Telegram is just actually superior in terms of features I don’t get it.

  • u_tamtam@programming.dev
    link
    fedilink
    arrow-up
    9
    arrow-down
    5
    ·
    1 year ago

    Why use Signal over XMPP and Matrix? Signal is centralized and wants you to stay in check, using their crappy client, giving away your phone number, and all your presence, social graph and other privacy sensitive information to a single actor (which can’t be yourself, because you can’t self host signal) and that has nothing to back it up other than “trust me bro, I’m gonna do no harm, but also I control all your communications under my own terms and conditions and there’s nothing you can do about it”.

    • asudox@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      1 year ago

      Matrix was found leaking metadata, it’s not like Matrix is bad or anything. But it just doesn’t get the attention it needs. For WhatsApp users that do want better privacy and security, Signal is a solid choice. XMPP, by default with no configuration doesn’t really have encryption and also, it has issues with metadata leakage as well.

      For the average joe, Signal is a simple app that has privacy and security out of the box. Sure, it would be awesome if Matrix was widely adopted, but it isn’t.

      • u_tamtam@programming.dev
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        What Matrix metadata leakage are you talking about? Regarding XMPP, I am not aware of anything like it, and I suspect that this leakage you are talking about is just standard client-server signaling, where in federated protocols like Matrix and XMPP you can chose whom to trust (or self-host) whereas in all other cases your metadata isn’t just centralized and consolidated, you have no recourse and knowledge about what’s being done with it.

        On the side of XMPP, OMEMO (which is XMPP’s take on double ratchet encryption à la Signal) is standard across the board of all maintained clients, so you wouldn’t be less secure there than on e.g. Signal or Telegram, so your take on XMPP’s security isn’t factual.

        • asudox@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Huh, some things might have changed then. My memory is from around 2021-2022, so things might have changed.

    • rippersnapper@lemm.ee
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      When talking about messaging apps, you’ve to use the one that’s easiest to use even for the most noob tech person.

      Signal uses phone number, because that’s how people generally communicate. It’s easy to use, setup. No privacy nightmares compared to WhatsApp, or security nightmares compared to Telegram (where E2EE is not even on by default). It’s open source, regularly audited and can be used on any device (no more proprietary green bubble nonsense). There’s still a market for Threema and Matrix, etc. It just never will be mainstream.

      • u_tamtam@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        No privacy nightmares compared to WhatsApp

        My whole point was that between Signal and WhatsApp, none is intrinsically better than the other in this regard. Both are centralized and collect the same amount of privacy-sensitive data about you (your online presence and patterns, your IP, your network graph, the routing of your messages and their nature…), because they need that to function. Whether they log it (irrespective of what they advertise) is one thing nobody but themselves can verify and where opensource plays no role.

        Matrix/XMPP are only better because you can self-host if you trust no one, or choose whom to trust, or change whom to trust along the way without incurring a total loss of your contacts, histories, assets, …

        IMO, the sales pitch for XMPP/Matrix shouldn’t be “we are better/more secure/more privacy focused by design” (and it’s pretty clear that the tech-illiterate majority doesn’t care anyway), it should be “with us, you will no longer have to jump ship every 5 years in avg. because facebook/google/amazon/some oligarch/… broke their promise/used their absolute power over your account to their discretion”.

    • beeng@discuss.tchncs.de
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Signal is an installable App from an app store… Where’s your matrix and xmpp? That’s why they use it over element/etc

      • socsa@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        XMPP arguably has some of of the strongest crypto functionality there is, it’s just too dependent on the app to feel safe, since all of the vulnerabilities in these ecosystems are basically down to the client implementation.

        • u_tamtam@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Absolutely, and an argument can be made about captive ecosystems controlling both clients and servers. They also represent a single point of failure, so there’s no magic bullet. In practice it’s also not that different than keeping up with your browser’s/OS’/phone’s updates and XMPP has that for itself that it has (unlike Matrix) a vibrant community of clients and servers supported by diverse parties (commercial and not).

      • u_tamtam@programming.dev
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Matrix and XMPP have plenty of apps installable from those stores as well, not sure what your argument is about?

          • u_tamtam@programming.dev
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            that’s not even true, if you search “matrix”, element is your first result, if you type XMPP, you get “Conversations”, exactly as you would expect.

    • discusseded@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Because one is an app and the others are a technology standard. I can install Signal on my phone and use it to talk to people securely.

      Where do I go to get XMPP or Matrix? Can I trust app makers to have correctly implemented the protocols? When it comes to security I tend to trust larger entities versus the garage startup.