Re: [PLUG] Free Conference Call => "Spotting a a fake web service"
> > One option that was mentioned was FreeConferenceCall.com. > > Out of curiosity, I casually looked this up via an online search and was > given 2 hits. > > FreeConferenceCall.com > FreeConference.com > > Both websites appear very similar, but do not obviously reference each > other. I do not believe they are the same company despite very similar > appearances. > > I smell bullshit. Someone is copying someone else, and while I don't know > if this is a legitimate attempt at competition or direct attempt to deceive > users, I'm not using either service. > FreeConferenceCall.com is the original. They've been around for just shy of 20 years. FCC is also open source. > IMO both of these services present a potential for identify theft that > goes above my tolerance levels. > Clearly, like anything else, each person has to assess the risks and make appropriate choices per the comfort level with the risks. I generally give preference to Open Source vs closed source and the longer a FOSS application has been used, reviewed and maybe security audited the more I generally favor it. It would certainly be more of a project, but XMPP supports voice & video and each participant can use whatever XMPP client their heart desires. I know riseup.net has secure chatrooms but everyone would need a riseup email account. Rocket.chat has free self-managed, self-hosted server This version is fairly feature rich with live streaming, public & private channels and multi-factor authentication. https://rocket.chat/pricing#self In these strange & interesting times where millions of people are doing a lot more online communication and I suspect many very interested parties in said communications, I'd much prefer a self-hosted, self-managed solution with as much security, privacy, anonymity as possible ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Free Conference Call => "Spotting a a fake web service"
On Fri, Mar 27, 2020 at 1:07 PM Mike C. wrote: > > > > One option that was mentioned was FreeConferenceCall.com. > > > > Out of curiosity, I casually looked this up via an online search and was > > given 2 hits. > > > > FreeConferenceCall.com > > FreeConference.com > > > > Both websites appear very similar, but do not obviously reference each > > other. I do not believe they are the same company despite very similar > > appearances. > > > > I smell bullshit. Someone is copying someone else, and while I don't know > > if this is a legitimate attempt at competition or direct attempt to > deceive > > users, I'm not using either service. > > > > FreeConferenceCall.com is the original. They've been around for just shy of > 20 years. FCC is also open source. > > > > IMO both of these services present a potential for identify theft that > > goes above my tolerance levels. > > > > Clearly, like anything else, each person has to assess the risks and make > appropriate choices per the comfort level with the risks. > > I generally give preference to Open Source vs closed source and the longer > a FOSS application has been used, reviewed and maybe security audited the > more I generally favor it. > > It would certainly be more of a project, but XMPP supports voice & video > and each participant can use whatever XMPP client their heart desires. > > I know riseup.net has secure chatrooms but everyone would need a riseup > email account. > > Rocket.chat has free self-managed, self-hosted server This version is > fairly feature rich with live streaming, public & private channels and > multi-factor authentication. > > https://rocket.chat/pricing#self > > In these strange & interesting times where millions of people are doing a > lot more online communication and I suspect many very interested parties in > said communications, I'd much prefer a self-hosted, self-managed solution > with as much security, privacy, anonymity as possible > Adding to the list is the matrix protocol. The details start to go over my head, but it has been adopted by the KDE community. I've been looking into setting up a test room and trying the voip/video features, if they exist. matrix.org They still do a lot of the node.js style development that I'm opposed to, but they have the advantage of backing from more reputable FOSS organizations. There's a significant difference from saying "we love open source" and saying "KDE is using us in their project". Their documentation is also much more straightfoward in terms of what is/isn't possible. Matrix is interesting is because the protocol is decoupled from the client and server. This creates more transparency and trust for users. If a particular client or server is no longer secure (by whatever definition of secure you subscribe to), just move to a different one. Features seem limited, but that could change. ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Free Conference Call => "Spotting a a fake web service"
