Why is XMPP More Secure than Signal?
Trump's Signal leak is a great time to educate you on XMPP. Why is it better?
a) Server Control
Signal is hosted on an external power (Amazon) that you have no control over. And the metadata protection, (for who is talking to who), has been proven to be vulnerable to attackers. [1] This alone could be how the CIA knows if Tucker Carlson is talking to Putin, without reading the message contents.
b) Server-side Identity
Any end-to-end encrypted messenger has two "identities". The first is the account that the server has the password and access to. And second identity is the encryption keys on your device.
Signal uses phone numbers for server-side accounts, which is an external source of identity and truth. This is outside the control of even Amazon (the server). Even if you don't have the pin passcode, the phone number can still be re-assigned. And although this would close current conversations, a hacker can then use the same identity for phising attacks.
On the other hand, XMPP server-side identities are on a server you control and pick. And if done on a Tor Onion, then even a poor civilian with low resources can self-host it on a Rasberry Pi in their home.
c) Client-side Encryption
When Signal users change devices or encryption keys, it only gives a warning that's easily ignored. While as with XMPP, it can't function without drawing attention. Further, XMPP gives much more fine-grained control over which OMEMO encryption keys the users will trust or not (seeing all of the different choices). This is unlike Signal, which forces a binary decision.
d) Group Entry
XMPP allows the server operator to configure groups to only allow entry from users ON THE SAME SERVER. It is possible to "de-federate". This provides massive security benefits, to properly administer who has authorized accounts to even be using the server-side identity to begin with.
In sharp contrast, Signal accounts have no distinction between members of your organization and foreign phising attackers. And SimpleX would be horrible for figuring out who is part of your group.
e) Stronger than Matrix
Matrix is far weaker than XMPP for metadata protection, because Matrix chats go to each of the member's homeservers. This leaks to Matrix-org, (which is on Cloudflare), all metadata if even 1 person from that server is in your group.
In sharp contrast, XMPP has group chats stay on your server itself. And members have to connect directly to your server to get precious metadata.
Conclusion
Given XMPP's powerful security, metadata protection, low cost, and decentralized nature,
You can see why we include XMPP with Email (and potentially your own website), in our Cloud Combo package...
Under this plan, you get a year of friendly support from our dedicated team. But zero external rules (or control over you), because of our decentralized server administration. Because it’s fully decentralized, it avoids us being on the legal hook for dispersed servers around the world, that you alone control. In fact, it’s unclear who is even our customer.
You can get started for just $100 for a complete setup and a full year of support,
https://simplifiedprivacy.com/email-cloud-combo/index.html
Sources on Signal’s metadata vulnerabilities:
[1] https://simplifiedprivacy.com/signal/index.html
And if you like my articles, consider reposting. As we don't use Twitter or Youtube.
It’s always been perplexing to me why XMPP never gained huge momentum. My phone (JMP) actually runs over XMPP. It works brilliantly, and can be paid for in Bitcoin. And you can even self-host your XMPP sever if you want to.
In my case, the XMPP client I use to make and receive calls on my phone runs on top of silent.link eSIM service, also paid for in Bitcoin.
It’s not perfect but it’s a pretty sweet setup. The only thing JMP sees is my anonymized IP address.
JMP takes Monero also, awesome company. XMPP is easy and flexible.
Part of the reason is probably that unlike #Matrix, #XMPP still has no cross-platform fully-featured client.
You are one of a few JMP users in the wild, and I wonder how well you feel it'd pair with something like Silent Link.
My experience has been super positive so far. I like the whole idea of buying data and phone number from two different entities.
Silent Link is pretty sweet. None of this fixed monthly fee nonsense. You pay some small amount per gigabyte and when you’re running low on data, you just send them a Lightning payment. I bet I’m paying less than $5/month, versus Verizon which was charging me around $50.
You’ll end up with a third world IP address — in my case I got one from Warsaw Poland. Doesn’t matter though, because I run a VPN on top of it so that IP is never seen by anyone but the VPN provider. Speed and latency isn’t world class but it’s acceptable.
I do most of my conversations (including voice) over Signal, Telegram, and WhatsApp so in theory, I could stop there. But for the cases where I need a phone number, like to get SMS notifications for doctors appointments, etc. I ended up getting a number from JMP. They’re pretty solid. I think I’m paying $5/mo (in Bitcoin) for the phone number and it just runs over an XMPP. It’s solid.
So you're telling me that if I don't go with a non-recycled carrier number plan, to do this instead... fucking SOLD.
Yeah, it’s a great combo for someone who’s technically inclined and privacy-minded. It’s not for everyone though.
Some cons are:
For people who spend a lot of time chatting remotely over legacy phone service, like say a field worker who has to be on call, there’s just enough latency to make the conservation difficult at times. For me, I rarely make legacy-style voice calls, and when I do, I’m almost always on WiFi so everything is fine. But for those that don’t fit that profile, it might be a problem.
Also note that since JMP is a VoIP service, some institutions (typically banks) won’t send a TFA code to you. This isn’t a JMP-specific issue. It applies to all VoIP services. Again, not a huge issue for me but it could be for some. Some people choose to have a $5 flip phone or other SMS services for such situations. Others choose to have the TFA code sent via email. For others it’s a non issue. Just depends who you do business with.
