when Thunderbird is not running.
    • in restoring, install thunderbird first and exit prior to copying in the backup. It will overwrite the initial empty profile specification.

Snail mail

Snail mail is an emotional form of communication through a physical medium: paper. You can smell it. You can touch it. You can drop a tear on it. You can tear it apart. You can burn it. It’s based on plants that were growing in a forest somewhere. It might have spent time in a trash bin. It might have been recycled.

Chat, calls and video calls

What happened to the VOIP software on Linux? Why is there such a reliance on proprietary platforms? Is it because of technical constraints or are there other political reasons for it?

Free programs recommended by Richard Stallmann on his skype page: Jami, Linphone, Mumble, Jitsi.

Ekiga

Ekiga is/was a softphone for gnome Linux desktop. Development has stopped since the last release in What happened to it? Why has development stopped? According to wikipedia, the original developer Damien Sandras is now working for be.ip on open source voip software.

Matrix

“Matrix is an open protocol for decentralised, secure communications.”

  • People should have full control over their own communication.
  • People should not be locked into centralised communication silos, but instead be free to pick who they choose to host their communication without limiting who they can reach.
  • The ability to converse securely and privately is a basic human right.
  • Communication should be available to everyone as a free and open, unencumbered, standard and global network.

Element

Element, previously called Riot-web is a chat application based on the matrix decentralised communication protocol. Matrix is an open protocol meant to avoid communication silos.

Based on the Double Ratchet Cryptographic library called Olm specified in whispersystems.org doubleratchet which now redirects to signal.org doubleratchet.

Jami

https://jami.net/

Wikipedia Jami

“Jami (formerly GNU Ring, SFLphone) is a SIP-compatible distributed peer-to-peer softphone and SIP-based instant messenger for Linux, Microsoft Windows, OS X, iOS, and Android. Jami was developed and maintained by the Canadian company Savoir-faire Linux, and with the help of a global community of users and contributors, Jami positions itself as a potential free Skype replacement. Jami is free and open-source software released under the GNU GPL-3.0-or-later. In November 2016, it became part of the GNU Project.”

Jami.net peer to peer file sharing support based on the PJSIP library. Write the following about the improvements they made to enable communication over UDP:

“While PJSIP is recognized as the reference for Voice over IP communication applications, it is not designed to work in a distributed network. For this reason, our team had to make significant contributions to the PJSIP project. In order to grasp the nature of those improvements, it is necessary to understand the difference between UDP and TCP. They are both data transfer protocols allowing machines to communicate, but they work differently.” “TCP keeps track of every packet of data sent and ensures that they are reliably transferred by requiring the receiver to confirm reception of every single one of them and the sender to resend those that were lost. UDP on the other hand, doesn’t handle packet loss. While it is less reliable, it is preferable in applications such as media streaming because the data is time sensitive. In those cases, a lost packet will simply cause a small video or audio glitch and waiting for it to be resent would make it worse than simply moving on to the following bits. In the case of data transfer however, a single lost packet can corrupt a whole file and reliability is therefore more important than timeliness, which is why TCP is more suited for this application.”

Linphone

Linphone Development and support available from Belledonne-communications, a company based in Bordeaux, France.

Linphone desktop is programmed mostly in C++ the sdk has some java code in it.

Signal

The issue is that the desktop client requires a mobile phone with camera to be started. As of January 2020 I still use a nokia 3010 phone. I cannot install the signal application on that phone and this means that I cannot use signal on my desktop.

  • https://www.city-journal.org/article/signals-katherine-maher-problem

    “One person who has worked extensively with OTF but asked to remain anonymous told me that, over time, it became increasingly clear “that the project was actually a State Department-connected initiative that planned to wield open source Internet projects made by hacker communities as tools for American foreign policy goals”—including by empowering “activists [and] parties opposed to governments that the USA doesn’t like.” Whatever the merits of such efforts, the claim—if true—suggests a government involvement with Signal that deserves more scrutiny.”

    “The other potential problem is the Signal Foundation’s current chairman of the board, Katherine Maher, who started her career as a U.S.-backed agent of regime change. During the Arab Spring period, for instance, Maher ran digital-communications initiatives in the Middle East and North Africa for the National Democratic Institute, a largely government-funded organization that works in concert with American foreign policy campaigns. Maher cultivated relationships with online dissidents and used American technologies to advance the interests of U.S.-supported Color Revolutions abroad.”

