A couple of versions ago I introduced a setting in #Conversations_im to hide the avatars next to message bubbles.
I'm personally not a big fan of the look, but it does bring it closer to what Signal and Google Messages are doing.
The next version will split that out into two settings: One that controls the avatar on received messages and one on sent messages. (Indicating what account is being used.) Hiding only the latter is a decent compromise for those who use the app with a single account.
Looks like the Jabber/XMPP community will have a booth at @FrOSCon this year.
August 16th and 17th. Save the date. See you there.
I promise we will bring stickers!
#Quicksy funciona en la misma manera que Wasap o Siñal:
El número de teléfono es el JID, por ejemplo
xmpp:+541143443600@quicksy.im
y podés encontrar tus contactos así.
En Android, el base de Quicksy es #Conversations_im, en iOS es #Monal.
For the next release of #Conversations_im I’m switching the default for showing all messages, including sent ones, left aligned, to 'on' for all tablets.
Combine this with disabling 'Colorful chat bubbles' and this looks pretty clean and almost like a regular desktop app.
This post is also a reminder to existing tablet users that those two settings exist. Too bad there aren’t that many of you.
@charlesstna private group chats are encrypted while public conferences (anything you might be able to find through the build in search in #Conversations_im) are not. There is no point in encrypting a chat that anyone can join.
But the private group chat you start with your friends can and will be encrypted.
@cryptgoat Spannenderweise dokumentiere ich gerade die Services, die ich fuer meine Familie hoste, darunter einen XMPP Server. Natuerlich dokumentiere ich nicht den Server, sondern #Conversations_im und #Quicksy
Wuenschte ich mir, mit allen Leuten darueber kommunizieren zu koennen? Klar.
Bin ich schon froh, dass unsere Schule und Einzelfallhilfe ueber Signal statt WA erreichbar ist? Auf jeden Fall.
Geh ich den Leute unnoetig auf den Sack? Fsck no. (Kein Vorwurf, falls es so klingen sollte)
Signal famously doesn't allow third party clients. Molly currently flies under the radar but their official stance is: fuck off.
If #Conversations_im were to introduce ads tomorrow you just switch to a fork and move on with your life. With Signal you do what exactly?
@kfdm what you are daydreaming about is called #UnifiedPush and exists and is working well on #Android.
Depending on what distributor you use (multiple are available) it will literally use #XMPP. For example via #Conversations_im
@raucao @jcbrand @dino in #Conversations_im you can use to 'add contact' flow to basically add your own JID and start a chat with yourself. And optionally pin that chat
@delta For #Conversations_im I literally developed the UI first. I had a somewhat working UI before I was able to put a single #XMPP message on the wire.
A shared library between different platforms is a good thing. People are trying to do this in XMPP (Snikket SDK, Macaw, Prose) and if I were to start something new for Conversations I'd use something like Kotlin Multiplatform too.
However there is also value in diversity of implementations and the good ideas will prevail concept of XMPP.
I'm on my way back from the Berlin XMPP Sprint and had a fantastic time. Thank you so much @debacle for organizing it, and thank you to everyone who participated. It was especially cool to see some new faces; it's pretty amazing that the #XMPP developer community is still able to attract new talent.
I made good progress on finally being able to show full-size avatars (profile pictures) in #Conversations_im. Stay tuned to learn more about that towards the end of this week.
This week in #FDroid (TWIF) is live, a bit late:
* #reproducible status in website app details
* #Conversations_im & #Quicksy fix bugs
* Linwood Butterfly Adonis Blue
* #OSUOSL news
* #SECUSO updates many #PrivacyFriendlyApps
+ 1 new app
+ 112 updates
Conversations 2.18.2 is available on Google Play and has client side mitigations for a server side security issue that was recently discovered and fixed in #ejabberd¹ and #OpenFire²
Go update your server. But just in case that takes a minute Conversations has your back too!
This release also fixes an issue with restoring (importing) backups on recent Android versions.
¹: https://www.process-one.net/blog/ejabberd-25-04/
²: https://github.com/igniterealtime/Openfire/pull/2761
#Conversations_im has the ability to fetch outage status information from an independent server and display that in case the regular #XMPP server can not be reached.
This is powered by XEP-0455 (https://xmpp.org/extensions/xep-0455.html).
TLDR: Server gives client a URL to a JSON file during normal connects, client will hold on to that URL and fetch the JSON file in case server is unreachable.
@benni Ja, läuft problemlos. Benutze #Conversations_im von @daniel als #UnifiedPush provider
Security audits are a funny thing. We lack the (financial) resources for regular, thorough penetration tests. However I’m aware that some of the higher profile users of #Conversations_im occasionally perform audits without my direct involvement and without publishing it afterwards. Those audits aren’t adversarial as indicated by them wanting me to fix what they find.
The funniest instances are when they want to be credited for finding an issue but refuse to make the audit public.
A big thank you to Radically Open Security for performing the audit and to @nlnet for funding it.
Radically Open Security has been a long term partner of #Conversations_im ever since they did the first #OMEMO audit back in 2016!
Recent audit: https://conversations.im/2025_audit_conversations.pdf
OMEMO audit: https://conversations.im/omemo/audit.pdf
A recent security audit of #Conversations_im¹ found that wildcard certificate handling didn’t fully comply with the spec.
Conversations was accepting *.a.example for c.b.a.example, even though wildcards are only meant to match a single label.
This issue has been fixed in version 2.18.0, now live on Google Play.
I think I’ve found a relatively nice solution for #FediLinks in #Conversations_im.
You can put web+ap URIs into a message (or room description) and ideally a click on those will open your Mastodon client. However if no installed app supports those (the only app that I’m aware of is Fedilab) Conversations will open a browser instead.
Currently no app will create web+ap links but it is fairly easy to handcraft them.
cc @SoniEx2
Today I’m announcing a 45% tariff on #Conversations_im sold in the USA.
