Comment on Signal – an ethical replacement for WhatsApp
DreamlandLividity@lemmy.world 1 day agoThe encryption being crap really does not depend on the threat model. Sure, in some threat models you may not need it at all but in that case, what’s wrong with WhatsApp?
The issue with XMPP is that security really was an afterthought. Not only is e2ee an optional extension, but there are actually 2 incompatible extensions, each with multiple versions. Then you have some clients not implementing either, some clients implementing the older, less secure one. Some implement the newer one but older version of the spec with known issues. And of course, the few clients that implement it well become incompatible with other clients if you enable e2ee, so it is disabled by default.
That is all before you start looking into security audits or metadata harveating.
Vanilla_PuddinFudge@infosec.pub 1 day ago
Your reasoning would hold up if 80% of xmpp wasn’t running on Conversations or forks of it, that all support OMEMO and OpenPGP.
Your criticisms are too broad. What makes extensions powerful is that they can easily change the rules without breaking the underlying system.
Clients? That’s the clients problem, and you have choices, and if your problem is metadata, whoooo boy.
news.ycombinator.com/item?id=32780665
github.com/matrix-org/synapse/issues/9133
reddit.com/…/is_matrix_still_a_metadata_disaster/
DreamlandLividity@lemmy.world 1 day ago
So much cope you didn’t even notice no-one mentioned matrix. We are comparing with Signal.
Vanilla_PuddinFudge@infosec.pub 23 hours ago
That’s their problem. If their messages aren’t encrypted, it isn’t like you won’t be aware of it. Request that they use a modern client and get with the times. None of this is an actual problem without easy solutions.
DreamlandLividity@lemmy.world 18 hours ago
Then let us know when it is solved. Until then, I have a lot more hope in matrix than XMPP. They at least seems to be making progress in the right direction, although they are not there yet either.