this post was submitted on 07 Jul 2023
17 points (94.7% liked)

Privacy

32173 readers
610 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hello everyone! Are there any benefits of hosting your own XMPP server, considering I always use end-to-end encryption in all of my chats?

top 22 comments
sorted by: hot top controversial new old
[–] [email protected] 9 points 1 year ago (1 children)

I host my own. I'd say my contacts are split between XMPP and Matrix with many people having both. A lot of business use self hosted XMPP servers too. For example, Cisco communications solutions are based on XMPP.

The issue with free public servers is that you have no accountability. If they go away, or are left unmaintained, there's nothing you can do about it.

My two cents, host at home, or at an infrastructure provider you pay for service.

[–] pinkolik 2 points 1 year ago

Good points! Thank you :)

[–] [email protected] 3 points 1 year ago

Absolutely. The only real privacy issue you face using a public XMPP server is that you trust all of your metadata (everything inferred and included with the message besides actual text content) to the server administrator. If all of your XMPP messages are moving through your server, you are in control of your metadata.

[–] [email protected] 2 points 1 year ago (1 children)

e2ee only protects the content of your messages, but not the meta-data. If you run your own XMPP server or use a small one run by someone you trust, the meta-data is much better protected than on a larger public XMPP server.

[–] pinkolik 3 points 1 year ago (2 children)

What kind of meta-data could it be?

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

For example the IP address of all the devices you use to connect to the server.

Also all the internal communication that happens between users on the same server... like who is connected to whom and talks to whom at what time etc. Some of it will of course leak to remote servers in a federated network, but with your own server as an inter-mediator a lot of the meta-data is only known to your own server.

e2ee is actually massively over-emphasised and basically snake-oil by the large centralized networks (like WhatsApp or Signal). The data they are really interested in is the meta-data that allows them to make accurate advertisement profiles of their users. And the CIA famously kills people based on meta-data alone.

[–] [email protected] 1 points 1 year ago (1 children)

That is the main improvement messengers like Session and SimpleX Chat try to solve. As long as Signal requires a phone number (a highly identifying piece of information), there will always be metadata.

[–] [email protected] 1 points 1 year ago (1 children)

Using a small trusted XMPP server is IMHO the only real solution as it approaches the problem not as a technical issue but a social one. Any technical "solution" (like those you mentioned) will be at best improve the situation for a few people that really understand what is happening on the protocol level and leave everyone else with an even worse footgun situation than before. There are so many examples of this that I lost track of counting then :(

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

I totally agree with your reasoning, XMPP is a better solution than Signal and Session imo. Having more control over your metadata is definitely valuable, however, I think SimpleX Chat could be a really good alternative to XMPP. The concept is really solid, a decentralized system of unidirectional message queues.

[–] [email protected] 2 points 1 year ago (1 children)

100% agree with you. Been keeping an eye out for something more streamlined to bring the whatsapp crowd over. XMPP ain't it due to different servers with different features being a thing. So I only have a few contacts there. But as soon as SimpleX has a desktop client I'm moving over. Not because XMPP is bad, but because it's not able to pull less privacy driven peope over.

[–] [email protected] 1 points 1 year ago

I agree, once SimpleX implements a desktop client, read receipts, and account sync, it will be a great solution for the masses. The mobile apps are incredibly good for how young the project is, so I have high hopes for the desktop client.

[–] [email protected] 2 points 1 year ago

When you are online, when you write messages etc. everything but the messages itself

[–] [email protected] 1 points 1 year ago (1 children)

You could determine which XEPs to support...? Also, the usual benefits of hosting your own services. But neither is really a strong selling point IMHO.

[–] pinkolik 1 points 1 year ago

Is there any point in not supporting some of XEPs? Could you give me examples, please?

load more comments
view more: next ›