Looks like Dino is enabling #OMEMO by default for the next release¹. I think that was the last of the major #XMPP clients to do so. Hopefully we can now put the "But XMPP is not encrypted by default" debate to rest.
¹: https://github.com/dino/dino/commit/fc6447c56e7fdaf6f6d843a2215d870caee4aba0
There are no known security issues with "Siacs OMEMO" / OMEMO v0.3¹ despite of what some very loud Signal fans would like you to believe. It has been audited by a third party² who took a longer look at it than all of the Signal fans combined.
Yes, #OMEMO v0.7+ (or TWOMEMO 
) is a cleaner spec with more features (most notably Stanza Content Encryption). That’s why we wrote it. I’m a co-author. That doesn’t mean v0.3 is insecure.
¹: https://xmpp.org/extensions/attic/xep-0384-0.3.0.html
²: https://conversations.im/omemo/audit.pdf
I just delved into XMPP & OMEMO, despite limited experience. This old but intriguing article caught my attention: https://soatok.blog/2024/08/04/against-xmppomemo/ 
Worth a read? 
#XMPP #OMEMO #PrivacyMatters
@ljrk @chiraag @tortie @waeiski @Mer__edith I wish that the #EU would clarify its stance regarding #Signal: *is the AWS hosting problematic for them or not*? Let's assume *not OK* for a minute.
As to a Signal alternative, I *wish* I could recommend #XMPP over #Deltachat today. *AFAIK*, in XMPP, #OMEMO does perfect forward secrecy/double-ratcheting - but alas, the #iOS and #MacOS clients aren't the greatest at present. That lack of all common OS' having feature parity (very reliable notifications, Reactions, etc.) makes me hesitate in recommending XMPP for *everyone* today (but it's great for geeks).
Whereas Deltachat at least has usability parity for features across each OS it supports (which I feel users would highly expect *first*, before demanding a more modern encryption). Yes, autocrypt has no perfect forward secrecy, etc. and other metadata-related criticisms. But Deltachat is simple enough to learn, *allows servers to realistically be used in the desired country*, and works on all the common platforms. It's a decent choice for *today*, as a well-rounded choice (where tradeoffs must be made somewhere). And once the XMPP clients get better (in MacOS/iOS), I'll recommend XMPP as a goto *then*.
@lauren no, because @signalapp is subject to #CloudAct (= incompatible with #GDPR & #BDSG if you ever care!) and collects #PII in the firirm of #PhoneNumbers, which are at best pseudonymous but trivial to track and at most means that people inviting others without their consent comitted an illegal disclosure if PII!
Give #XMPP+#OMEMO a shot: @monocles / #monocles & @gajim / #gajim.
@kuketzblog naja, @signalapp fällt auch unter #CloudAct ubd #Threema ist noch #proprietärer als #Signal.
Ach ja, @monocles / #moniclesChat haben grade ne #Promo zum #GlobalSwitchDay und bieten deren #App kostenlos an.
Für beide gibt's kostenlose Anbieter und #SelfHosting ist genauso machbar wie deren echte #E2EE mit #SelfCustody!
News 
:
For the global switch day monocles chat will be available for free in the Playstore (01.02. - 07.02.):
https://play.google.com/store/apps/details?id=eu.monocles.chat
Take your chance and switch to the XMPP network
@blog @sylv_a @viennawriter @signalapp dann doch lieber €2 p.m. für @monocles / #monoclesStarter oder einfach #monoclesChat mit nem XMPP-Server nutzen...
Alternativ zu #XMPP+#OMEMO gibt's auch noch @delta / #deltaChat, welches #eMail nutzt.
@agturcz @rysiek Use @torproject or better yet, #XMPP+#OMEMO with an #OnionService aka. #Server on a .onion domain...
@karmalakas @sylv_a I’ve put the old folks I need to reach on #Snikket. It uses decentralised open standards ( #XMPP #omemo).
Many xmpp apps are glitchy but Snikket is functional enough. I think one of my contacts has problems getting notifications on their iPhone w/Snikket. But it’s tolerable.
@moh_kohn except @signalapp too is a #centralized, #SingleVendir & #SingleProvider solution that fully falls under #CliudAct and thus CANNOT comply with #GDPR & #BDSG as a matter of principle since this digital rquivalent of #ExtraordinaryRendition is inherently incompatible!
@monocles / #monoclesChat, @gajim / #gajim & @delta / #deltaChat, @thunderbird / #Thunderbird do support that!
