I am a firm believer that there are many privacy techniques you should focus on before encrypted messaging because they will offer you much more “bang for your buck,” things like good passwords, two-factor authentication, and even encrypted email. That said, I still believe that encrypted messaging is a critical part of a well-rounded privacy and security strategy. While the vast majority of our day-to-day conversations may be benign, it can still offer a lot of insight into who we are as people – our routines, likes, and personal thoughts. This information – mundane or not – is worth protecting.
You must log in or # to comment.
Another basic thing – If your messenger is throwing your messages in a notification; it’s being logged. Google was found to be logging almost all notification content. Make sure your message app isn’t putting the content of messages into notifications.
That’s if they use Google’s push notification backend on firebase. FOSS apps from F-droid usually don’t.
Tl;Dr install F-droid damnit
If the app implements their own notification system and doesn’t rely on GCM then Google isn’t able to log them as far as I know.
UnifiedPush instead of their own implantation would be better for power consumption ig.
Overall a choice between which Notifier you want to choose would be nice.
Between the apps own notifier and UnifiedPush (also has a Fallback to GCM if wanted)
XMPP, for example, does not enable end-to-end encryption by default
Why always these false myths? The most popular XMPP mobile clients do enable it by default.
It was a conscious decision for them not to enforce E2EE by default. https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/
XMPP clients have like 10 different implementations because of that and are not always consistent with each other or even function universally across platforms.
But I’m not an author. That would be @nateb@mastodon.thenewoil.org.
The article you linked is a highly misleading nothing burger. And enforcing e2ee at protocol level is a bad idea for many reasons.
That’s what encrypted messagers are…
Messengers are not protocols. They use protocols. Most XMPP clients use the same encryption scheme Signal does only without being dependent on a single specific server, allowing users to spread out. I recommend reading about the differences between targeting developing a platform and developing protocols. Once you do, you’ll see XMPP+Encryption in a better light than anything like Signal. The main problem in the current moment with XMPP+Encryption us that it isn’t where the people are. Us tech weirdos can start the push into that space a little bit, but we need “Normies” to adopt to, and for that we need to be clear on what were talking about. Comparing XMPP to signal doesn’t make sense. Comparing Cheogram to Signal does. And in the latter, cheogram frankly blows Signal out of the water for real privacy and security considerations
