Over the past few years I have gone through a bunch of different apps and protocols to find the best one for “securely” communicating with my family and friends.

I ended up with the amazing XMPP protocol and my family/friends frequently use its clients to contact me.

Monal for IOS and Cheogram/Conversations/Quicksy for Android. The android app I install depends on if I can get F-Droid on their phone or not.

It’s been great with OMEMO encryption and the clients/apps available for XMPP. But sometimes I have issues introducing people to it.

Jabber (friendly name for xmpp) sounds silly to say. The clients all have weird names. And after trying the Signal mobile app it feels more focused than what anyone in the XMPP community has whipped up.

But the capabilities of XMPP makes it better.

Signal Cons (immediete)

  • Centralized
  • Single app
  • Phone numbers

XMPP/Jabber Cons

  • Picking server
  • Apps are sort of less friendly

What really scares me about Signal is the centralization. Any nerd can easily host an XMPP server these days. But Signal from what I’ve heard really wants us to use their server.

If XMPP gets more attention I’m sure we can get people supporting projects and creating better apps.

I keep seeing people recommended Signal instead.

This is a bit of a tired ramble. What I wanna know is why anyone is preferring Signal over XMPP apps. I assume it might be not knowing about it. Tell me what you use to message people.

  • notarobot@lemmy.zip
    23·
    17 hours ago

    I like signal but they do probably know who you talk to, when you talk to them, your IP, their IP, and size of your messages. The fact that they are pretending they can’t get this info with just server side changes worries me

        • CoyoteFacts@piefed.caEnglish
          11·
          14 hours ago

          No, and in fact they have fought to unseal and publish the articles they have. The point is that if you read the subpoenas, they request a lot of data from Signal and Signal can only ever return the phone number, account creation date, and last connected timestamp. So either Signal is consistently lying to various governments or they actually don’t have any of that data. Signal’s client is also open-source and has been audited, and they have published many blogposts about how the technology works.

          I’d strongly recommend digging deeper into this and trusting the auditors and experts instead of dismissing it based on lazy and cynical guesses. If you don’t trust anyone you’re welcome to read the source code of the client yourself. Soatok recently posted an 8-part series going through Signal’s encryption that you can read as a primer: https://soatok.blog/2025/02/18/reviewing-the-cryptography-used-by-signal/.

          • notarobot@lemmy.zip
            11·
            11 hours ago

            Since they are not required to publish these they could be publishing only the ones that make them look good. You might also notice that they haven’t published any for over a year. I know how siglan works and I trust the client and the security. I even recommend it. But let’s not pretend they are INCAPABLE of building your social graph

            • CoyoteFacts@piefed.caEnglish
              11·
              10 hours ago

              Since you’ve clearly not read or comprehended any of the subpoenas that I linked, nor the encryption analysis, nor read any of Signal’s blogposts, I see no point with responding any further. You are spreading FUD, and I question your motives.

              • notarobot@lemmy.zip
                1·
                9 hours ago

                From the blog you provided. Next time. Read your sources

                In the absolute worst case, a totally malicious Signal Server can perform traffic analysis to correlate the IP address assigned to the messages arriving with the delivery token for a recipient.

                And

                Sealed Sender cannot totally hide the recipient (else the server wouldn’t know where to route the messages).

                Edit: removed the word “moron”. I’m not a native English speaker and I thought it meant something else. It seems its like “retard” which I wouldn’t use as an insult. I’ve used it so much…

              • notarobot@lemmy.zip
                1·
                10 hours ago

                I’m not the one that is not listening. I don’t care about the ones they post. I care about the ones they don’t. I trust they client code. I don’t trust ANYONES server side code. Their encryption is top of the line and an industry standard. But is DOES NOT hide your IP, the time of the day you send messages

                ONCE AGAIN (this is the third time I’m saying this) I like and recommend signal. I have no evil motives nor I’m trying to be paranoid. But let’s not pretend they are perfect.

                If you are hurt because I said mean things about a company you base your personality on, that is not my problem.