Yes, various clients support Tor and can even use servers that are hosted as hidden services: https://gist.github.com/dllud/a46d4a555e31dfeff6ad41dcf20729ac

XMPP and Matrix are very much still in development.

Before anyone tries this, keep in mind that the Tox developers have publicly admitted that they themselves do not know how their encryption works.

See the issues linked from here: https://github.com/TokTok/c-toxcore#-1

Yes, you link it once with your Android phone and then it’s a client on its own with its on messaging queue on the server. So no, you are wrong and don’t actually know what you are talking about.

Anyway, I’m not an iOS user in any shape or form, but I recognize that it’s a good platform, and far better suited for normal people than the fragmented mess that Android is.

Oh, and just to show you more ignorance on your part: gajim.org is another desktop XMPP client that has existed since… 2004, and also doesn’t do OMEMO by default and also doesn’t make it obvious that you’re not doing OMEMO. If a 17 year old app isn’t production ready, what is?

Neither the Signal deskop client, not the WhatsApp web client are true clients

You’re wrong on the Signal desktop point, it is a full fledged client on it’s own and can work without the mobile app.

As for the Dino example… well it shows it prominently enough that the connection is not excrypted,

No, it doesn’t. Dino just shows you a tiny padlock after the fact. There’s even a Github issue complaining that it’s not obvious: https://github.com/dino/dino/issues/971

I am honestly getting a bit tired of people having higher expectations of XMPP then even what the systems people compare it to do

Well, until these issues are fixed, noone, absolutely noone is going to recommend XMPP to anyone.

And we haven’t even started talking about all the other flaws: https://infosec-handbook.eu/blog/xmpp-aitm/

I don’t really care as iOS is insecure by default and due to the software mono-culture is trivial to exploit

Yet again, wrong; iOS is both significantly more secure and more user friendly than any Android/Linux phone out there with maybe the exception of GrapheneOS.

OK, I have signal-desktop open over here (you can download yourself from the link I gave you above as well - here’s a help guide that should take you 2 minutes to go through), and I can see all my chats with my contacts, and I can send them a message, and look; it’s end-to-end encrypted - WhatsApp works the exact same way.

Let’s try that with my XMPP account, I can send a message to a friend of mine on Conversations, and it’s OMEMO encrypted by default, great.

Now let’s try using dino.im, same contact… oh, it didn’t use OMEMO - I thought some dude on Lemmy said that all of XMPP was end-to-end encrypted by default?

iPhone is total crap … apparently there are some similar XMPP clients for it.

Unfortunately, a significant chunk of the world population disagrees with you, and they need a good XMPP client if you’re going to take XMPP mainstream. Here’s a spoiler for you: all the XMPP iOS clients suck (I have actually tried them all) and Signal/WhatsApp of course have apps on iOS that work. By the way, did you know all of Apple’s pushes are powered by XMPP?

Anyway, I’m done with this thread, not only have you shown that you are ignorant of how the platform you are espousing works and its limitations, you also have this arrogant “it works for me, therefore it has to work for everyone else” attitude - which just isn’t how the world works.

Even though I’m a fan of XMPP myself, if you ever wonder why security-conscious people (for example here) recommend Signal instead of it - it’s precisely because they know that E2EE Just Works over there.

Please show me how I can run Conversations on:

• a desktop PC
• an iPhone

Once you’ve done that, feel free to join us at https://github.com/privacytools/privacytools.io/issues/1838 where people are actually trying to fix the issue.

They do exist?

• https://signal.org/en/download/
• https://threema.ch/en/faq/web_info
• https://www.whatsapp.com/download

Easy, it doesn’t help if your friend goes onto discover another XMPP messenger (cause they want their messages on their laptop/iOS or something else).

There’s no global OMEMO option for these either, you have to remember to enable OMEMO for every single conversation. The community has been asking for this for years on github, but the developers just never bother to enable it.

OMEMO can not work with pseudonymous chats and history disabled

OMEMO works fine in a private group chat, it’s disabled in public channels as there’s no point doing encryption there (when anyone can join and it’s impossible for verify everyone’s fingerprints).

Conversations actually follows the Material guidelines from Google. Which puts it in an odd spot in that It looks “too new” for those that want a classic look, and “too old-fashion” for those that want a flashier look.

For me personally, it doesn’t look horrendous and it works, so I’m happy with it.

XMPP is very much e2e encrypted by default

Please do some research and stop perpetuating this myth.

1. XMPP is not E2E encrypted by default.
2. Conversations does OMEMO by default.
3. There isn’t a single other XMPP client out there that does OMEMO by default, not one. They have support for it, but they very much do not enable it by default.
4. Every time a friend of mine uses a different messenger, I have to remind after getting a load of unencrypted messages to hit the damn padlock icon in their new client.

Yes, and all of that lives inside TLS, so only the server admins on both ends would see it.

Calls do not use OMEMO, but instead use DTLS-SRTP - which is still end-to-end encrypted as only both devices have the keys for the calls.

That said, as of a few weeks ago, Conversations does use verified OMEMO keys in the handshake to display a shield on the call: https://github.com/iNPUTmice/Conversations/releases/tag/2.9.8 (note that this requires that you have physically scanned the QR code of your contact’s OMEMO key).

why would Signal require a phone number if it is supposed to be private.

This has been discussed thousands of times: it’s just simply the easiest way to bootstrap a contact list based on your existing address book.

Noone wants to use a messenger where you have zero contacts.

The metadata thing is mostly to do with the server having a plaintext record of things like your contact list but honestly it’s a moot point if you run your own server for your friends.

Your experience may vary, but on my personal XMPP server with it’s own STUN/TURN server using conversations.im - calls pretty much Just Work (edit: I’ve only tried a call with a siskin client outside of conversations and that worked too).

XMPP does calls as well: https://blog.wirelessmoves.com/2020/05/xmpp-voice-and-video-calls-with-conversations-a-dream-come-true.html

You could also combine an XMPP server you manage with something like Asterisk to then allow your XMPP clients to do SIP calls through that, though that is a bit involved.

I also second migadu, it’s amazing.

Just buy a VPS instance for $5/month or something, you can then stick gitlab/gitea/whatever you want on that and not have to deal with Tor/NATs.