Neither the Signal deskop client, not the WhatsApp web client are true clients. They are remote access band-aids that only work with a running Android or iOS client and in fact break e2ee (spoiler: that’s a build in backdoor to the e2ee). You can pretty much do the same with Conversations and a remote access system like Scrcpy to get a “full Desktop experience” of Conversations.
As for the Dino example… well it shows it prominently enough that the connection is not excrypted, especially on the Conversation side (where you would expect the default e2ee) there is a big red warning asking you to enable it. Which can be done very easily.
I am honestly getting a bit tired of people having higher expectations of XMPP then even what the systems people compare it to do, just because XMPP is more explicit about certain technical limitations and on other systems with actually less capability, this is hidden from the user and in the end the user ends up less safe on the supposedly safer platform.
As for iOS… maybe. I don’t really care as iOS is insecure by default and due to the software mono-culture is trivial to exploit. So it really doesn’t make any difference.
Neither the Signal deskop client, not the WhatsApp web client are true clients
You’re wrong on the Signal desktop point, it is a full fledged client on it’s own and can work without the mobile app.
As for the Dino example… well it shows it prominently enough that the connection is not excrypted,
No, it doesn’t. Dino just shows you a tiny padlock after the fact. There’s even a Github issue complaining that it’s not obvious: https://github.com/dino/dino/issues/971
I am honestly getting a bit tired of people having higher expectations of XMPP then even what the systems people compare it to do
Well, until these issues are fixed, noone, absolutely noone is going to recommend XMPP to anyone.
I don’t really care as iOS is insecure by default and due to the software mono-culture is trivial to exploit
Yet again, wrong; iOS is both significantly more secure and more user friendly than any Android/Linux phone out there with maybe the exception of GrapheneOS.
AFAIK you are incorrect about everything above. It might be that the Signal client runs standalone, but it still requires the Android or iOS client as stated on their website:
Dino doesn’t claim to be a finished client and thus isn’t intended for “productive” use. What I wrote was specifically about the Conversations side, which as a fall-back to the default e2ee offers a non-encrypted connection with a HUGE red warning.
The info-sec handbook stuff is FUD and applies just the same way, and in fact even more so, due to the centralized and likely NSA compromised nature of it’s servers.
As for iOS, I suggest you actually read up on that stuff before believing Apple’s marketing BS.
Yes, you link it once with your Android phone and then it’s a client on its own with its on messaging queue on the server. So no, you are wrong and don’t actually know what you are talking about.
Anyway, I’m not an iOS user in any shape or form, but I recognize that it’s a good platform, and far better suited for normal people than the fragmented mess that Android is.
Oh, and just to show you more ignorance on your part: gajim.org is another desktop XMPP client that has existed since… 2004, and also doesn’t do OMEMO by default and also doesn’t make it obvious that you’re not doing OMEMO. If a 17 year old app isn’t production ready, what is?
Again, I am talking about Conversations. This is the same as with Signal or any other such chat service that only offers a single app. You are arguing as if the additional capabilities of XMPP make it worse, when in fact those make it better.
Neither the Signal deskop client, not the WhatsApp web client are true clients. They are remote access band-aids that only work with a running Android or iOS client and in fact break e2ee (spoiler: that’s a build in backdoor to the e2ee). You can pretty much do the same with Conversations and a remote access system like Scrcpy to get a “full Desktop experience” of Conversations.
As for the Dino example… well it shows it prominently enough that the connection is not excrypted, especially on the Conversation side (where you would expect the default e2ee) there is a big red warning asking you to enable it. Which can be done very easily.
I am honestly getting a bit tired of people having higher expectations of XMPP then even what the systems people compare it to do, just because XMPP is more explicit about certain technical limitations and on other systems with actually less capability, this is hidden from the user and in the end the user ends up less safe on the supposedly safer platform.
As for iOS… maybe. I don’t really care as iOS is insecure by default and due to the software mono-culture is trivial to exploit. So it really doesn’t make any difference.
You’re wrong on the Signal desktop point, it is a full fledged client on it’s own and can work without the mobile app.
No, it doesn’t. Dino just shows you a tiny padlock after the fact. There’s even a Github issue complaining that it’s not obvious: https://github.com/dino/dino/issues/971
Well, until these issues are fixed, noone, absolutely noone is going to recommend XMPP to anyone.
And we haven’t even started talking about all the other flaws: https://infosec-handbook.eu/blog/xmpp-aitm/
Yet again, wrong; iOS is both significantly more secure and more user friendly than any Android/Linux phone out there with maybe the exception of GrapheneOS.
AFAIK you are incorrect about everything above. It might be that the Signal client runs standalone, but it still requires the Android or iOS client as stated on their website:
Dino doesn’t claim to be a finished client and thus isn’t intended for “productive” use. What I wrote was specifically about the Conversations side, which as a fall-back to the default e2ee offers a non-encrypted connection with a HUGE red warning.
The info-sec handbook stuff is FUD and applies just the same way, and in fact even more so, due to the centralized and likely NSA compromised nature of it’s servers.
As for iOS, I suggest you actually read up on that stuff before believing Apple’s marketing BS.
Yes, you link it once with your Android phone and then it’s a client on its own with its on messaging queue on the server. So no, you are wrong and don’t actually know what you are talking about.
Anyway, I’m not an iOS user in any shape or form, but I recognize that it’s a good platform, and far better suited for normal people than the fragmented mess that Android is.
Oh, and just to show you more ignorance on your part: gajim.org is another desktop XMPP client that has existed since… 2004, and also doesn’t do OMEMO by default and also doesn’t make it obvious that you’re not doing OMEMO. If a 17 year old app isn’t production ready, what is?
Again, I am talking about Conversations. This is the same as with Signal or any other such chat service that only offers a single app. You are arguing as if the additional capabilities of XMPP make it worse, when in fact those make it better.