How about Jami ? https://jami.net/ On Fri, Mar 27, 2020 at 1:28 PM Ben Koenig wrote: > On Fri, Mar 27, 2020 at 1:07 PM Mike C. wrote: > > > > > > > One option that was mentioned was FreeConferenceCall.com. > > > > > > Out of curiosity, I casually looked this up via an online search and > was > > > given 2 hits. > > > > > > FreeConferenceCall.com > > > FreeConference.com > > > > > > Both websites appear very similar, but do not obviously reference each > > > other. I do not believe they are the same company despite very similar > > > appearances. > > > > > > I smell bullshit. Someone is copying someone else, and while I don't > know > > > if this is a legitimate attempt at competition or direct attempt to > > deceive > > > users, I'm not using either service. > > > > > > > FreeConferenceCall.com is the original. They've been around for just shy > of > > 20 years. FCC is also open source. > > > > > > > IMO both of these services present a potential for identify theft that > > > goes above my tolerance levels. > > > > > > > Clearly, like anything else, each person has to assess the risks and make > > appropriate choices per the comfort level with the risks. > > > > I generally give preference to Open Source vs closed source and the > longer > > a FOSS application has been used, reviewed and maybe security audited the > > more I generally favor it. > > > > It would certainly be more of a project, but XMPP supports voice & video > > and each participant can use whatever XMPP client their heart desires. > > > > I know riseup.net has secure chatrooms but everyone would need a riseup > > email account. > > > > Rocket.chat has free self-managed, self-hosted server This version is > > fairly feature rich with live streaming, public & private channels and > > multi-factor authentication. > > > > https://rocket.chat/pricing#self > > > > In these strange & interesting times where millions of people are doing a > > lot more online communication and I suspect many very interested parties > in > > said communications, I'd much prefer a self-hosted, self-managed solution > > with as much security, privacy, anonymity as possible > > > > > Adding to the list is the matrix protocol. The details start to go over my > head, but it has been adopted by the KDE community. I've been looking into > setting up a test room and trying the voip/video features, if they exist. > matrix.org > > They still do a lot of the node.js style development that I'm opposed to, > but they have the advantage of backing from more reputable FOSS > organizations. There's a significant difference from saying "we love open > source" and saying "KDE is using us in their project". Their documentation > is also much more straightfoward in terms of what is/isn't possible. > Matrix is interesting is because the protocol is decoupled from the client > and server. This creates more transparency and trust for users. If a > particular client or server is no longer secure (by whatever definition of > secure you subscribe to), just move to a different one. > > Features seem limited, but that could change. > ___ > PLUG mailing list > PLUG@pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Free Conference Call => "Spotting a a fake web service"
On Thu, 2 Apr 2020, Nat Taylor wrote: How about Jami ? https://jami.net/ Nat, Looks promising. Thanks for the pointer. Rich ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Free Conference Call => "Spotting a a fake web service"
P2P FTW! (hopefully) On Thu, Apr 2, 2020 at 3:01 PM Rich Shepard wrote: > On Thu, 2 Apr 2020, Nat Taylor wrote: > > > How about Jami ? > > https://jami.net/ > > Nat, > > Looks promising. Thanks for the pointer. > > Rich > ___ > PLUG mailing list > PLUG@pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Free Conference Call => "Spotting a a fake web service"
> > > > How about Jami ? > > > https://jami.net/ With the exception of a TURN Server, It's refreshing to see a truly distributed network / P2P communication app. I'm by no means a security expert but I like how they handled account management with local crypto keys and blockchain for anonymous account creation and unique usernames that can't be changed. They've also implemented TLS 1.3, ICE and OpenDHT. I also like how they wrote a blog post on Jami's "quirks" for people not familiar with some of the challenges and comprises with a truly distributed / P2P secure communication app. It's these not very "user friendly inconveniences" that become barriers to widespread uptake. Because ultimately we're only afforded the security & privacy that people we communicate with have. I'm very interested to see a security review/audit of Jami. ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Free Conference Call => "Spotting a a fake web service"
On Thu, 2 Apr 2020, Nat Taylor wrote: P2P FTW! (hopefully) Nat, If I correctly understand the web site both parties (or all parties) need to have the application installed; it's not hosted on a server somewhere. Rich ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Free Conference Call => "Spotting a a fake web service"
Rich, yes by definition Peer to Peer connections and distributed networks don't require a central server. However, if NAT is involved between 2 peers a TURN / STUN server is required to handle NAT traversal. As most endpoints are behind an ISP or company router/firewall with a private IP address a TURN / STUN server would almost always be required. But individuals.can run their own TURN / STUN servers at home and/or work. I'm not sure if OpenWRT has this functionality. I suspect it does. Jami also has an account management server which would be good and useful for large organizations. The Jami website has some pretty easy reading blog posts on all of the above topics.if you're so inclined. On Fri, Apr 3, 2020, 5:24 AM Rich Shepard wrote: > On Thu, 2 Apr 2020, Nat Taylor wrote: > > > P2P FTW! (hopefully) > > Nat, > > If I correctly understand the web site both parties (or all parties) need > to > have the application installed; it's not hosted on a server somewhere. > > Rich > ___ > PLUG mailing list > PLUG@pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
