Why XMPP is Better Than Signal
Trump's Signal leak is a great time to educate you on XMPP
Ridiculous
This whole “Trump leaked war plans on Signal” fiasco is to distract you from the real question:
How does bombing starving civilians in Yemen, “Make America Great Again”?
Because Barrack Obama did the same yemen routine, but labeled it “change”
Why is XMPP More Secure than Signal?
But Trump’s Signal leak is a great time to educate you on XMPP. Why is it better?
Server Control
Signal is hosted on an external power (Amazon) that you have no control over. And the metadata protection, (for who is talking to who), has been proven to be vulnerable to attackers. [1] This alone could be how the CIA knows if Tucker Carlson is talking to Putin, without reading the message contents.
Server-side Identity
Any end-to-end encrypted messenger has two “identities”. The first is the account that the server has the password and access to. And second identity is the encryption keys on your device.
Phone Numbers
Signal uses phone numbers for server-side accounts, which is an external source of identity and truth. This is outside the control of even Amazon (the server). Even if you don’t have the pin passcode, the phone number can still be re-assigned. And although this would close current conversations, a hacker can then use the same identity for phishing attacks.
Freedom of Choice
On the other hand, XMPP server-side identities are on a server you control and pick. And if done on a Tor Onion, then even a poor civilian with low resources can self-host it on a Rasberry Pi in their home.
Client-side Encryption
When Signal users change devices or encryption keys, it only gives a warning that’s easily ignored. While as with XMPP, it can’t function without drawing attention. Further, XMPP gives much more fine-grained control over which OMEMO encryption keys the users will trust or not (seeing all of the different choices). This is unlike Signal, which forces a binary decision.
Group Entry
XMPP = Your Tribe Only
XMPP allows the server operator to configure groups to only allow entry from users ON THE SAME SERVER. It is possible to “de-federate”. This provides massive security benefits, to properly administer who has authorized accounts to even be using the server-side identity to begin with.
Signal = General Public
In sharp contrast, Signal accounts have no distinction between members of your organization and foreign phising attackers. And SimpleX would be horrible for figuring out who is part of your group.
Stronger than Matrix
Matrix is far weaker than XMPP for metadata protection, because Matrix chats go to each of the member’s homeservers. This leaks to Matrix-org, (which is on Cloudflare), all metadata if even 1 person from that server is in your group.
In sharp contrast, XMPP has group chats stay on your server itself. And members have to connect directly to your server to get precious metadata.
Conclusion
Given XMPP’s powerful security, metadata protection, low cost, and decentralized nature,
You can see why we include XMPP with Email (and potentially your own website), in our Cloud Combo package…
Under this plan, you get a year of friendly support from our dedicated team. But zero external rules (or control over you), because of our decentralized server administration. Because it’s fully decentralized, it avoids us being on the legal hook for dispersed servers around the world, that you alone control. In fact, it’s unclear who is even our customer.
You can get started for just $100 for a complete setup and a full year of support,
Sources
Signal’s metadata vulnerabilities:
[1] Previous Article on Signal Tips
Join Our XMPP Group:
If you really want to learn and take your privacy to the next level, subscribe to our new content via: Podcast RSS, Session list, Nostr, Bastyon, Article RSS, or join the Signal Group
Related Posts
Crypto-Anarchy 101: Protocols over Pictures
In 5 minutes, learn the structure of liberty tech.
[SP]
Mar 8, 2025
Interview: KeeJef on Session Messenger Misunderstandings
Interview with the developer on one of most censorship resistant tools out there.
[SP]
Mar 4, 2025
SimpleX is under attack by corrupt Wired
But what DOES surprise me is the reaction of developer Evgeny Poberezkin
[SP]
Oct 4, 2024
Why is Telegram horrible
It’s popular but actually horrible for privacy and decentralization. Let’s dive into the reasons
[SP]
Jun 16, 2024