Hello. I am looking for an alternative to Telegram and I prefer an application that uses decentralised servers. My question is: why is the xmpp+omemo protocol not recommended on websites when it is open source and decentralised? The privacyguides.org website does not list xmpp+omemo as a recommended messaging service. Nor does this website include it in its comparison of private messaging services.
https://www.privacyguides.org/en/assets/img/cover/real-time-communication.webp
Why do you think xmpp and its messaging clients such as Conversations, Movim, Gajim, etc. do not appear in these guides?
Don’t mistake me for saying you’re wrong. I agree with you, mostly. But sealed sender isn’t theater, in my view. It is a best effort attempt to mitigate one potential threat. I think everybody would like that solved but actually solving it isn’t easy as I understand it. Maybe not intractable, but if you have a solution, you can implement it. That is one of the things I like about free software.
In any case, I’m only saying Signal is good for a subset of privacy concerns. Certainly not that it is the best solution in all cases.
But, what is the potential threat which is mitigated by sealed sender? Can you describe a specific attack scenario (eg, what are the attacker’s goals, and what capabilities do you assume the attacker has) which would be possible if Signal didn’t have sealed sender but which is no longer possible because sealed sender exists?
Sure. If a state serves a subpoena to gather logs for metadata analysis, sealed sender will prevent associating senders to receivers, making this task very difficult.
On the other hand, what it doesn’t address is if the host itself is compromised where sealed sender can be disabled allowing such analysis (not posthoc though). This is also probably sensitive to strong actors with sufficient resources via a timing attack.
But still, as long as the server is accepting sealed sender messages the mitigation is useful.
Pre sealed-sender they already claimed not to keep metadata logs, so, complying with such a subpoena[1] should already have required them to change the behavior of their server software.
If a state wanted to order them to add metadata logging in a non-sealed-sender world, wouldn’t they also probably ask them to log IPs for all client-server interactions (which would enable breaking sealed-sender through a trivial correlation)?
Note that defeating sealed sender doesn’t require any kind of high-resolution timing or costly analysis; with an adversary-controlled server (eg, one where a state adversary has compelled the operator to alter the server’s behavior via a National Security Letter or something) it is easy to simply record the IP which sent each “sealed” message and also record which account(s) are checked from which IPs at all times.
it would more likely be an NSL or some other legal instrument rather than a subpoena ↩︎