ok but if I’d recommend a client to the people I want to text with via xmpp I can be certain which client they use. My idea isnt to write with strangers but only with real people I know (friends and family).
I am asking because I want to understand the “hype” about XMPP that and why it is always mentioned when someone is asking for a good privacy friendly messenger :)
I would love to do the same (although not the hardcore step with arch :D) but how would I game and also isn’t the support for drivers sometimes really iffy?
that is only done once at the creation of an account and does not proof that the number ist not saved hashed.
ah ok. that makes sence. so only if the secure channel of the key exchange is somrhow attacked, the encryption can be broken, correct? i dont wanna ever use telegram (not even on 1-1 e2ee chat) but basically they are still bad since they use encryption wich is not a standard and could be compromised?
(i hope thats it with all the question i have 🙈)
ok but if the source of the server is not know, how can the client be save?
I know how e2ee works but couldn’t a bad closed-source server still be a problem?
btw. not trying to call you out, I just really want to know, cuz I cant get my head around it 🙈🙊
but if this is your argument, you could also say that Telegram is good because their client can also be built from their open source. of course you have to activate e2ee on a 1-1 chat first…
good points altough the number is note saved. the hash of the phonenumber is hashed so Signal could not hand out your number, just the hash.
that’s why I love great communities like this one here. you aks one think, maybe totally overthinking and read an answer like this, which helps you realize the overthinking :)
thanks for that. what you say makes sence. I really NEED to make a threat-model to find out, what is worth keeping private and what isn’t worth the trouble.
Thank you :)
oh ok, I have not tried that yet. I have only set up one address which I use yo send and receive from.
about the encryption: I thought the point with e2ee encryption on proton is mainly, that the mails are stored encrypted one their servers so they can not read them or hand them out to anyone.
oh so only when using their client I have the e2ee for the emails on their server? kind of makes sence but def. a point to take into consideration.
I looked inyo runbox and it looks like a really good option. what concerns me is, that it is hosted in Norway and that Norway is part of the “Fourteen Eyes alliance”. Would you still recommend it?
do you know theit reason?
i already bookmarked the list, great work btw. I will look into the options you wrote.
well the easy if use for the temp-emails is better on proton I’d say. and keeping files in Switzetland is better then saving them in Germany (i think).
i like to have temp-adresses but it is a little to annoying for me to extend them after 90 days 🙈 with proton this is easier since you dont need to remeber that and you can find this option pretty easy when in tge webbrowser of choice.
reading my post would’ve help ;)
another great point. thank you
well I’d say signal is one of the best options as there are many others. Regarding the phonenumber: as far as I know, it is stored hashed so signal does not really know your phonenumber. so this would not concern me.
but why isnt it secure? if you know that the other person is using the same version of omemo it is secure. and if you are self-hosting it, meta-data is no issue either