Xmpp was designed for ease of federation and simplicity in implementation. Most messaging apps these days are designed, or at least say they are designed, with privacy first. There probably are plugins for xmpp to allow for e2e encryption and contact list and metadata privacy from server admins but that depends on the server and will probably not be as secure as signal. Just as signal can be federated but it’s complex and not really worth it.
There’s a tradeoff between privacy/security and federation/decentralization and most people value privacy and security more.
Your condescending tone would be fine if you knew what you were talking about.
Xmpp was designed for ease of federation and simplicity in implementation. Most messaging apps these days are designed, or at least say they are designed, with privacy first.
XMPP was designed when encrypting metadata wasn’t considered that important (like with mail), and E2EE for actual messages between users was done via PGP or OTR, so didn’t require any support in the protocol itself.
There probably
You should have read at least something about XMPP first, no? Then you’d know something without “probably”.
are plugins for xmpp to allow for e2e encryption and contact list and metadata privacy from server admins but that depends on the server and will probably not be as secure as signal.
First, honest E2EE for messages themselves never requires server support, that’s the whole point of it. As I’ve said before, for that one can use PGP functionality in most normal clients if that’s enough, one can use OTR, but it’s still not fit for usage with multiple devices simultaneously.
Second, XMPP has OMEMO which is basically everything good about security from Signal, just for XMPP. That’s what we usually use today with XMPP, making your comment wrong.
Xmpp was designed for ease of federation and simplicity in implementation. Most messaging apps these days are designed, or at least say they are designed, with privacy first. There probably are plugins for xmpp to allow for e2e encryption and contact list and metadata privacy from server admins but that depends on the server and will probably not be as secure as signal. Just as signal can be federated but it’s complex and not really worth it.
There’s a tradeoff between privacy/security and federation/decentralization and most people value privacy and security more.
I’d say most people here value privacy and security more,and average users value convenience with no understanding of the tradeoff.
And that’s our challenge.
Your condescending tone would be fine if you knew what you were talking about.
XMPP was designed when encrypting metadata wasn’t considered that important (like with mail), and E2EE for actual messages between users was done via PGP or OTR, so didn’t require any support in the protocol itself.
You should have read at least something about XMPP first, no? Then you’d know something without “probably”.
First, honest E2EE for messages themselves never requires server support, that’s the whole point of it. As I’ve said before, for that one can use PGP functionality in most normal clients if that’s enough, one can use OTR, but it’s still not fit for usage with multiple devices simultaneously.
Second, XMPP has OMEMO which is basically everything good about security from Signal, just for XMPP. That’s what we usually use today with XMPP, making your comment wrong.