Hello everyone! Are there any benefits of hosting your own XMPP server, considering I always use end-to-end encryption in all of my chats?

  • Grouchy@lemmy.grouchysysadmin.com
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 year ago

    I host my own. I’d say my contacts are split between XMPP and Matrix with many people having both. A lot of business use self hosted XMPP servers too. For example, Cisco communications solutions are based on XMPP.

    The issue with free public servers is that you have no accountability. If they go away, or are left unmaintained, there’s nothing you can do about it.

    My two cents, host at home, or at an infrastructure provider you pay for service.

  • amanneedsamaid@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Absolutely. The only real privacy issue you face using a public XMPP server is that you trust all of your metadata (everything inferred and included with the message besides actual text content) to the server administrator. If all of your XMPP messages are moving through your server, you are in control of your metadata.

  • poVoq@slrpnk.net
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    e2ee only protects the content of your messages, but not the meta-data. If you run your own XMPP server or use a small one run by someone you trust, the meta-data is much better protected than on a larger public XMPP server.

      • poVoq@slrpnk.net
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        For example the IP address of all the devices you use to connect to the server.

        Also all the internal communication that happens between users on the same server… like who is connected to whom and talks to whom at what time etc. Some of it will of course leak to remote servers in a federated network, but with your own server as an inter-mediator a lot of the meta-data is only known to your own server.

        e2ee is actually massively over-emphasised and basically snake-oil by the large centralized networks (like WhatsApp or Signal). The data they are really interested in is the meta-data that allows them to make accurate advertisement profiles of their users. And the CIA famously kills people based on meta-data alone.

        • amanneedsamaid@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          That is the main improvement messengers like Session and SimpleX Chat try to solve. As long as Signal requires a phone number (a highly identifying piece of information), there will always be metadata.

          • poVoq@slrpnk.net
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Using a small trusted XMPP server is IMHO the only real solution as it approaches the problem not as a technical issue but a social one. Any technical “solution” (like those you mentioned) will be at best improve the situation for a few people that really understand what is happening on the protocol level and leave everyone else with an even worse footgun situation than before. There are so many examples of this that I lost track of counting then :(

            • amanneedsamaid@sopuli.xyz
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              1 year ago

              I totally agree with your reasoning, XMPP is a better solution than Signal and Session imo. Having more control over your metadata is definitely valuable, however, I think SimpleX Chat could be a really good alternative to XMPP. The concept is really solid, a decentralized system of unidirectional message queues.

              • ISOmorph@feddit.de
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                100% agree with you. Been keeping an eye out for something more streamlined to bring the whatsapp crowd over. XMPP ain’t it due to different servers with different features being a thing. So I only have a few contacts there. But as soon as SimpleX has a desktop client I’m moving over. Not because XMPP is bad, but because it’s not able to pull less privacy driven peope over.

                • amanneedsamaid@sopuli.xyz
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  I agree, once SimpleX implements a desktop client, read receipts, and account sync, it will be a great solution for the masses. The mobile apps are incredibly good for how young the project is, so I have high hopes for the desktop client.

  • karlexceed@midwest.social
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    You could determine which XEPs to support…? Also, the usual benefits of hosting your own services. But neither is really a strong selling point IMHO.