this post was submitted on 12 Oct 2025
111 points (97.4% liked)

Privacy

42508 readers
759 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
111
Why Signal over Jabber/XMPP? (piefed.world)
submitted 1 day ago by TurkeyDurkey@piefed.world to c/privacy@lemmy.ml
92 comments fedilink hide all child comments
 

Over the past few years I have gone through a bunch of different apps and protocols to find the best one for "securely" communicating with my family and friends.

I ended up with the amazing XMPP protocol and my family/friends frequently use its clients to contact me.

Monal for IOS and Cheogram/Conversations/Quicksy for Android. The android app I install depends on if I can get F-Droid on their phone or not.

It's been great with OMEMO encryption and the clients/apps available for XMPP. But sometimes I have issues introducing people to it.

Jabber (friendly name for xmpp) sounds silly to say. The clients all have weird names. And after trying the Signal mobile app it feels more focused than what anyone in the XMPP community has whipped up.

But the capabilities of XMPP makes it better.

Signal Cons (immediete)

  • Centralized
  • Single app
  • Phone numbers

XMPP/Jabber Cons

  • Picking server
  • Apps are sort of less friendly

What really scares me about Signal is the centralization. Any nerd can easily host an XMPP server these days. But Signal from what I've heard really wants us to use their server.

If XMPP gets more attention I'm sure we can get people supporting projects and creating better apps.

I keep seeing people recommended Signal instead.

This is a bit of a tired ramble. What I wanna know is why anyone is preferring Signal over XMPP apps. I assume it might be not knowing about it. Tell me what you use to message people.

top 50 comments
sorted by: hot top controversial new old
[–] biotin7@sopuli.xyz 2 points 1 hour ago* (last edited 1 hour ago)

TBH it's worrying, but at the same time, it's better to have people on something that's somewhat Privacy-respecting.

Baby steps, you know. BTW how many here are familiar eith GNU-Jami ?

[–] Mgineer@lemmy.ml 24 points 18 hours ago (1 children)

For most people, Not this community, it's trying to get people off Whatsapp. So even signal is better

[–] AmanitaCaesarea@slrpnk.net 5 points 16 hours ago (1 children)

Signal for people that partly care about privacy. SimpleX for true privacy enthusiasts

[–] balance8873@lemmy.myserv.one 2 points 9 hours ago* (last edited 9 hours ago) (1 children)

I love the irony of the name. It's probably the best thing about the app.

One of the things I'm curious about and the website doesn't explain: how are the message queues not identifiers?

[–] AmanitaCaesarea@slrpnk.net 1 points 2 hours ago (1 children)

They are local identifiers, not global ones. Each one exists only for a single pair of users so they don't function as stable or traceable identities. "Pairwise anonymous addresses".

https://simplex.chat/#privacy-of-identity-contacts-metadata

[–] balance8873@lemmy.myserv.one 1 points 16 minutes ago* (last edited 5 minutes ago)

But those are still identifiers linked to you and in a global space because it says multiple servers need to know how to route data.

Nvmd: seemingly if the server hosting your queues shuts down you lose all contact, so your UIDs are shared but only to a specific set of servers you choose with the drawback of fragility. Seems like someone else shutting down a server kills your contact list?

[–] undefinedTruth@lemmy.zip 11 points 20 hours ago* (last edited 20 hours ago) (1 children)

Signal may not be the best in a technical sense, but it is good enough and it has the network effect. I've been pleasantly surprised when in the span of a few months I met two different people actually in real life, who happened to already be using Signal.

Signal is also just as usable as the big tech alternatives, which makes it not a very hard sell to friends and family. For quite a few years now I have managed to convince everyone I communicate with to do so over Signal. There is no chance I would be as successful with something else.

[–] umbrella@lemmy.ml 5 points 15 hours ago* (last edited 14 hours ago)

yes baby steps. more important to get rid of zucc and his big brother eyes on everyone than to be 100% perfectly private from the get go.

[–] Lyra_Lycan@lemmy.blahaj.zone 15 points 1 day ago* (last edited 1 day ago) (2 children)

Don't forget that OMEMO on XMPP has no backward decryption - all messages are lost with every new client. Massive dealbreaker for me, as I value message history between those I love.

I've gone for Matrix. Signal doesn't interest me until they get rid of the requirement for phone numbers.

