Privacy

42498 readers

825 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Why Signal over Jabber/XMPP? (piefed.world)

submitted 1 day ago by TurkeyDurkey@piefed.world to c/privacy@lemmy.ml

87 comments fedilink hide all child comments

Over the past few years I have gone through a bunch of different apps and protocols to find the best one for "securely" communicating with my family and friends.

I ended up with the amazing XMPP protocol and my family/friends frequently use its clients to contact me.

Monal for IOS and Cheogram/Conversations/Quicksy for Android. The android app I install depends on if I can get F-Droid on their phone or not.

It's been great with OMEMO encryption and the clients/apps available for XMPP. But sometimes I have issues introducing people to it.

Jabber (friendly name for xmpp) sounds silly to say. The clients all have weird names. And after trying the Signal mobile app it feels more focused than what anyone in the XMPP community has whipped up.

But the capabilities of XMPP makes it better.

Signal Cons (immediete)

Centralized
Single app
Phone numbers

XMPP/Jabber Cons

Picking server
Apps are sort of less friendly

What really scares me about Signal is the centralization. Any nerd can easily host an XMPP server these days. But Signal from what I've heard really wants us to use their server.

If XMPP gets more attention I'm sure we can get people supporting projects and creating better apps.

I keep seeing people recommended Signal instead.

This is a bit of a tired ramble. What I wanna know is why anyone is preferring Signal over XMPP apps. I assume it might be not knowing about it. Tell me what you use to message people.

you are viewing a single comment's thread
view the rest of the comments

[–] SwooshBakery624@programming.dev 11 points 22 hours ago (3 children)

Against XMPP+OMEMO

[–] TurkeyDurkey@piefed.world 9 points 22 hours ago

I think this post is a noteworthy response. Against Silos+Signal

[–] TurkeyDurkey@piefed.world 6 points 22 hours ago

Signal is a much better recommendation when leaving Telegram. And the OMEMO implementation concerns are something I need to consider. That unprofessional response from one of the devs is not a good look at all.

Though as a comment pointed out, control of servers is like the one main checkbox that I really need filled.

On the point about clients not being OMEMO by default or enforced. This isn't the biggest issue for me. I'm not doing crimes, but I still wouldn't want my saucy messages to be read by server admins or third parties. Whenever I message somebody, I confirm that they are the proper recipient and are using OMEMO. And the clients I found myself comfortable with all support PGP key use instead. (That would be Cheogram & Gajim if anyone was interested.)

This was a great read though, at least to me. It gave me some thoughts to consider.

I'm gonna look into what kind of threats these improper dependency versions and such might pose. Hopefully by now most of these issues have been resolved.

The biggest thing is getting people into the loop of "secure apps" before they really need it.

[–] ICastFist@programming.dev 3 points 22 hours ago (1 children)

I'll be honest, most of the crypto/security jargon flies straight over my head, but Tim Henkes' reply at the end, for fucks' sake man. I don't suppose xmpp has an alternative encryption to use instead of omemo?

[–] TurkeyDurkey@piefed.world 3 points 22 hours ago

Pretty much any encryption you can send over text. My favorite clients support PGP instead. But it's up to the clients to implement envryption and not really the protocol I guess.