david_chisnall on Nostr: nprofile1q…3hdfr nprofile1q…x3kvz This is kind-of true, in that they have similar ...
nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq79fwp0sm7wapwjysku5w06s400a3ep920nu4fydu4a3w66ze5ngsx3hdfr (nprofile…hdfr) nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqvnyekleyysktx6p9t5qwyltz7ax5aw98s023hghe8y2753fpncestx3kvz (nprofile…3kvz)
This is kind-of true, in that they have similar heritage, but they are not the same protocol and the way that the crypto protocol to the underlying transport protocol also matters a lot.
Fortunately, nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq0mwq9c623ujjzpql7r4fk090yxrf458sz2egzprw0zn0ca669q9q8tvdjy (nprofile…vdjy) has already written a very long description of some of the issues so I don't have to.
Actually, I kind-of do because that post doesn't mention what is encrypted. If you're using OMEMO for a chat in XMPP:
All presence stanzas (online status, status message, currently playing song, and so on) are all unencrypted.
All info-query messages between you and remote servers (used for most discovery mechanisms) are unencrypted.
The to and from attributes in the message are unencrypted, so the sending and receiving server can see who is exchanging messages and how frequently two parties exchange messages. They can also infer some things from message size, though OMEMO has some padding to reduce this.
Contrast this with the Signal sealed-sender protocol (which, I think, is on by default now), where sender can anonymously deliver a blob of encrypted data to the recipient's message box and the contents including sender metadata is visible only to the recipient.
If you run an XMPP server, you can turn on a logging mode and see all of the XML flowing to and from all clients (encrypted with TLS in transit). Try this some time. Even if everyone is using OMEMO for all of their chats, the amount of information that you can see is terrifying.
This is kind-of true, in that they have similar heritage, but they are not the same protocol and the way that the crypto protocol to the underlying transport protocol also matters a lot.
Fortunately, nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq0mwq9c623ujjzpql7r4fk090yxrf458sz2egzprw0zn0ca669q9q8tvdjy (nprofile…vdjy) has already written a very long description of some of the issues so I don't have to.
Actually, I kind-of do because that post doesn't mention what is encrypted. If you're using OMEMO for a chat in XMPP:
All presence stanzas (online status, status message, currently playing song, and so on) are all unencrypted.
All info-query messages between you and remote servers (used for most discovery mechanisms) are unencrypted.
The to and from attributes in the message are unencrypted, so the sending and receiving server can see who is exchanging messages and how frequently two parties exchange messages. They can also infer some things from message size, though OMEMO has some padding to reduce this.
Contrast this with the Signal sealed-sender protocol (which, I think, is on by default now), where sender can anonymously deliver a blob of encrypted data to the recipient's message box and the contents including sender metadata is visible only to the recipient.
If you run an XMPP server, you can turn on a logging mode and see all of the XML flowing to and from all clients (encrypted with TLS in transit). Try this some time. Even if everyone is using OMEMO for all of their chats, the amount of information that you can see is terrifying.