Working on the foundation of this (getting Wire deployed at and certified by the BSI) was my first job out of college 7 years ago and how I ended up in Berlin. And once you end up in Berlin you can never leave, it seems.<p>I was actually on site at the Bundeskanzleramt and they had requirements of being able to install the entire server stack airgapped. We ended up building quite a cool delivery method based on Nix to ship the whole closure of the system and the containers inside and spin up a Kubernetes cluster with it. I'm wondering if it is still being used.<p>Amazing to see it's still going strong :)
What was the media for updates? Send them a CD or a flashdisk and they plug it in? I assume the PVC backing etc they handle on their own?
Yes, updates were delivered using a flash drive.<p>> PVC backing<p>Yeh. But wire's storage is based on Cassandra which handles replication of storage. So you could deploy it on local nvme drives as well using a local storage CSI.<p>That's also how the wire.com cloud is/was run. Large Cassandra cluster on top of EC2 Instance Store as opposed to EBS.
<p><pre><code> > first job out of college 7 years ago
> Amazing to see it's still going strong
</code></pre>
Yup, sounds like a government project...
The earliest doc I can find quickly shows that the BSI already recommended Wire in 2021 (at least; couldn't find anything earlier). The actual authorization seemed to have happened some time in 2024, but it's possible that just nobody asked for the formal approval before that.<p>What I'm saying is - just because the BSI authorizes something, doesn't mean that it has to reach the Bundestag ;)
there is a definite irony in switching from being vendorlocked to Signal (open source but closed and locked to a US non-profit) to being vendorlocked to Wire (open source but closed and locked to a German/Swiss for-profit) - talk about jumping from the frying pan into the fire :)<p>Meanwhile the rest of Europe (and much of the rest of Germany) seems to have converged on Matrix as a genuine open standard with various different commercial vendors (Element, Rocket Chat, Famedly, connect2x etc), avoiding vendor lock and so giving actual digital sovereignty: <a href="https://element.io/matrix-in-europe" rel="nofollow">https://element.io/matrix-in-europe</a>
> The Bundestag administration actively provides Wire as an alternative to commercial platforms such as WhatsApp or Signal.<p>Any idea why Signal is deemed a "commercial platform" by DBT administration?
One of my most esteemed former co-workers used to say that whenever you succeed in making something idiot-proof, the universe will create a better idiot, undoing any progress you made.
I'm very curious where that saying comes from now. I haven't found anything conclusive, like [1]'s friend I thought it might have been Douglas Adams, but a few references refers to it as "Grave's Law". After a few searches, I can't find any references to that which I can date further back than '99. But variants of the saying is at least as old as '89 (Rick Cook's version in [1]), but it's the kind of thing that sounds like a sufficiently "obvious" extension of the far older view that human stupidity has no bounds that it feels surprising if it is that recent.<p>[1] <a href="https://www.samyoung.co.nz/2025/03/building-better-idiot.html" rel="nofollow">https://www.samyoung.co.nz/2025/03/building-better-idiot.htm...</a>
Anybody care to give their take on which alternative messengers are better for everyday use? Alternative as in not owned by mega corps. Does Signal have the best UX for non-technical people or casual use? Would be nice to move some conversations over to such a messenger, but don't want to force the other parties to experiment too much.
signal 100% has the best UX for non-technical users <i>out of messengers i'd actually consider reasonably secure</i><p>the best on ux is probably telegram, but i'm trying to move a few people off it anyway
I'd say that Threema has better UX than Signal, but both are fine. Neither great, but fine
I have 70+ year old relatives who use Signal. It works quite nice. Similar to whatsapp.
Are Wire, Signal, Telegram backed by mega corps though?
Beeper is owned by Automattic (of Wordpress fame). They’re a corp but I wouldn’t call them mega and they use matrix which is an open federated protocol.<p>You can run your own matrix server but tbh it’s easier for someone else to do it.<p>Not to mention the obvious advantages of their bridges into the closed networks of WhatsApp/fb/x/instagram etc
the ones most of your contacts use, what's the point finding perfect messenger if nobody you know use it and you must move people over there and anyway keep installed other app for most of the contacts?<p>here you have chart comparison<p><a href="https://www.messenger-matrix.de/messenger-matrix-en.html" rel="nofollow">https://www.messenger-matrix.de/messenger-matrix-en.html</a><p>and alternative<p><a href="https://www.securemessagingapps.com" rel="nofollow">https://www.securemessagingapps.com</a><p>personally I like Element (Matrix) and Threema<p>edit: btw. signal best UX? do they finally show users how to force send unencrypted SMS or you still have figure it out with google? I remember their great UX when they were forcing PIN verification with nag screens taking half or whole screen, which was the last drop I moved with whole family away from that PoS, let alone how unreliable it was, whole network down because admin in US sleeping waiting hours until he fix it, their approach (aka hatred) to users reminds me Firefox devs, left Signal even before it became popular
<a href="https://matrix.org" rel="nofollow">https://matrix.org</a>
Now, I'm pretty confident to say that this is obviously just a red herring to distract from the fact that Frau Klöckner simply fell for a phishing attack. The usage of Signal wasn't the real problem (besides that it isn't formally approved for comms).<p>But since this whole ordeal started, I'm divided where to place the blame (besides the attacker, of course):<p>- Can we really victim-blame someone for falling for an attack? Sure, people in positions this important should know better, but I don't think we should put the blame on the victim.
