@maple @Daniel Gultsch

Isn't WhatsApp based on xmpp protocol?

The current xmpp client feature set are fractured. e2ee is not on by default either.. my Q is why is there even an option to disable e2ee?. I find that weird in these times....

#XMPP

@Gold gab ich für Eisen @maple @Daniel Gultsch

why?

how is that secure communications, if its clear text? to me, not logical. just saying.

why is the fight over chatcontrol? fight over encryption? so cleartext comms safer? more secure? more private?

we can agree to disagree.

@sammi @maple I mean, not all communications in instant messengers are private talks, one may want to write chatbots, run internal organizational server for work conversations or whatever. Implementation of correct crypto can be an extra burden for such tasks and even its properties, like [overadvertized] forward secrecy, may be not optimal (when it is better to accept the danger of leak rather than loose something).

Finally, don't forget that a plethora of people uses Gmail without any GPG.

And it is not that E2EE is not necessary. Yes it is necessary, and it must be a default setting, but if one wants to disable it for some reason, why not.

@Gold gab ich für Eisen @Daniel Gultsch @maple

why are we conflating email with IM? weird. so are you saying xmpp is like non encrypted gmail?

Are users of gmail concerned with e2ee IM.

xmpp clients feature set are fractured. I tried using cheogram, monocles. for me, my UX was lukewarm at best. so say its fast and light, us it because its missing out the real privacy security stuff to claim its fast and light.

xmpp clients, to me anyway, don't meet my requirements of e2ee by default, e2ee private or public groups.

xmpp may be a standard. that standard is yesterday standard. to me, it hasn't modernised for todays requirements.

its unable to pivot to catch fire against the newer technology that's half its age. why is that? poor governance....

@sammi @maple

"why are we conflating email with IM?"

E.g. because both are used for communication between people.

"xmpp clients, to me anyway, don't meet my requirements of e2ee by default"

You are not enforced to use them. As #xmpp is an open standard and there are #freesoftware clients, you are free to make one that meets your standards.

@Gold gab ich für Eisen @maple @Daniel Gultsch

I know I'm not enforced to use them. I have decided not to use it as it does not meet my needs as I said. the xmpp clients are fractured, I have no interest in its ecosystem as I don't believe in it. I know, there are those who believe in it though.

if it can modernise itself, I may have another look. to me, it's legacy tech.

#xmpp #freesoftware

@sammi @maple So why are you keeping discuss this legacy tech?

The #xmpp "ecosystem" (deemed to be a word-to-avoid, actually) owes you nothing.

@Gold gab ich für Eisen @maple @Daniel Gultsch

I was done discussing this legacy tech, but you keep responding, so I respond back. makes sense, no?

if I want a secure msgr, xmpp clients are not it. if they get their act together, then there is a marginal chance I would look at it again, but by then, I would have moved way on.

You are free to use whatever chat client you want.

#Conversations_im has enabled e2ee by default over 6 years ago. I wrote a blog post about it back then. gultsch.de/omemo_by_default.ht…

Aside from that #Conversations_im puts up a big warning signs (red chat bubbles) when messages are received from other #XMPP clients in clear text.

The rocky road to OMEMO by default

Why it took us more than two years to enable End-to-End encryption by default: The first in a series of essays leading up to the release of Conversations 2.0

^gultsch.de