Why I chose @ginlo #Ginlo #Messenger in volunteer - #social #project, #help for structurally weak #families:
For #private purposes #free of charge, #dataprotection & #datasecurity given, based in #Germany, #anonymous possible, #password #protected, #self-destructing #message possible, no #tracking, simple use possible, #encrypted and thus #secure - especially for #children & #youth in #distress.

#humanrights #childrensrights #youthrights #SavetoCall #socialwork #dsvgo

Warum ich mich im Ehrenamt - Sozialprojekt, Hilfe für strukturschwache Familien, für @ginlo #Ginlo #Messenger entschieden habe:
Für private Zwecke #kostenlos, #Datenschutz & #Datensicherheit gegeben, Sitz in #Deutschland, #Anonym möglich, #Passwort #geschützt, #selbstzerstörende #Nachricht möglich, kein #Tracking, einfache Nutzung möglich, #verschlüsselt und somit #sicher - gerade für #Kinder & #Jugendliche in #Not.

#Menschenrechte #Kinderrechte #Jugendrechte #SavetoCall #sozialearbeit

Mit dem #Messenger #Ginlo ist eine Nutzung ohne #Telefonnummer / #Mobilfunknummer und ohne Zugriff auf #Kontakte / #Telefonbuch via #GinloID möglich. Unter Einstellungen noch Anzeige-Name, Online-Status, #Lesebestätigung & #Tippbestätigung ausschalten, damit die #Kommunikation den #Datenschutz komplett erfüllt. Kontakt geht über hinzufügen von Ginlo ID, oder Telefonnummer, oder via Email-Adresse. Am sichersten funktioniert es über die ID. Somit müssen keine #Daten bekannt gegeben werden. #dsvgo

Fertig: Neues Smartphone eingerichtet. Sämtliche #GoogleApps deaktiviert, #FDroid #Signal, #Ginlo, #Fedilab und #Brave per USB Kabel als *.apk überspielt. #Firewall ohne #Root erledigt den Rest. Backstage noch etwas Feinschliff...

@MetaGer @digitalcourage @kuketzblog @StartpageSearch

Fertig: Neues Smartphone eingerichtet. Sämtliche #GoogleApps deaktiviert, #FDroid #Signal, #Ginlo, und #Brave per USB Kabel als *.apk überspielt. #Firewall ohne #Root erledigt den Rest. Backstage noch etwas Feinschliff...

@MetaGer @digitalcourage @kuketzblog @StartpageSearch

@imdat @ginlo is #Ginlo #OpenSource ?

In #Cicero / #Ginlo we all messages are E2E-encrypted. For historical reasons we still use AES256 CBC. So, messages are always encrypted using CBC.

But when I receive the messages, I decrypt and re-encrypt them with a local Account-key. So, each device on which you receive the message has its own AES256 account key with which local data (database as well as attachment content) is encrypted.

This way, we can protect your communication in-transit as well as at-rest/

So far, so good. For local storage we also used to use AES256 CBC with its own IV.

Today, I decided to switch to AES256 GCM with IV and AAD. This has a few benefits:
- HW-supported encryption / decryption on iOS, Android, macOS
- Parallel encryption/decryption: multi-threaded in native code or `compute` in pure dart
- Built-in Verification using Mac/authTag
- And also slightly safer than CBC wrt certain attack vectors

The beauty? Each encrypted data has its own authTag stored separately so that we can also verify integrity of each data item.

While switching to AES-GCM, I also added streamed encryption/decryption for files. This way I can encrypt/decrypt directly from a file into another file without much memory use. This way, we can now (technically) support attachments as big as approximately <Free space on local disk>/2.2.

And yes, it is absolutely super-fast. On iOS/Android/macOS, we achieve about 120MB/s with CBC but 1-1.5GB/s with GCM, including Mac-validation.

On Windows, we "only" achieve about 100-500MB/s (depending on CPU), because there is no native GCM-chip-supported library there.

All in all, it was a difficult week because I had to first introduce "device coupling" (adding device to your account) BEFORE switching encryption method.

Now you can install the new client on a second device, add it to your "old" client, transfer the account to new device, delete on old device, and then transfer back to old device. This way, you easily switch from old, CBC-encryption to new, safer and faster GCM-encryption.

YAY!

#Flutter #DartLang #iOS #Android #macOS #Windows #Linux (hopefully)
#WorkTopics
@ginlo

Yay! 1,000 commits.

#Ginlo #Ginlo_II #Cicero #Flutter

#Messenger on #Apple #iOS / #iPhone ensuring #privacy & #data security:
#Matrix via #Synod.im (element fork without #tracking & without #Google).
#Threema
#Session - Private Messenger
#Rocket.Chat

For the masses, messenger with usable data security:
#Signal
#Ginlo

#Messenger unter #Apple #iOS die #Datenschutz & #Datensicherheit gewährleisten:
#Matrix via #Synod.im (Element fork ohne #Tracking & ohne #Google)
#Threema
#Session - Private Messenger
#Rocket.Chat

Für die breite Masse, Messenger mit brauchbarer Datensicherheit:
#Signal
#Ginlo

Digitale #Kommunikation ist trotzdem „kostenlos“ einfach & #sicher über #EMail: #proton/ #protonmail - #Messenger: #Matrix & #RocketChat, etwas eingeschränkt über #Session, #Signal, #Briar & #Ginlo - #VideoChat: #Jitsi & #BigBlueButton möglich.
#Datenschutz & #Datensicherheit ist einfach möglich, wenn man will, auch für die sozial schwächeren Endnutzer!

