|
|
|
|
|
|
by infosechandbook
1621 days ago
|
|
|
> I already responded to your "admin in the middle" article here And we already responded here: https://news.ycombinator.com/item?id=29106376, and here: https://infosec-handbook.eu/news/2021-11-06-xmpp-aitm/, and somewhere on Reddit. > I run my own XMPP server (Snikket) for my family Can we agree that >90% of non-technical XMPP users likely don't run their own XMPP server? Can we agree that most non-technical XMPP users use a public XMPP server on the internet, where they might not know the individual or organization running the server? Where it remains unclear whether the XMPP server is set up and operated in a "secure" and "private" way? Where some XMPP server admins even fail to provide a privacy policy or try to hide their identity? Is this unique to XMPP? No, we never said this. Is this then a reason to ignore these issues? Also no. We should openly discuss pros and cons instead of highlighting isolated properties of a protocol that might be better in some situations than the same properties of a competitor. |
|
|
Yes. The majority of people cannot, and will not ever, run their own server. However my ideal is that the remaining "10%" of people who can, do so. Just as I do for my non-technical family members. I believe that there should be a trust relationship between service operators and their users, whatever form that takes. I work daily to try and make self-hosting XMPP easy and accessible to more people, so we can increase this "10%" fraction.
For a similar perspective see: https://staltz.com/some-people-want-to-run-their-own-servers...
Of course using public XMPP services anonymously (burner accounts, randomly-generated username, connect via Tor/VPN, etc.) is a thing that many people also do, but I think that's a minority use-case (that should still be supported). Tools such as Briar also cover many such use-cases adequately or better.