The table is quite big (190+ lines of hand-written HTML) and it doesn’t fit on mobile phone screens unless you zoom out. It should be fine on desktop. It also specifies the criteria followed and has analysis of some of the IMs in the table (not close to all of them, I hope to add more analysis in the future).

Counter-arguments are always welcome. Sources and additional information too. Note that the typical privacy recommendation (Signal) is not recommended here. It does not meet our criteria, being centralized and requiring a phone number. I don’t want to hate on Signal since it’s doing a decent job spreading the importance of E2EE, however we can not recommend it for the given reasons.

  • @sir_reginaldOP
    link
    fedilink
    45 months ago

    What metadata is leaked? AFAIK, the relays you connect to don’t even know who you are because there’s no single identifier tied to you.

    • poVoq
      link
      fedilink
      25 months ago

      IP addresses mainly, which is the worst kind of meta-data as it can be linked to your real location and name relatively easily.

      • @sir_reginaldOP
        link
        fedilink
        65 months ago

        I mean, XMPP also leaks your IP to the server if you don’t use Tor or a VPN. If you don’t trust the server, it’s a must to hide your IP.

        I don’t think that changes anything in the comparison. Except Briar, which uses Tor by default, I think that every other messenger reveals your IP to the server if you aren’t actively hiding it. That’s just how it works. At least SimpleX and XMPP can be used through onion services, something that others don’t offer.

        • poVoq
          link
          fedilink
          25 months ago

          The vital difference is that with XMPP you consciously choose a server host (or self-host) that is acting like a proxy for you and thus protects your privacy, even if you don’t use Tor.

          With SimpleX there is basically a random list of relays that you know next to nothing about, and which could in fact be mostly honey-pots, and you are connecting directly to them, which makes Tor almost mandatory.

          For me it boils down to the fact that there is no such thing as trust-less communication, so you should choose carefully whom to trust and minimize the number of people you need to trust. XMPP is IMHO the clear winner on that, because it’s basically only your home-server you need to trust.

          • @sir_reginaldOP
            link
            fedilink
            45 months ago

            yeah I agree that XMPP is currently the best option.

            But SimpleX is also self-hostable, you can configure it to only connect to your own relay server. Or just use .onion servers. So SimpleX is a close second IMO.