There are no known security issues with "Siacs OMEMO" / OMEMO v0.3¹ despite of what some very loud Signal fans would like you to believe. It has been audited by a third party² who took a longer look at it than all of the Signal fans combined.

Yes, #OMEMO v0.7+ (or TWOMEMO 😜) is a cleaner spec with more features (most notably Stanza Content Encryption). That’s why we wrote it. I’m a co-author. That doesn’t mean v0.3 is insecure.

¹: xmpp.org/extensions/attic/xep-…
²: conversations.im/omemo/audit.p…

#XMPP

What the hell is wrong with #Jabber? The two most important console clients, #Poezio and #Profanity, both released version 0.15.0 today. Same version number, same day, same first letter "P". Do you want to confuse us all?

At least Poezio is written in #Python, Profanity in #C/#Clang, i.e. there are some differences. Otherwise it would be too much.

@mathieui @profanity

#XMPP #OMEMO

#Libervia by @Goffi has #OX 🐂, too! But even as an incorrigible #Gajim user, I mainly use #OMEMO 🐠, because that's what my mobile peers have 🤷

@gajim @profanity

Setting up #XMPP for my family has made clear that UX for exchanging #OMEMO keys is in need of improvement.

It should be a simple matter of everybody scanning everybody else's QR code and maybe tapping a button. Not having to dig through contact settings to even find the QR code, and definitely not eyeballing hex digits.

Also, scanning one of a person's QR codes should cause me to trust *all* of their clients via some kind of cross-signing, not just one of their clients.

Hope this improves!

I looked at the "XMPP Software Comparison" page:
xmpp.org/software/software-com…
...and put my 4 favorite #XMPP clients in there: #Conversations #Gajim #Dino and #Monal. It compares compatibility across many XEPs.

Alas, when it comes to #OMEMO, no distinction is made as to the version of OMEMO.

So, you're using decentralized non-corporate-owned social media because you don't want your online identity and activity tracked and held by some corporation, and even possibly a government-influenced owner (TikTok?).

I've opened an #XMPP (#Jabber) messaging server, which is based on the same principles as whatever application you are reading this on. XMPP is completely decentralized, open source, free, and volunteer run.

Also, neither member identity nor messages are stored on the server. There is no centralized control over the network. You sign up by first choosing a server. Your ID looks like an ActivityPub ID (example: support@chat.between-us.online).

Besides end-to-end message encryption, there's optional #OMEMO on-device encryption. No centralized messaging app (other than Signal) offers an encryption option this strong. There's video calling, file transfer, and both public and private chat rooms/groups. There are many messaging applications available for all operating systems.

You provide no personally identifiable information when you sign up, not even an email address. You only pick your ID and provide a password (which cannot be changed or recovered as the server does not keep identity information, so don't lose it and be sure it can't be guessed). If you delete your account, through the messaging app, there is no record of your account having existed on the server.

If interested, you can sign up on the messaging application (use chat.between-us.online as the server) or via the website at between-us.online, which also provides additional information about XMPP and how to use it.

A note about #Matrix. Don't @ me about Matrix. This message is only to announce an XMPP (Jabber) server option. I am not advocating XMPP over Matrix. I use Matrix as well. It ticks all the same boxes. This is just an announcement about an XMPP server.

If you read the recent _Against XMPP+OMEMO_ article, it might be interesting to come back and read its comment section there as well as the following article:

Against Silos+Signal
moparisthebest.com/against-sil…

#XMPP #OMEMO #E2EE #Signal

Can anymany tell me how I'm "supposed" to use end-to-end encryption with XMPP?

As far as I can tell there are three totally different ways to do E2EE:

a)OTR : "[xmpp.org/extensions/xep-0364.h…](Not intended to be a current standard), or technical specification, as better (albeit, newer and less well tested) methods of end-to-end encryption exist for XMPP. "

b)OpenPGP: There are at least two different XEPs about it. XEP-0027 is obsolete, while XEP-0373 is "experimental" but hasn't been updated in almost three years.

c)OMEMO: "Experimental" and hasn't been updated in over two years.

Is there a way to do E2EE in XMPP which is neither deprecated nor experimental? What's the "Current stable" way to do it?

#XMPP #E2EE #EndToEndEncryption #OMEMO #OpenPGP #OTR

Anyone up for some #XMPP / #Jabber test with #OMEMO and in a group?

Join here.

Nothing special, just want to find out if it works, just send some messages with OMEMO encryption or without to see what happens.

xmpp:xmpp-test@muc.utzer.de?join

conversations.im/j/xmpp-test@m…

great news! I already loved #XMPP as done via @dino and its amazing #OMEMO support (though I mostly stayed with Gajim or #Profanity on the Linux desktop).

To now know that support for Audio/Video calls is implemented is nothing short of amazing! There's no limit to XMPP!