Agreed on both points. XMPP is nowadays so much different than decades ago. I've migrated my family to Conversations and they're super happy with it.
Google's constant messanger churn tires regular users that just want to communicate instead of taking part in Google's internal political/promotion experiments.
> Where is symmetric key cryptography used for nowadays in normal applications programming?
Practically every time you use asymmetric keys what they really encrypt with them is a symmetric key that encrypts the underlying data. Thus symmetric key cryptography is everywhere, just not directly exposed.
I don't know why but comparing Matrix.org Foundation with standardization organizations such as IETF seems just not right. Maybe it would be more correct to compare Matrix.org with XMPP Software Foundation?
This is mostly for legal reasons and the "for X" where X is a trademark is a common theme. (just look at Google Play store "for Twitter" or "for Reddit").
Indeed that is likely but I wonder why didn't they at least require a Developer's Cerificate of Origin [0] that kernel.org uses. This is really lightweight (just append one line to git commit message) and supposedly provides a minimum legal base for the change. IANAL.
> they have been receiving legal letters from S440 SA demanding the removal of any negative articles and user comments from their websites about the UseCrypt Messenger app
I guess S440 never heard about the Streisand effect....
> To defend against an attacker sideloading a different OS, I rely on secure boot to only load my kernel and hence my userspace.
You could additionally seal the TPM key to specific PCR values so that only booting your kernel would allow using that TPM key.
> kernel, but potentially not root, could be able to change the tpm keys on an x86 system?
Depends on what do you mean by "change". They can't extract private bits but they can remove and add new ones. But if the data is encrypted using the old key it would become bit recoverable.
You may want to check out Dino.im. For easy XMPP there is also Quicksy.im that's a fork of Conversations (from the author of Conversations) but using contact book for people discovery.
I'd rather advise to use Web Key Directory that is trivial to setup (have https and put a key file in one special location). WKD is also widely supported by OpenPGP software (including ProtonMail, GnuPG, OpenKeychain).
As far as I've seen the proof integration is used only for Mastodon insurances and Keyoxide supports all of them by default: no need to ask for permission, no weird conditions to enter like, instance has to be bigger than N people.
I see this as a way to control who gets into Keybase. A perfect example of centralized control. The idea of programmable proofs looks good though.
> If you have any suggestions as to which E2E (group) messaging+fileshare+git platform I could use as a replacement for Keybase I'm all ears.
Sadly I won't help you with that. There are a number of services that want to eat Keybase's cake now but neither of them hits all points on my scale. So I'm using mostly several different services to get a semblance of the Keybase experience.
> There's things like https://keybase.io that did try to solve this to a reasonable extent, PGP but more modern. It looked hopeful, but Zoom seems to only keep it on life support. Maybe someone will continue
It seems there's already Keybase like solution using OpenPGP only (no centralized infrastructure needed): https://keyoxide.org/
Google's constant messanger churn tires regular users that just want to communicate instead of taking part in Google's internal political/promotion experiments.