"(2010) AOL has sold ICQ to Digital Sky Technologies (DST), Russia's largest Internet company, for US$187.5 million. DST's offer was apparently more attractive than those of Russia's ProfMedia and China's Tencent. ICQ, originally released in 1996 and bought by AOL in 1998 for US$407 million, was one of the world's first major instant messaging systems. Although largely forgotten in English-speaking countries, it remains widely popular in Central Europe, Russia, and Israel. Moscow News has additional coverage of the deal."
Some more context: DST was renamed to Mail.Ru Group, and is now owned by one of the russian oligarchs (Alisher Usmanov). They also control all the largest russian social networks (some like VK through hostile takeovers) and is widely reported to pipe all the data directly into russian secret services
(Legacy) ICQ has widespread adoption in the criminal underground. If you were a security service it probably had the highest signal to noise ratio of any network.
My take on it is that when MSN Messenger came out, they stored the contacts "in the cloud" (which was a new concept back then). So let's just say hypothetically that Windows 95 crapped the bed with a true blue screen of death, you'd re-install MSN Messenger and bam, your contacts were back. ICQ kept contacts local and if you lost them, you lost them.
True, but they caught up within one year and had the feature. Then they heavily bloated the client, then released a "lite" version which really brought them back on the map. Then facebook came and suddenly it was cooler to communicate non-instantly for some time. :)
Do you remember that feature that you could use to "call someone's attention"? It would make a lot of noise and the window would shake like crazy in your face.
IT was great for dating around 2000. Search by gender, age, city, open conversation and try my luck. Ended up in ~4 year long relationship from random contacts.
> it remains widely popular in Central Europe, Russia
It used to be popular in Russia to the point of being synonymous to instant messaging, but it's since been largely forgotten. My current circles use VK and Telegram. WhatsApp is also somewhat popular apparently but not so much around me. If ICQ ever pops up in conversations these days, it's always something nostalgic (also, back then no one used the atrocious official client).
AOL missed an opportunity to create a cross compatible family of AIM, YIM, ICQ. Different apps with different features, or different interfaces targeted at different audiences, that can all do roughly the same thing.
Same here... I haven't even thought about it since the turn of the century!
I only used it a couple times. A colleague asked me to install it so we could work together on a project. If I recall right I started getting messages from people I didn't know so I deleted it shortly after installing it.
The sale was actually blocked by the federal government for a period of time and AOL continued to run the back end servers for icq until just a few years ago.
"ICQ New does not encrypt your communications. In addition, your communications may be routed through different countries - that is the nature of the Internet. ICQ New cannot accept any responsibility for any unauthorized access or loss of Data."
> - dense UI (less whitespace meant more information packed into a smaller window that took up less of my screen)
Yesterday's thread about DECUS and HP's OpenVMS hobbyist program opened a can of nostalgia worms so I remembered that my first laptop was a late-Digital era 11"-screen laptop with a pretty low-res screen (800x600, I think?).
I used ICQ on it and its interface was about as awkward as Skype's is today -- except today I'm running Skype on a laptop with about twice the screen estate. It's a little silly that all that research work in the industry -- and all that money I've paid -- went into screens that I now use just to display more whitespace.
I know it's supposed to help with touch screens but a) my laptop -- like most laptops currently in use -- doesn't have one and b) this isn't 1997 anymore, UI toolkits today make it trivial to adjust element sizes and paddings so that they're appropriate to whatever pointing device is currently in use.
Which version of ICQ are you referring to? I was running ICQ on a 640x480 monitor back then and i remember it having a very compact window[0] which i always had it visible.
It's been so long I really can't recall anymore. (Edit: but just like you, I do remember that I had the ICQ window visible at pretty much all times, and I could comfortably fit an Emacs window, the contact window a chat window on my desktop's 1024x768 screen.)
That being said, the window in that screenshot is about 200 x 320 px. It would have taken about a third of the horizontal space of the screen, and about 2/3rds of the vertical space of a 640x480 screen. It was certainly usable -- way, way more usable than Skype on a full HD monitor today -- but lots of stuff was claustrophobic in 640x480.
(Then again, most modern apps are practically unusable if you resize their window to 640x480...)
Sadly Skype and similar programs tend to take more physical space on my monitor than ICQ (and MSN Messenger, especially the original versions like the one included in Windows XP) ever did :-/
The latest version of ICQ was huge (think Windows XP skin), at this point I started using the QIP alternative client which was even more compact than the first version of the original client.
When everybody started using Miranda, Pidgin file transfer pretty much broke due to client incompatibility. That was a sad moment, they had a nice product but stopped listening to the users.
Pidgin[0][1] supports a great deal of protocols and there is "End-to-end encryption, through Off-the-Record Messaging (OTR)" plugin you can install that can be used for just about everything it supports. If ICQ NEW still supports OSCAR it can probably used out of the box, there is also a plugin[2] for the newer WIM protocol.
