Question. Did XMPP ever solve the firewall traversal problem. What I found back when I used XMPP was that I simply could not use it on a lot of networks because the server port would be blocked. 443 would often work but not all XMPP servers support 443. Not sure but maybe NAT traversal was sometimes an issue too.
Thanks for the post. Kind of blast from the past. Mostly XMPP as died and blown away in my neck of the woods but some people still use it. I think the fsf does, and maybe duckduckgo has a server. All for it coming back though, but good luck with that. I’ll keep it in mind though in the event I have an application. Thanks.
I heard that people at the Cia breathe air, and I bet you breathe air, so you are compromised by Cia air particles. XMPP is better because it’s XML and that can operate in a vacuum.
XMPP is often neglected even though it’s the most secure, private, fast, and reliable framework for end-to-end encrypted messengers.
This. I studied on how e2ee works in XMPP when I was trying it a few years back. It is absolutely atrocious. I have seen half-assed school projects with better security than most XMPP clients. Largely caused by encryption being bolted on through an extensions of the standard as an afterthought and going throug several revisions. Its usually not even enabled by default.
Now you may find a good client implementation, I think conversations for android seemd decent, but with everyone using a different client and no way to ensure the other side uses a secure one, there is little point.
For me using signal wasn’t about becoming Jason Bourne, it was about changing the threat model. I don’t have any dilusions of grandeur that I can’t be owned if I’m targeted, but you know what? My calls and texts aren’t stored with my phone company with a direct link to the Government and advertisers. That may be low hanging fruit, but that’s dealing with most of the issues the average user is going to run into. I’d suggust that the step from SMS to Signal is of greater benifit to a normal user than from signal to something more advanced. And, fwiw it’s open sourced and audited, which gives me more confidence than something like imessage or WhatsApp, despite similarities im encryption schemes.
I agree with you that Signal is far better than WhatsApp and SMS. I applaud your adoption of freedom and thank you for your time. I am looking to educate people on open source decentralized alternatives that exist for philosophical purpose
Oh I see. Yeah that’s cool. I’ve seen several posts around the fediverse that take a real tsk tsk signal user kind of tone, So I responded to yours kind of defensively. As a person with middle of the road tech knowledge I also curious if how I think about it stands up to scrutiny (because people will tell me!). Didn’t mean to distract from the intent. Thanks for posting this in any case.
We need to separate the code from the people running the service. Which is not possible with signal.
I am NOT saying the average person should be concerned with CIA spying. What I’m saying is that one should promote decentralized internet infrastructures that empower the individual over corrupt institutions, even though this threat model likely does not apply to you. XMPP is just as easy to use use as Signal.
If you use Signal messenger, you have to trust the Signal foundation, which uses Amazon’s AWS for the cloud. So you’re trusting CIA military contractors. I am NOT saying that Signal is a CIA tool. What I’m saying is that you are trusting and obeying a centralized authority, as opposed to being able to run code on your own server. And this contributes to the centralization of the internet and a loss of freedom.
It does not matter if they are using AWS, the data is already encrypted by the user’s device by the time it arrives their servers. They are already a non profit organization, they can’t afford dedicated bare metal servers in their workplace.
Signal knows your entire connection graph. Who you talk to, at what time and how much. Storing all of the phone numbers/identities on their server.
I use SimpleX Chat where you have no identity that can be recorded. It is also easy to use, though it’s relatively new and in active production
As everyone other said, Signal is NOT supposed to be an anonymous messaging service, but a private one.
Anyone knows that the moment a service asks for their personal phone number, they can’t be anonymous.
For the average Joe, Signal is the superior choice over WhatsApp, at least.
I think you don’t understand what “privacy” means. Being anonymous is the highest achievable level of privacy. There are levels before that, and Signal is at the bottom of the spectrum (WhatsApp is not even on the spectrum)
=> Signal is doing a bad job if it’s goal is “privacy”
Signal does nothing more than hiding message content, which by your own words is “of course not” privacy. Signal could be a lot more private, but it is not and it doesn’t want to be. I’m done talking to you, I can’t get much clearer than that…
I disagree. There are a variety of ways your data can be leaked. For example, the person you’re talking to can be using a Google stock phone or Microsoft windows which may collect data. If this was a random XMPP name, this would provide more protection than your real phone number. Furthermore, there are academic studies proving the metadata can be gotten. Please see this for more information:
https://simplifiedprivacy.com/signal-messenger-guide-to-avoid-privacy-mistakes/
If this was a random XMPP name, this would provide more protection than your real phone number.
Again, Signal is not supposed to be a anonymous messaging service. It is supposed to be a private one. You’re literally comparing a messaging protocol designed to be anonymous to a non-anonymous one. Sure, it would be great if XMPP was used overall, but unfortunately it isn’t. At least Signal developed a protocol that is starting to be pretty popular and is E2EE. You can use XMPP, but your average privacy user will use Signal over WhatsApp. Your argument literally is just about how XMPP is more anonymous than a protocol not even designed to be anonymous in the first place.
Plus why care how the CIA or whatever knows who you’re talking to when they don’t know what you’re talking about?
That would be a concern if you and/or the one you’re talking to were some criminal or something, but not for the average person.
So if you’re some criminal, if you have even a little bit of common sense, you wouldn’t be using Signal in the first place. There’s other more secure and anonymous means of doing so. Whether it be over some protocol like XMPP, Matrix or SignalX’s protocol or something.
Are you some paranoid person or a criminal? Because the CIA or the FBI wouldn’t give a fuck about why I am talking to person Y 24/7 as long as their phone numbers are not in the suspicious persons list and the messages are encrypted so that even if I were doing some stuff that would anger the government, they wouldn’t ever know it.
It is already a pain in the ass to get someone to join Signal over from other apps like Instagram, FB messenger, WhatsApp etc.
By introducing decentralized systems, you’re causing even more “confusion”. They most likely don’t even understand what decentralization is and just back off because it “sounds” so complicated and scary to them. Plus even if they did switch to XMPP or at least started using it, would their friends switch too? Without someone to message, why keep using the messaging service? They’ll switch back right to their original messaging service they used to use before you encouraged them into switching over to XMPP. And now you even seem like someone they wouldn’t ask for advice from, because you once did give them advice and it was not useful.
If you are also so against phone numbers, you might like that Signal will introduce usernames soon. The ones you give your Signal username to will never ever know your real phone number (as long as you turn phone number privacy on in the settings [coming soon after the usernames]). Not a replacement for real anonymous messaging services, but at least somewhat similar concept.
This can just be a bad joke. Xmpp is not event considered by PG as an alternative. Besides, as long as you encrypt the data it does not matter on AWS or somewhere else.
XMPP is more lightweight but way more clunky. I think Matrix is better since all the features are built in and is having more development, more users and more clients on multiple operating systems.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacyguides@lemmy.one
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
We prefer posting about open-source software whenever possible.
No soliciting engagement: Don’t ask for upvotes, follows, etc.
Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
Be civil, no violence, hate speech. Assume people here are posting in good faith.
Don’t repost topics which have already been covered here.
News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
No misinformation: Extraordinary claims must be matched with evidence.
Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
Question. Did XMPP ever solve the firewall traversal problem. What I found back when I used XMPP was that I simply could not use it on a lot of networks because the server port would be blocked. 443 would often work but not all XMPP servers support 443. Not sure but maybe NAT traversal was sometimes an issue too.
Thanks for the post. Kind of blast from the past. Mostly XMPP as died and blown away in my neck of the woods but some people still use it. I think the fsf does, and maybe duckduckgo has a server. All for it coming back though, but good luck with that. I’ll keep it in mind though in the event I have an application. Thanks.
If you just use a VPN, doesn’t that solve it? Or you’re talking about hosting the server in your home?
Signal requires a phone number which is a non starter for me. I refuse to bend to that. I’ll stick with Session; XMPP; Matrix; etc.
Matrix is a standard, so you don’t need to use synapse or element. I’m shocked at how well matrix Conduit works on trivial hardware.
I heard that people at the Cia breathe air, and I bet you breathe air, so you are compromised by Cia air particles. XMPP is better because it’s XML and that can operate in a vacuum.
deleted by creator
This post is the personification of why downvotes should be enabled.
Which statements are you disputing as untrue?
This. I studied on how e2ee works in XMPP when I was trying it a few years back. It is absolutely atrocious. I have seen half-assed school projects with better security than most XMPP clients. Largely caused by encryption being bolted on through an extensions of the standard as an afterthought and going throug several revisions. Its usually not even enabled by default.
Now you may find a good client implementation, I think conversations for android seemd decent, but with everyone using a different client and no way to ensure the other side uses a secure one, there is little point.
For me using signal wasn’t about becoming Jason Bourne, it was about changing the threat model. I don’t have any dilusions of grandeur that I can’t be owned if I’m targeted, but you know what? My calls and texts aren’t stored with my phone company with a direct link to the Government and advertisers. That may be low hanging fruit, but that’s dealing with most of the issues the average user is going to run into. I’d suggust that the step from SMS to Signal is of greater benifit to a normal user than from signal to something more advanced. And, fwiw it’s open sourced and audited, which gives me more confidence than something like imessage or WhatsApp, despite similarities im encryption schemes.
I agree with you that Signal is far better than WhatsApp and SMS. I applaud your adoption of freedom and thank you for your time. I am looking to educate people on open source decentralized alternatives that exist for philosophical purpose
Oh I see. Yeah that’s cool. I’ve seen several posts around the fediverse that take a real tsk tsk signal user kind of tone, So I responded to yours kind of defensively. As a person with middle of the road tech knowledge I also curious if how I think about it stands up to scrutiny (because people will tell me!). Didn’t mean to distract from the intent. Thanks for posting this in any case.
Be gone, demon.
Also, Signal is literally endorsed by Edward Snowden … But sure, it’s CIA software.
We need to separate the code from the people running the service. Which is not possible with signal.
I am NOT saying the average person should be concerned with CIA spying. What I’m saying is that one should promote decentralized internet infrastructures that empower the individual over corrupt institutions, even though this threat model likely does not apply to you. XMPP is just as easy to use use as Signal.
If you use Signal messenger, you have to trust the Signal foundation, which uses Amazon’s AWS for the cloud. So you’re trusting CIA military contractors. I am NOT saying that Signal is a CIA tool. What I’m saying is that you are trusting and obeying a centralized authority, as opposed to being able to run code on your own server. And this contributes to the centralization of the internet and a loss of freedom.
Ok. I trust the Signal foundation. What cloud service it’s running on is only relevant when it comes to stability and AWS is very stable.
I have no idea what you’re even talking avbout.
removed by mod
deleted by creator
Edward Snowden the ex-CIA employee?
Checkmate, liberals
I’ll stick with signal. Thanks…
It does not matter if they are using AWS, the data is already encrypted by the user’s device by the time it arrives their servers. They are already a non profit organization, they can’t afford dedicated bare metal servers in their workplace.
Signal knows your entire connection graph. Who you talk to, at what time and how much. Storing all of the phone numbers/identities on their server. I use SimpleX Chat where you have no identity that can be recorded. It is also easy to use, though it’s relatively new and in active production
As everyone other said, Signal is NOT supposed to be an anonymous messaging service, but a private one. Anyone knows that the moment a service asks for their personal phone number, they can’t be anonymous. For the average Joe, Signal is the superior choice over WhatsApp, at least.
I think you don’t understand what “privacy” means. Being anonymous is the highest achievable level of privacy. There are levels before that, and Signal is at the bottom of the spectrum (WhatsApp is not even on the spectrum)
=> Signal is doing a bad job if it’s goal is “privacy”
Anonymity isn’t privacy, and privacy isn’t anonymity. I don’t know what you’re talking about.
Do you define privacy as “message content is hidden, everything else is irrelevant”?
Of course not, but it is a known fact that anonymity isn’t privacy.
Who says privacy equals anonymity?? No one here.
Signal does nothing more than hiding message content, which by your own words is “of course not” privacy. Signal could be a lot more private, but it is not and it doesn’t want to be. I’m done talking to you, I can’t get much clearer than that…
I disagree. There are a variety of ways your data can be leaked. For example, the person you’re talking to can be using a Google stock phone or Microsoft windows which may collect data. If this was a random XMPP name, this would provide more protection than your real phone number. Furthermore, there are academic studies proving the metadata can be gotten. Please see this for more information: https://simplifiedprivacy.com/signal-messenger-guide-to-avoid-privacy-mistakes/
Again, Signal is not supposed to be a anonymous messaging service. It is supposed to be a private one. You’re literally comparing a messaging protocol designed to be anonymous to a non-anonymous one. Sure, it would be great if XMPP was used overall, but unfortunately it isn’t. At least Signal developed a protocol that is starting to be pretty popular and is E2EE. You can use XMPP, but your average privacy user will use Signal over WhatsApp. Your argument literally is just about how XMPP is more anonymous than a protocol not even designed to be anonymous in the first place. Plus why care how the CIA or whatever knows who you’re talking to when they don’t know what you’re talking about? That would be a concern if you and/or the one you’re talking to were some criminal or something, but not for the average person. So if you’re some criminal, if you have even a little bit of common sense, you wouldn’t be using Signal in the first place. There’s other more secure and anonymous means of doing so. Whether it be over some protocol like XMPP, Matrix or SignalX’s protocol or something. Are you some paranoid person or a criminal? Because the CIA or the FBI wouldn’t give a fuck about why I am talking to person Y 24/7 as long as their phone numbers are not in the suspicious persons list and the messages are encrypted so that even if I were doing some stuff that would anger the government, they wouldn’t ever know it.
It is already a pain in the ass to get someone to join Signal over from other apps like Instagram, FB messenger, WhatsApp etc. By introducing decentralized systems, you’re causing even more “confusion”. They most likely don’t even understand what decentralization is and just back off because it “sounds” so complicated and scary to them. Plus even if they did switch to XMPP or at least started using it, would their friends switch too? Without someone to message, why keep using the messaging service? They’ll switch back right to their original messaging service they used to use before you encouraged them into switching over to XMPP. And now you even seem like someone they wouldn’t ask for advice from, because you once did give them advice and it was not useful.
If you are also so against phone numbers, you might like that Signal will introduce usernames soon. The ones you give your Signal username to will never ever know your real phone number (as long as you turn phone number privacy on in the settings [coming soon after the usernames]). Not a replacement for real anonymous messaging services, but at least somewhat similar concept.
for noobs or someone without strong IT skills like elderly. Signal is still the best imo
This can just be a bad joke. Xmpp is not event considered by PG as an alternative. Besides, as long as you encrypt the data it does not matter on AWS or somewhere else.
If privacyguides is your only source of truth, you’re in for a surprise at some point in time. As with any one-source-truth.
Sure, but there are good reasons not to use XMPP if you need security.
XMPP is more lightweight but way more clunky. I think Matrix is better since all the features are built in and is having more development, more users and more clients on multiple operating systems.
It sounds like all your criticisms of matrix are around the element client?
Briar desktop/mobile isn’t a bad option