xmpp.orgXMPPXMPP - The universal messaging standard
Viimatised otsingud
Otsimisvalikud
#xmpp
22 postitusega13 osalejaga1 postitust täna
"Open Letter to Meta: Support True Messaging Interoperability with XMPP"
https://xmpp.org/2025/03/open-letter-to-meta-support-true-messaging-interoperability-with-xmpp/
xmpp.orgXMPPXMPP - The universal messaging standard
There are no known security issues with "Siacs OMEMO" / OMEMO v0.3¹ despite of what some very loud Signal fans would like you to believe. It has been audited by a third party² who took a longer look at it than all of the Signal fans combined.
Yes, #OMEMO v0.7+ (or TWOMEMO 
) is a cleaner spec with more features (most notably Stanza Content Encryption). That’s why we wrote it. I’m a co-author. That doesn’t mean v0.3 is insecure.
¹: https://xmpp.org/extensions/attic/xep-0384-0.3.0.html
²: https://conversations.im/omemo/audit.pdf
xmpp.orgXEP-0384: OMEMO Encryption
Vastatud lõimes
@signalapp no it's not.
- Otherwise #OrganizedCrime would choose #Signal so hard, you'd be shutdown within weeks by the #FBI and @Mer__edith would be forced to "pull a #LavaBit" and face jailtime for obstruction of justice or snitch on users!
Being a #centralized, #SingleVendor & #SingleProvider solution subject to #CloudAct makes you inherently vulnerable by your own choice and thus trivial to shutdown compared to real #E2EE with #SelfCustody of all the keys and true #decentralization as well as #SelfHosting (i.e. #PGP/MIME [see @delta / #deltaChat et. al.] and #XMPP+#OMEMO [see @monocles / #monoclesChat et. al.]!)
- Plus neither of those shill #Shitcoin-#Scams like #MobileCoin!
And don't even get me started on you collecting #PII (espechally #PhoneNumbers) for no valid reason, (thus violating #GDPR & #BDSG)...
- Not to mention relying ob #charity and being a #VCmoneyBurningParty isn't sustainable to begin with!
But yeah, I'll be patient to shout "#ToldYaSo" to your annoying cult of fanboys!
Vastatud lõimes
Vastatud lõimes
"Nutzt Signal!"
Außer, wenn man kein Google Android/Apple iOS hat/haben will.
Außer, wenn man nicht Amazon AWS nutzen/finanzieren will oder befürchtet, DJT könnte jederzeit den Zugang sperren.
Außer, wenn man seine Telefonnummer nicht als Chat-Id verwenden will.
Email vs. Signal ist eine falsche Dichotomie. Es gibt freie, föderierte Alternativen mit Clients für die meisten Betriebssysteme und ohne Telefonnummernzwang.
It’s time for real interoperability. Let’s make it happen.
The #DMA targets walled gardens and messaging interoperability. Meta, the designated gatekeeper, offers an solution that falls short of its goals.
The XMPP Standards Foundation (@xmpp) publishes an Open Letter to Meta, to advocate for adoption of #XMPP for messaging interoperability.
The letter: https://xmpp.org/announcements/open-letter-meta-dma/
Technical briefing: https://xmpp.org/announcements/open-letter-meta-dma/technical-briefing/
The corresponding blog post: https://xmpp.org/2025/03/open-letter-to-meta-support-true-messaging-interoperability-with-xmpp/
xmpp.orgXMPPXMPP - The universal messaging standard
#XSF Announcement
Today the #XMPP Standards Foundation publishes an Open Letter to urge #Meta to adopt XMPP for messaging #interoperability.
It’s time for real interoperability. Let’s make it happen.
https://xmpp.org/announcements/open-letter-meta-dma/
#jabber #chat #rtc
#opensource #decentralization #standard #dma
Vastatud lõimes
Vastatud lõimes
@janet_catcus #XMPP+#PGP may be a good option if you don't want to deal with half a dozen #OMEMO keys...
Vastatud lõimes
@Andromxda @mollyim no it's not bs and fanboying @signalapp isn't going to change that.
If #Signal was secure it would be the #1 comms tool of organized crime...
- Yet I've only seen #TechIlliterates shill it.
Real professionals use #SelfHosting capable, fully #FLOSS'd solutions like #PGP/MIME & #XMPP+#OMEMO.
- Again: Demanding #PII like #PhoneNumbers and shilling a #Shitcoin-#Scam (#MobileCoin) makes Signal literally untrustworthy and if it doesn't for you then maybe your standards are just too low...
It's just me reading the room: Cuz #ComSec isn't done woth "JuSt UsE sIgNaL!" and everyone who claims so without pointing out #OpSec, #InfoSec & #ITsec is BSing hard.
- The cold hard truth is that #TechLiteracy is irreplaceable and the only solution to it is to actually teach normies how to "get gud" with stuff like PGP.
Fortunatelty, @thunderbird and @tails_live / @tails / #Tails and many other tools make that easier than ever before.
- So rather than vomiting insults against my intellect in my mentions, go to the next @cryptoparty@mastodon.earth / #Cryptoparty / @cryptoparty@chaos.social and lend a hand.