Pidgin feels like it's dated by now, doesn't support much, does it even support Matrix (out of the box)? I think it still lists some dead protocols last I looked at it too.
pidgin doesn’t support matrix out of the box; we did write a prpl a few years ago but it needs a maintainer to make it properly fit for purpose: https://github.com/matrix-org/purple-matrix
I still use Trillian just for the UI. I can have several chat windows open along the top of my screen without taking up much of my working space. Since I work remotely from most of my colleagues this is priceless and I don't know what I'll do when I am forced to switch. I was also a heavy ICQ user from the 90's into the early 2000's for all the reasons you cited.
Pasting this reply I found elsewhere. Should be accurate to my knowledge.
Yes to Slack! Ask whoever manages your organization to enable XMPP or IRC gateway connection, then add the appropriate type of account to Trillian. You won't have access to rich cards or shared files from within Trillian, but you will be able to read and send messages to channels and individuals.
Telegram is banned in Russia and this new ICQ is being launched by a russian company with strong ties to the russian government, so it could be their attempt at replacing somewhat private telegram with something they can openly monitor
They already tried that with TamTam (https://tamtam.chat/) which is also owned by Mail.ru Group. I don't know anyone who uses it though and ICQ had a huge userbase in early 2000's in Russia, so maybe that's the reason?
None of us used official client. Only reason it was popular is because protocol was reverse engineered and there were clients for everyone. This is just capitalizing on ICQ name that many of russians feel nostalgic about.
I still remember my 7 digit invisible vanity number.
Just to make it clear, telegram also tied to the russian government, and they developed telegram based on the message protocol from website vk.com which also owned by mail group.
Its just propaganda move to ban Telegram to make it look independent
Mail.ru Group is controlled by Alisher Usmanov, an oligarch from the 90s and an old friend of Putin. Few years back Mail.ru group with the help of russian secret services staged a hostile takeover of VK, biggest social network in russia, essentially forcing the founder to leave the country. Since then VK data has been freely available to any russian enforcement agency, or even anyone pretending to be one. In russia there isn't even a pretense of privacy/independence from them, everyone knows FSB&Friends have unrestricted access to their stuff
Except Telegram also lacks the most important feature, ubiquitous E2EE. Russian state employs a lot of hackers and you're really fooling yourself if you think Pavel Durov can harden his infrastructure to protect from an entire state sponsored cyber army with its zero days. When they hack Telegram's servers, all messages are bound to leak.
And those messages are the ones that reveal your intention to hide messages. That metadata is some of the most valuable.
Also, people don't really want to use secret chats because they aren't cross platform. Sure, some people only own phones, but those that switch to laptop/desktop computer don't want to whip out phone hundreds of times a day, but opt-in for the insecure cloud chats that are accessible with simple alt+tab.
So yeah. Sure, secret chats can be mostly secure, the problem is the E2EE isn't practical to any reasonable extent and again, using it leaks metadata.
Almost nobody I know uses encrypted chat in Telegram because it has such terrible UX. I don't have a single encrypted convo either because when we try, we always go back to our unencrypted one.
For a good UX impl, check out Keybase. It's encrypted chat feels just as good as Telegram's unencrypted chat.
The FAQ item you mentioned is in direct contradiction with cybersecurity experts who have been saying for years that WhatsApp is more secure than Telegram.
This debate has taken place over and over again on HN, there's nothing new here.
Well, now about a half of decade passed since that expert opinions were raised. And no data-breaching bugs were found in Telegram, but there were plenty of them in WhatApp.
Surely, that doesn't mean that expert were wrong, but at least mentioning that in Telegram vs WhatsApp debate doesn't look like a strong point.
Its funny and sad that telegram developers at the same time dismiss their own past history of security vulnerabilities with "all programs have bugs", but then they attack an app with superior encryption protocol by complaining about those same bugs that get patched when they are found. Pathetic.
And like heinrich5991 said, there's no need for backdoor or vulnerability when the data leaks by design to the server.
And no secret chats aren't an option. E2EE needs to be cross-platform and enabled by default. Signal can do it, Wire can do it. Telegram can't, because the developers are completely incompetent.
Pointing to Telegram's own claims to say that they are secure seems strange. I tried reading anyway. When it started claiming that Signal didn't allow for backups I gave up.
This is misleading propaganda that ignores proper cryptographic design. It relies strongly on whataboutism and dismisses properly designed protocols as niche without really arguing from any other viewpoint as appeal to popularity. Furthermore, Durov employs backwards logic, circular reasoning, and double standards. There's no room for good faith when Durov intentionally ignores concerns of the entire infosec community. When Bruce Schneier and Matt Green tell people to avoid your product, that's when you look in the mirror and ask "what am I doing with my life".
The first case might be true (at least until homomorphic encryption matures), but client-side encrypted cloud backups are already a thing, e.g. Signal is working on it: https://signal.org/blog/secure-value-recovery/
Just stop and think about it for a second. End to End Encryption means that the data is encrypted between TWO ends, your device and the device of your chat partner.
