Post · bonfire.cafe

David Chisnall (*Now with 50% more sarcasm!*)

@david_chisnall@infosec.exchange · 5 days ago

@contrapunctus @alisynthesis @NebulaTide @JohnnieMac

Anyone recommending a decentralised alternative to Signal and not including any discussion of anonymity sets, metadata leakage, and so on, is just telling me that they have absolutely zero idea of how security and privacy work.

XMPP (and I say this as someone who was involved in standardising it back in the day and wrote two client implementations) is not fit for purpose for a modern threat models. It leaks metadata like a sieve to passive adversaries.

The Fediverse is a fundamentally different problem because it's about public communication and does not aim to provide privacy. A tool for private communication is a completely different problem space.

pixelschubsi

@pixelschubsi@troet.cafe replied · 4 days ago

@david_chisnall Can you outline those "modern" threat models? Do they include availability/censorship at all?

Speaking about centralized systems making things easier: We know Signal servers can turn off sealed sender protection. We know they can correlate group membership in just a few messages. We know they can link users with phone numbers and APNS/FCM tokens and thus Apple and Google accounts. And we know those servers are in control of Amazon.

Debacle

@debacle@framapiaf.org replied · 4 days ago

@david_chisnall @contrapunctus @alisynthesis @NebulaTide @JohnnieMac

Anybody talking about anonymity sets, metadata leakage, and so on, without clarifying the #threatModel and actual attack scenario first, should learn about different priorities people might have, when it comes to #security (= #confidentiality, #integrity, #availability)and #digitalSovereignty.

Sure, Signal collects less #metadata than #Jabber, but it has other disadvantages, making it a #NoGo for me:

Debacle

@debacle@framapiaf.org replied · 4 days ago

@david_chisnall @contrapunctus @alisynthesis @NebulaTide @JohnnieMac

1. It still needs a phone number. Which makes it very hard to have multiple accounts. Multiple accounts is convenient, but also a security feature.

2. There is still not first class client for my OS. I don't have Android or iOS, i.e. I'm out.

3. I'm trying to avoid AWS etc. as far as possible. Not, because I believe, Jeff B. would read my messages. Just because I don't want to depend on him and his orange friend.

contrapunctus ✊🏳️‍🌈🏳️‍⚧️

@contrapunctus@fe.disroot.org replied · 4 days ago

@david_chisnall As much as I appreciate your posts on other subjects, whenever someone talks about #XMPP you always turn up with the same vague hand-wavey claims.

Please speak in specifics so people can actually evaluate the claims. (I think you once mentioned having written a blog post about it - linking to that could also work. I tried to search for it, but couldn’t locate any blog by your name.)

FEDIsroot

smlckz

@smlckz@fe.disroot.org replied · 4 days ago

@david_chisnall Which decentralized protocols meet your standards regarding privacy, if any that you're aware of? Are such protocols worth developing, given the amount of complexity and stakes involved?

@contrapunctus @alisynthesis @NebulaTide @JohnnieMac

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0 no JS en

Automatic federation enabled