I’ve been working really hard to research and rank messaging apps by their privacy. The more green boxes the better.

I plan to turn PrivacySpreadsheet.com into a place for privacy data on everything from cars to video games. It’s all open source too on GitHub.

Not trying to advertise, I just put a lot of time into researching all this, and I want to share it since I think others could benefit.

  • Marzanna@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    7
    ·
    10 months ago

    I think that information for XMPP is inaccurate. I use it for private communication. E2E encryption is on by default in Conversations, messages are removed from a server if MAM is off.

    • toastal@lemmy.ml
      link
      fedilink
      English
      arrow-up
      10
      ·
      10 months ago

      Dino, Gajim turn on OMEMO by default & even the TUI Profanity prominently displays [unencrypted] in red at the top by default nudging you to pick OMEMO, OTR, or PGP for end-to-end encryption. The protocol is generic on purpose & meant to be extended with encryption which in the case of private chat applications, is now defacto. Much in the same way, TLS isn’t required since there are application that don’t require it, but defacto, all guides for setting up a XMPP server for chatting applications will suggest TLS where some servers have options like s2s TLS required or it won’t talk to the other server.

      Seems weird that there’s a big, red no even when all the defaults point in the direction yes for human-to-human chat. Much in the same way some values are wrong like apps & servers being open source when there very much are proprietary XMPP servers out there like WhatsApp & Zoom. There’s also a reason Tails OS comes with Dino (or Pidgin) & every dark web guide explains how to connect to XMPP thru Tor + OMEMO/OTR, because it can be secure & anonymous enough for criminals & whistleblowers while being lightweight & decentralized.

      • rcbrk@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        10 months ago

        It’s always crickets when the issue of improper poor ranking of XMPP is addressed in these threads…

        • toastal@lemmy.ml
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          Everything has to be new & shiny or it’s bad. XML bad, JSON good. /s