@hund doesn't that defeat the whole point of using a secure messenger like signal?

@metalune I wouldn't use Signal for secure messenger to begin with, for that purpose is XMPP better. I guess he's a pragmatic user who have some important friends on Signal. :)

@hund @metalune I wouldn't consider a messenger that leaks metadata left and right "secure." Nothing against xmpp, but separate use cases...

@fedops @metalune Left and right? I wouldn't call file transfers leaking metadata "left to right".

@hund @metalune I'm not talking about file transfers. I'm talking about address books, group memberships, and vcards (profile data) which are saved uncenrypted on the servers. In the case of federated servers, all of them.

Also OMEMO is susceptible to MitM attacks because XMPP doesn't support certificate pinning. The only way to prevent this is manual key acceptance which I doubt many people use. Most will use automatic and call it a day.

Signal doesn't suffer from any of these problems.

@hund @metalune now what Signal *does* suffer from, as we recently were so rudely made aware of, is having a single point of failure and not being self-hostable. That's bad, and is a clear advantage of a federated system like XMPP that you can run yourself if needs be and/or scale out relatively easily.

@hund yes, but ist is in early stage. i run signald and talking to signal via JSON works, but the libpurple stuff does not work reliably. But it is a promising and active project

@hund @matrix Hmmm.. https://matrix.org/bridges/#signal for Signal and https://github.com/matrix-org/matrix-bifrost or am I missing something here? As Matrix has so many interfacing possibilities, seems like a better “universal” middle layer than direct bridges?

@jeroen @matrix Me and my big mouth. :D It had completely flown by my radar that they support 1:1 chats.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.