this post was submitted on 21 Jun 2025
732 points (96.8% liked)

Technology

71722 readers
5362 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
732
Signal – an ethical replacement for WhatsApp (greenstarsproject.org)
submitted 20 hours ago by Pro@programming.dev to c/technology@lemmy.world
128 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] diealex@lemmy.world -3 points 12 hours ago (1 children)

No. XMPP would be the best choice.

[–] DreamlandLividity@lemmy.world 3 points 11 hours ago (2 children)

Tell me you don't know anything about security without telling me you don't know anything about security.

[–] ewenak@jlai.lu 1 points 5 hours ago (1 children)

Could you explain a bit? I see main issue with Signal (though I'm not an expert, and they're not strictly related to security): it's centralized (and the server isn't even open-source).

The question is also a lot about your threat model right?

[–] DreamlandLividity@lemmy.world 1 points 3 hours ago* (last edited 3 hours ago)

The encryption being crap really does not depend on the threat model. Sure, in some threat models you may not need e2ee at all but in that case, what's wrong with WhatsApp?

The issue with XMPP is that security really was an afterthought. Not only is e2ee an optional extension, but there are actually 2 incompatible extensions, each with multiple versions. Then you have some clients not implementing either, some clients implementing the older, less secure one. Some implement the newer one but older version of the spec with known issues. And of course, the few clients that implement it well become incompatible with other clients that don't if you enable e2ee, so it is disabled by default.

That is all before you start looking into security audits or metadata harvesting.

[–] diealex@lemmy.world -1 points 8 hours ago

I guess that sucks because I make a living working in cyber security. What do I know, amirite? 🤷