HappyKitten

joined 1 year ago
 

Richard Stallman had a dream where you control your computing. And XMPP is the closest social network in line with Richard Stallman’s vision of the internet. This instant message protocol, allows for you to easily host your own server, it’s fast and efficient, and has lots of different open source clients to choose from. Additionally, by making it extensible, it allows for anyone to build upon it to get their own desired features. This article goes over some of the basics of XMPP: https://simplifiedprivacy.com/xmpp-decentralized-signal-get-your-own-social-network/

Note: There are no affiliate links or sales text in this educational article discussing open source. Let’s discuss the technology and not attack the author.

[–] HappyKitten@lemmy.ml -3 points 1 year ago

Yes Session trades forward secrecy away in return for uncensored identity. These are pros/cons of different approaches and we provide educational material on a variety of software

[–] HappyKitten@lemmy.ml -2 points 1 year ago

Thanks for the reply but please check the article:

Sealed Sender is Flawed

Signal has a flawed system called “Sealed Sender”, which encrypts the metadata of who sent the message inside the encrypted packets. However, cybersecurity researchers from the University of Colorado Boulder, Boston University, George Washington University, and U.S. Naval Academy, found that Sealed Sender could be compromised by a malicious cloud host in as few as 5 messages to reveal who is communicating with who. In this paper published by NDSS, headed by Ian Martiny, these researchers found that Signal’s “read receipts”, which lets the sender know that the receiver got the message can be used as an attack vector to analyze traffic because it sends data packets right back to the sender. Therefore, our recommendation to increase metadata protection is turn off read receipts, which can be toggled in the security settings.

Source used: Improving Signal’s Sealed Sender Ian Martiny∗, Gabriel Kaptchuk†, Adam Aviv‡, Dan Roche§, Eric Wustrow∗ ∗, {ian.martiny, ewust}@colorado.edu †Boston University, kaptchuk@bu.edu ‡George Washington University, aaviv@gwu.edu §U.S. Naval Avademy, roche@usna.edu

https://www.ndss-symposium.org/ndss-paper/improving-signals-sealed-sender/ & Paper PDF: https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-4_24180_paper.pdf

19
submitted 1 year ago* (last edited 1 year ago) by HappyKitten@lemmy.ml to c/privacy@lemmy.ml
 

Wow I didn't realize that Signal is run on Amazon's servers and that they contract with the CIA. This article has some interesting points to mitigate the privacy concerns of this real popular service: https://simplifiedprivacy.com/signal-messenger-guide-to-avoid-privacy-mistakes/