trash
15
poVoq
link
58M

That article has a serious blind-spot on Signal. Sealed-sender is mostly meaningless to conceal metadata if it runs over a centralized platform (as a compromised central server can easily derive the social graph from basic timing analysis) and the apologist stance on requiring a phone number is just cringe worthy.

@ConfusedApple
creator
link
1
edit-2
8M

deleted by creator

@linkpop
link
08M

why would Signal require a phone number if it is supposed to be private.

This has been discussed thousands of times: it’s just simply the easiest way to bootstrap a contact list based on your existing address book.

Noone wants to use a messenger where you have zero contacts.

@Baku
link
58M

I do. Or, I’ll enter them manually.

@dragonX
link
1
edit-2
3M

deleted by creator

@2wT
link
18M

Having sealed sender only with contacts is an anti spam measure and they allow you to turn it on for everything. Also requiring a phone number is something that is fine if your threat model is not related to anonymity but to keeping conversations private. Moreover, at signal they are working on removing the requirement for phone numbers.

@dragonX
link
1
edit-2
3M

deleted by creator

@dragonX
link
1
edit-2
3M

deleted by creator

PMFL
link
38M

Well ok let’s try Jami. Looks good :)

@Nevar
link
1
edit-2
6M

deleted by creator

@Blattstruktur
link
38M

However, due to XMPP’s inherent metadata leaks, XMPP should usually not be trusted for private communication. Does anyone have more information on this? I always assumed XMPP to be quite good for private conversations, considering it’s strongly decentralized nature and maturity.

@linkpop
link
38M

The metadata thing is mostly to do with the server having a plaintext record of things like your contact list but honestly it’s a moot point if you run your own server for your friends.

poVoq
link
28M

This is one of these “true, but” kind of things. Of course in a federated network servers need to communicate with each other and that “leaks” meta-data to them. Maybe XMPP could be optimized a bit more to share less metadata (but it already shares less then Matrix), but in the end there is no way to totally avoid that if you want to enable federation.

IMHO I think the privacy benefits outweigh the downsides, because in XMPP each server only has a limited subset of the metadata and thus is it much harder to do AI driven data-mining on it.

@Blattstruktur
link
18M

Thank you for the insights, do you know which data that is in particular? For federation I would think 1) who you’re speaking to (both servers?), 2) on which server they are, 3) how long, how often, etc. Is that about right?

@linkpop
link
28M

Yes, and all of that lives inside TLS, so only the server admins on both ends would see it.

@Blattstruktur
link
28M

Also: are XMPP’s voice calls (jingle) E2EE?

dandelion
link
28M

I’ve read a few months ago that voice calls via Conversations IM are E2EE. Alas forgot where I read that. Anyone ?

poVoq
link
28M

The new implementation standard (as used in Conversations) AFAIK uses p2p WebRTC, which is encrypted by default.

@Blattstruktur
link
28M

Yes, but back in June 2020 it sent the keys over transport encryption, not inside OMEMO, meaning it was effectively transport encrypted and not E2EE.
I’m asking whether that changed.
For reference: https://github.com/iNPUTmice/Conversations/issues/1234#issuecomment-644670884

@linkpop
link
48M

Calls do not use OMEMO, but instead use DTLS-SRTP - which is still end-to-end encrypted as only both devices have the keys for the calls.

That said, as of a few weeks ago, Conversations does use verified OMEMO keys in the handshake to display a shield on the call: https://github.com/iNPUTmice/Conversations/releases/tag/2.9.8 (note that this requires that you have physically scanned the QR code of your contact’s OMEMO key).

@RealM
link
18M

sa

Tucumano 88
link
18M

Jami would be a nice option, but the p2p are sometimes with errors and that brings a lot of delays in delivered messages.

I like Briar, mostly because the forum and group options

@ConfusedApple
creator
link
2
edit-2
8M

deleted by creator

@Oof@sopuli.xyz
link
18M

Other good choices would probably be tox and jami

@dragonX
link
1
edit-2
3M

deleted by creator

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 21 users / day
  • 47 users / week
  • 171 users / month
  • 574 users / 6 months
  • 3.93K subscribers
  • 2.04K Posts
  • 9.65K Comments
  • Modlog