Everyone loves a comeback story.
Can a 20 year old overlooked technology make a comeback as a completely decentralized, free, and scalable technology for the growing masses of people who value freedom and privacy?
A group-chat for example exists only on one server and chat-history is only shared on request
That is technically true, but all servers from which users connect to the chatroom effectively get their hands on that traffic anyway to deliver it to the user (and could log it), which why end-to-end encryption is encouraged in chatrooms. [1]
It’s a tradeoff of XMPP that clients usually only interact with their own server (this is also true for Matrix). , This is done for scalability, reliability, and privacy. This way remote servers cannot for example record your IP address.
However, it’s very possible to negociate out-of-band access to some resources from your XMPP account (where leaks could occur, eg. for downloading on the web an image another user uploaded in a groupchat). For example, XEP-0070: Verifying HTTP Requests via XMPP defines a protocol for authenticating Jabber/XMPP users on the web.
[1] OMEMO encryption works rather reliably on “modern” clients in private messages and private groupchats, but is not yet supported in public chatrooms because encryption for so many recipients is resource-expensive and key verification in a public setting is a nightmare (do you really trust all those keys if anyone can join?) so there’s arguably little benefit in that.
That is technically true, but all servers from which users connect to the chatroom effectively get their hands on that traffic anyway to deliver it to the user (and could log it)
Yes, but only the data it needs to know to deliver what the client requests, not the full historic room state as in the case of Matrix.
That is technically true, but all servers from which users connect to the chatroom effectively get their hands on that traffic anyway to deliver it to the user (and could log it), which why end-to-end encryption is encouraged in chatrooms. [1]
It’s a tradeoff of XMPP that clients usually only interact with their own server (this is also true for Matrix). , This is done for scalability, reliability, and privacy. This way remote servers cannot for example record your IP address.
However, it’s very possible to negociate out-of-band access to some resources from your XMPP account (where leaks could occur, eg. for downloading on the web an image another user uploaded in a groupchat). For example, XEP-0070: Verifying HTTP Requests via XMPP defines a protocol for authenticating Jabber/XMPP users on the web.
[1] OMEMO encryption works rather reliably on “modern” clients in private messages and private groupchats, but is not yet supported in public chatrooms because encryption for so many recipients is resource-expensive and key verification in a public setting is a nightmare (do you really trust all those keys if anyone can join?) so there’s arguably little benefit in that.
Yes, but only the data it needs to know to deliver what the client requests, not the full historic room state as in the case of Matrix.