cross-posted from: https://hexbear.net/post/3876283
I’m passing this question along, because I think we might have folks here who have some suggestions.
What tools or combination of tools are folks using to organize in your local area and beyond?
A relative of mine was asking me about software to replace the event/RSVP/page aspects of Facebook.
It almost sounds like he wants a locked down Lemmy instance or a combination of tools, but I’m not sure what the landscape is like out there.
Any input would be cool. I might link him to this post later if I get enough comments.
I just remembered reading something critical about Matrix so I went and dug it up:
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
It’s worth reading all the way through, even if you (like me) have to skim over the math. There’s even a link in there discussing XMPP+OMEMO.
Damn techbros. So frustrating to see critical issues not being fixed due to arrogance, ignorance, negligence, and/or laziness. I wish developers would be more meticulous, especially with projects where security is critical. Then again, if the open source projects received more funding to hire more devs to focus on these security holes, these projects would probably be much better. But it seems to be a common theme that pointing out critical security issue in a project full of evangelists will return a twitter-slop, boomer meme response. Techbros are deeply unserious, and sadly they work on very important projects.
Very interesting read. I feel better about the use of Signal now as Matrix and XMPP appear to be much worse and poorly managed. I do want Matrix to improve since it can be self-hosted, but I believe a fork and a dedicated team, one which is willing to fix deprecated libraries that most clients use, would be necessary. The work has already been laid out since the blog author has already made good suggestions to fix each issue.
I’m glad I chose profanity to use for XMPP and prefer to use pgp encryption, but that doesn’t solve the issue when the majority of clients do not. Encryption needs to be baked into a protocol by default, otherwise the least common demoninator which has poor opsec endangers everyone else, let alone the fact that even the best cybersecurity professionals struggle to be secure and private in today’s world of surveillance.
I really should study cryptography and cybersecurity.