this post was submitted on 04 Aug 2024
212 points (96.5% liked)

Privacy

32412 readers
378 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I am a firm believer that there are many privacy techniques you should focus on before encrypted messaging because they will offer you much more “bang for your buck,” things like good passwords, two-factor authentication, and even encrypted email. That said, I still believe that encrypted messaging is a critical part of a well-rounded privacy and security strategy. While the vast majority of our day-to-day conversations may be benign, it can still offer a lot of insight into who we are as people – our routines, likes, and personal thoughts. This information – mundane or not – is worth protecting.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 25 points 4 months ago (4 children)

XMPP, for example, does not enable end-to-end encryption by default

Why always these false myths? The most popular XMPP mobile clients do enable it by default.

[–] [email protected] 11 points 4 months ago (1 children)

It was a conscious decision for them not to enforce E2EE by default. https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/

XMPP clients have like 10 different implementations because of that and are not always consistent with each other or even function universally across platforms.

But I'm not an author. That would be @[email protected].

[–] [email protected] -5 points 4 months ago (1 children)

The article you linked is a highly misleading nothing burger. And enforcing e2ee at protocol level is a bad idea for many reasons.

[–] [email protected] 6 points 4 months ago (2 children)

That's what encrypted messagers are...

[–] [email protected] 4 points 4 months ago

Messengers are not protocols. They use protocols. Most XMPP clients use the same encryption scheme Signal does only without being dependent on a single specific server, allowing users to spread out. I recommend reading about the differences between targeting developing a platform and developing protocols. Once you do, you'll see XMPP+Encryption in a better light than anything like Signal. The main problem in the current moment with XMPP+Encryption us that it isn't where the people are. Us tech weirdos can start the push into that space a little bit, but we need "Normies" to adopt to, and for that we need to be clear on what were talking about. Comparing XMPP to signal doesn't make sense. Comparing Cheogram to Signal does. And in the latter, cheogram frankly blows Signal out of the water for real privacy and security considerations

[–] [email protected] 1 points 4 months ago

🙄 you have obviously no idea what you are talking about.

[–] [email protected] 9 points 4 months ago* (last edited 4 months ago)

Right? It is a generic protocol for all sorts of communications, some of which don’t require encryption. Yet every modern chat client for human-to-human communication has OMEMO, OTR, & PGP encryption options.

[–] [email protected] 3 points 4 months ago

I immediately had my suspicions this article might contain some bullshit when I saw it was published by the new oil...