this post was submitted on 07 Jul 2023
17 points (94.7% liked)

Privacy

31958 readers
945 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hello everyone! Are there any benefits of hosting your own XMPP server, considering I always use end-to-end encryption in all of my chats?

top 21 comments
sorted by: hot top controversial new old
[–] Grouchy@lemmy.grouchysysadmin.com 8 points 1 year ago (1 children)

I host my own. I'd say my contacts are split between XMPP and Matrix with many people having both. A lot of business use self hosted XMPP servers too. For example, Cisco communications solutions are based on XMPP.

The issue with free public servers is that you have no accountability. If they go away, or are left unmaintained, there's nothing you can do about it.

My two cents, host at home, or at an infrastructure provider you pay for service.

[–] pinkolik@lemmy.world 2 points 1 year ago

Good points! Thank you :)

[–] amanneedsamaid@sopuli.xyz 3 points 1 year ago

Absolutely. The only real privacy issue you face using a public XMPP server is that you trust all of your metadata (everything inferred and included with the message besides actual text content) to the server administrator. If all of your XMPP messages are moving through your server, you are in control of your metadata.

[–] skullgiver@popplesburger.hilciferous.nl 2 points 1 year ago (2 children)

Benefits: your data will be yours, no matter what apps or companies shut down. You can create as many accounts as you wish and do whatever you want among them. Bridges exist that allow you to use different chat apps all through your own XMPP server. XMPP clients are often open source and have many features.

Downsides: barely anyone uses XMPP anymore. Setting up and maintaining a server requires some work, especially with STUN/TURN. You're responsible to prevent downtime, there's no million or billion dollar company keeping the servers going. You need to figure out backups (both client side and server side). Playing XEP bingo to find a client that supports what you want can be a pain.

If you're interested in bridging other chats, I'd recommend looking at Matrix instead; it's receiving more community attention so there are more up to date bridges.

If all of your chats are end to end encrypted and you trust the server of your choice to stay online for the coming years, there shouldn't be any downside to sticking with someone else's server. If you have unencrypted chats (with bots you run, for example), running your own server would be more secure.

[–] poVoq@slrpnk.net 1 points 1 year ago (1 children)

XMPP has Slidge now, which is arguably the better bridging system than anything Matrix currently has.

[–] skullgiver@popplesburger.hilciferous.nl 0 points 1 year ago (1 children)

If I read the PyPi page correctly, slidge doesn't seem to do group chats. The website itself calls it experimental.

I'm sure it's technically superior, but without something as basic as group chat I wouldn't even consider it comparable.

[–] poVoq@slrpnk.net 1 points 1 year ago (1 children)

Group chats are supported in the latest version.

I see, I suppose the documentation is out of date, then. Support is looking about as feature complete as the Matrix bridges, that's nice to know! I'm a bit confused to some of the documentation linking to XEP-0045 and some others linking to XEP-0313, but I suppose that's part of the outdated docs then.

[–] pinkolik@lemmy.world 1 points 1 year ago (2 children)

Thank you! But I'm not sure about moving to Matrix, since all of my contacts use XMPP. Also I believe I can communicate with Matrix users via bridge, if I'm correct?

[–] poVoq@slrpnk.net 1 points 1 year ago* (last edited 1 year ago)

There is a XMPP to Matrix bridge (aria-net.org fork of Bifrost is best), but to be honest the experience isn't great from the XMPP side.

You're correct, there are Matrix -> XMPP bridges and XMPP -> Matrix bridges

[–] poVoq@slrpnk.net 2 points 1 year ago (1 children)

e2ee only protects the content of your messages, but not the meta-data. If you run your own XMPP server or use a small one run by someone you trust, the meta-data is much better protected than on a larger public XMPP server.

[–] pinkolik@lemmy.world 3 points 1 year ago (2 children)

What kind of meta-data could it be?

[–] poVoq@slrpnk.net 2 points 1 year ago* (last edited 1 year ago) (1 children)

For example the IP address of all the devices you use to connect to the server.

Also all the internal communication that happens between users on the same server... like who is connected to whom and talks to whom at what time etc. Some of it will of course leak to remote servers in a federated network, but with your own server as an inter-mediator a lot of the meta-data is only known to your own server.

e2ee is actually massively over-emphasised and basically snake-oil by the large centralized networks (like WhatsApp or Signal). The data they are really interested in is the meta-data that allows them to make accurate advertisement profiles of their users. And the CIA famously kills people based on meta-data alone.

[–] amanneedsamaid@sopuli.xyz 1 points 1 year ago (1 children)

That is the main improvement messengers like Session and SimpleX Chat try to solve. As long as Signal requires a phone number (a highly identifying piece of information), there will always be metadata.

[–] poVoq@slrpnk.net 1 points 1 year ago (1 children)

Using a small trusted XMPP server is IMHO the only real solution as it approaches the problem not as a technical issue but a social one. Any technical "solution" (like those you mentioned) will be at best improve the situation for a few people that really understand what is happening on the protocol level and leave everyone else with an even worse footgun situation than before. There are so many examples of this that I lost track of counting then :(

[–] amanneedsamaid@sopuli.xyz 2 points 1 year ago* (last edited 1 year ago) (1 children)

I totally agree with your reasoning, XMPP is a better solution than Signal and Session imo. Having more control over your metadata is definitely valuable, however, I think SimpleX Chat could be a really good alternative to XMPP. The concept is really solid, a decentralized system of unidirectional message queues.

[–] ISOmorph@feddit.de 1 points 1 year ago

100% agree with you. Been keeping an eye out for something more streamlined to bring the whatsapp crowd over. XMPP ain't it due to different servers with different features being a thing. So I only have a few contacts there. But as soon as SimpleX has a desktop client I'm moving over. Not because XMPP is bad, but because it's not able to pull less privacy driven peope over.

[–] meitantei@lemmy.dbzer0.com 2 points 1 year ago

When you are online, when you write messages etc. everything but the messages itself

[–] karlexceed@midwest.social 1 points 1 year ago (1 children)

You could determine which XEPs to support...? Also, the usual benefits of hosting your own services. But neither is really a strong selling point IMHO.

[–] pinkolik@lemmy.world 1 points 1 year ago

Is there any point in not supporting some of XEPs? Could you give me examples, please?

load more comments
view more: next ›