Vastatud lõimes
@crazy_pony when @signalapp isn't being run as a #VCMoneyBurningParty and they take #InfoSec, #OpSec, #ComSec & #ITsec serious and stop shilling the #Shitcoin #Scams that is #MobileCoin!
For everyone else, there's #XMPP+#OMEMO (see @monocles / #monoclesChat) & #PGO/MIME (see @delta / #deltaChat)…
Vastatud lõimes
@walkinglampshade @jrredho @fj It's basic #InfoSec, really:
- @signalapp has no "#LegitimateInterest" to demand #PII like a #PhoneNumber and they use and abuse that to restrict functionality of their App (it doesn't matter that they merely claim "comply with #sanctions" [their #MobileCoin #Shitcoin #Scam disqalifies them even more!] because they have the tech to distinguish and discriminate users)...
Thus #Signal fails at protevting #Journalists and theor sources because they do have that data and can be #subopena'd for it if they don't already provide #BulkSurveillance & #LawfulInterception #API|s to comply with #CloudAct. (Or are you guys so naive and believe @Mer__edith will risk dying of old age in jail for non-paying users?)
And if you believe "this won't ne used/abused me because I'm from 'Murica!" and point at #ANØM as an example, then you really ignored all tze #Cyberfacism since 9/11…
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo
https://t.co/Q2aOQJkG4g”
Vastatud lõimes
@froge @fj I'm not replacing @signalapp with "random tools" but good options.
Like @delta & @thunderbird as well as @monocles / #monoclesChat & @gajim which work flawlessly over @torproject / #Tor using @tails / @tails_live / #Tails and @guardianproject / #Orbot respectably.
- Also these allow not only #SelfHosting but just work and I'd highly recommend #monocles as a hoster which finances iself by users paying and allows #anonymous accoubts & payments including not just #Monero but also #CashByMail!
Considering the costs of even acquiring and upkeeping an #anonymous #SIM, I'd rather pay €2 p.m. for #XMPP+#OMEMO and #PGP/MIME-supported #eMail with the option of self-custody than $2,50+ p.m. just to keep a phone number.
- Plus I don't run around with a #tracking device that could be used to #deanonymize me any second...
Or is anyone here expecting @Mer__edith to risk jail for life amd not comply with #CloudAct?
- If #Signal was as secure as advertised, it would've been shutdown like #EncroChat and #SkyECC!
It stenches like #ANØM, because NOTHING IS FOR FREE and running a #VCmoneyBurningParty is expensive...
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@osman@hachyderm.io If your #OpSec, #InfoSec, #ComSec and/or #ITsec relies on @signalapp@mastodon.world and/or @Mer__edith@mastodon.world [risking jail *or worse*](https://web.archive.org/web/20210908180219/https://twitter.com/thegrugq/status/1085614812581715968), you fucked up!
- If #Signal was secure, it would've been shutdown like #EncroChat & #SkyECC.
Seriously, to me #Signal stenches #Honeypot like #ANØM & #CryptoAG.
- All Signal fans do is #FUD #PGP/MIME and#XMPP+#OMEMO which are truly #decentralized and allow real #SelfHosting as well as #SelfCustody for complete control of all the data and keys...
That's why I get people setup with it!
I just delved into XMPP & OMEMO, despite limited experience. This old but intriguing article caught my attention: https://soatok.blog/2024/08/04/against-xmppomemo/ 
Worth a read? 
#XMPP #OMEMO #PrivacyMatters
Dhole Moments · Against XMPP+OMEMO - Dhole MomentsXMPP is a messaging protocol (among other things) that needs no introduction to any technical audience. Its various implementations have proliferated through technical communities for decades. Many…
Vastatud lõimes
@fj I still think @signalapp has fundamental flaws like demanding #PII (#PhoneNumbers can't be obtained anonymously around the globe and are trivial to track down to devices and thus users), being subject to #CloudAct as an unnecessary & 100% avoidable risk as well as #Shitcoin-#Scam shilling (#MobileCoin) and it's #proprietary, #SingleVendor & #SingleProvider nature that makes it inferior to real #E2EE with #SelfCustody like #PGP/MIME & #XMPP+#OMEMO!
Vastas kasutajale nemo™ 
Vastatud lõimes
Reminder to people who work in the #military, #healthSector or any other institution with #clearance levels:
Please use #InstantMessaging systems, that reflect them, for #classified information.
E.g. there is "XEP-0258: #Security Labels in #XMPP" https://xmpp.org/extensions/xep-0258.html
xmpp.orgXEP-0258: Security Labels in XMPP
Vastatud lõimes
@700Sachen @Bingenberger @groso dann doch lieber auf #XMPP+#OMEMO über #Tor migrieren, weil da funzen Sprachnachrichten nicht statt #NSAbook mit extea #Stimmdaten zu füttern.die dank #CloudAct US-Regierungseigentum werden und/oder dann für #Deepfakes genutzt werden können.
- Glaubste nicht? Lies die AGBs!
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@Bingenberger@bildung.social IMHO gehören #Sprachnachrichten verboten!
Ich verweigere mich Messengern die sowas unterstützenvund wer mir trotzdem welche schickt bekommt von mir [dieses Video](https://www.youtube.com/watch?v=jdzwgPVn5TY) und nen instant-Block!