3/3

I haven’t been posting #WorkTopics for a while - not because I wasn’t working but rather because there was too much to do.

At the moment, I am at v0.8.5 of #Ginlo_II/#Cicero. I am picking up tickets left and right and cleaning up all the small but important tasks.

We already have a working iOS, Android, macOS and Windows-version of the client and it looks awesome. I will tackle the Linux version probably some time in fall, as that is a little low prio for the moment.

But apart from that, I am very happy with the progress.

What is left (big items):
- Backup/Restore
- Add new device to a Cicero-client (I can current add Cicero as a new device to #Ginlo classic, but I can’t use Cicero as source-device to add a new device)
- Share-Extension for iOS
- Sync contact list across devices - this is a bit complicated because we value privacy very highly. Thus, the syncing of contacts across devices must be done in a way that we, the service operators, don’t see any unencrypted data at all. So, some work to do there.

There are other technical topics, but I am mostly getting there. I also communicated the first beta-release date-range in the company, so I am quite confident. Let’s see…

#Flutter #iOS #Android #macOS #Windows #Linux (hopefully)

This is really going to be a weird week I guess… yes, work on #Ginlo is going well, but there are so many weird things going on that I don’t fully grasp … not to mention explain them.

But, well, tomorrow is another day.

Good night my newfound lovely #NewFriends and rejoined wonderful #OldFriends of #Fediverse. Sleep well and dream a little dream of sugarplums and … people not losing their friends just because “if you want to sit with us, you can’t play with *them*”…

#GoodNightFediverse

@imdat I think nowaways even WhatsApp doesn't require your phone to be online in order to use the desktop app, but I get your point.

I wish you good luck and have fun with the development of #Ginlo 🚀

@wolwe I don’t know that, but as you said it probably is just a webview. In any case, their web-UI requires you to have your mobile phone online.

None of the messengers have an *independent* desktop client. They all require you to have a mobile phone/number.

#Ginlo doesn’t! You can create an account on desktop and use it only on desktop (or tablet) without ever having entered any mobile number. All Ginlo clients are completely independent from each other.

Yes, currently there is only a desktop client for Ginlo Business, but I am working on it…

Also, my goal is to have a desktop client for Windows, macOS *and* Linux. Let’s see

Today’s #WorkTopics can only be called “EPIC” … the list is really too long to put in here, but I hope I can finish most of them today, otherwise tomorrow.

It is Milestone 0.8.3 (sounds small, eh?)

#Ginlo #Ginlo_II #Cicero #Flutter #iOS #Android #macOS #Windows #Linux (hopefully)

So, this was really a successful day. I have finished all of the above, plus:
- Caption on the attachments (“Alt Text” for images, videos, all attachments except audio)
- Show/hide caption while previewing attachment

And on top, some absolutely amazing features:
- Disable “Copy” on messages you send
- Disable “Forward”
- Disable “Share” (export) of attachments
- Anonymous chat (i.e. the other side doesn’t ever see your name/image, just your #Ginlo ID)

MAJOR:
Rotate Profile Key: this is a feature I invented for #Cicero. In Ginlo your profile information (i.e. “name”, “profile image”, “online status”, “status message”) is encrypted with a “profile-key”. The profile-key is an AES256-key. Normally, when you start chatting with someone, that profile key is sent by your client to the recipient encrypted using their public key.

The moment you send them a message, they can then retrieve the your profile INFO from the Ginlo server, decrypt it and then see your name, your profile image and your status message.

But, here is the thing: your client has to send it to them in the chat message.

Now, if you select to “Rotate Profile Key”, *your* client generates a new profile key for you, encrypts your profile information with the new key and stores it on the server.

Then your client sends a “profile updated” notification to ALL OF your contacts so that *their* client retrieves your newest profile info.

But, since your contacts don’t yet have your new profile key, they can’t decrypt the new info and thus, you appear anonymous to them.

Now you can to your chats and send each of the contacts whom you want to have your profile-key a message (as long as that chat is not set to “anonymous”) and then they will have the new key.

The best way to use this feature is, obviously, to block users who are annoying you and then rotate your profile key. Since the blocked users will never get any message from you UNTIL you unblock them, any info they have about you from Ginlo servers is now destroyed.

This is a nice stalker-protection. And since you can set privacy on each chat separately (if you want), you have fully granular control over your own privacy…

#Ginlo_II #Flutter #iOS #Privacy #GDPR #Encryption #Android #macOS #Windows #Linux (hopefully)

Today, I would like to finish the attachment display for #Ginlo.

What works nice:
- Image/Video-Slideshow
- Display any text-file
- Display text-file (source-file) with syntax highlighting (beautiful)
- Playback audio
- Display contact
- Display Location: Here we are missing the ability to “share” the location to the platform’s maps, if there is any

Now, the issue is with all the other file formats. iOS has support for tremendous amount of file formats for previewing. Similar macOS. But Android? Windows? They don’t even have PDF-Support.

Let’s see if we can:
- finish Push Notifications (everything fine except when I install the app from Testflight)
- fix some of the features that I had added but forgot to activate

#WorkTopics #Ginlo #Ginlo_II #Cicero #Flutter #iOS #Android #macOS #Windows #Linux (hopefully)

Digital #communication is easy & #secure via #EMail: #mailbox.org, #posteo & #proton/ #protonmail - #Messenger: #Threema, #Matrix & #RocketChat, somewhat limited via #Session, #Signal, #Briar & #Ginlo - #VideoChat: #Jitsi & #BigBlueButton possible.
#Privacy & #DataSecurity is easily possible if you want.

#education #business #private #digitization #digital #chat #mail #VChat #state #freedom of speech #education