Easy, it doesn’t help if your friend goes onto discover another XMPP messenger (cause they want their messages on their laptop/iOS or something else).
There’s no global OMEMO option for these either, you have to remember to enable OMEMO for every single conversation. The community has been asking for this for years on github, but the developers just never bother to enable it.
Please show me how to run Signal or Whatsapp on a Desktop PC (edit: without relying on a linked Android or iOS app). Threema only has an unofficial and not very well working Desktop client (OpenMittsu).
iPhone is total crap, so I don’t care about that, but apparently there are some similar XMPP clients for it.
OK, I have signal-desktop open over here (you can download yourself from the link I gave you above as well - here’s a help guide that should take you 2 minutes to go through), and I can see all my chats with my contacts, and I can send them a message, and look; it’s end-to-end encrypted - WhatsApp works the exact same way.
Let’s try that with my XMPP account, I can send a message to a friend of mine on Conversations, and it’s OMEMO encrypted by default, great.
iPhone is total crap … apparently there are some similar XMPP clients for it.
Unfortunately, a significant chunk of the world population disagrees with you, and they need a good XMPP client if you’re going to take XMPP mainstream. Here’s a spoiler for you: all the XMPP iOS clients suck (I have actually tried them all). By the way, did you know all of Apple’s pushes are powered by XMPP?
Anyway, I’m done with this thread, not only have you shown that you are ignorant of how the platform you are espousing works and its limitations, you also have this arrogant “it works for me, therefore it has to work for everyone else” attitude - which just isn’t how the world works.
If you ever wonder why security-conscious people (for example here) recommend Signal instead of XMPP - it’s precisely because they know that E2EE Just Works over there.
Neither the Signal deskop client, not the WhatsApp web client are true clients. They are remote access band-aids that only work with a running Android or iOS client and in fact break e2ee (spoiler: that’s a build in backdoor to the e2ee). You can pretty much do the same with Conversations and a remote access system like Scrcpy to get a “full Desktop experience” of Conversations.
As for the Dino example… well it shows it prominently enough that the connection is not excrypted, especially on the Conversation side (where you would expect the default e2ee) there is a big red warning asking you to enable it. Which can be done very easily.
I am honestly getting a bit tired of people having higher expectations of XMPP then even what the systems people compare it to do, just because XMPP is more explicit about certain technical limitations and on other systems with actually less capability, this is hidden from the user and in the end the user ends up less safe on the supposedly safer platform.
As for iOS… maybe. I don’t really care as iOS is insecure by default and due to the software mono-culture is trivial to exploit. So it really doesn’t make any difference.
I don’t really care as iOS is insecure by default and due to the software mono-culture is trivial to exploit
Yet again, wrong; iOS is both significantly more secure and more user friendly than any Android/Linux phone out there with maybe the exception of GrapheneOS.
Easy, it doesn’t help if your friend goes onto discover another XMPP messenger (cause they want their messages on their laptop/iOS or something else).
There’s no global OMEMO option for these either, you have to remember to enable OMEMO for every single conversation. The community has been asking for this for years on github, but the developers just never bother to enable it.
How is that worse than Signal, Threema or Whatsapp where no such clients even exist?
They do exist?
All of which have a single client, similar to using Conversations only on XMPP.
Please show me how I can run Conversations on:
Once you’ve done that, feel free to join us at https://github.com/privacytools/privacytools.io/issues/1838 where people are actually trying to fix the issue.
Please show me how to run Signal or Whatsapp on a Desktop PC (edit: without relying on a linked Android or iOS app). Threema only has an unofficial and not very well working Desktop client (OpenMittsu).
iPhone is total crap, so I don’t care about that, but apparently there are some similar XMPP clients for it.
OK, I have signal-desktop open over here (you can download yourself from the link I gave you above as well - here’s a help guide that should take you 2 minutes to go through), and I can see all my chats with my contacts, and I can send them a message, and look; it’s end-to-end encrypted - WhatsApp works the exact same way.
Let’s try that with my XMPP account, I can send a message to a friend of mine on Conversations, and it’s OMEMO encrypted by default, great.
Now let’s try using dino.im, same contact… oh, it didn’t use OMEMO - I thought some dude on Lemmy said that all of XMPP was end-to-end encrypted by default?
Unfortunately, a significant chunk of the world population disagrees with you, and they need a good XMPP client if you’re going to take XMPP mainstream. Here’s a spoiler for you: all the XMPP iOS clients suck (I have actually tried them all). By the way, did you know all of Apple’s pushes are powered by XMPP?
Anyway, I’m done with this thread, not only have you shown that you are ignorant of how the platform you are espousing works and its limitations, you also have this arrogant “it works for me, therefore it has to work for everyone else” attitude - which just isn’t how the world works.
If you ever wonder why security-conscious people (for example here) recommend Signal instead of XMPP - it’s precisely because they know that E2EE Just Works over there.
Neither the Signal deskop client, not the WhatsApp web client are true clients. They are remote access band-aids that only work with a running Android or iOS client and in fact break e2ee (spoiler: that’s a build in backdoor to the e2ee). You can pretty much do the same with Conversations and a remote access system like Scrcpy to get a “full Desktop experience” of Conversations.
As for the Dino example… well it shows it prominently enough that the connection is not excrypted, especially on the Conversation side (where you would expect the default e2ee) there is a big red warning asking you to enable it. Which can be done very easily.
I am honestly getting a bit tired of people having higher expectations of XMPP then even what the systems people compare it to do, just because XMPP is more explicit about certain technical limitations and on other systems with actually less capability, this is hidden from the user and in the end the user ends up less safe on the supposedly safer platform.
As for iOS… maybe. I don’t really care as iOS is insecure by default and due to the software mono-culture is trivial to exploit. So it really doesn’t make any difference.
You’re wrong on the Signal desktop point, it is a full fledged client on it’s own and can work without the mobile app.
No, it doesn’t. Dino just shows you a tiny padlock.
Well, until these issues are fixed, noone, absolutely noone is going to recommend XMPP to anyone.
And we haven’t even started talking about all the other flaws: https://infosec-handbook.eu/blog/xmpp-aitm/
Yet again, wrong; iOS is both significantly more secure and more user friendly than any Android/Linux phone out there with maybe the exception of GrapheneOS.