Now, by downloading and decrypting it on another device, you are adding a THIRD end where is is accessible. To achieve that, you have basically two options: one is to pass over decryption keys to a new device (potentially breaking E2EE security model for another guy who does not expect you to use 2 devices without his explicit authorization), and another approach is to do an own encrypted archive to store data and sync between your devices. You basically encrypt data and store it on a server, decrypting it with your password or certificate or something that you share between devices. It's not E2EE at all, actually, cause you'll be breaking the security model for some convenience, because the idea of e2ee is to communicate only with devices, each and every one of which were authorized by you. If you don't follow this rule, you make a travesty out of E2EE, basically stating that all you really need is a nice and cozy feeling of being secure, not true security.
You have to face it: true E2EE is not achievable without significant sacrifices of user experience.
>Now, by downloading and decrypting it on another device, you are adding a THIRD end where is is accessible
You're not thinking straight. End-to-end encryption does not refer to two devices, it refers to two parties. If you have two devices that can receive the message, that's still only accessible to you.
>one is to pass over decryption keys to a new device (potentially breaking E2EE security model
That's just stupid, you can scan e.g. public key of the other device and then have your device send packets to that
>and another approach is to do an own encrypted archive to store data and sync between your devices.
Which is perfectly valid provided the user has to create sufficiently secure password.
> It's not E2EE at all
The reasoning how you came to claim this is beyond moronic.
>actually, cause you'll be breaking the security model for some convenience
You aren't breaking anything. Claiming things without reason is moronic.
>because the idea of e2ee is to communicate only with devices
No the idea is only you and your peer have access to the data. You can't be serious.
>each and every one of which were authorized by you
Yeah that is kind of what happens with proper E2EE, only you have access to your data on devices you've authorized by e.g. scanning the QR code of the trusted instance.
> basically stating that all you really need is a nice and cozy feeling of being secure, not true security.
Geez, maybe start by learning how cryptographic protocols work before making such claims.
>You have to face it: true E2EE is not achievable without significant sacrifices of user experience.
Majority of them are with smart cryptographic design. The claims you made were more hand waving than I've ever seen before. Incredible.
That only helps if you know you're not discussing anything sensitive. The problem is, people often do discuss sensitive matters. I don't think I even need to quote Cardinal Richelieu here, this is hacker news, no need to preach to the choir.
People can't threat model because they don't really know what the governments consider interesting and a threat to their exercise of power.
I think the point is that they're upfront about it, so you can treat the communication as though it were public (which is a pretty good default assumption for communicating on the internet in general).
I'm one of those people that refuses to accept that "privacy is dead"; but there's also a lot of casual/low-stakes communication that I treat like a personal conversation in an IRL public setting, operating on the assumption that a stranger can/will overhear it.
I just explained, people don't know how to threat model. An average Joe doesn't think "Whoa Ok, so this is TLS only, that means I should assume the server has access to content that might have implications depending on policy, level of government collaboration, and that foreign actors might also have access if they hack the server. Therefore, I should evaluate in real time my conversation, constantly thinking how an outsider might perceive it, and if the other peer starts talking about something private, pack my bags and move abroad".
>I'm one of those people that refuses to accept that "privacy is dead
I never claimed it was. I was making the point that you should protect everything so you don't leak metadata about when you're having private conversation. That's exactly what happens when you e.g. enable secret chats in Telegram. You're telling the company "I'm now talking to Bob, and I'm intentionally making the decision to not share that data with YOU". That's really, really valuable metadata to governments.
It's owned by Alisher Usmanov (Putin's oligarch friend), all their other products (VK, Odnoklassniki) send all the data straight to the russian secret services, of course there isn't and won't ever be any encryption
Lots of people working remotely. In Russia foreign companies that won't share keys with government are banned so domestic market has room for insecure apps.
All companies that use strong encryption are banned. Domestic companies can't use proper encryption so they aren't really banned, lest they go under very fast.
Weirdly enough, they also have a European version of the privacy policy, at https://privacy.icq.com/legal/privacypolicy/eu which is quite different (but no word on encryption), and on https://icq.com/security-calls/en it states that video calls ARE e2e encrypted, its a weird mix of parts encrypted, parts not, part GDPR, some not it seems.
The ICQ “uh-oh!” sound is still the iMessage custom sound for my best friend’s contact, because I remember spending sleepless muddy summer nights of 1999 chatting with him on the crazy realtime chat feature.
Yup. It also had random chat feature which i enjoyed quite a lot. Made my first online friends (whom i ended up meeting in real life, and are still friends with to date).
Deeper down in the comments you get a story about how this sound came to be. Who knows if it's true, but it's more fun to give the benefit of the doubt.