[#TLDR: JUST TELL ME IF YOUR TABLET CAN DO #CALLS!]
#DearVendors of #Android-#Tablets:
Off all the #Functions you can put into a #Specifications Sheet of your Devices there's one you should ALWAYS answer clearly on your #Website:
DOES YOUR TABLET [with #4G / #5G / …) SUPPORT MAKE PHONE CALLS?
Like: IS IT TOO MUCH TO ASK TO HAVE THAT INFO IN THE SPECSHEETS?
You're obviously able to list all the #Codecs natively supported and the user-available storage as well as supported Frequency Bands, WWAN modes, WiFi channel width and the Display Glass vs. Panel dimensions including DPI of the latter and whether or not it has a hall effect sensor to detect your overpriced 1st party tablet covers!
Now some folks may ask: "WHY does this matter?" or outright dismiss this as a problem.
Listen:
Not everyone is able or willing to carry two devices when 1 SHOULD BE ENOUGH and also some places (i.e. #Turkey) have #ImportRestrictions re: #MobileDevices, so having more than 1 #IMEI is already a "NOPE!" by the authorities.
So why do NONE of the #Tablet manufacturers allow to #search or #filter for that???
NO, instead one has to download an obscenely huge #PDF just to then read on page 34 that for any "#telephony" function you NEED YET ANOTHER DEVICE FROM THE SAME MANUFACTURER AND HAVE TO SIGNUP WITH AN ACCOUNT and even that level of #abuse WON'T GUARANTEE THAT IT WORKS...
Pretty shure A LOT of other folks have the same question and ain't willing to get yet another device & #SIM just to recieve the occasional call because #TechIlliterates can't be assed to send an #eMail or learn #XMPP+#OMEMO to message one...
#Conversations 2.17.8 has been released (#Jabber / #XMPP / #Android / #OMEMO / #ChannelBinding / #TLSChannelBinding / #ChannelBindingforTLS) https://conversations.im/
So, you're using decentralized non-corporate-owned social media because you don't want your online identity and activity tracked and held by some corporation, and even possibly a government-influenced owner (TikTok?).
I've opened an #XMPP (#Jabber) messaging server, which is based on the same principles as whatever application you are reading this on. XMPP is completely decentralized, open source, free, and volunteer run.
Also, neither member identity nor messages are stored on the server. There is no centralized control over the network. You sign up by first choosing a server. Your ID looks like an ActivityPub ID (example: support@chat.between-us.online).
Besides end-to-end message encryption, there's optional #OMEMO on-device encryption. No centralized messaging app (other than Signal) offers an encryption option this strong. There's video calling, file transfer, and both public and private chat rooms/groups. There are many messaging applications available for all operating systems.
You provide no personally identifiable information when you sign up, not even an email address. You only pick your ID and provide a password (which cannot be changed or recovered as the server does not keep identity information, so don't lose it and be sure it can't be guessed). If you delete your account, through the messaging app, there is no record of your account having existed on the server.
If interested, you can sign up on the messaging application (use chat.between-us.online as the server) or via the website at https://between-us.online, which also provides additional information about XMPP and how to use it.
A note about #Matrix. Don't @ me about Matrix. This message is only to announce an XMPP (Jabber) server option. I am not advocating XMPP over Matrix. I use Matrix as well. It ticks all the same boxes. This is just an announcement about an XMPP server.
@ai6yr people need to fucking learn proper #InfoSec, #OpSec, #CkmSec & #ITsec and that means learning to proper use #XMPP+#OMEMO & #PGP/MIME.
@tails_live / @tails / #Tails exists. @gajim / #Gajim exists. @monocles / #monoclesChat exists. @delta / #deltaChat exists. @thunderbird / #Thunderbird exists. @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParties exist.
#Documentation in writing and videos exist.
Only #SelfHosting-capable, #MultiVendor & #MultiProvider solutions that implement proper #E2EE & offer you #SelfCustody of all the keys can be considered #secure.
Everyone who demands #PII like #PhoneNumbers, including @signalapp, must be seen as inherently insecure by design - espechally when they are subject to #CloudAct!
You use XMPP+OMEMO because you think it's neat.
I use XMPP+OMEMO because all centralized, single-vendor and/or single-provider messengers are inherently garbage, collect PII like phone numbers for no "legitimate reason" and don't offer proper End-to-End - Encryption with self-custody of all the keys, making them either honeypots or prime targets for warrants.
