this post was submitted on 12 Oct 2025
125 points (97.7% liked)

Privacy

42558 readers
581 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
125
Why Signal over Jabber/XMPP? (piefed.world)
submitted 3 days ago by TurkeyDurkey@piefed.world to c/privacy@lemmy.ml
122 comments fedilink hide all child comments
 

Over the past few years I have gone through a bunch of different apps and protocols to find the best one for "securely" communicating with my family and friends.

I ended up with the amazing XMPP protocol and my family/friends frequently use its clients to contact me.

Monal for IOS and Cheogram/Conversations/Quicksy for Android. The android app I install depends on if I can get F-Droid on their phone or not.

It's been great with OMEMO encryption and the clients/apps available for XMPP. But sometimes I have issues introducing people to it.

Jabber (friendly name for xmpp) sounds silly to say. The clients all have weird names. And after trying the Signal mobile app it feels more focused than what anyone in the XMPP community has whipped up.

But the capabilities of XMPP makes it better.

Signal Cons (immediete)

  • Centralized
  • Single app
  • Phone numbers

XMPP/Jabber Cons

  • Picking server
  • Apps are sort of less friendly

What really scares me about Signal is the centralization. Any nerd can easily host an XMPP server these days. But Signal from what I've heard really wants us to use their server.

If XMPP gets more attention I'm sure we can get people supporting projects and creating better apps.

I keep seeing people recommended Signal instead.

This is a bit of a tired ramble. What I wanna know is why anyone is preferring Signal over XMPP apps. I assume it might be not knowing about it. Tell me what you use to message people.

you are viewing a single comment's thread
view the rest of the comments
[–] Ferk@lemmy.ml 3 points 1 day ago* (last edited 1 day ago) (1 children)

When it comes to initializing the connection, It's true that those identifiers (or perhaps more accurately, addresses) are susceptible to collisions in a "global space". But they are temporary, ephemeral addresses (they are discarded after use and/or expiration), and the space is astronomical so chances of collision are tiny, and even in the rare event of a collision you still have a step in which you verify a fingerprint code that's independent of the address, related to the individual local device.. so you have a second factor authentication of sorts, if you are adding a person and the code does match then you can be pretty sure it's the correct person, since both the shared address and the internal locally-stored key match.

[–] balance8873@lemmy.myserv.one 1 points 1 day ago (1 children)

If there's a permanent global fingerprint code isn't that, well, the opposite of what the marketing says? Why is that not a unique user identifier?

[–] Ferk@lemmy.ml 2 points 1 day ago* (last edited 1 day ago) (1 children)

The fingerprint (or you can also call it "security code", it's just a code for verification), is generated from the combination of the locally stored encryption keys from each side of the conversation, it will be different every time. I believe it's also not technically required by the protocol that the same encryption key should be used for all conversations (although I don't really know if the client does generate a new one every time or keeps reusing the same, that's up to the implementation I believe).

[–] balance8873@lemmy.myserv.one 1 points 1 day ago

Makes sense, thanks for the explanation