While looking for an app I stumbled upon this one. I followed much of the “messenger wars”, but I never heard of this one before. I know it’s Chinese but on paper it is pretty good:
- E2EE
- no phone number signup
- FOSS
- serverless
I tried it and it works well. Seems to have all the things people like but I never heard it mentioned before, any thoughts?
It says on their website that Zangi isn’t open source…
I see. I completely missed that somehow
“No Registration No Data Collection”
Requires Google Play Store which contains a lot of tracking (thanks Google) and “requires” you to have an account at Google. And with “require” I mean you can get pass Google’s shit with Aurora Store, but that shit doesn’t always work properly because Google is trying to block it or something.
I mean it’s not FOSS so I won’t use it, but if Aurora doesn’t work you can just install it from apk
Yes, but you can’t download the APK file at all. You have go through Google Play Store to install the app. All download links on zangi.com leads to Play Store (for us Android users that is). Or have I missed something? :)
Looks pretty terrible honestly. Besides what others have said, just visiting their site jshelter says they are fingerprinting you, uBlock Origin blocks a bunch of stuff like google fonts, Facebook, fastly, and a bunch more.
Then there is this ‘Zangi is based on new 5G-standard internet transport technologies, which provide revolutionary results in real-time communication.’ Which is asinine on a bunch of levels.
Just use SimpleX, it works great.
As long as the app is not open source, they can claim anything without being true.
It’s not? I was under the impression it was
From where?
That’s not entirely true. “Source available” could still be read, audited, etc. but does not allow redistribution and/or modification (or restrictions to those such as can only be compiled for personal use or for nonprofits/collectives). Such a project couldn’t be labeled “open source” under the strict definition, but should still meet the important criteria for verifying any claims made about its source.
Source available if only requeated is not enough, the big benefit is when any one can at any point check the code on a whim. Not ask for a permit and wait until the company decides(if they decide or just leave you hanging) to give you a copy of the code.
Besides the fact that even in this scenario, malicious code can be hidden.
Who is suggesting the source is only available on request? You can be GPL-licensed & both hide the source from public and compile something into the source later. You can even request money to get the source and still be GPL & “open source”.
“Source available” is just the fallback term for software whose source is, surprise, available (publicly or not), but isn’t redistributable or allowed to be modified (or has restrictions about who can redistribute or modify). This is why I get leery about the usage of “open source” & having a positive connotation while “source available” does not even if it can offer similar guarantees (& one could argue it could offer more user freedoms by prohibiting the capitalist/exploitative elements–ala Commons Clause or similar–but then the software can’t fit the narrow “open source” definition). This sucks since in practice something like Peer Production License or Prosperity/Parity licenses have the spirit of open source that most users colloquially think of for the term while not being recognized by the OSI (who get to define the narrow usage of “open source”).
Digression aside: in terms of being able to read the source for auditing, “open source” does not necessarily guarantee any more availability than “source available” for the purpose assessing privacy.
(You can take your downvote back now)