In the blog posts I read where the author, a security engineer, audited and/or reported vulnerabilities with two E2EE chat protocols commonly recommended as Signal alternatives–Matrix and XMPP–both had implemented half-baked solutions or refused to solve the issue at all in some regards, and both had evangelists that gave dismissive responses. The XMPP chud dev gave a laughably childish response, and the Matrix dev even admitted the team being aware of the olm vulnerability and deliberately refused to fix it for years. Not that Signal cultists are any better and not negating the legitimate security and trust issues with the Signal platform, but Signal is still a decent platform for most people’s threat model, though it would be nice if there was an alternative that could compete with Signal to recommend to most people instead. If you care about metadata resistance and your threat model involves high stakes if your assets are compromised, the blog author suggests Tor-based solutions such as Cwtch and Ricochet Refresh.
https://lemmy.ml/comment/15999861
In the blog posts I read where the author, a security engineer, audited and/or reported vulnerabilities with two E2EE chat protocols commonly recommended as Signal alternatives–Matrix and XMPP–both had implemented half-baked solutions or refused to solve the issue at all in some regards, and both had evangelists that gave dismissive responses. The XMPP chud dev gave a laughably childish response, and the Matrix dev even admitted the team being aware of the olm vulnerability and deliberately refused to fix it for years. Not that Signal cultists are any better and not negating the legitimate security and trust issues with the Signal platform, but Signal is still a decent platform for most people’s threat model, though it would be nice if there was an alternative that could compete with Signal to recommend to most people instead. If you care about metadata resistance and your threat model involves high stakes if your assets are compromised, the blog author suggests Tor-based solutions such as Cwtch and Ricochet Refresh.