Hello. I am looking for an alternative to Telegram and I prefer an application that uses decentralised servers. My question is: why is the xmpp+omemo protocol not recommended on websites when it is open source and decentralised? The privacyguides.org website does not list xmpp+omemo as a recommended messaging service. Nor does this website include it in its comparison of private messaging services.
https://www.privacyguides.org/en/assets/img/cover/real-time-communication.webp
Why do you think xmpp and its messaging clients such as Conversations, Movim, Gajim, etc. do not appear in these guides?
Could you even cite an example of such leaked metadata? I’d like to also remind you that metadata leaking to your own server (which you can chose, which you can self-host) isn’t as big a deal in XMPP as it is with other services. Which is also why I can’t take Soatok’s opinion about and obsession for Signal seriously: when all accounts are hosted by a single actor, you have a much bigger metadata problem, and all obfuscation attempts (sealed senders being one) are ultimately defeated by simple timing and packet correlation attacks.
You were probably looking at a rebrand/spin of https://xmpp.org/software/conversations/ . All major XMPP clients and servers declare their compat via DOAP: https://xmpp.org/extensions/xep-0453.html
Correct, but in this case OMEMO is secure and is used in contexts where security actually matters. There have been multiple audits of it over the years:
https://conversations.im/omemo/audit.pdf
https://raw.githubusercontent.com/hardenedvault/vault-docs/master/report/lurch-audit.pdf
https://www.scribd.com/document/568512285/chiffrement-messagerie-instantanee-fmaury-anssi
https://download.igniterealtime.org/smack/docs/smack-omemo-audit-1.0.pdf
From the OMEMO XEP specification under section 2.1 “Threat Model” https://xmpp.org/extensions/xep-0384.html#reqs-threat-model
Off-topic, I would also like to add that the spec says " It has been demonstrated, that OMEMO provides only weak forward secrecy (it protects the session key only once both parties complete the key exchange).", citing https://www.cypherpunks.ca/~iang/pubs/dakez-popets18.pdf
The specification only seems to say that message content are encrypted, making no mention of encrypting any other data than message content. Look under sections 1.2 and 4.4 to see what I mean about there being no mention encrypting other data (eg. recipients and room names). This means that sender/receiver are (most likely) not encrypted. I don’t think (though I don’t know for sure) that room names are encrypted either.
What happens if you communicate/participate in an encrypted chat/user on another server? Could the server owner now see the other unencrypted data and metadata?
Also, just because you self host it doesn’t make the unencrypted (meta)data any less dangerous. That just makes your server the point of failure. By your logic, why encrypt at all? It all lives on your server, it is only a problem if someone has access to your server. Networking is encrypted with TLS anyways, so why bother. /s