Federation is a huge liability in other ways and holds back the privacy and security of the ecosystem by requiring backwards compatibility and ending up with a bunch of awful / poorly maintained implementations. I used to believe in XMPP + OMEMO, but I don't use it in practice.
Conversation
I think Matrix is a great example of everything that's wrong with federation. It was an opportunity to prove otherwise, but it did the opposite. Trying to be all things for all people and prioritizing features above privacy / security is a serious issue. Extensions are an issue.
1
Signal has taken a slow and steady approach to implementing features in a way that fits into the privacy and security focus. If there were other clients / servers innovating and racing to come out with features, it would be a problem. There are federated alternatives to Signal.
1
I think Signal has ended up being such a good option largely because it has centralized development and implementations. Once it has usernames, other federated servers for those could work, but they'd need to be forced to upgrade promptly, which is probably just not realistic.
1
So, lets say that one of these is used by 100k people and stops being promptly upgraded. They want to drop support for the old protocol version, as it's holding back development and those users also aren't going to be secure. What happens? Should they just break that server?
1
They did attempt federation at one point and if I remember correctly it turned out very badly. I think it was bundled into CyanogenMod with them having their own server, and they didn't take it seriously. Worth noting Signal's client expires and must be updated quite quickly too.
1
The same thing would have to apply to servers, but users wouldn't have a way to deal with it. They can't force the maintainer of their server to update. Also means people will be using servers that are going to go down which wipes out their identity. Happened to me on XMPP twice.
1
Replying to
You make compelling points, thank you. I wish Signal didn't accept money from the US government. I'd be happy to pay for the service myself. After all, if it's free I'm the product, not the customer.
1
Replying to
"After all, if it's free I'm the product, not the customer." is a silly thing to say. Have you heard of a non-profit organization? Not every organization is a company run for profit and not every software project is a product. I also don't see why they should reject any money.
2
A non-profit rejecting donations based on disliking the country or person it came from is a very silly thing to do, and any non-profit doing that loses a lot of respect from me. At most they should make a strong statement against them and offer to return it if they're upset.
1
Lots of open source development work is funded by the US government. You don't have many options if you don't want to use work funded by them. Receiving grants or other forms of contributions doesn't mean you work for someone or are beholden to their instructions.
The US government is also not some monolithic entity with shared values, goals and behavior across the entire thing. The same applies to major companies. Anthropomorphizing governments and companies is a mistake. They consist of individuals and are split into many departments.
1
Replying to
"Anthropomorphizing governments and companies is a mistake."
The US government considers corporations to be people. I'll accept the statement above if you reject the legal theory of corporate personhood.
1
Show replies
Replying to
"Receiving grants or other forms of contributions doesn't mean you work for someone or are beholden to their instructions."
If the interests of the donor and recipient are not sufficiently aligned, the grant proposal will not be approved.