quotingBefore you advocate XMPP, please tell me:
nevent1q…tudt
What data is broadcast in presence stanzas and who can see them.
What the ten most common forms of unencrypted info-query stanza are.
What an attacker with control of a popular server can learn from unencrypted metadata, assuming everyone is using OMEMO for every message.
What mitigations the clients you’re advocating have for social engineering downgrade attacks on OMEMO (e.g. drop OMEMO and send a message saying ‘sorry, encryption isn’t working on my new phone’).
If you can tell me all of these things and are happy with the answers, I’ll assume your advocacy is coming from an informed place and we can have a sensible discussion about threat models, usability, and adoption.
feld on Nostr: friends don't let friends use XMPP ...
friends don't let friends use XMPP