The source code is freely available and GNOME isn’t beholden to Canonicals decisions. If the Ubuntu devs want to keep X11 around nobody can stop them from maintaining it themselves, or pay somebody from the GNOME team to do it for them.

Session is a Signal fork and they removed forward secrecy which makes them vulnerable to Key Compromise Impersonation attacks.

I really like it as well. I did three major version upgrades so far and they have been flawless. I also really like Flatpak, finally a way of easily installing something on Linux without breaking half of the system because the application you wanted to install uses libfoo 2.0 and not libfoo 1.9.9-patch-1337. With my atomic desktop applications that worked yesterday also work today. Things don’t randomly break all the time.

The future of Fedora Atomic also looks exciting; Timothée Ravier is working on sysexts which are a way of installing applications without ostree layering. I could remove most of my ostree layered packages with that.

There is this steadily growing activist group that you could join up with.

We use OpenProject at my job and its pretty good. You can use Nextcloud as a document repository and integrate it with OpenProject.

Coq cowardly renamed their project because of this.

FOSS doesn’t mean that you are entitled to a place at the table or that your contributions have to be accepted. Nothing prevents these Russian devs from continuing to to work on the kernel.

You can’t offload these kind of decision to the user. Just think about how effective the various fishing and social engineering attacks are. No, a fediverse dating app would have to be secure by default. The only possibility I see for this is something that involves homomorphic encryption, an encryption method that allows you to operate on data without having to decrypt it first, but I know nothing about that topic so I could be completely wrong. This vague idea of a solution might be technically impossible after all.

I don’t think control features help much when one of the most basic question that you can ask is “What is your gender and who would you like to date?”. As I have already outlined in another comment in this thread, this information has to be shared with the federated network and is already enough to get people into serious trouble should it get into the wrong hands.

Alternatively think about it this way. Would you hand over this kind of information to a total stranger? Would you take on the responsibility of handling data that could literally kill someone if you make a mistake?

You already lost the data at that point and you really don’t want to play roulette with data that has the potential of killing your users. Just imagine what could happen if a gay man from Saudi Arabia joined your instance and that data leaks.

No, data must be shared between instances for federation to make any sense and the operators of other instances don’t necessarily share your views about privacy and security. Lets take for example a matching algorithm like the one OkCupid used to use. You answer some questions and based upon those people are recommended to you. If you want to see people from other instances as well, the answers to the questions must be shared between all federated instances; but at the same time these answers contain private details about you. I don’t think a workable solution to this problem exists, even if you come up with an algorithm that allows you to make decisions on anonymized data. The danger of deanonymization due to a bug is too high.

I would have serious concerns regarding data privacy. You share intimate and very private details about yourself on these apps that could be used for blackmail. I wouldn’t feel comfortable sharing that on a federated network. For example, how would you ensure data isn’t logged by a hostile server operator. A company is at least forced to play lip service to privacy laws. The theoretical operator of fedi-date.ru can do what they want.

devenv.sh contains invasive telemetry that literally exfiltrates your entire repo to their servers.

It has only three letters and its on the .com top-level domain. That’s it.

So this is a man-in-the-middle attack waiting to happen isn’t it? Buy the domain, setup a reverse proxy that points to the original hexbear server IP and start logging all requests.

True which is why WhatsApp, Facebook Messenger and Telegram still reign supreme. Don’t forget that its a minute for each person I want to contact, why bother if I already have the phone number of everybody I know. SimpleX targets a different market than the previously mentioned Messengers, and that’s OK, but it also means its a no-go for anyone outside that market. Signal on the other hand is targeting the same market and thus is a viable alternative and for that reason I could convince my friends and family including my grandmother to use it instead.

With Signal you just have to install the App and make an account to start chatting with your friends and family. SimpleX requires me to send a link or QR code to everybody I want to interact with. You will have a hard time convincing anyone to do that. Compare that to the first Twitter exodus, people chose Bluesky over Mastodon because picking a server was ‘difficult’. The average person doesn’t care about technology at all and will always pick the path of least resistance.

SimpleX is cool, but fails the “my grandmother can use it” requirement. Signal has the huge benefit that is just as easy as WhatsApp. With Simplex you have to invite each of your friends individually.

That is exactly what it says. They knew about security issues in their library and didn’t fix them for years. This isn’t being ignorant, this is negligence.

I do, use Signal if you care about privacy. They are the only game in town when it comes to reasonably secure chat software. Sure, I would prefer a federated alternative but I haven’t found one yet that is always end-to-end encrypted, open source, implements forward secrecy, and is user friendly enough to be used by my grandmother.