this post was submitted on 19 Aug 2024
777 points (98.7% liked)
Privacy
32130 readers
653 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Surprised that happened. Very rare to see that these days.
Maybe OP works on infosec and the team was like yeah, makes sense?
Let's say I work in an IT area (but not infosec)
Should have used Matrix
No, Matrix isn’t the best in terms of privacy. It is a metadata disaster and most other platform are a lot more performant.
Matrix is developed by a for profit entity, a group of venture capitalists and having a spec doesn’t mean everything. The way Matrix is designed is to force into jumping through hoops and kind of draw all attention to Matrix itself instead of the end result.
XMPP is the true and the OG federated and truly open solution that is very extensible. XMPP is tested, reliable, secure and above all a truly open standard and decentralized it just lacks some investment in better mobile clients.
What most fail to see is that XMPP is the only solution that treats messaging and video like email: just provide an address and the servers and clients will cooperate with each other in order to maintain a conversation. Everything else is just an attempt at yet another vendor lock-in.
People need to get this through their heads, XMPP is the only solution for their problems.
On the contrary, you need to understand that your own needs and priorities do not match everyone else's, and that XMPP is not a good fit for every use case.
(Your rant was amusing, though. I hadn't seen one like that in a couple weeks.)
While I agree with your point just tell me what Matrix does better? It’s better at being overly complicated? Or at being more propriety?
Nobody owes you their time or their patience. If you want help understanding something, I suggest you tone down the fearmongering, manipulative, adversarial comments. If you're just looking for a fight, kindly go elsewhere.
Convinces clueless FOSS communities to move off IRC. Onto a unusable protocol designed around netsplits they never cared about, yes, but it's n o v e l!
XMPP isn't any better in terms of metadata. OMEMO is an afterthought that slaps on to XMPP. Many metadata are still attached to the message. The threat model only protects the content and doesn't guard aginst metadata and traffic analysis. Even OMEMO extension is still in experimental status. Not to mention, users still need to signup an account using their email.
Honestly, I think SimpleX is better in everyway. No account required, minimal metadata (at least from the technical whitepaper and other sources I read), fully open source (AGPLv3), an ok mobile and desktop client, and audited. The register friction is almost non existance. You just need to install, set a name, and off you go. The only worry I have with them is they took VC funds.
ADD: XMPP is still better for company internal communication, especially when compliances require conversation archiving.
A few SimpleX shortcomings beyond what you noted, in no particular order:
It does have some neat design ideas. I don't consider it ready for general use, but I look forward to seeing how it develops.
agree with your general sentiment. I've actually been using it and its very rough around the edges, in addition to being "slow" feeling overall, and I'm just testing it out between one other person and myself on other devices. it's not something I can recommend to anyone yet, but definitely keeping my eye on it.
XMPP is way more open and interoperable than all the solutions available, it works like email any user can can talk to any other and doesn’t depend on a some proprietary / closed service centrally owned by anyone. That’s a good selling point.
XMPP doesn’t really force users to sign up with email address, it just happens that XMPP addresses use the same format, many public servers will give you an address like username@server.example.org that is never mapped to a real email address and only works for XMPP. The decision to actually ask people for their real addresses is up to who owns the server and won’t be directly exposed on the XMPP network.
Omemo sucks
XMPP is great but it's dead.
It is as dead as we want. There's no reason to reinvent the wheel, probably the only thing that XMPP lacks is a bunch of money into a very good, cross-platform (but native) client like Telegram has that actually works 100% of the time and a bunch of large scale public servers to handle regular users who don't want to host their own. Also... easy registrations and setup on said client.
For a regular user and most privacy aware people, they just don't care if the protocol is Matrix, Signal or XMPP - they just want a good end user experience and a solid thing, that's what XMPP lacks today and it's all client side.
Does XMPP support voice/video calls?
Yes, Jingle.
https://xmpp.org/about/technology-overview/#jingle
Yes, very well.
Yes…
I'm pretty sure an encrypted chat platform is possible with ActivityPub. In fact, sup is an instant messenger that will be encrypted and federated using the ActivityPub protocol. It's being made by dansup, the creator of PixelFed.
Why reinvent the wheel, tweak a protocol, implement a ton of software when you can just use the tested, tried and true XMPP?
For a team of 20 people matrix is way overkill imo
XMPP on the other hand...
I once setup a entire matrix server for my school club that comprised of 4 people because one of our members couldn't use discord lol
There would be room for expansion. What about an IRC then?
Depends. Since this is seen as an out-of-band coms option for work, there is a good chance you will want encryption for only folks in the room either for accidental company secrets leaked or to shit talk folks outside the room. IRC, the best you get is TLS.
I'm going to join OP's company next and say I can't use signal because phone companies. Then they'll upgrade to Wire or Matrix
Not great
They only realized that when he said that? What a weird infosec team. I guess they also could use SimpleX if they wanted the most secure, private and anonymous option, but I think Signal is pretty well balanced as a messenger. Good privacy and usability.
I think you're over estimating people who works in infosec. All the people I know that work in infosec in corporations are just regular windows support people assigned to keep the security updates on day.
There may have been discussions around it beforehand. I didn't ask why it went so smooth.
What you didn't realize is that your value to the company is way more than you realized.
Often times people have resolved all the rational arguments to act on a decision but lack on an emotional excuse to figuratively pull the trigger. I'd bet on someone high up had already made up their mind and you not using WhatsApp was the perfect excuse to just have the whole team finally migrate.