FYI that’s an app that’s used by the German police and in several other “sensitive” contexts where users won’t just pull it from the play store :) ISIS even had their own fork at a point.
It depends, E2EE is mostly a client thing and most of them implement OMEMO as a standard: https://omemo.top/
OMEMO is XMPP’s take on the double ratchet algorithm (very similar to Signal’s), MLS is in the works as the hot new cross-protocols standard (but is inferior to OMEMO:2 when it comes to metadata encryption), PGP is often an option for the cases where perfect forward secrecy isn’t desired, and OTR is still used in niche cases when you want E2EE across protocols.
In fact, E2EE was a thing in XMPP world since about 10 years… before Signal existed.
And since that time, XMPP has improved significantly (more integrated with other protocols, more efficient client and server implementations, bridges from and to activitypub, more approachable, easier to self-host…), but Signal.looks to have … stagnated? Well… the crypto payments/web3 shady stuff aside :)
And an objection by the author of a popular XMPP client: https://gultsch.de/objection.html
10k downloads for a hideous outdated app is popular now?
FYI that’s an app that’s used by the German police and in several other “sensitive” contexts where users won’t just pull it from the play store :) ISIS even had their own fork at a point.
Source?
https://gultsch.social/@daniel/109828650796048124
that website is broken beyond belief, I can’t confirm anything
talking about the police site, not the mastodon link
It really took me a second to figure out: https://www.bundespolizei.de/Web/DE/Service/Mediathek/Jahresberichte/jahresbericht_2020_file.pdf , click on the PDF link, hop to page 48. But even without that, do you really believe that the developer of the app, who’s making a living of it, would commit financial suicide by lying so openly about such a trivial thing? Either way, with or without Conversations, XMPP is used by millions of users daily: https://www.rst.software/blog/22-companies-using-xmpp-and-ejabberd-to-build-instant-messaging-services
https://xmpp.org/uses/instant-messaging/
Huh interesting, I actually had no idea those big apps used XMPP. Would it be easy for them to add e2ee if they wanted to?
It depends, E2EE is mostly a client thing and most of them implement OMEMO as a standard: https://omemo.top/
OMEMO is XMPP’s take on the double ratchet algorithm (very similar to Signal’s), MLS is in the works as the hot new cross-protocols standard (but is inferior to OMEMO:2 when it comes to metadata encryption), PGP is often an option for the cases where perfect forward secrecy isn’t desired, and OTR is still used in niche cases when you want E2EE across protocols.
In fact, E2EE was a thing in XMPP world since about 10 years… before Signal existed.
That’s a good response I hadn’t read before - thanks. Still so relevant 7 years on.
And since that time, XMPP has improved significantly (more integrated with other protocols, more efficient client and server implementations, bridges from and to activitypub, more approachable, easier to self-host…), but Signal.looks to have … stagnated? Well… the crypto payments/web3 shady stuff aside :)