this post was submitted on 07 Jul 2023
17 points (94.7% liked)

Privacy

32173 readers
696 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hello everyone! Are there any benefits of hosting your own XMPP server, considering I always use end-to-end encryption in all of my chats?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago (1 children)

e2ee only protects the content of your messages, but not the meta-data. If you run your own XMPP server or use a small one run by someone you trust, the meta-data is much better protected than on a larger public XMPP server.

[–] pinkolik 3 points 1 year ago (2 children)

What kind of meta-data could it be?

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

For example the IP address of all the devices you use to connect to the server.

Also all the internal communication that happens between users on the same server... like who is connected to whom and talks to whom at what time etc. Some of it will of course leak to remote servers in a federated network, but with your own server as an inter-mediator a lot of the meta-data is only known to your own server.

e2ee is actually massively over-emphasised and basically snake-oil by the large centralized networks (like WhatsApp or Signal). The data they are really interested in is the meta-data that allows them to make accurate advertisement profiles of their users. And the CIA famously kills people based on meta-data alone.

[–] [email protected] 1 points 1 year ago (1 children)

That is the main improvement messengers like Session and SimpleX Chat try to solve. As long as Signal requires a phone number (a highly identifying piece of information), there will always be metadata.

[–] [email protected] 1 points 1 year ago (1 children)

Using a small trusted XMPP server is IMHO the only real solution as it approaches the problem not as a technical issue but a social one. Any technical "solution" (like those you mentioned) will be at best improve the situation for a few people that really understand what is happening on the protocol level and leave everyone else with an even worse footgun situation than before. There are so many examples of this that I lost track of counting then :(

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

I totally agree with your reasoning, XMPP is a better solution than Signal and Session imo. Having more control over your metadata is definitely valuable, however, I think SimpleX Chat could be a really good alternative to XMPP. The concept is really solid, a decentralized system of unidirectional message queues.

[–] [email protected] 2 points 1 year ago (1 children)

100% agree with you. Been keeping an eye out for something more streamlined to bring the whatsapp crowd over. XMPP ain't it due to different servers with different features being a thing. So I only have a few contacts there. But as soon as SimpleX has a desktop client I'm moving over. Not because XMPP is bad, but because it's not able to pull less privacy driven peope over.

[–] [email protected] 1 points 1 year ago

I agree, once SimpleX implements a desktop client, read receipts, and account sync, it will be a great solution for the masses. The mobile apps are incredibly good for how young the project is, so I have high hopes for the desktop client.

[–] [email protected] 2 points 1 year ago

When you are online, when you write messages etc. everything but the messages itself