Scott Chapman:
> The actual origin of the Uh Oh sound: My ex wife and I used to talk in Squeaky Voice a lot and were quite good at it. I used both WS_FTP and ICQ back in the day and I made the original recording of this sound and sent it to one or both of those companies. I think I sent it to WS_FTP first where it was used to indicate an error in connecting to a remote host. I don't recall if I sent it to ICQ or if they got it from WS_FTP. Someone below said it came from Gremlins. That is not the case. Happy Trails!
DJHEADPHONENINJA replies:
> Why would you just record your voice and send out to companies? Sounds pretty weird man. I'll go with Gremlins because I just watched the movie and heard this sound effect so I had to google the true origin of the ICQ sound.
Scott returns:
> Go with gremlins if you like but the sound is not the same. Back in those days it was not about remuneration.
After installing ICQ for the first time, I distinctly remember thinking that ICQ straight up copied the sound from WS_FTP, which I had already been using for a while and where it was used as an error sound. They are definitely the exact same samples. Interesting to hear the story.
I'm very nostalgic too. It was the beginnings of the Internet in France and this is the first app my brother installed on my computer, he told me "with this you can make a lot of new friends around the world" I was so glad everytime I heard this sound.
Remember about 20 years ago, when it was about protocols and not about brand names? You could have all the chat services in one client, complete with merging contacts from different services.
Nowadays, you have to jump through hoops to get even a few of the messaging services in one program, it's clunky and barely works, and you'd be breaking terms of service of half of them. Also, it would break anyway in a week or two, because the service owner changed something in the proprietary protocol.
Fortunately, with Matrix and a few other pioneers, it's getting better again, but in the meantime, there is an entire generation used to having their communication hamstrung by american corporations.
It was all about brand names 20 years ago too. None of the big IM services of the time were interoperable. The only reason Trillian worked was because its developers put enormous amounts of work into reverse-engineering proprietary, undocumented chat protocols. Periodically a protocol would change, and then Trillian would stop working with that service until the developers could crack it again. At one point AOL got serious enough about blocking Trillian access to AIM that they were changing the protocol every couple of days.
I guess what I’m saying is, things sucked just as much then as they do now. Maybe more! Sigh.
That's not necessarily true. Jabber was a huge protocol already and IRC was big too and those were not about brand names. Jabber was even so ubiquitous that Google Chat/Talk both used it as a backend. You could add Google Chat to any client that supported Jabber. It wasn't until AOL got wind of AIM being a way to grab more ads and cash that things changed.
Twenty years ago was the year 2000. Trillian first shipped as freeware that year, and shipped its for-pay "Pro" version in 2002. Jabber/XMPP development only started in 1999, and didn't reach RFC status until 2004. Google Talk didn't ship until 2005, and didn't support federation until 2006. The heyday of "XMPP all the things" was from 2008-2012 or so, with the high water mark being the adoption of XMPP by Facebook Chat circa 2010. (A decision they eventually reversed a few years later.)
IRC was of course always open, but that's kind of orthogonal to this discussion as it never really had any traction with the general public the way AIM, ICQ, Yahoo! Messenger, etc. did.
I posit that things sucked less back then. Sure, there were some protocols whose owners would break things on purpose, but on the other hand, those times gave us libpurple.
Also, users weren't yet conditioned to expect proprietary chat apps and nothing else back then. Recently, I installed a small family Matrix server, for chatting and sharing photos. I had one heck of a time explaining that the client app (Riot) is named differently from the protocol (Matrix). And I'm glad I did not have to explain why the server software has yet another name (Synapse).
(In the end, I went with comparison to e-mail, which has different clients like Outlook or Thunderbird. That seems to have lit some overhead lightbulbs. :) )
I used Adium, but same. For years, I had chat that was clean, simple, and it didn't matter what service people used. Then I worked for a company that used HipChat, which originally worked on Adium but stopped working at some point. Then the company switched to Slack. Then friends dumped AIM and GChat for Facebook Messenger and Signal and iMessage.
Now not only do I have a million chat apps again, but they're almost all a godawful resource hungry non-native UX disaster. :(
I still use Pidgin on my Linux desktop. The old, deprecated GTalk plugin still works, and I prefer it to keeping a Gmail/Hangouts window open for chatting those contacts.
I still remember my ICQ number. A few people used AOL/AIM, but ICQ was very popular for some time, I had more contacts on ICQ then I ever had on Facebook. Then Microsoft shipped their own Messenger pre-installed on Windows, and people started using Messenger instead.
Then came Skype, which replaced the desktop phone. And more and more moved over to Skype.
Then there was clients that allowed you to use both AIM, ICQ, Messenger and Skype) finally you could have all your contacts in one place. But Google also wanted to join the game, launched their own G-talk, then bought and shutdown one of the most popular multi-clients...
So what should I use at this point? Lets go with Skype. Then Microsoft bough Skype. And kinda crippled it... So people started to use the chat on Facebook... And then the Smartphone market become really huge. So the big players turned their focus on mobile. Opening a void on desktop, which was later filled by Slack...