Others have noted that XMPP servers hold user contacts (and maybe other parts) wholly unencrypted, and if the server isn't yours, that's a trust risk.

load more comments (2 replies)
[–] shortwavesurfer@lemmy.zip 9 points 22 hours ago (2 children)

I use SimpleX

[–] balance8873@lemmy.myserv.one 2 points 9 hours ago (1 children)

Do you use simplex or do you have an account with simplex?

[–] shortwavesurfer@lemmy.zip 1 points 9 hours ago (1 children)

I use it daily

[–] balance8873@lemmy.myserv.one 1 points 9 hours ago (1 children)

That's honestly shocking. Where do you find other people who actually use it?

[–] AmanitaCaesarea@slrpnk.net 3 points 16 hours ago

Based privacy enthusiast 🗿

[–] glitching@lemmy.ml 15 points 1 day ago* (last edited 1 day ago) (12 children)

to answer your question - if you wanna eventually talk to normies. like cute boy/girl you meet at a bar or a business contact from a random meet. even Signal has dogshit penetration compared to the big players, so XMPP/Matrix/Briar/etc aren't even a blip on the dradis.

also, you sorta sidestepped the UX. if you're coming off the hyper-polished world of Telelgram and iMessage, all those things have dogshit UX. yes, you'll eventually find your way around them but you have to be motivated to endure them ugly and slow and unrealiable apps (comparatively speaking); you got that shit covered, your contacts do not.

the situation is kinda like with The Linux Desktop - it's competing with gargantuan corpos with unlimited resources, and to add to that the miniscule dev teams aren't working together, they're competing, pulling in different direction (Gnome, Plasma, Cinnamon, etc.) with duplicated efforts and tons of abandoned paths. can you imagine where we'd be if all that dev effort went towards one goal?

same thing with the messenger space, it's doubtful any of them will become mainstream, but they have their uses.

load more comments (12 replies)
[–] SteleTrovilo@beehaw.org 101 points 1 day ago* (last edited 1 day ago) (1 children)

Signal is the best intersection of genuine security and ease-of-use that I've ever seen. No choosing a server, no making an account. Just install the app, get a confirmation SMS, and now you can communicate with future-proof encryption and authentication right away.

For more technical people, who aren't going to be intimidated by things like making accounts and secure passwords and choosing servers, Signal is not the best. But when I need to communicate securely with non-technical people, it's a wonderful quick go-to solution.

[–] shortwavesurfer@lemmy.zip 7 points 22 hours ago (3 children)

With some spit and polish, I think that SimpleX could actually be very similar in that regard.

[–] notarobot@lemmy.zip 4 points 22 hours ago

I wouldn't recommend simplex just yet because contacts are tied to servers. If the server you are using with a contact for down, you lose the contract

load more comments (2 replies)
[–] JoeBidet@lemmy.ml 6 points 1 day ago (1 children)

Many people will tell you you have to sacrifice your principles because interface, because "normies" (which is an elitist way of telling you that non-elitist people are idiots....), etc. I say: stick to your dreams!

[–] pathief@lemmy.world 7 points 1 day ago (2 children)

It's not elitist, it's realist. They don't want to install Signal just as much as I don't want to install Facebook messenger.

Yes you can nag people but it will more often than not have the same effect as when people try to convince me to install Facebook messenger.

[–] JoeBidet@lemmy.ml 5 points 19 hours ago (2 children)

speaking of "normies" is elitist, because the term is used usually people privileged/experienced with knowledge about technology to describe people who don't have this privilege/experience. It is implying that there would be a class of (sub-)humans who are not capable of taking the same path as the person who employs this term. I stand by the term "elitist". In a world of diverse people, life-paths and needs, in my own experience everybody is capable of understanding the political reasons to use a piece of software over another one (because one company sucks, because their model of centralization is detrimental to freedom, because they got shady funding, because they pretend to be something else but bar free software authors to modify their software, because they're from the USA, etc.). Everyone has their own way of understanding these things. Everyone has some arguments that will resonate better than others. Pretty much the same way you probably decided to not install Facebook messenger. Well the good news is: everybody is capable of understanding these things. It may take time and effort, it may make elitist people realize it is not as easy as they first thought it would be, and require to fail and try again. It requires efforts and a humble approach as to listen to these people and take them where they are and walk a bit along the way with them.

My personal experience is that most people are capable of understanding such things. It may take time, but everyone is capable.

I also saw tons of elitist tech-enthusiasts and other tech-savvies "bros" not even addressing who they call "normies" out of pure lazyness, to avoid to speak outside of their own comfort zone and question their own status, and to avoid sharing their elitist knowledge.

