this post was submitted on 11 Mar 2024
115 points (93.2% liked)

Technology

59366 readers
5355 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Not_mikey 4 points 8 months ago (2 children)

Xmpp was designed for ease of federation and simplicity in implementation. Most messaging apps these days are designed, or at least say they are designed, with privacy first. There probably are plugins for xmpp to allow for e2e encryption and contact list and metadata privacy from server admins but that depends on the server and will probably not be as secure as signal. Just as signal can be federated but it's complex and not really worth it.

There's a tradeoff between privacy/security and federation/decentralization and most people value privacy and security more.

[–] rottingleaf@lemmy.zip 2 points 8 months ago* (last edited 8 months ago)

Your condescending tone would be fine if you knew what you were talking about.

Xmpp was designed for ease of federation and simplicity in implementation. Most messaging apps these days are designed, or at least say they are designed, with privacy first.

XMPP was designed when encrypting metadata wasn't considered that important (like with mail), and E2EE for actual messages between users was done via PGP or OTR, so didn't require any support in the protocol itself.

There probably

You should have read at least something about XMPP first, no? Then you'd know something without "probably".

are plugins for xmpp to allow for e2e encryption and contact list and metadata privacy from server admins but that depends on the server and will probably not be as secure as signal.

First, honest E2EE for messages themselves never requires server support, that's the whole point of it. As I've said before, for that one can use PGP functionality in most normal clients if that's enough, one can use OTR, but it's still not fit for usage with multiple devices simultaneously.

Second, XMPP has OMEMO which is basically everything good about security from Signal, just for XMPP. That's what we usually use today with XMPP, making your comment wrong.

[–] BearOfaTime@lemm.ee 1 points 8 months ago

I'd say most people here value privacy and security more,and average users value convenience with no understanding of the tradeoff.

And that's our challenge.