A frog who wants the objective truth about anything and everything.

Admin of SLRPNK.net

XMPP: prodigalfrog@slrpnk.net

Alt lemmy account: Cafefrog@lemmy.cafe

  • 31 Posts
  • 83 Comments
Joined 3 years ago
cake
Cake day: July 4th, 2023

help-circle




  • Do be aware that I don’t think that blogs can be encrypted or made private, I think they’re viewable to any movim user (I haven’t experimented with that feature).

    Also, it is possible to disable the chat encryption on Movim, so if you’re going to have any non-tech savvy people using it who may accidentally disable it without knowing, and that could be dangerous, then you may need to opt for a platform where it’s enabled by default instead, like Delta chat (though it does not have any blog-like features, multi-room channels, nor any voice call ability, unlike Movim.














  • I can’t really find anywhere that clarifies what version of OMEMO that Movim is currently using, but if I had to guess it would be 0.3.0.

    However, I want to point out that the creator of that linked blog actually removed a response in the comments from an OMEMO developer which clarified some things (you can it read here), which personally I think was rather odd/bad faith of them to do.

    According to that response, there’s nothing really wrong with OMEMO 0.3.0, as the OMEMO developer considers it a stable standard that clients can safely implement, and the newer versions basically being public beta releases toward a stable ‘OMEMO 2’ standard that can eventually replace 0.3.0.

    I also think the blog author’s argument should be put into perspective; from most security expert’s POV (including the blog author linked), any app that allows encryption to be disabled is considered flawed or insecure compared to the gold standard of always on E2EE. This would rule out Matrix, XMPP, and certainly any other Discord replacement like Fluxer or Stoat (which offer no encryption). Ultimately only Signal, Deltachat or similar app would be the only options a security expert could recommend, as those experts are prioritizing security above all, regardless of use-case, needs, or practical threat level.

    Signal is centralized and requires a phone number (deal-breaker for me), where as Deltachat is decentralized and does not. Deltachat is a fantastic messenger, but it is only a good replacement for Signal, not Discord. Nor are any of the other ‘encrypted by default with no option to disable’ messengers.

    If we contrast Movim with optional OMEMO against Discord (which is not only entirely unencrypted, but also actively working with authorities and spying on you); Movim is a monumental improvement while still (eventually) providing Discord-like features. No other possible Discord replacement comes close besides Matrix (which has its own problems, more than XMPP I would say).

    I would suggest that for the average user, XMPP with OMEMO 0.3.0 is pretty darn good. It’ll certainly provide very good privacy for encrypted DMs to your friends or groups where it’s enabled, and no nosy server owner or relay server will be able to read or decrypt them.

    For people where security is absolutely paramount, and they believe they may be specifically targeted by a state actor, then they should probably stick with an E2EE always-enabled platform like Deltachat.

    But for most, who likely isn’t even using a VPN, or Tor, or may even still be using Windows or a non-grapheneOS phone? XMPP with OMEMO 0.3.0 is going to more than suffice.

    And as time goes on, that new ‘OMEMO 2’ will become stable, and the clients can then migrate to that. But it’s already the best privacy respecting Discord alternative we’ve got (IMO), and it’ll likely only get better :)