nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqmqm2yudxw987dh4y44le4m3xsftp3spnp4f5flyga3jeq60l6dgqtd2v2a
Pro mode: Replace #WhatsApp and #Signal with an European #xmpp server. ๐
@Martin @nprofile1q...
Replacing Signal with XMPP is an option only if you don't care about privacy. XMPP with OMEMO has, at least, the following in plain text:
All <presence> stanzas, including both your online status and all status messages.
Your roster (visible to the server, if you are in someone else's roster then your server records that in plain text as well).
The outer wrapping for all <message> stanzas, including the to and from XID fields, so every server involved can see who is communicating with whom (this is the thing that the Snowden files indicated the NSA put effort into harvesting from other communication channels).
Almost all <iq> stanzas.
If you're on a low-volume server, most of the useful metadata (who is sending messages to whom) can be inferred by anyone who can spy on the (encrypted) traffic over the last link.
If you understand all of the above and think it's okay, please continue to recommend XMPP, but please explain to the people to whom you are recommending it why you think this is all acceptable.
[ I worked on XMPP back in the early 2000s, it was a great protocol for its time, but Snowden changed the threat model and the only place I'd recommend it now is for internal communication within a group where membership of the group is already public via other mechanisms, such as within a company. ]
Replacing Signal with XMPP is an option only if you don't care about privacy. XMPP with OMEMO has, at least, the following in plain text:
All <presence> stanzas, including both your online status and all status messages.
Your roster (visible to the server, if you are in someone else's roster then your server records that in plain text as well).
The outer wrapping for all <message> stanzas, including the to and from XID fields, so every server involved can see who is communicating with whom (this is the thing that the Snowden files indicated the NSA put effort into harvesting from other communication channels).
Almost all <iq> stanzas.
If you're on a low-volume server, most of the useful metadata (who is sending messages to whom) can be inferred by anyone who can spy on the (encrypted) traffic over the last link.
If you understand all of the above and think it's okay, please continue to recommend XMPP, but please explain to the people to whom you are recommending it why you think this is all acceptable.
[ I worked on XMPP back in the early 2000s, it was a great protocol for its time, but Snowden changed the threat model and the only place I'd recommend it now is for internal communication within a group where membership of the group is already public via other mechanisms, such as within a company. ]
1