trash
15
poVoq
link
57M

That article has a serious blind-spot on Signal. Sealed-sender is mostly meaningless to conceal metadata if it runs over a centralized platform (as a compromised central server can easily derive the social graph from basic timing analysis) and the apologist stance on requiring a phone number is just cringe worthy.

@ConfusedApple
creator
link
1
edit-2
7M

deleted by creator

@linkpop
link
07M

why would Signal require a phone number if it is supposed to be private.

This has been discussed thousands of times: it’s just simply the easiest way to bootstrap a contact list based on your existing address book.

Noone wants to use a messenger where you have zero contacts.

@Baku
link
57M

I do. Or, I’ll enter them manually.

@dragonX
link
1
edit-2
2M

deleted by creator

@2wT
link
17M

Having sealed sender only with contacts is an anti spam measure and they allow you to turn it on for everything. Also requiring a phone number is something that is fine if your threat model is not related to anonymity but to keeping conversations private. Moreover, at signal they are working on removing the requirement for phone numbers.

@dragonX
link
1
edit-2
2M

deleted by creator

@dragonX
link
1
edit-2
2M

deleted by creator

PMFL
link
37M

Well ok let’s try Jami. Looks good :)

@Nevar
link
1
edit-2
5M

deleted by creator

@Blattstruktur
link
37M

However, due to XMPP’s inherent metadata leaks, XMPP should usually not be trusted for private communication. Does anyone have more information on this? I always assumed XMPP to be quite good for private conversations, considering it’s strongly decentralized nature and maturity.

@linkpop
link
37M

The metadata thing is mostly to do with the server having a plaintext record of things like your contact list but honestly it’s a moot point if you run your own server for your friends.

poVoq
link
27M

This is one of these “true, but” kind of things. Of course in a federated network servers need to communicate with each other and that “leaks” meta-data to them. Maybe XMPP could be optimized a bit more to share less metadata (but it already shares less then Matrix), but in the end there is no way to totally avoid that if you want to enable federation.

IMHO I think the privacy benefits outweigh the downsides, because in XMPP each server only has a limited subset of the metadata and thus is it much harder to do AI driven data-mining on it.

@Blattstruktur
link
17M

Thank you for the insights, do you know which data that is in particular? For federation I would think 1) who you’re speaking to (both servers?), 2) on which server they are, 3) how long, how often, etc. Is that about right?

@linkpop
link
27M

Yes, and all of that lives inside TLS, so only the server admins on both ends would see it.

@Blattstruktur
link
27M

Also: are XMPP’s voice calls (jingle) E2EE?

@ajz
link
27M

I’ve read a few months ago that voice calls via Conversations IM are E2EE. Alas forgot where I read that. Anyone ?

poVoq
link
27M

The new implementation standard (as used in Conversations) AFAIK uses p2p WebRTC, which is encrypted by default.

@Blattstruktur
link
27M

Yes, but back in June 2020 it sent the keys over transport encryption, not inside OMEMO, meaning it was effectively transport encrypted and not E2EE.
I’m asking whether that changed.
For reference: https://github.com/iNPUTmice/Conversations/issues/1234#issuecomment-644670884

@linkpop
link
47M

Calls do not use OMEMO, but instead use DTLS-SRTP - which is still end-to-end encrypted as only both devices have the keys for the calls.

That said, as of a few weeks ago, Conversations does use verified OMEMO keys in the handshake to display a shield on the call: https://github.com/iNPUTmice/Conversations/releases/tag/2.9.8 (note that this requires that you have physically scanned the QR code of your contact’s OMEMO key).

@RealM
link
17M

sa

Tucumano 88
link
17M

Jami would be a nice option, but the p2p are sometimes with errors and that brings a lot of delays in delivered messages.

I like Briar, mostly because the forum and group options

@ConfusedApple
creator
link
2
edit-2
7M

deleted by creator

@Oof@sopuli.xyz
link
17M

Other good choices would probably be tox and jami

@dragonX
link
1
edit-2
2M

deleted by creator

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 user online
  • 26 user / day
  • 38 user / week
  • 176 user / month
  • 575 user / 6 month
  • 3.63K subscriber
  • 1.96K Post
  • 8.84K Comment
  • Modlog