- Should we blame Signal for even providing the functionality that allowed the phishing in the first place? Signal announced changes that supposedly makes phishing harder, so apparently, something could've been improved before?
- Should we blame the software-world entirely that having credentials that can be shared is even a thing? (Looking at passkeys)
- Should we blame society that the knowledge about phishing attacks isn't ingrained into every person? (being a bit hyperbolic here)
- Should we blame the administrative staff that allowed exposed politicians to even have apps that make phishing possible? It would be possible to make a super-secure messenger that needs much more verification than just "having the credentials". It's just super annoying and impractical for most people. Should we prevent exposed politicians from even having access to not super-secure messengers?<p>I feel like things could be improved to prevent phishing attacks in the future. I just don't know what is the most sensible point to start.
> often, the technology is not the weak point, but the human.<p>Also doesn’t help that the humans doing the legislating tend to be of the “I print out my emails” generation
Wire seems fine, better than many alternatives, but ditching Signal because of the possibility for phishing seems very odd?
Odd? No, it's normal politician behaviour. Julia Klöckner herself got hacked because she is not aware of phishing. To distract from her incompetence, she urges to switch to Wire to implicitly blame Signal. It's obvious what's going on, but people have so little knowledge about digital communication and security that she will get away with it. Poor woman got hacked by insecure Signal, people will remember.
As an argument, it barely passes initial scrutiny suggesting the real reason is not that.
The bundestags president, Julia Klöckner, was recently a victim of phishing on signal. While there could be different motives behind her suggestion, I think they are just another facet of her not really understanding technology and security practices.<p>She thinks she was "hacked" on signal, and now wants to switch to something which is clearly better! Let's wait where she will want to go once she gets "hacked" there too...<p>While there are valid reasons for germans not to want their politicians to use private messenger apps on their private phones for official business, and american ones at that, this switch would of course change nothing about all of these problems. But at least they can claim they did something, right?
<< While there are valid reasons for germans not to want their politicians to use private messenger apps on their private phones for official business, and american ones at that,<p>Personally, I am starting to think we should ban politicians from using smartphones altogether possibly followed by other technological restrictions. It is part of my: "They Will Hate it: Good" portfolio of ideas to improve the world or at least make it a little more funny.
My tin foil hat says it has something to do with chat control, i.e. being able to intercept messages or to siphon messages from Alice or Bob directly.
[dead]
This site seems to demand cookie consent for access (is that legal in EU anyway?) so can somepne provode tl;dr?
It is a grey zone. Some of the data protection authorities in EU have said that it's okay to do pay or consent while others have said it's not okay and it hasn't been tested by the EU court yet.
I think the law is actually pretty clear on that front, that it is not ok, but in the meantime, all the big publishers do it and make so much money, they actually don't care much about fines, especially given the chance they might get levied against a competitor first, at which point they can quickly change that behaviour.<p>As so often, the biggest GDPR problem is missing enforcement.
It’s called “pay or okay” and condemned by noyb: <a href="https://noyb.eu/en/noybs-pay-or-okay-report-how-companies-make-you-pay-privacy" rel="nofollow">https://noyb.eu/en/noybs-pay-or-okay-report-how-companies-ma...</a><p>But actual enforcement of GDPR has always been shoddy. First the “legitimate use” loophole, now this.<p>It’s a bit ironic that heise does this, since they probably have one of the most sensitive readerships to this.
The EU Data Protection Board, which unlike noyb is an official part of the EU, albeit not from the judicial branch, has also come out against pay-or-consent.
This seems silly. Signal is great, let's not all start spinning up our own dedicated, not interoperable national messenger applications.
Europe wants to use European infrastructure. Reasons given are politeness.
The problem though is, using undocummented communication channels on private phones by people not technically inclined. That Signal is an american company and subject to NSA scrutiny while the users a politicians of a foreign goverment only makes this worse.<p>So, national messengers, controlled by experts, that archive communication and run on trusted hardware, would be the best solution for the work of democratic goverments I would think.<p>Of course, the possibility of software quality and security experts in service of the goverment is probably just wishful thinking.
Kumbaya?<p>Good idea, let's all live in peace and harmony. (But first we need to sanction and regime change all the bad countries.)