[nmgsd]

This highlights a major issue with ALL messaging apps, namely that the provider owns the clients AND the backend.

Distributed open-source clients that use end-2-end encryption over third party messaging channels is the future of secure messaging.

[wruza]

Once I read the article on messaging security, and non-standard clients were mentioned there as another serious attack vector. If you have only one client controlled by service provider, it is somewhat easier to reason about its quality. But if your peer can have any client, then your conversation is at risk, because your peer may not be hygienic enough, so exploit message may be sent to it from another contact and that will send all conversations to third party. E.g. though xmpp/otr is somewhat secure by itself, random security-unaware xmpp clients (tons of these) are a big concern.

The weakness of the chain is still defined by its weakest link. This is the case where it is maybe better to put all eggs in one basket and choose/validate entire baskets, not particular eggs.

I'm not a security expert, but that sounds reasonable imo.

[Arnt]

It is? It looks more like the past... "MPP is an example of a federated protocol that advertises itself as a "living standard." Despite its capacity for protocol "extensions," however, it's undeniable that XMPP still largely resembles a synchronous protocol with limited support for rich media, which can't realistically be deployed on mobile devices. If XMPP is so extensible, why haven't those extensions quickly brought it up to speed with the modern world?". See https://whispersystems.org/blog/the-ecosystem-is-moving/ and disagree, deny or be sad if you want.

Personally, I'm sad.

[Bladtman]

In software in general, the past is the future. Things were going great, then everything went to shit in the 2000'nds.