this post was submitted on 19 Aug 2024
777 points (98.7% liked)

Privacy

32130 readers
714 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I understand that it may be problematic sometimes but this was very smooth. I didn't even say anything.

A: what's your number for the whatsapp group Me: I don't have whatsapp because of facebook. B: ok, we have to use signal then A: ok

And that was it. Life can be very easy sometimes

you are viewing a single comment's thread
view the rest of the comments
[–] TCB13@lemmy.world 66 points 3 months ago (4 children)

No, Matrix isn’t the best in terms of privacy. It is a metadata disaster and most other platform are a lot more performant.

Matrix’s E2EE does not, however, encrypt everything. The following information is not encrypted: Message senders, Session/device IDs, Message timestamps, Room members (join/leave/invite events), Message edit events, Message reactions, Read receipts, Nicknames, Profile pictures

Matrix is developed by a for profit entity, a group of venture capitalists and having a spec doesn’t mean everything. The way Matrix is designed is to force into jumping through hoops and kind of draw all attention to Matrix itself instead of the end result.

XMPP is the true and the OG federated and truly open solution that is very extensible. XMPP is tested, reliable, secure and above all a truly open standard and decentralized it just lacks some investment in better mobile clients.

What most fail to see is that XMPP is the only solution that treats messaging and video like email: just provide an address and the servers and clients will cooperate with each other in order to maintain a conversation. Everything else is just an attempt at yet another vendor lock-in.

People need to get this through their heads, XMPP is the only solution for their problems.

[–] mox@lemmy.sdf.org 31 points 3 months ago (1 children)

People need to get this through their heads, XMPP is the only solution for their problems.

On the contrary, you need to understand that your own needs and priorities do not match everyone else's, and that XMPP is not a good fit for every use case.

(Your rant was amusing, though. I hadn't seen one like that in a couple weeks.)

[–] TCB13@lemmy.world -3 points 3 months ago (2 children)

While I agree with your point just tell me what Matrix does better? It’s better at being overly complicated? Or at being more propriety?

[–] mox@lemmy.sdf.org 8 points 3 months ago

Nobody owes you their time or their patience. If you want help understanding something, I suggest you tone down the fearmongering, manipulative, adversarial comments. If you're just looking for a fight, kindly go elsewhere.

[–] monk@lemmy.unboiled.info 2 points 3 months ago

Convinces clueless FOSS communities to move off IRC. Onto a unusable protocol designed around netsplits they never cared about, yes, but it's n o v e l!

[–] umami_wasbi@lemmy.ml 21 points 3 months ago* (last edited 3 months ago) (2 children)

XMPP isn't any better in terms of metadata. OMEMO is an afterthought that slaps on to XMPP. Many metadata are still attached to the message. The threat model only protects the content and doesn't guard aginst metadata and traffic analysis. Even OMEMO extension is still in experimental status. Not to mention, users still need to signup an account using their email.

Honestly, I think SimpleX is better in everyway. No account required, minimal metadata (at least from the technical whitepaper and other sources I read), fully open source (AGPLv3), an ok mobile and desktop client, and audited. The register friction is almost non existance. You just need to install, set a name, and off you go. The only worry I have with them is they took VC funds.

ADD: XMPP is still better for company internal communication, especially when compliances require conversation archiving.

[–] mox@lemmy.sdf.org 7 points 3 months ago* (last edited 3 months ago) (1 children)

I think SimpleX is better in everyway.

A few SimpleX shortcomings beyond what you noted, in no particular order:

  • No multi-device support.
  • Adding contacts requires sharing somewhat large links (as either text or QR code) which can be inconvenient.
  • Messages are lost if not retrieved soon after they're sent. (I think it's 21 days by default. I've had vacations longer than that.)
  • No group calls.
  • Group messaging is full-mesh, meaning that as a group grows, the network traffic will balloon faster than it would with any other topology. This is generally bad for high-traffic groups, but it might be okay if they stay small or everyone always has great unmetered connectivity.
  • The claim to not have user IDs is misleading at best, and outright false in group chats.
  • The desktop app uses Java, which will be unappealing to more than a few people. (To be fair, several other messengers use Electron, which is also unappealing to more than a few.)

It does have some neat design ideas. I don't consider it ready for general use, but I look forward to seeing how it develops.

[–] KLISHDFSDF@lemmy.ml 3 points 3 months ago

agree with your general sentiment. I've actually been using it and its very rough around the edges, in addition to being "slow" feeling overall, and I'm just testing it out between one other person and myself on other devices. it's not something I can recommend to anyone yet, but definitely keeping my eye on it.

[–] TCB13@lemmy.world 3 points 3 months ago

XMPP is way more open and interoperable than all the solutions available, it works like email any user can can talk to any other and doesn’t depend on a some proprietary / closed service centrally owned by anyone. That’s a good selling point.

XMPP doesn’t really force users to sign up with email address, it just happens that XMPP addresses use the same format, many public servers will give you an address like username@server.example.org that is never mapped to a real email address and only works for XMPP. The decision to actually ask people for their real addresses is up to who owns the server and won’t be directly exposed on the XMPP network.

[–] krolden@lemmy.ml 2 points 3 months ago
[–] AsudoxDev@programming.dev -2 points 3 months ago (1 children)
[–] TCB13@lemmy.world 11 points 3 months ago* (last edited 3 months ago) (2 children)

It is as dead as we want. There's no reason to reinvent the wheel, probably the only thing that XMPP lacks is a bunch of money into a very good, cross-platform (but native) client like Telegram has that actually works 100% of the time and a bunch of large scale public servers to handle regular users who don't want to host their own. Also... easy registrations and setup on said client.

For a regular user and most privacy aware people, they just don't care if the protocol is Matrix, Signal or XMPP - they just want a good end user experience and a solid thing, that's what XMPP lacks today and it's all client side.

[–] Churbleyimyam@lemm.ee 3 points 3 months ago (3 children)

Does XMPP support voice/video calls?

[–] SLfgb@feddit.nl 3 points 3 months ago

Yes, very well.

[–] TCB13@lemmy.world 2 points 3 months ago
[–] AsudoxDev@programming.dev 3 points 3 months ago* (last edited 3 months ago) (1 children)

I'm pretty sure an encrypted chat platform is possible with ActivityPub. In fact, sup is an instant messenger that will be encrypted and federated using the ActivityPub protocol. It's being made by dansup, the creator of PixelFed.

[–] TCB13@lemmy.world 4 points 3 months ago

Why reinvent the wheel, tweak a protocol, implement a ton of software when you can just use the tested, tried and true XMPP?