    “Maher then became CEO of the Wikimedia Foundation in 2016, and, earlier this year, was named CEO of National Public Radio.”

Skype

Skype was purchased by Microsoft. Screen sharing has a poor quality on Linux desktop.

How to transfer credits and contacts to another skype account

Teams

Teams is a Microsoft product based on Skype. It has a development version that runs on Debian Linux desktop computers.

Side note: I use second-hand laptop computers with open source software on them. They cost less than a fifth of new computers and I run them for years. Running the latest version of Microsoft windows is generally not possible or becomes very slow on old hardware. In fact companies that rely on Microsoft OS have a different world-view since the heavy requirements of Windows, leads to planed obsolescence.

Technical issues

See also the Teams section in the debian page.

Issue when loging in teams in Firefox. Adding the following to your browser security settings - Adding https://learn.microsoft.com/en-us/microsoftteams/troubleshoot/teams-sign-in/sign-in-loop#resolution

Telegram

Another chat application.

See the security section at https://en.wikipedia.org/wiki/Telegram_(software)#Security

Whatsapp

See also the Facebook Meta section.

Short message to friends:

I don’t use Whatsapp for ethical reasons, because of the Cambridge Analytica scandal and the risk posed by Facebook’s extensive use of personal data and social connections to sell not only advertisement but also political influence. Whatsapp users give away their metadata, such as their location, the date of call with each contact and their duration. This metadata describes every users preferences within its social graph. As Whatsapps user base grows, it makes the social graph available for a better fit of the machine learning models that influence our decision making. These rather simple models feed us with information and optimise the effect that this information has on shifting the needle of a purchasing decision or a voting decision. Facebook has billions of users. Among them there are several hundred users similar to us. The information that was the most effective at influencing their decision will be shown to us first. The models are driven to optimize viewing time and engagement, as a result, controversial or shocking news will be shown more often. The use of these models becomes unethical when misleading or false information is propagated within the network. Facebook provides the infrastructure and sells the users metadata necessary for these advertisement models to operate within our societies. It has been accused by multiple jurisdictions in the US and in Europe of not putting sufficient safeguards in place to avoid the oversized influence of misleading actors. Already in many developing countries, Facebook is gaining more revenue from political campaign funds than from advertisement.

Why you should switch to signal or telegram (2018):

” A lot of people wondered why would a company such as Facebook pay so much money to acquire a company such as WhatsApp, which had absolutely no way of making money, yet. The (not so and subtly) obviously answer was, WhatsApp had collected a lot of user data, and that’s precious to the Gollum that is Facebook.”

  • Whatsapp betrayed its user by sharing contact details with FaceBook for advertisement purposes:

    “Today, we know that there’s a separate WhatsApp app for businesses. And now there are also reports that WhatsApp will soon start showing ads in users’ statuses, and in other places within the app ([1][2][3 BBC]). What this means is that WhatsApp and Facebook will start tracking everything you do on your phone to tailor ads to you. They will see your contacts list (which they already are, actually). This is a clear betrayal, for many users.”

  • Federal trade Commission FTC Alleges Facebook Resorted to Illegal Buy-or-Bury Scheme to Crush Competition https://www.ftc.gov/news-events/news/press-releases/2021/08/ftc-alleges-facebook-resorted-illegal-buy-or-bury-scheme-crush-competition-after-string-failed

    “Agency’s amended complaint details how the monopolist survived existential threats by illegally acquiring innovative competitors and burying successful app developers”

Webex

Zoom

Call with screen sharing in great quality.

Privacy policy

Encryption

Some conversations and related data need to remain private.

Age

https://github.com/FiloSottile/age

Installation

apt install age

PGP

How to use GPG to encrypt stuff

“Suppose Alice wants to send a message to Bob. Alice will encrypt Bob’s message using Bob’s public key. This ensures that no one else other than Bob can read the message, because only Bob can decrypt the message using his private key. Anyone with Bob’s public key encrypt a message that only Bob can view. This explanation should also explain why Bob must guard his private key - because anyone with his private key can decrypt any message encrypted using his public key.”

“Now, Alice has guaranteed that whatever message she sends to Bob can only be viewed by Bob. This ensures the privacy of the message.”

“However, anyone with Bob’s public key can send a message intended for him. How can Bob ensure that when Alice says she sent him a message, that the message is from Alice and not from someone else?”

