this post was submitted on 14 Sep 2021
56 points (98.3% liked)

Open Source

32665 readers
1139 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
56
This seems solid discord alternative (itsfoss.com)
submitted 3 years ago by [email protected] to c/[email protected]
52 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 3 years ago (1 children)

I guess very few people self-host their email or Matrix or XMPP.

You don't need to self host email, Matrix or XMPP to use E2EE. I meant self hosting the web clients.

And it still doesn’t protect you against someone breaking the TLS connection between you and your server.

HSTS, Certificate Pinning, …

Every communication method suffers from this, it's not exclusive to web-based communication.

proprietary, windows only apps are not generally designed with security as the number 1 concern

Yeah, Open Source software down to the OS itself is important for security. But even then, who audits their own software? It's probably 0.01% of the 0.01% of the general population you mentioned.

[–] [email protected] 2 points 3 years ago (1 children)

You don’t need to self host email, Matrix or XMPP to use E2EE. I meant self hosting the web clients.

Nobody does that

HSTS, Certificate Pinning, …

HSTS is great but doesn't protect you against maliciously issued certificates, and Certificate pinning is deprecated on the Web.

Yeah, Open Source software down to the OS itself is important for security. But even then, who audits their own software? It’s probably 0.01% of the 0.01% of the general population you mentioned.

That's why you stick to software under high scrutiny and highly visible for security sensible stuff, and avoid using software with a broken security model for sensible stuff.

[–] [email protected] 0 points 3 years ago (1 children)

That’s why you stick to software under high scrutiny and highly visible for security sensible stuff

So, like Element? scnr

[–] [email protected] 1 points 3 years ago

More like Signal