Strange that there is no mention of encryption... which is the very first thing I want to see mentioned. I am happy to see a new app because I _do_ feel like there's still no chat app that checks all the boxes (not owned by an advertising-funded/creepy company, E2E, great UI, no weird home-grown ciphers, not funded by the US gov't, cross-platform). But E2E is an absolute must.
(As a Russian) I feel worse about the Russian gov't -- Signal's American gov't funding is a red flag, but afaik Signal has not been compromised by this (Signal's awful UI is why I don't use it).
On the other hand, if Yandex or VK had an E2E chat (maybe they do), I would not trust it at all.
What is awful about the UI? I have found it to be pretty simple and easy to use. Mind you I've been using it for < 1 year so maybe it used to be different.
Explain in detail how the money given with no strings attached magically convert the world's most scrutinized protocol, and the FOSS app with its reproducible builds.
We are in agreement -- I do not believe the funding has compromised Signal's security. It has, however, compromised my trust (how do you know the funding has no strings attached?)
Because you can look at the code yourself and verify there is no backdoor. You can never verify anything by looking at the money. You can ONLY verify anything by looking at the code. So stop looking at the money, start looking at the code.
E2EE is not an absolute must at all. Telegram does pretty well without any e2ee for everything but rarely used secret chats (and I've NEVER had a person initate a secret chat in telegram with me, other than to check "huh, what's this?"), and they are doing quite fine.
I hadn't used ICQ since the 90s and maybe early 2000s. The screenshots of ICQ New on the site certainly look quite similar to Whatsapp Web. I'm kind of surprised that there's active development in ICQ all these years even though I don't know of anyone personally who still uses it. Maybe ICQ is active in other parts of the world?
>I don't know of anyone personally who still uses it.
I always liked ICQ, but there was always a tad bit of friction remembering huge strings of numbers as practical IDs, and the naming schemes came way later.
11984431 or whatever doesn't roll off the tongue very well.
It was widely popular in Russia perhaps because '11984431' rolls off the tongue much better than explaining a string of latin characters like "s like dollar sign, not like the Russian s".
When I would reserve a book at the public library, I'd get an automated phone call when the book arrived. The phone call always began by listing off my library card number.
So I know my first library card number was 1000102772901. I had to replace the card a few times, getting new numbers, but I only ever remembered the first one.
As do i. 32939464 probably haven't touched it in near 20 years ( guessing about 18 ). And whilst nostalgia is great, it would be great to free up memory sections of the brain like this :)
That's funny! I tried to remember it and typed what came to mind first into gmail and I got a hit from an archived GoogleTalk session from 2006. Layers upon layers of computer archeology.
72873246. Can’t remember my other number (same length, also starting with 7) but I have saved it somewhere. It was the main messenger in Germany when I grew up.
It’s really not harder than remembering a phone number, and back then, I used it more often.
On the topic of New ICQ, it looks like all those other multi-user messengers. I wish everyone would switch to Jabber were there are clients for people who don’t have group messaging as their primary use case.
It has just been updated a lot between then and now. While ICQ died out in the west, it has consistently been the largest IM app in Russia and parts of Eastern Europe.
Maybe it's just a matter of what I'm familiar with, but this feels eerily similar to Telegram. Both the feature set and the UI are extremely similar.
I wonder how much of this is intentional, or if it's just a case of convergent evolution? The adversarial relationship between ICQ (with connections to Russian oligarchs) and Telegram (with connections to Russian dissidents) makes this feel unlikely to be coincidence.
Haha. The entire Russian tech scene is about copying western products. Pavel copied VKontakte back when Facebook was starting. When he released Telegram it was the spitting image of WhatsApp. You might be right but Telegram's not on a high horse here.
I don't trust new products anymore, especially anything like a new chat app. I don't install new apps. I'm more willing to try something if they have a website that works in incognito mode and doesn't require a phone number to create an account.
I'm not sure why you were downvoted for this but I share the same sentiment. I only use apps I'd they are essential or need to be apps. Automatic app updates are essentially a giant bait and switch.
Unneeded permissions are practically a cliche by now and the permissions that apps get are routinely abused. Give an app notifications and they will spam you while the app interface isn't running.
Some software doesn't even need to be native or connected. Word processors, calculator apps, many lower definition games and even image manipulation could be done with one fat webpage.html file.
You should try to set up your computer so that you can run native apps with only about the level of privilege that a website in incognito mode has. It would really increase your flexibility.
I'd personally suggest setting up a virtual machine with some sort of "checkpointing" feature, where you can rewind the machine to an earlier state if you don't like what an app did to it.
I was talking about the specific problem that makes you avoid native apps in favor of web apps. Not all native apps are IM programs that ask you to do phone-numbers-based KYC.
wild... I haven't been able to use my old account for a very long time... created a new one a few years back, tried that one... neither seem to work...
I don't want to make a new one tied to my phone number.
