Asklemmy

44672 readers

1083 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
[email protected]: a community for finding communities

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago

MODERATORS

[email protected]

XMPP or Matrix which one is more safe? (lemmy.ml)

submitted 3 years ago by [email protected] to c/[email protected]

25 comments fedilink hide all child comments

I think XMPP.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 7 points 3 years ago* (last edited 3 years ago) (2 children)

Getting end-to-end encryption work seamlessly is difficult on XMPP, and you would end up not secure. Matrix does have very good defaults and has e2ee enabled by default. It also has a different passphrase to decrypt history if you need to change the device.

Edit: typo.

[–] [email protected] 4 points 3 years ago* (last edited 3 years ago) (2 children)

I guess you made a typo and mean XMPP. But getting e2ee working on XMPP is also super seamless and easy when using the Android Conversations client or one of it's forks. On Matrix it is also only super easy and seamless with one client, i.e. the webbased Element.

[–] [email protected] 4 points 3 years ago (2 children)

Corrected the sentence. I last used XMPP with Conversations on mobile and Movim on the web about 3 to 4 years ago. Many of my contact had hard time enabling e2ee. I had to visit them to walk them thru the trust process. Other wise, the would just see scrambled text.

[–] [email protected] 4 points 3 years ago

This is no longer the case for Conversations, it works super seamless out of the box.

Sadly Movim only very recently added experimental e2ee and it isn't fully usable yet. But I am hopeful that it will be in a few months.

[–] [email protected] 4 points 3 years ago

I use Monocles Chat, a fork of blabber.im, which is a fork of Conversations.

OMEMO encryption works by default, and (for me) was a little bit more seamless than setting it up for Element.

Element has a slightly awkward "verification" process, and also the backing up of encryption keys, and verifying other devices, just tends to confuse new users (imo).

[–] [email protected] 0 points 3 years ago

only super easy and seamless with one client, i.e. the webbased Element

But the Webbased client's security model is simply broken. E2EE in the browser is simply not possible.

[–] [email protected] 0 points 3 years ago* (last edited 3 years ago) (2 children)

Getting end-to-end encryption work seamlessly is ~~difficult~~ easy on XMPP

Fixed that for you. :)

[–] [email protected] 1 points 3 years ago

default setting is that admins can easily inject their own key without user noticing it.

additional to that: gajim sends files over jingle without encryption in e2ee chats dino does not offer reliable e2ee for group chat. it is difficult to verify keys in conversations because these settings are hidden afaik.

[–] [email protected] 1 points 3 years ago

As ibsaid previously my statements are based on an old experience. Much has changed today.