“This is where signatures come in. Alice can generate a file containing the checksum of the original, plaintext message and sign that file using her private key. Anyone who has Alice’s public key (and trusts her public key) can verify the authenticity of that file, because to generate that signature, Alice’s private key is required. Assuming that Alice’s private key has not been compromised, it is pretty much impossible for anyone to forge the signature, or for Alice to deny that she did not generate the signature. This ensures the authenticity of the message, that it is indeed sent by Alice herself and not anyone else.”

Security issues

“PGP conflates non-repudiation and authentication.

“I send Bob an encrypted message that we should meet to discuss the suppression of free speech in our country. Bob obviously wants to be sure that the message is coming from me, but maybe Bob is a spy … and with PGP the only way the message can easily be authenticated as being from me is if I cryptographically sign the message, creating persistent evidence of my words not just to Bob but to Everyone!”

“OTR has introduced deniable authentication to address this problem and many next generation tools have adopted that concept. OTR cryptographically allows two people to be sure who they are talking to, yet they cannot prove it to anybody else.”

“It’s time for PGP to die.”

Problem solving

XY problem

https://en.wikipedia.org/wiki/XY_problem

“situations where the question is about an end user’s attempted solution (X) rather than the root problem itself (Y or Why?).”

“The solution for the support personnel is to ask probing questions as to why the information is needed in order to identify the root problem Y and redirect the end user away from an unproductive path of inquiry.”

I have noticed that those probing question can be frustrating to the user. I asked you a question, why do you ask me another question instead of providing a direct answer?

Related links:

  • http://www.catb.org/~esr/faqs/smart-questions.html

    “Ask probing questions to elicit more details. If you’re good at this, the querent will learn something — and so might you. Try to turn the bad question into a good one; remember we were all newbies once.”

Social Media

Social media “facilitate controlled experimentation”. When you use social media, you subject yourself to experimentation and behaviour modification.

Facebook now Meta

  • Facebook–Cambridge Analytica data scandal

  • 2021 Facebook leak

  • Facebook Extended API https://arstechnica.com/gadgets/2024/03/netflix-ad-spend-led-to-facebook-dm-access-end-of-facebook-streaming-biz-lawsuit/

    “By 2013, Netflix had begun entering into a series of “Facebook Extended API” agreements, including a so-called “Inbox API” agreement that allowed Netflix programmatic access to Facebook’s users’ private message inboxes, in exchange for which Netflix would “provide to FB a written report every two weeks that shows daily counts of recommendation sends and recipient clicks by interface, initiation surface, and/or implementation variant (e.g., Facebook vs. non-Facebook recommendation recipients). … In August 2013, Facebook provided Netflix with access to its so-called “Titan API,” a private API that allowed a whitelisted partner to access, among other things, Facebook users’ “messaging app and non-app friends.”

  • Facebook let Netflix see user DMs, quit streaming to keep Netflix happy (arstechnica.com) https://news.ycombinator.com/item?id=39858850

    “For important context on my post here, please read tsunamihippo’s post first: https://news.ycombinator.com/item?id=39859319. This story seems very overblown. Are we arguing that Facebook should not ever allow any third party app to ask permission to read the user’s Facebook DMs? There are valid use cases for this permission, and every case where an app asks for it is not a”privacy violation”. Sure, did Netflix or Spotify actually need the ability to read back DMs instead of just write them so that they could send recommendations? No, they shouldn’t have needed that. If Facebook’s API required that they have read access just to send a message, then that’s crap design. But is it nefarious? No. As long as the user is appropriately briefed on what they are granting (and it appears that they were), and as long as Facebook addresses over-scoped permissions requested by third party apps in a timely manner, then this should not be an issue. I for one believe that we need to mandate that FAANG companies have these sorts of permission-driven systems to avoid the vendor lock in we’re all too commonly stuck with today. Because these things are needed for competition to thrive and to avoid the big companies from creating moats that prevent us, the startups out there, trying to dethrone them, its all the more important that these companies invest in better UIs that help a user understand the implications of what they are doing, and better review processes to stop bad actors from exploiting users’ ignorance on an ongoing basis. I despise Meta, but come on. Don’t throw the baby (interoperability) out with the bathwater (interoperability can enable exploitation).”

Twitter now X

Web browser

Firefox

Chrome