@contrapunctus @alisynthesis @NebulaTide @JohnnieMac
Anyone recommending a decentralised alternative to Signal and not including any discussion of anonymity sets, metadata leakage, and so on, is just telling me that they have absolutely zero idea of how security and privacy work.
XMPP (and I say this as someone who was involved in standardising it back in the day and wrote two client implementations) is not fit for purpose for a modern threat models. It leaks metadata like a sieve to passive adversaries.
The Fediverse is a fundamentally different problem because it's about public communication and does not aim to provide privacy. A tool for private communication is a completely different problem space.
@david_chisnall @contrapunctus @alisynthesis @NebulaTide @JohnnieMac
Anybody talking about anonymity sets, metadata leakage, and so on, without clarifying the #threatModel and actual attack scenario first, should learn about different priorities people might have, when it comes to #security (= #confidentiality, #integrity, #availability)and #digitalSovereignty.
Sure, Signal collects less #metadata than #Jabber, but it has other disadvantages, making it a #NoGo for me: