Admin on the slrpnk.net Lemmy instance.

He/Him or what ever you feel like.

XMPP: povoq@slrpnk.net

Avatar is an image of a baby octopus.

  • 36 Posts
  • 439 Comments
Joined 2 years ago
cake
Cake day: September 19th, 2022

help-circle






  • There are some clients that support the latest version of OMEMO, but yes, since the most popular ones do not, you end up using the older version most of the time. That said, the older version is not generally unsafe, it basically is the same as WhatsApp or Signal are using. The newer version is just somewhat better as it includes some lessons learned from earlier attempts.


  • E2ee is not everything, as most of the privacy sensitive metadata can still be collected. Sure it is nice to have, but even more important is that you can chose a trustworthy server operator or run your own. XMPP allows doing that, but it has some weaknesses with client implementations and so on.

    I am a bit biased and would say all in all XMPP is probably the best option right now, but it depends on your specific priorities. It certainly has some rough edges though.












  • No, if your system can’t support 3rd party clients properly, it is inherently insecure, especially in an e2ee context where you supposedly don’t have to trust the server/vendor. If a system claims to be e2ee, but tightly controls both clients and servers (for example WhatsApp), that means they can rug-pull that e2ee at any point in time and even selectively target people with custom updates to break that e2ee for them only. The only way to realistically protect yourself from that is using a 3rd party client (and yes, I know, in case of Signal also theoretically reviewing every code change and using reproducible builds, but that’s not very realistic).

    Now admittedly, Signal has started to be less hostile to 3rd party clients like Molly, so it’s not as bad anymore as it used to be.


  • poVoq@slrpnk.nettoPrivacy@lemmy.ml*Permanently Deleted*
    link
    fedilink
    arrow-up
    43
    arrow-down
    1
    ·
    3 months ago

    Loads of people working for these companies are also on special visas that have been described as modern slavery… so maybe they are culpable of signing up for such jobs/visas, but once you are in such a setup the threat of immediate deportation to some 3rd world country is quite real.



  • Telegram’s encryption isn’t open source, so no one can verify it’s soundness or risks.

    This is not true, it is available in the open-source Telegram clients.

    What you probably mean is that it is using an unusual and not well studied encryption algorithm. This means you need to be a real cryptography expert to spot flaws in it.

    Telegram justifies this with a bit of FUD about well known encryption algorithm being NSA sponsored etc, but when cryptography experts did look at Telegram’s homegrown algorithm they were less than impressed.