Over the past few years I have gone through a bunch of different apps and protocols to find the best one for “securely” communicating with my family and friends.

I ended up with the amazing XMPP protocol and my family/friends frequently use its clients to contact me.

Monal for IOS and Cheogram/Conversations/Quicksy for Android. The android app I install depends on if I can get F-Droid on their phone or not.

It’s been great with OMEMO encryption and the clients/apps available for XMPP. But sometimes I have issues introducing people to it.

Jabber (friendly name for xmpp) sounds silly to say. The clients all have weird names. And after trying the Signal mobile app it feels more focused than what anyone in the XMPP community has whipped up.

But the capabilities of XMPP makes it better.

Signal Cons (immediete)

  • Centralized
  • Single app
  • Phone numbers

XMPP/Jabber Cons

  • Picking server
  • Apps are sort of less friendly

What really scares me about Signal is the centralization. Any nerd can easily host an XMPP server these days. But Signal from what I’ve heard really wants us to use their server.

If XMPP gets more attention I’m sure we can get people supporting projects and creating better apps.

I keep seeing people recommended Signal instead.

This is a bit of a tired ramble. What I wanna know is why anyone is preferring Signal over XMPP apps. I assume it might be not knowing about it. Tell me what you use to message people.

      • pishadoot@sh.itjust.works
        2·
        2 hours ago

        Noteworthy perhaps, but one is based on analysis of facts and the other is based on principle. I think they’re both valuable points of view, but they’re not actually debating the same points IMO even if they think they are.

    • TurkeyDurkey@piefed.worldOPEnglish
      6·
      1 day ago

      Signal is a much better recommendation when leaving Telegram. And the OMEMO implementation concerns are something I need to consider. That unprofessional response from one of the devs is not a good look at all.

      Though as a comment pointed out, control of servers is like the one main checkbox that I really need filled.

      On the point about clients not being OMEMO by default or enforced. This isn’t the biggest issue for me. I’m not doing crimes, but I still wouldn’t want my saucy messages to be read by server admins or third parties. Whenever I message somebody, I confirm that they are the proper recipient and are using OMEMO. And the clients I found myself comfortable with all support PGP key use instead. (That would be Cheogram & Gajim if anyone was interested.)

      This was a great read though, at least to me. It gave me some thoughts to consider.

      I’m gonna look into what kind of threats these improper dependency versions and such might pose. Hopefully by now most of these issues have been resolved.

      The biggest thing is getting people into the loop of “secure apps” before they really need it.

    • I Cast Fist@programming.dev
      2·
      1 day ago

      I’ll be honest, most of the crypto/security jargon flies straight over my head, but Tim Henkes’ reply at the end, for fucks’ sake man. I don’t suppose xmpp has an alternative encryption to use instead of omemo?

      • TurkeyDurkey@piefed.worldOPEnglish
        3·
        1 day ago

        Pretty much any encryption you can send over text. My favorite clients support PGP instead. But it’s up to the clients to implement envryption and not really the protocol I guess.