Asklemmy

44824 readers

980 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
[email protected]: a community for finding communities

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago

MODERATORS

[email protected]

XMPP or Matrix which one is more safe? (lemmy.ml)

submitted 3 years ago by [email protected] to c/[email protected]

25 comments fedilink hide all child comments

I think XMPP.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 9 points 3 years ago (1 children)

Depends on what you consider to be important for being "safe".

Using matrix as is out of the box is relatively secure but you need to be aware that a lot of metadata ends up on the servers of a UK based for-profit & venture capital funded company (New Vector).

Xmpp on the other hand requires a bit more research to find a good server and client, but it can be made to be extremely secure, especially when self-hosting and/or using Tor for connecting to it.

IMHO there is no silver-bullet and every option comes with trade-offs. Depending on you needs other options like Threema, Signal and Telegram with their e2ee & open-source clients but centralized servers can also be worthwhile to look at.

[–] [email protected] 4 points 3 years ago (1 children)

Using matrix as is out of the box is relatively secure but you need to be aware that a lot of metadata ends up on the servers of a UK based for-profit & venture capital funded company (New Vector).

Using 3rd party clients should really be encouraged.

[–] [email protected] 5 points 3 years ago (1 children)

metadata is not encrypted as per matrix protocol, it's not the client's fault

[–] [email protected] 3 points 3 years ago (2 children)

Would it even be possible to encrypt some basic metadata? I doubt that.

[–] [email protected] 2 points 3 years ago (1 children)

Mostly no, but the best way to deal with such meta-data is not to store it, or at least delete it as soon as possible. Which is the exact opposite of what Matrix does.

[–] [email protected] 0 points 3 years ago (1 children)

What kind of metadata are we talking about?

[–] [email protected] 3 points 3 years ago

This issue has a general overview.

[–] [email protected] 1 points 3 years ago (1 children)

xmpp encrypts everything, metadata included

it's not easy and makes the protocol really hard to implement but it is possible

[–] [email protected] 3 points 3 years ago* (last edited 3 years ago) (1 children)

Hmm, sadly that isn't the case, a lot of metadata on XMPP is also exchanged only TLS transport encrypted and is thus available on the server in clear text. The main difference to Matrix is that it generates and exchanges much less metadata and most XMPP servers are configured to delete all the metadata after a relatively short period of time.

[–] [email protected] 2 points 3 years ago

🤔 that does seem to be the case, maybe i was thinking of signal (it truly encrypts all metadata)