[infosechandbook]

> How should that be possible if OMEMO is enabled (which is the default in more modern clients)?

See https://infosec-handbook.eu/articles/xmpp-aitm/#t5

TL;DR: XMPP clients can't distinguish between legitimate and injected messages, even if OMEMO is enabled. The XMPP client just displays injected messages as an unencrypted message from the sender.

[zaik]

In Conversations unauthenticated messages are displayed with a red background, whereas OMEMO authenticated messages are displayed in green. They do not look the same.

[infosechandbook]

Nobody claimed that they look the same.

As mentioned in the linked article, the behavior upon receiving an injected message is client specific. In any way, the injected message is somehow presented to the (non-technical) user who might then be targeted. We all know the same problem exists in the e-mail world.

[MattJ100]

Signal operators can also inject messages to people. So this is a strange comparison.

What holds true in both systems is that if someone does this, it's detectable thanks to E2EE. Which is the entire point of E2EE.

[infosechandbook]

> Signal operators can also inject messages to people.

Did you check this, and can you demonstrate a server-side message injection so that the Signal clients display the injected message correctly, leaving the recipient vulnerable to spoofed messages? Would be nice to see for the security community.

> What holds true in both systems is that if someone does this, it's detectable thanks to E2EE.

What also holds true: One system enforces E2EE; for the other system E2EE is optional, depends on the client, and while spoofing could be detected thanks to E2EE, all clients we checked didn't detect it (Gajim, Conversations, Psi+, Profanity).

[Andrew_nenakhov]

If you start with an argument 'non trusted server admin can do things to my xmpp', it's strange that you don't apply same logic to Signal admins, who control the server and ship an app to you which you can't really verify.

[infosechandbook]

> If you start with an argument ..., it's strange that you don't apply same logic to Signal admins

Where is this 1-to-1 comparison you demand in the OP's original article?

Security: They mainly highlight TLS and experimental OMEMO as the main security features of XMPP. TLS is also present in Signal, and OMEMO is based on the Signal Protocol, which is enforced for Signal. So comparing this 1-to-1 in OP's article, Signal wins as these security features aren't optional but enforced and more mature.

Privacy: This section in OP's article addresses distinct things to then somehow claim XMPP is private. Let's compare them:

XMPP is an open standard -> Doesn't this apply to Signal, too? Some developers claim not to track users -> Same applies to Signal. OMEMO adds security -> explained above, already in Signal. Decentralized -> The first difference, and here we can write another article on why decentralization doesn't magically add any security or privacy. Users can choose a username, doesn't need phone number -> Second difference, which doesn't apply to all XMPP clients as some may require your phone number, and if we assume people can choose a non-identifiable username, then we can also assume people can choose a non-identifiable phone number. User may not be identifiable -> Another vague statement without any explanation that we can just assume the same way for Signal. Presence status shared with others (without mentioning that server admins can see this, too) -> Signal comes without this feature. Only nicknames exposed in MUCs (again without mentioning what MUC admins and server admins see) -> Signal lets users decide if they want to share their phone number and username with groups. User is the only one deciding about/controlling their account and personal data (how can this be ensured if this data is exposed to the server and other users) -> Again a vague statement without any explanation. So Signal users can also decide about their data.

Then, OP's article suddenly ends without going into any details. The article finishes with "phone numbers, centralization bad; username, decentralization good." This isn't balanced at all.

> Signal admins, who control the server and ship an app to you which you can't really verify.

If we write exactly the same about XMPP, people immediately state, "XMPP clients and servers are open source, everybody can look at their code." So let's apply the same logic to Signal. If you don't want to apply this logic, then yes, we can't also verify if we connect to a malicious/manipulated XMPP server even if its source code is open. The same applies to apps. And Reproducible builds don't come with this guarantee, too.