• 👁️👄👁️@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Huh interesting, I actually had no idea those big apps used XMPP. Would it be easy for them to add e2ee if they wanted to?

    • u_tamtam@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      It depends, E2EE is mostly a client thing and most of them implement OMEMO as a standard: https://omemo.top/

      OMEMO is XMPP’s take on the double ratchet algorithm (very similar to Signal’s), MLS is in the works as the hot new cross-protocols standard (but is inferior to OMEMO:2 when it comes to metadata encryption), PGP is often an option for the cases where perfect forward secrecy isn’t desired, and OTR is still used in niche cases when you want E2EE across protocols.

      In fact, E2EE was a thing in XMPP world since about 10 years… before Signal existed.