Just as the case with Skype that changed like 3 protocols, 2 architectures and 4 ownerships in its existence. Would you say it has nothing to do with original Skype?
What's the differentiating factor? Cursory look at it - I don't see strong E2E encryption or anything besides a bog standard messaging app. We have many - whatsapp, facebook messenger, imessage, hangouts, telegram, signal, wechat, etc.
> Convert audio messages to text,
use smart replies, stay online
even with bad internet connection
That doesn't cut it, IMO. In fact it is repulsing me (offline apps are great) but I don't want to convert audio messages to text unless that happens locally. Fuck smart replies, no thanks.
Yeah, that's weird. If you're going to announce a new instant messaging system, you will of course provide some reason why people should go through the effort to switch. The front page should be brimming with the pitch. "Unlike WhatsApp, with New ICQ, you can _____." What goes in the blank? Why haven't you told me?
Last time I heard about them (about 2-3 years ago) they were promoting fancy whistles like AI-powered masks on video, voice-changing audio filters, stuff like that.
Back in the day, ICQ's most unique feature that it offered was the "Live Chat" feature with split panes, where you could see what people were typing literally as they typed it (including when they pressed backspace to correct mistakes).
I don't understand why no other popular chat app has ever brought that feature back. It really gave the chats a sense of humanity and conversational connectedness. You could even rewind and play back the conversations!
Hi everyone! Wow. We are impressed with so many comments regarding ICQ New.
We've found a lot of nostalgic mentions here, and we want to say that we have the same feelings. But it's similar to looking through the school photo album. It's nice to remember but now you are another person who live in the next decade.
Sooo...welcome to ICQ New with group-calls up to 30 people, smart replies and conversion of voice messages into text!
We'll be appreciate for any feedback, feature requests and opinions. Share it with us here or right in ICQ: side menu — report an error.
Oh my god why do people make websites with scrolling like this? It's such a weird and frustrating experience, and it seems like people are doing it more as time goes on.
This post made me install the ICQ "uh oh!" new message sound as notification sound on my phone. It is higher pitched than I remember it.
I still remember my UIN, but I don't think 'new ICQ' uses those? I tried logging in on the web site, but I am unable to recover my password using my UIN.
If it wasn't owned by Russian corporation Mail.ru--which is under full control of FSB and Russian government--my nostalgia would give it a try. But no way I'd install anything on my devices that Russian security service has direct access to.
it's incredible to me that ICQ still going. Obviously it died down in worldwide/western popularity early 2000s but I do know it continued to be used in Russia and some other places. Kinda amazing and I'll always respect the original development coming out of Israel. Fond memories of those late 90s days when it was the standard.
With the random chance of any app with the right timing/reach and features to gain some traction (see whatsapp) etc, guess they figure why not put ourselves out there again hehe
Good ol ICQ. Back in the day when devs/general population thought identifying yourselves with a 10 digit number is easier than an email address...good ol days...
Please, be aware that ICQ was bought by Mail.ru - russian company owned by oligarch Alisher Usmanov, who's very connected to russian crooked elite. It's the company which was used for a hostile takevoer of VK.com from it's founder after it wouldn't censor it's content. It's voluntarily provided private data about it's users to the state (far outside of what's required by law) and was involved in a number of similar breach of privacy cases.
Basically, it's company in the pocket of russian government, and you should use any of it's product if you completely disregard your privacy.
To add, never rely on products that require you to trust the company respects your privacy. E.g. Telegram lacks ubiquitous end-to-end encryption (E2EE) so even if the company chooses not to abuse the insane amounts of valuable data, nation state hackers are most interested in hacking these centralized troves of data. Not even opt-in E2EE is good because that leaks metadata about desire to use proper encryption. Always use apps that are E2EE by default (e.g. Signal) to ensure you're not leaking content or metadata about wanting to keep discussion hidden.
> To add, never rely on products that require you to trust the company respects your privacy.
> Always use apps that are E2EE by default (e.g. Signal)
You are contradicting yourself here. You are required to trust Signal the company to respect your privacy, to trust that it's actually doing end-to-end encryption, doing it properly and doesn't issue an update breaking it because of some secret US government order. Because Signal controls software distribution, it's pretty much just a binary blob that some guy from Signal can update any time.
A proper end-to-end encryption at minimum requires an open source implementations and distribution to avoid trusting the company to respect your privacy, since this is the primary reason for end-to-end encryption to exist. Otherwise incentives are misaligned and it will be broken by the same company it is supposed to protect from as soon as they need your messages for something.
You can read the source, you can compile it yourself, and you can use it.
You can also do a reproducible build and check that it matches the hash of the APK served by the play store.
"Open source distribution?" What is that? If you can't trust the vendor, no F-Droid is going to help there. If you need to verify the source, you need to do it yourself.
>some secret US government order
Explain how that would work on legal level when compelled speech violates the constitution.
> You can read the source, you can compile it yourself, and you can use it.
