@kirby
It's a price to pay for proper encryption that works with multiple sessions🤷
XMPP crowd was making fun of Matrix for this, but that is just how Double Ratchet works — now it got implemented in popular XMPP clients and it turned out that it's even worse than it was in Matrix and before that it "just worked" simply because nothing was encrypted.

@m0xee @kirby >turned out that it's even worse Basically false. Matrix is even worse because you can't turn it on and off by your self. It also is less secure.

@dcc
Of course you can, just create two person room with encryption disabled! If they weren't created with encryption enabled by default, few would be using it and it would defeat the purpose.
And how is it less secure? It's literally the same algorithm.
@kirby

@kirby
Leaking presence to the servers of participants of a multi-user room that I'm in is the thing I'm the least concerned about TBH, XMPP doesn't do it because the rooms aren't distributed and only exist on the server they were created on. A lot of people do not seem to understand this: XMPP doesn't have a more secure implementation of the feature — it simply doesn't have this feature at all.
@dcc

@kirby @dcc
And I believe they have even fixed it now, it is possible to prevent interacting with the sessions that you haven't personally authorized, but you have to enable it for each room and for every session of yours individually — far from perfect solution, could've been better, probably this way to prevent breaking compatibility.

Follow

@kirby @dcc
In any case, I'm more worried about Element only working in latest Firefox now than this.
And XMPP… jabber.ru/xmpp.ru have been being MITMed for months without anyone noticing because clients simply don't check the fingerprints — that's just laughable!

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml