Hello. I am looking for an alternative to Telegram and I prefer an application that uses decentralised servers. My question is: why is the xmpp+omemo protocol not recommended on websites when it is open source and decentralised? The privacyguides.org website does not list xmpp+omemo as a recommended messaging service. Nor does this website include it in its comparison of private messaging services.

https://www.privacyguides.org/en/assets/img/cover/real-time-communication.webp

Why do you think xmpp and its messaging clients such as Conversations, Movim, Gajim, etc. do not appear in these guides?

you are viewing a single comment's thread
view the rest of the comments

[–] sga@piefed.social 5 points 4 weeks ago (3 children)

reason for them not appearing is that xmpp is a largely relaxed platform, that is, all implementations are not equally strict. some may implement certain extensions, others may implement other. encryption (omemo) is a common one that most implement, but then client (the user apps like gajim) may or may not implement them correctly, or they may have a fallback (first communication between 2 clients maybe is not encrypted), and other different problems with encryption being flaky (firstly, it is not perfect forward secrecy, it is a bit prone to failure (messages unable to decrypt), etc.), hence it is not recommended much.

[–] bufalo1973@piefed.social 3 points 4 weeks ago

For the first communication not encrypted there's an easy solution: force encryption on your side and block unencrypted communications.

[–] sexy_peach@feddit.org 1 points 4 weeks ago

Theres snikket as a solution to that

[–] u_tamtam@programming.dev 1 points 4 weeks ago

That's the nature of any federated protocol, and also what makes them highly desirable: there's no central authority to dictate what is a compliant client or change the deal overnight and enshitify your user experience. That said, XMPP+OMEMO is as universal as things get, so there's no real concern there.