I can read some source code they provide, not necessarily what everyone has installed at any given moment. Even if I could review it and compile it and run it the other ends of end-to-end won't, so I still have to trust Signal the company to not violate the other ends.
Open source distribution means packages in various open source repositories, not controlled by software vendors.
> If you can't trust the vendor, no F-Droid is going to help there.
F-Droid model is exactly what's going to help with not having to trust the vendor. It's sort of an infrastructure to reduce trust in software vendors. Independent parties maintaining forks and packages are more likely to notice if vendor does something stupid, more likely to have people and tools to verify claims and implementations, provide a way for independent implementations.
> Explain how that would work on legal level when compelled speech violates the constitution.
It doesn't matter, they can come up with plenty of bullshit excuses claiming child porn or whatever. The important thing is you have to trust Signal the company, the US government, the legal system, etc.
>not necessarily what everyone has installed at any given moment
That applies to any distribution mechanism.
>I still have to trust Signal the company to not violate the other ends.
99% of people are going to download the app from Play store, even if F-Droid was available. You're screwed.
>It's sort of an infrastructure to reduce trust in software vendors.
Oh dear god. No. It's just more steps into distribution chain the user needs to trust.
>Independent parties maintaining forks and packages are more likely to notice if vendor does something stupid,
The same people might look at Signal's main repository for the same concern, and notice the same things. Furthermore, Signal is the entity innovating on secure messaging protocols, so I wouldn't say the chances are they're doing stupid things.
>more likely to have people and tools to verify claims and implementations
No. Nobody's looking at some John Smith's Signal fork. Besides, using such fork is an incredibly dangerous weak point, from the maintainer's improper singing key storage and signing process, to just having to trust random maintainers. Absolutely no.
>It doesn't matter, they can come up with plenty of bullshit excuses claiming child porn or whatever.
>The important thing is you have to trust Signal the company
The literal point of the ubiquitous E2EE, FOSS codebase with reproducible builds is to eliminate the need to trust them. The FUD you're spreading is incredibly damaging.
Again, that whole point of end-to-end encryption that allows it to eliminate the need to trust the vendor only works if the vendor isn't the one supplying said end-to-end encryption. Please don't make arguments that "Signal does this or that you can trust them", you do not eliminate the need to trust them this way at all. If you do have to trust them not to spy on you, it's not a proper "end-to-end" encryption, simple as that, it's effectively the same thing as a regular TLS encryption to the servers, where you have to trust them not to spy on you on the servers. And in either case that trust will be eventually violated, because there is no incentive not to, but plenty of pressure and incentives to violate it.
I don't know what's so confusing about it. You like Signal and trust them, that's fine, but I don't trust them or anything coming from the US, I really would like to eliminate such trust. Claiming that I don't have to trust them is unproductive and a lie.
>Again, that whole point of end-to-end encryption that allows it to eliminate the need to trust the vendor only works if the vendor isn't the one supplying said end-to-end encryption.
That doesn't make any sense whatsoever. Vendor supplies the E2EE, users and experts review it, and then if it changes, review changes. Third parties can trivially make edits to their forks and that's the easiest backdoor possible. How can you not see that.
>Please don't make arguments that "Signal does this or that you can trust them", you do not eliminate the need to trust them this way at all.
I already explained there are technical measures in place that allow you to verify the build you're using yourself. You're clearly not a subject matter expert here so I suggest you move on.
> If you do have to trust them not to spy on you, it's not a proper "end-to-end" encryption, simple as that
You're arguing from the wrong premise. You don't have to trust them.
>it's effectively the same thing as a regular TLS encryption to the servers, where you have to trust them not to spy on you on the servers.
if Signal was doing an active MITM attack against their own encryption, that would be eavesdropping which is a felony in the US.
>And in either case that trust will be eventually violated, because there is no incentive not to, but plenty of pressure and incentives to violate it.
And somehow random repository maintainers are immune to pressure and incentives. I get it, you're trolling.
>I don't know what's so confusing about it.
If you really stretch those brain cells of yours you might understand it one day.
>You like Signal and trust them, that's fine, but I don't trust them or anything coming from the US, I really would like to eliminate such trust.
Again, you don't have to trust Signal.
>Claiming that I don't have to trust them is unproductive and a lie.
So you ignore the concept of reproducible builds and just establish an opinion with average-joe level reasoning.
> there are technical measures in place that allow you to verify the build you're using yourself.
There are no technical measures for Signal in place that allow anyone to verify the build all ends of said end-to-end encryption are running nor any technical measures to ensure the software they are running won't be updated with compromised end-to-end encryption by the vendor in the future. The measures I talk about address both points by removing trust from the vendor and distributing it across many independent entities.
> if Signal was doing an active MITM attack against their own encryption, that would be eavesdropping which is a felony in the US.
It's not just legal anywhere in the world, it's what a lot of software already does.
Anyway, if end-to-end encryption requires the exact same level of trust as TLS, there is no point in it. It's only useful in truly open source messengers, not Signal, Whatsapp or other binary blob centralizedly controlled messengers.
>There are no technical measures for Signal in place that allow anyone to verify the build all ends of said end-to-end encryption
There is no technical measure in existence that allows that for any application. This is called a nirvana fallacy.
> nor any technical measures to ensure the software they are running won't be updated with compromised end-to-end encryption by the vendor in the future.
That applies to all software that requires automatic software updates, i.e. networked TCBs. You want something that doesn't require updating, you use stronger model like TFC.
>The measures I talk about address both points by removing trust from the vendor and distributing it across many independent entities.
And users are going to compare diffs of multiple vendors for every update to see nothing malicious was added? Give me a break.
>It's not just legal anywhere in the world, it's what a lot of software already does.
They are also required by the government to link phone numbers to accounts and log and store messages for a long time and make them directly accessible by FSB.
You are conveniently forgetting Durov never was the owner of Vk. Nor does his person constitute the entire "board of directors" or whatever management they had.
The killer feature for me would be sending photos in original quality cross platform, but not sure if it's enough to warrant installing yet another IM app.
Seems like you'd already be aware if you're in Hong Kong, but Wechat will send images in original quality with zero extra screens and one extra click, and the images appear in the chat.
It also helpfully censors any messages that the Chinese government deems inappropriate. Perhaps not a good suggestion, especially as alternatives have already been suggested.
I can only go by personal experience but it seems that there are two WeChats; a mainland China and an international one. They can communicate with each other but the mainland version blocks content that violates Chinese laws.
My friends from the mainland (but who live in HK) were sending me plenty of photos of the protests and none of them seemed to be blocked.
Yeah, reading the articles back, it seems I've misremembered. Sorry, I'll edit that part out. Also, sorry for piquing your interest and leaving you out to dry, should have re-read the articles for proof beforehand.
It seems to be yet another messaging app to compete with Signal, iMessage, WhatsApp, Telegram, maybe there's some google product too (formerly Allo)? Unlike iMessage and Signal, no requirement for a phone number. Maybe owned by big brother? Seems to be a product of mail.ru.
Still a centralized messaging service though. I'm sticking with Signal I think.
It looks like you need to provide a phone number to use this new service, so I guess it's just another WhatsApp clone, with nostalgic branding.
It would be awesome to be able to use your old icq number and hear the "uh oh" notification sound - nostalgia is about the whole experience not just brands.
Please take a moment to review this privacy policy before signing up; for example, it does not indicate any intention to comply with EU, GDPR, CCPA, etc. privacy laws or guarantees in any respect whatsoever.
No, when Telegram was published, it had identical UI to that of WhatsApp, although people seem to have conveniently forgotten this fact. Also, Telegram is still lacking basic E2EE for group chats, and you also can't have E2EE on desktop, so any "feature" they might implement is not an actual feature because it's not secure.
You're right of course. We we should have a preferred order. Let's define conditions as something common like group chat. Let's also define backdoor as something that allows any non-group member to read the messages.
1. Signal: Open source with E2EE group chats. Best choice, let's use that.
2. WhatsApp, Proprietary with E2EE group chats. E2EE implementation might have a backdoor with some probability. Let's avoid it if we can.
3. Telegram: Open source client with no E2EE group chats. The implementation leaks all group chats to server and anyone who hacks the server, and there's nothing we can do. It's backdoored by design. Let's avoid it at all costs.
The real reason why Mirabilis ICQ become unpopular.
On the height of their popularity, they started naming their products appending either "devil" and "demon" to their products.
Of course, most people who are conservatives back then like parents, aunts, 99% of the their users, basically other than "you" the power users didn't like the new naming.
So they move-on to Yahoo Messenger and never looked back.
Moral: Don't name your popular product like how Mirabilis ICQ does it back in the late 90s.
No mention of any sort of chat encryption either. As with all the Mail.Ru Group's other services (VK, Odnoklassniki) it is widely understood that the russian secret services have essentially unrestricted access to everything happening on them, so be advised
People don't seem to understand what level of access FSB has there. Like literal spying boxes with APIs pulling linked phone numbers and identities to associate with messages all directly controlled by FSB.
Even rms agrees that games do not need to be open source. It's when the program has control over your actual life when freedoms, privacy and security start to matter.
"(2010) AOL has sold ICQ to Digital Sky Technologies (DST), Russia's largest Internet company, for US$187.5 million. DST's offer was apparently more attractive than those of Russia's ProfMedia and China's Tencent. ICQ, originally released in 1996 and bought by AOL in 1998 for US$407 million, was one of the world's first major instant messaging systems. Although largely forgotten in English-speaking countries, it remains widely popular in Central Europe, Russia, and Israel. Moscow News has additional coverage of the deal."
(https://tech.slashdot.org/story/10/05/01/1516234/russian-com...)