I am a firm believer that there are many privacy techniques you should focus on before encrypted messaging because they will offer you much more “bang for your buck,” things like good passwords, two-factor authentication, and even encrypted email. That said, I still believe that encrypted messaging is a critical part of a well-rounded privacy and security strategy. While the vast majority of our day-to-day conversations may be benign, it can still offer a lot of insight into who we are as people – our routines, likes, and personal thoughts. This information – mundane or not – is worth protecting.
Why always these false myths? The most popular XMPP mobile clients do enable it by default.
It was a conscious decision for them not to enforce E2EE by default. https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/
XMPP clients have like 10 different implementations because of that and are not always consistent with each other or even function universally across platforms.
But I’m not an author. That would be @nateb@mastodon.thenewoil.org.
The article you linked is a highly misleading nothing burger. And enforcing e2ee at protocol level is a bad idea for many reasons.
That’s what encrypted messagers are…
Messengers are not protocols. They use protocols. Most XMPP clients use the same encryption scheme Signal does only without being dependent on a single specific server, allowing users to spread out. I recommend reading about the differences between targeting developing a platform and developing protocols. Once you do, you’ll see XMPP+Encryption in a better light than anything like Signal. The main problem in the current moment with XMPP+Encryption us that it isn’t where the people are. Us tech weirdos can start the push into that space a little bit, but we need “Normies” to adopt to, and for that we need to be clear on what were talking about. Comparing XMPP to signal doesn’t make sense. Comparing Cheogram to Signal does. And in the latter, cheogram frankly blows Signal out of the water for real privacy and security considerations
🙄 you have obviously no idea what you are talking about.
Right? It is a generic protocol for all sorts of communications, some of which don’t require encryption. Yet every modern chat client for human-to-human communication has OMEMO, OTR, & PGP encryption options.
I immediately had my suspicions this article might contain some bullshit when I saw it was published by the new oil…
Why are we still pushing XMPP? It isn’t the 90s and I don’t feel like learning IRC 2.0.
Maybe because it works, is easy to set up, light on resources and still is evolving?
It isn’t easy to setup and the core protocol is dated. You can add all sorts of extensions but at the end of the day the core system is old. It feels weird to push it over Matrix. If you want something simple use IRC as you can setup encryption.
Encryption support in IRC clients is WAY behind XMPP. The one I have seen consistently is OTR in form of an add-on, and even that people rarely install. Although IRC is indeed what I prefer for public groupchats.
Matrix seems to be doing the same thing but consumes more resources. And as for setup - I have done that, it is indeed pretty easy, easier than Matrix.
XMPP is so bad it was the baseline for Whatsapp. You know: that minor platform that feels like IRC and never took off. A lot of the techno around you are old stuff that evolved, “new” techno usually comes with new unexpected issues. Then they mature, get better and… old?