• rottingleaf
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    10 months ago

    Your condescending tone would be fine if you knew what you were talking about.

    Xmpp was designed for ease of federation and simplicity in implementation. Most messaging apps these days are designed, or at least say they are designed, with privacy first.

    XMPP was designed when encrypting metadata wasn’t considered that important (like with mail), and E2EE for actual messages between users was done via PGP or OTR, so didn’t require any support in the protocol itself.

    There probably

    You should have read at least something about XMPP first, no? Then you’d know something without “probably”.

    are plugins for xmpp to allow for e2e encryption and contact list and metadata privacy from server admins but that depends on the server and will probably not be as secure as signal.

    First, honest E2EE for messages themselves never requires server support, that’s the whole point of it. As I’ve said before, for that one can use PGP functionality in most normal clients if that’s enough, one can use OTR, but it’s still not fit for usage with multiple devices simultaneously.

    Second, XMPP has OMEMO which is basically everything good about security from Signal, just for XMPP. That’s what we usually use today with XMPP, making your comment wrong.