Privacy

31859 readers

281 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

How save is XMPP really? (lemmy.world)

submitted 1 month ago by [email protected] to c/[email protected]

18 comments fedilink hide all child comments

Ok so, here I am again asking another question 🙈🙊 But hear me out: I read this post here about, if there even is a good privacy messenger that can be trusted. Someone in the comments mentioned Conversations (a XMPP client for Android). This made me look into XMPP and at the moment I am giving Conversations a try. Reading into XMPP, I couldn't find a problem security or privacy wise. Also it seems like it does not matter what server I use (atm. we are on 07f.de) since it is all e2e with OMEMO. Am I missing something or is it really this good? And if I dont trust anyone, I could host my one instance of ejabberd, right?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 11 points 1 month ago

Others are noting clients & servers matter. This isn’t a downside—it’s just that the protocol is flexible & extensible for many types of messaging beyond human2human private conversations, which explains why encryption isn’t a requirement for the clients. With that said any modern client targeting said H2H interaction will have basic forms of encryption like PGP, OTR, & OMEMO which all do the job of E2EE. OMEMO is based on the same ideas that Signal, WhatsApp, Matrix, & so on use so that part is all the same.

A unique feature for XMPP in this space tho is how low-spec & resource-unintensive the servers/clients are—you aren’t chewing up a ton of CPU or RAM, there is no eventual consistency to balloon storage (MAM is enough), clients don’t drain your battery or take literal minutes to sync with servers. Since it is low-cost, it is feasible to self-host XMPP from a residential server (at home on some old hardware for instance) or add it to a multipurpose machine where it doesn’t get in the way of other processes/storage. Some of the other service often mentioned here either you can’t self-host or are quite expensive to run (often by design) which limits the accessibility causing centralization as well as requiring trust in that server you don’t own.