this post was submitted on 05 Aug 2024
5 points (85.7% liked)

XMPP

316 readers
4 users here now

XMPP (aka Jabber) is the community-owned standard for real-time federated messaging.

For a quick start click here

JoinJabber.org support chat

JoinJabber.org admin support chat

XMPP.net Provider List

Also see JoinJabber.org FAQ

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
5
Dhole Moments: Against XMPP+OMEMO - Dhole Moments (soatok.blog)
submitted 3 months ago by [email protected] to c/[email protected]
12 comments fedilink hide all child comments
 

This blog post, and some of its comments are pretty interesting and concerning at the same time. Not really sure if in the end that means that nothing other than centralized controlled messaging can be as cryptography safe.

Any comments?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 1 points 3 months ago* (last edited 3 months ago) (1 children)

I was in the specs before as well, just not as clearly spelled out.

As for the other reasons why Soatok thinks Signal is better, well those are cherry picked and highly opinionated. There are similar lists of reasons from equally respected security researchers (that have less of a e2ee tunnel vision), that rule out Signal as a serious option due to its centralised and single vendor approach.

Which brings me to the last point. Yes, Signal is a snake-oil vendor that tries to hide the various glaring security issues of their model behind a state of the art e2ee system. But that's just a fig-leaf not really all that different from how WhatsApp claims to be secure due to them adopting e2ee.

Post-quantum encryption is an active R&D field with no proven to work solutions yet. In fact, solutions that are proudly announced as finally having solved it are regularly silently retracted as other researchers find that they actually offer less security than current state of the art encryption algorithms.

[โ€“] [email protected] 1 points 3 months ago

As for the other reasons why Soatok thinks Signal is better, well those are cherry picked and highly opinionated

In the Signal article yes, by design those are his opinions on what the minimum requirements are for "beating Signal", which are not all objective truths. These articles come from a response to people evangelizing one messenger or another to him, some of which have "stronger" security but negatives in other places that make them unacceptable for widespread use (especially for non-techies). In the XMPP article I think the remaining points are very fair in terms of how the XMPP ecosystem works today.

Signal is a snake-oil vendor

Post-quantum encryption is an active R&D field with no proven to work solutions yet

Okay, that's enough of my time. These replies are for the benefit of others, and I hope I've said enough on that for people to make their judgments with more info that what you initially were responding with.