this post was submitted on 03 Feb 2024
426 points (96.9% liked)

Privacy

32424 readers
497 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I've been working really hard to research and rank messaging apps by their privacy. The more green boxes the better.

I plan to turn PrivacySpreadsheet.com into a place for privacy data on everything from cars to video games. It's all open source too on GitHub.

Not trying to advertise, I just put a lot of time into researching all this, and I want to share it since I think others could benefit.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 9 points 10 months ago* (last edited 10 months ago) (1 children)

You got some errors for XMPP e2ee: the popular mobile clients all enable it by default, it has perfect forward secrecy and a/v calls are usually also e2ee and of course data is encrypted in transit.

[โ€“] [email protected] 6 points 10 months ago* (last edited 10 months ago)

Yep. Really need to compare the best-practice XMPP clients (e.g. Conversations, Siskin), not half-developed clients more suited to the XMPP landscape of 20 years ago. -- Just as Matrix's ranking in the table is high because only the state-of-the-art clients are considered -- there are plenty of Matrix clients which don't support e2ee, for example.

This list of mistakes isn't exhaustive, but extending from poVoq's mentions, here are some things XMPP(conversations) does actually have positive findings for:

  • End to end encrypted by default [OMEMO]
  • End to end encryption is available [OMEMO]
  • Voice/video calls are end to end encrypted ["calls are always end-to-end encrypted with DTLS-SRTP"]
  • Utilizes Perfect Forward Secrecy [OMEMO]
  • Data is encrypted in transit [TLS and OMEMO]
  • You can verify contacts out of band [https://gultsch.de/trust.html]
  • There has been a third party code audit [2016]
  • Provider can scan for illegal content [If you send content unencrypted, otherwise no different to Matrix/Signal]

I'm not sure there's much differentiation between any apps when it comes to "What can the apps hand to police?"; if the police have physical access to your device and app, they have access to everything you do on that device/app.