@benni Ja, läuft problemlos. Benutze #Conversations_im von @daniel als #UnifiedPush provider
Frühere Suchanfragen
Suchoptionen
#conversations_im
4 Beiträge2 Beteiligte0 Beiträge heute
Security audits are a funny thing. We lack the (financial) resources for regular, thorough penetration tests. However I’m aware that some of the higher profile users of #Conversations_im occasionally perform audits without my direct involvement and without publishing it afterwards. Those audits aren’t adversarial as indicated by them wanting me to fix what they find.
The funniest instances are when they want to be credited for finding an issue but refuse to make the audit public.
A big thank you to Radically Open Security for performing the audit and to @nlnet for funding it.
Radically Open Security has been a long term partner of #Conversations_im ever since they did the first #OMEMO audit back in 2016!
Recent audit: https://conversations.im/2025_audit_conversations.pdf
OMEMO audit: https://conversations.im/omemo/audit.pdf
A recent security audit of #Conversations_im¹ found that wildcard certificate handling didn’t fully comply with the spec.
Conversations was accepting *.a.example for c.b.a.example, even though wildcards are only meant to match a single label.
This issue has been fixed in version 2.18.0, now live on Google Play.
I think I’ve found a relatively nice solution for #FediLinks in #Conversations_im.
You can put web+ap URIs into a message (or room description) and ideally a click on those will open your Mastodon client. However if no installed app supports those (the only app that I’m aware of is Fedilab) Conversations will open a browser instead.
Currently no app will create web+ap links but it is fairly easy to handcraft them.
cc @SoniEx2
Today I’m announcing a 45% tariff on #Conversations_im sold in the USA.
@josephcox
> He changed his profile picture to a photo of himself so it was much easier to see which Jason Signal contact corresponded to that Jason.
This still leaves the risk of people deliberately changing their username+profile picture to match that of Jason to trick you to invite the wrong Jason to the group chat
In #Conversations_im we try to show the Jabber ID (not just the username) in relevant places (during invites, for new chats)
For #Signal that would be the phone number, I guess
@mistersixt yes this is currently the most requested feature for #Conversations_im. However it's also incredibly hard to do. This will come but I don't have an ETA.
For the next #Conversations_im release I’m refactoring how URIs are linked / made clickable. I’m adding a bunch of URI schemes like tel and mailto on top of the existing xmpp, http(s) and geo but removing support for "things that look like web URLs but aren’t actually URIs" (like 'example.com') to avoid some false positives.
Once the 2.18.0-beta comes out tomorrow or so let me know if you see things that isn’t matched and should be matched or vice versa.
ALT
@wiktor I understand the concern about bad fallback on the web. I just wish people would be a bit more pragmatic about it and at least add support for reading / opening such URIs. Nobody suggested replace all Follow buttons with web+activitypub: links.
Can we have support for FEP-07d7 in #Tusky and #Fedilab? (cc @Tusky @apps)
It shouldn’t be that hard to implement at least one of the possible URI schemes in #Conversations_im, #Lttrs, #Tusky and #Fedilab. Maybe get @delta on board too?
Is there any #ActivityPub / #Mastodon URI scheme used in the wild that would allow me to open an ActivityPub account directly in my Android app?
I've seen 'acct' and 'web+ap' mentioned but none seem to be implemented.
The goal is that given a text of "Here is my Mastodon profile acct:daniel@gultsch.social" #Conversations_im can link that directly into #Tusky. (Just like mailto and xmpp URIs open my E-Mail or IM app respectively)
@alienghic the short answer is yes. The longer answer is: it depends and 'military' isn’t a homogeneous use-case. There are certainly armed forces and intelligence agencies that use a fairly vanilla #Conversations_im.
@sarajw I only know of #conversations_im for that purpose, but that does require a server. There's https://conversations.im/ for hosting, 12 EUR / year, there's also https://magicbroccoli.de/ for a free account. There's others as well. Self-hosting an option, too, but advanced.
The app is cheap on Google Play, free on F-Droid: https://f-droid.org/en/packages/eu.siacs.conversations/
conversations.imConversations - Jabber/XMPP client for AndroidAn open source instant messaging client. Easy to use, reliable, battery friendly. With built-in support for e2e encryption, group chats and media transfer.
@Polychrome #Conversations_im will gain this functionality pretty soon.
Would like to #askfedi about the "Conversations Legacy" #conversations #conversations_im @daniel #xmpp client - this version used to be on GooglePlay before some time, but later has disappeared, and I seem to have missed any "official" comment in that regard.
Do I understand correctly that it is just not supported/updated anymore and people who have it (I know somebody) shall update to the mainstream for security reasons?
Would the update recognize the old data or one should proceed via backup and its restoration (if it is possible)? Thanks.
@Gebrauchskunst @opensourceseeds ...
#freieSoftware .. zudem
WERBEfrei, Daten& und Energie-, also nebenbei gleichzeitig Akkusparsame "Apps" für #Androide gibt es übrigens besser bei #FdroidOrg als echt "Freie OpenSource Software ( # FOSS ) von europäischen Servern bei
u.a.
Software ' #MadeInGermany ' :
#conversations_im
#Mastodon … alle die hier sind kennen es ja bereits ;)
…
… so #MakeEuropeGreater
and … #unplugBigTech & #UnplugTrump
f-droid.orgF-Droid - Free and Open Source Android App RepositoryF-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.
Battle of Instant Messengers: my view on Signal VS Matrix VS XMPP/Jabber VS others.
gagliardoni.netTommaso Gagliardoni's Homepage
Why is #conversations_im no longer listed on xmpp.org?
If you're still recommending #Signal, you may have missed the tech oligarchs' takeover of the US government. The best time to recommend European alternatives was 8 years ago; the second best is now.
Absolutely nobody knows what an XMPP address is, so just go ahead and call it a: