@freakazoid
> Is there mandatory end to end encryption [in XMPP] yet?
Nothing is mandatory in XMPP except for the core and that's not going to change. But perhaps I'm taking you too literally? If your question is do all (non-beta) clients support E2EE, I'm pretty sure that's a goal. I believe there's been some funding grants handed out to client devs to help them finish/ audit OMEMO implementations.
@strypey@freakazoid Indeed not mandatory, but there are some XMPP clients that offer the option to make e2ee the default in private chats. In general this website still gives a good overview on the state of e2ee support in XMPP clients: https://omemo.top/
There is also ongoing work in some clients to implement a newer version of OMEMO (nick-named newmemo or omemo2) that offers much improved metadata encryption compared to the current standard that encrypts the text body. #xmpp#jabber
@joinjabber
> a newer version of OMEMO ... offers much improved metadata encryption compared to the current standard
Good to know! I presume Conversations is one of the clients working on this? If so, it will available to people using @snikket_im as soon as its stable.
@strypey@joinjabber As long as people have to take action to enable encryption, it will be possible to make the case that the use of encryption is evidence of wrongdoing. I think there is a big opportunity here for XMPP to significantly move the needle on privacy because, unlike Signal, it's not "primarily" about encryption.
Right now I use Signal with my friends and family. I don't see moving to Jabber unless/until the iOS experience improves (very slow/missed messages due to battery optimizations) and encryption becomes the default on some usable client for each of the platforms used by my friends, mostly iOS and Android.
@freakazoid
> I don't see moving to Jabber unless/until the iOS experience improves ... and encryption becomes the default on some usable client
Have you looked into @snikket_im? I'm pretty sure E2EE is on by default in their clients. So far they have them for Android (based on Conversations) and iThing (based on Siskin). But the goal is to have web and native desktop clients too. I'm don't have an iThing so I can't comment on the performance of that client but I hear its good.
@jabberati@strypey Matrix maybe? Not sure. But as I've been trying to get family and friends to use encrypted means to communicate with me, not once has any of them asked me if the protocol is an internet standard. The only application I've had any success getting people to use is Signal, which in an ideal world would not be my preference, but the only encrypted messenger that matters is the one that people actually use, right?
@jabberati@strypey Ah, thanks. I guess I'm stuck with Signal for now then. Glad to see progress being made on Jabber though! Hopefully I'll have reason to start using it again sometime soon.
Or maybe I'll just set up my own ejabberd again and get my family onto that, since e2e is just for keeping messages from being accessible to whoever has admin access to the server, and preventing them from spoofing your contacts.
> e2e is just for keeping messages from being accessible to whoever has admin access to
... any server whose users are in a given chat. But if you set up your own server, you might be able configure it to require E2EE for all new chats. As long as the clients understand what's being asked of them.
@jabberati
> Is there a new internet standard for instant messaging that requires encryption?
I doubt there ever will be, since any chat federation standard worth its salt will need to support unencrypted public chat rooms. Matrix (the protocol) doesn't require encryption but in Element all new 1:1 chats are encrypted by default.
@strypey@jabberati It's possible to do group chat with encryption. It just requires more complicated key agreement protocols, and for example old messages won't necessarily be visible when you join a chat room unless the protocol has a random client send them to you or something.
Add comment