-> "'normies' won't do that" = "i am too lazy to engage meaningfully with people who do not know the same things as i know."

That's a major part of the problem. Elitist feedback loop...

[–] pathief@lemmy.world 3 points 19 hours ago* (last edited 19 hours ago)

First of all normie not an insult or a derogatory term. The term "normies" is often used in many niche communities to refer to someone outside the community. It has nothing to do with being smart, privileged or experienced. It means more like "the average user" or "the typical person". Example: a person in the boardgaming community may refer to you as a normie, not because you're dumb but because you don't play hobby boardgames (check out Brass: Birmingham, what a game).

The problem isn't about comprehending the problem, most people understand that Facebook is selling their data. They just don't care. They would rather have their data sold than to have the trouble to move to yet another communication app. WhatsApp is working just fine, Facebook is sparking joy. They don't care.

"Normies won't do X" is a perfectly acceptable way to express that the hurdles are too high for the average user. The average user wants a sleek UI, a user friendly experience and most of all they want to be in the place everyone is already at. The average Joe doesn't want to be the first guy on Simple X, they actually really want the hassle free platform everyone is already at.

Also, the next great communication app is constantly changing. It used to be IRC, ICQ, MSN Messenger, Facebook Messenger, WhatsApp, Instagram, Telegram, Signal, Matrix, Simple X, Session. I'm sorry to say that the average person is not willing to migrate that often. Facebook works, their friends are already there, they stick to it. This isn't elitism, it's just stating what I see.

[–] BaldManGoomba@lemmy.world 0 points 13 hours ago

Normies isn't an elitist term it is a counter culture term for people outside the norm to refer to the general opinion. It is the not like us statement or the fact that there is experience that one would not understand fully unless they are in a subset group.

https://en.wikipedia.org/wiki/Normie_(slang)

was first used in its original meaning of "ordinary, normal" in English in the 1950s.[6] According to Merriam-Webster, the term "normie" appeared in the late 1980s in the United States. It was used ironically by people with disabilities in reference to the rest of the population.[2] In the late 1990s, the term was used in Alcoholics Anonymous literature to refer to individuals who were not addicted to any substances.[7]

Since the early 2000s it has been spreading on the Internet.[2][4] In the Russian-language sphere, popularization was promoted by the use of the imageboard Dvach, whose users consider themselves representatives of informal culture, which is expressed in controversial publications, non-standard political views, black humor, involvement in various subcultures.[8]

[–] cdzero@lemmy.ml 3 points 20 hours ago (1 children)

I find this resistance weird. (From the "normies", not the Signal users)

Most of them have phones filled with all sorts of crap that they download willy nilly, yet they only seem to put the walls up for Signal.

load more comments (1 replies)
[–] Lazycog@sopuli.xyz 37 points 1 day ago (5 children)

I'm not going to push anyone who uses a secure decentralized FOSS chat already to signal, but someone who uses telegram/viber/whatsapp is easier to get gradually on signal, which is super low effort compared to the ones you mentioned.

I've tried. I'm happy that I got friends and family to move from SMS and WhatsApp to Signal. Some I got to move to e.g. matrix but that's only a few.

Just my two cents since you asked. I agree with you but I don't want perfect to be the enemy of good.

load more comments (5 replies)
[–] CoyoteFacts@piefed.ca 28 points 1 day ago (8 children)

There's nothing wrong with Signal's centralization model in a worrying sense. It acts only as a clueless message relay, and it has near-zero information on any of its users, even as it delivers messages from person to person. The only information Signal knows is if a phone number is registered and the last time it connected to the server. There is great care taken to make sure everything else is completely end-to-end encrypted and unknowable, even by subpoena.

The only real issue with Signal's centralization is that if Signal the company goes down, then all clients can no longer work until someone stands up a new server to act as a relay again. Signal isn't the endgame of privacy, but it's the best we have right now for a lot of usecases, and it's the only one I've had any luck converting normies to as it's very polished and has a lot of features. IMO, by the time the central Signal server turns into an actual problem we'll hopefully have excellent options available to migrate to.

Also TMK, the only reason you still need a phone number for Signal is to combat spam. You can disable your phone number being shown to anyone else in the app and only use temporary invite codes to connect with people, so I don't count the phone number as a huge problem, though the requirement does still annoy me as it makes having multiple accounts more difficult and asserts a certain level of privilege.

load more comments (8 replies)
load more comments
view more: next ›