|
|
|
|
|
|
by MattJ100
1622 days ago
|
|
|
I already responded to your "admin in the middle" article here: https://news.ycombinator.com/item?id=29104983 I run my own XMPP server (Snikket) for my family, and I have no fear of the metadata it (I) can theoretically see if I run tcpdump. Snikket has a short retention period (7 days by default), and it uses end-to-end encryption for message contents and files. It's much more important to me that I know where my data is - or rather, know where it isn't. I'd rather have that than be forced to entrust my metadata to a third party such as WhatsApp/Facebook, Telegram or Signal. Disclaimer: I'm an XMPP developer (as I know you know, but others may not). |
|
|
And we already responded here: https://news.ycombinator.com/item?id=29106376, and here: https://infosec-handbook.eu/news/2021-11-06-xmpp-aitm/, and somewhere on Reddit.
> I run my own XMPP server (Snikket) for my family
Can we agree that >90% of non-technical XMPP users likely don't run their own XMPP server? Can we agree that most non-technical XMPP users use a public XMPP server on the internet, where they might not know the individual or organization running the server? Where it remains unclear whether the XMPP server is set up and operated in a "secure" and "private" way? Where some XMPP server admins even fail to provide a privacy policy or try to hide their identity? Is this unique to XMPP? No, we never said this. Is this then a reason to ignore these issues? Also no. We should openly discuss pros and cons instead of highlighting isolated properties of a protocol that might be better in some situations than the same properties of a competitor.