threema-android VS pantalaimon

Such apps exist. Essentially they require a license key before accesing. For example, Cryptomator (github) and Threema (github) .

The source code can be found here: https://github.com/threema-ch/threema-android. Just clone it and start adding your language, then submit a PR.

DESCRIPTION: Threema is one of the most successful Swiss app developers and offers secure chat solutions for both individuals and organizations. We have been committed to security and privacy protection since 2012. Our messenger, which is used by over 10 million people, is open source and has been audited by independent companies multiple times. Our company is characterized by flat hierarchies, a relaxed work environment, strong team spirit, and sustainability.

look: https://github.com/threema-ch/threema-android

If you choose "maximum quality" in the settings and the other user choses "balanced" and is on a metered data plan, then you will both get the "low" quality profile. Additionally, if a call is being relayed over Threema servers, because a direct connection cannot be established, then the max profile is also excluded. Only if both users choose "maximum quality" in the settings, and if the call takes place over a direct connection, then that profile will actually be used. That logic can be found here: https://github.com/threema-ch/threema-android/blob/c3eb92a10166a9912056cfcd8f81f4df9c07f835/app/src/main/java/ch/threema/app/voip/util/VoipVideoParams.java#L186-L231

Github. android ios And others you can find if you click thru the threema webpage

https://github.com/threema-ch/threema-android/commits/main

It's one commit per version. Contributions go to a private email instead of a public mailing list. All development happens in private and pushed to the public in a version bump with no changelog.

So yeah it has an AGPL License (which is good) and meets the minimum of FOSS requirements, but it gives of the feeling that they're following the letter, but not the spirit of FOSS.

I would definitely not use it or push any friend to use it.

Well, if you want end-to-end encryption, then obviously that's going to be hard to write from scratch(!) - especially if you want it to be secure. However, we make it trivial to get up and running by piping your client through a proxy like Pantalaimon (https://github.com/matrix-org/pantalaimon/) which takes your normal traffic and makes it E2EE.

Not sure which "any of the other tablestakes features" you have in mind... obviously if you want loads of features, then you're going to have to write a whole bunch of code to implement them in your client, or build on an existing SDK like matrix-bot-sdk, matrix-rust-sdk, matrix-js-sdk etc. Not sure that's a disadvantage of Matrix though(!)

I've tried to set up some Matrix projects. The Client-Server API is easy to work with, but as soon as encryption is involved, things start getting messy. Many libraries have a hard time working right with E2EE enabled, because suddenly you need to keep track of all manner of things that aren't always documented well.

I tried to hack E2EE in by using Pantalaimon [0] but running that on a server with the necessary management capabilities is very tricky and doesn't do cross signing, so I've come to the conclusion that it's effectively useless for my use cases.

Every now and then I check back on the current state of E2EE in libraries and it does seem to be improving. Hopefully the entire process becomes easier next time I get the time to work on my proof of concept code.

[0]: https://github.com/matrix-org/pantalaimon

It takes a bit more configuration, but possible via pantalaimon