Signal is Flawed, Why XMPP is Amazing! (new animated video)

Submitted ⁨⁨1⁩ ⁨year⁩ ago⁩ by ⁨SummerBreeze@monero.town⁩ to ⁨privacyguides@lemmy.one⁩

https://monero.town/pictrs/image/ba587bfd-158e-47e3-a725-815df7e1ec0f.webp

If you use Signal messenger, you have to trust the Signal foundation, which uses Amazon’s AWS for the cloud. So you’re trusting CIA military contractors.

Signal supposedly hides metadata or who talks to whom, with a system called “sealed sender”, where it puts who sent it inside the encrypted packet. However, in a paper published by NDSS, headed by Ian Martiny, these university researchers found that Signal’s “read receipts”, which lets the sender know that the receiver got the message can be used as an attack vector to analyze traffic because it sends data packets right back to the sender. In as few as 5 messages, their team identified both participants in a conversation with a replicated version of Signal’s client.

The US Military funded Signal and Briar’s development, but yet they use XMPP. XMPP is often neglected even though it’s the most secure, private, fast, and reliable framework for end-to-end encrypted messengers.

In this brand new animated video, it discusses how XMPP works, and why it’s the best: video.simplifiedprivacy.com/xmpp/

Some will curse me out for posting this as they prefer the commercially backed project Matrix, but the Element Matrix client is objectively slower, and it’s harder and more expensive to setup your own server. And Element doesn’t let you have multiple identities at once. We should discuss concepts and ideas without attacking me as a person. If you disagree, state what facts you’re disputing.

source

Comments

Sort:hotnew top

Secret300@sh.itjust.works ⁨1⁩ ⁨year⁩ ago
I didn’t know they funded briar. That’s intriguing

I’m still not really sure what the difference between matrix and xxmp is to be honest. I just seems like ones newer but does that same thing. Can someone please explain the difference?

source
- amanneedsamaid@sopuli.xyz ⁨1⁩ ⁨year⁩ ago
  Matrix is heavier to self host, and anecdotally I think a lot better for communities / group chats than instant messaging.
  
  XMPP is easier to self host, doesn’t leak a shit ton of metadata to an overused homeserver, and has better clients on all platforms but iOS.
  
  Element’s (matrix’s most developed cross-platform client) feature parity is really impressive though.
  
  source
- ninchuka@lemmy.one ⁨1⁩ ⁨year⁩ ago
  They are similar but matrix rooms are fully decentralised compared to xmpp where if the server the room/muc/channel was made in goes down for whatever reason means it can’t be used/talked in, unlike matrix where every server in the room “hosts” it
  
  source
furrowsofar@beehaw.org ⁨1⁩ ⁨year⁩ ago
Question. Did XMPP ever solve the firewall traversal problem. What I found back when I used XMPP was that I simply could not use it on a lot of networks because the server port would be blocked. 443 would often work but not all XMPP servers support 443. Not sure but maybe NAT traversal was sometimes an issue too.

Thanks for the post. Kind of blast from the past. Mostly XMPP as died and blown away in my neck of the woods but some people still use it. I think the fsf does, and maybe duckduckgo has a server. All for it coming back though, but good luck with that. I’ll keep it in mind though in the event I have an application. Thanks.

source
- SummerBreeze@monero.town ⁨1⁩ ⁨year⁩ ago
  If you just use a VPN, doesn’t that solve it? Or you’re talking about hosting the server in your home?
  
  source