this post was submitted on 12 Oct 2025
119 points (96.9% liked)

Privacy

42526 readers
1641 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
Yayannick@lemmy.ml
ranok@sopuli.xyz
tmpod@lemmy.pt
119
Why Signal over Jabber/XMPP? (piefed.world)
submitted 1 day ago by TurkeyDurkey@piefed.world to c/privacy@lemmy.ml
116 comments fedilink hide all child comments
 

Over the past few years I have gone through a bunch of different apps and protocols to find the best one for "securely" communicating with my family and friends.

I ended up with the amazing XMPP protocol and my family/friends frequently use its clients to contact me.

Monal for IOS and Cheogram/Conversations/Quicksy for Android. The android app I install depends on if I can get F-Droid on their phone or not.

It's been great with OMEMO encryption and the clients/apps available for XMPP. But sometimes I have issues introducing people to it.

Jabber (friendly name for xmpp) sounds silly to say. The clients all have weird names. And after trying the Signal mobile app it feels more focused than what anyone in the XMPP community has whipped up.

But the capabilities of XMPP makes it better.

Signal Cons (immediete)

  • Centralized
  • Single app
  • Phone numbers

XMPP/Jabber Cons

  • Picking server
  • Apps are sort of less friendly

What really scares me about Signal is the centralization. Any nerd can easily host an XMPP server these days. But Signal from what I've heard really wants us to use their server.

If XMPP gets more attention I'm sure we can get people supporting projects and creating better apps.

I keep seeing people recommended Signal instead.

This is a bit of a tired ramble. What I wanna know is why anyone is preferring Signal over XMPP apps. I assume it might be not knowing about it. Tell me what you use to message people.

you are viewing a single comment's thread
view the rest of the comments
[–] notarobot@lemmy.zip -1 points 1 day ago (1 children)

I like signal but they do probably know who you talk to, when you talk to them, your IP, their IP, and size of your messages. The fact that they are pretending they can't get this info with just server side changes worries me

[–] CoyoteFacts@piefed.ca 7 points 1 day ago (1 children)

Check their transparency log for subpoenas etc: https://signal.org/bigbrother/

[–] notarobot@lemmy.zip 0 points 23 hours ago (1 children)

Are they legally required to publish that?

[–] CoyoteFacts@piefed.ca 2 points 22 hours ago (1 children)

No, and in fact they have fought to unseal and publish the articles they have. The point is that if you read the subpoenas, they request a lot of data from Signal and Signal can only ever return the phone number, account creation date, and last connected timestamp. So either Signal is consistently lying to various governments or they actually don't have any of that data. Signal's client is also open-source and has been audited, and they have published many blogposts about how the technology works.

I'd strongly recommend digging deeper into this and trusting the auditors and experts instead of dismissing it based on lazy and cynical guesses. If you don't trust anyone you're welcome to read the source code of the client yourself. Soatok recently posted an 8-part series going through Signal's encryption that you can read as a primer: https://soatok.blog/2025/02/18/reviewing-the-cryptography-used-by-signal/.

[–] notarobot@lemmy.zip 2 points 19 hours ago (1 children)

Since they are not required to publish these they could be publishing only the ones that make them look good. You might also notice that they haven't published any for over a year. I know how siglan works and I trust the client and the security. I even recommend it. But let's not pretend they are INCAPABLE of building your social graph

[–] CoyoteFacts@piefed.ca 0 points 19 hours ago (2 children)

Since you've clearly not read or comprehended any of the subpoenas that I linked, nor the encryption analysis, nor read any of Signal's blogposts, I see no point with responding any further. You are spreading FUD, and I question your motives.

[–] notarobot@lemmy.zip 1 points 18 hours ago* (last edited 18 hours ago)

From the blog you provided. Next time. Read your sources

In the absolute worst case, a totally malicious Signal Server can perform traffic analysis to correlate the IP address assigned to the messages arriving with the delivery token for a recipient.

And

Sealed Sender cannot totally hide the recipient (else the server wouldn’t know where to route the messages).

Edit: removed the word "moron". I'm not a native English speaker and I thought it meant something else. It seems its like "retard" which I wouldn't use as an insult. I've used it so much...

[–] notarobot@lemmy.zip 1 points 18 hours ago

I'm not the one that is not listening. I don't care about the ones they post. I care about the ones they don't. I trust they client code. I don't trust ANYONES server side code. Their encryption is top of the line and an industry standard. But is DOES NOT hide your IP, the time of the day you send messages

ONCE AGAIN (this is the third time I'm saying this) I like and recommend signal. I have no evil motives nor I'm trying to be paranoid. But let's not pretend they are perfect.

If you are hurt because I said mean things about a company you base your personality on, that is not my problem.