this post was submitted on 17 Sep 2023
149 points (82.8% liked)

Privacy

31782 readers
342 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

that website is broken beyond belief, I can't confirm anything

talking about the police site, not the mastodon link

[–] u_tamtam 2 points 1 year ago* (last edited 1 year ago) (1 children)

It really took me a second to figure out: https://www.bundespolizei.de/Web/DE/Service/Mediathek/Jahresberichte/jahresbericht_2020_file.pdf , click on the PDF link, hop to page 48. But even without that, do you really believe that the developer of the app, who's making a living of it, would commit financial suicide by lying so openly about such a trivial thing? Either way, with or without Conversations, XMPP is used by millions of users daily: https://www.rst.software/blog/22-companies-using-xmpp-and-ejabberd-to-build-instant-messaging-services
https://xmpp.org/uses/instant-messaging/

[–] [email protected] 0 points 1 year ago (1 children)

Huh interesting, I actually had no idea those big apps used XMPP. Would it be easy for them to add e2ee if they wanted to?

[–] u_tamtam 2 points 1 year ago

It depends, E2EE is mostly a client thing and most of them implement OMEMO as a standard: https://omemo.top/

OMEMO is XMPP's take on the double ratchet algorithm (very similar to Signal's), MLS is in the works as the hot new cross-protocols standard (but is inferior to OMEMO:2 when it comes to metadata encryption), PGP is often an option for the cases where perfect forward secrecy isn't desired, and OTR is still used in niche cases when you want E2EE across protocols.

In fact, E2EE was a thing in XMPP world since about 10 years… before Signal existed.