Lol

It still isnt great. Better than DeltaChat/Matrix but decently worse than Signal’s security.

OMEMO is better than nothing. Much better than OTR or PGP (looking at you DeltaChat), and the biggest problem seems to be the metadata and old versions used in some clients. The encryption (of message contents) at the very least is decent.

OMEMO is better than Matrix’s encryption, which the later doesnt offer proper forward secrecy and breaks all the time leaving messages inaccessible.

https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/

From the OMEMO XEP specification under section 2.1 “Threat Model” https://xmpp.org/extensions/xep-0384.html#reqs-threat-model

The OMEMO protocol does not protect against attackers who rely on metadata and traffic analysis.

Off-topic, I would also like to add that the spec says " It has been demonstrated, that OMEMO provides only weak forward secrecy (it protects the session key only once both parties complete the key exchange).", citing https://www.cypherpunks.ca/~iang/pubs/dakez-popets18.pdf

The specification only seems to say that message content are encrypted, making no mention of encrypting any other data than message content. Look under sections 1.2 and 4.4 to see what I mean about there being no mention encrypting other data (eg. recipients and room names). This means that sender/receiver are (most likely) not encrypted. I don’t think (though I don’t know for sure) that room names are encrypted either.

What happens if you communicate/participate in an encrypted chat/user on another server? Could the server owner now see the other unencrypted data and metadata?

Also, just because you self host it doesn’t make the unencrypted (meta)data any less dangerous. That just makes your server the point of failure. By your logic, why encrypt at all? It all lives on your server, it is only a problem if someone has access to your server. Networking is encrypted with TLS anyways, so why bother. /s

You can use the WebCord app for Spacebar.

OMEMO leaks plenty of metadata; most things other than message contents are left unencrypted. Many of the mature XMPP use different OMEMO versions (which can be hard to tell when the client doesn’t clearly state the XEP versions, like Snikket). I spent 40 min scouring Snikkets website and source repo without any clear way to determine what version of OMEMO they bundle. I said OMEMO+XMPP because no matter how secure your protocol is, the actual implementation by your largest userbases determine real-world security.

And lastly, just because “serious institutions and governments” use it doesn’t make it more secure. Many European governments use Matrix, and that has even worse security, breaks forward secrecy, doesn’t encrypt basically anything other than message content, etc. Many governments have critical systems that run unpatched Win 7 or older. My point is that security is independent of adoption.

Did that fix any of the underlining issues with OMEMO use across XMPP clients, such as odd/opaque choices by the OMEMO maintainer, or the fragmentation of OMEMO versions used by clients (most being very out-of-date)?

Let me be clear: I am NOT anti-XMPP (or even OMEMO). I would love to see it succeed because I much prefer it over Matrix and other alternatives. My problem isn’t with the technology, just the implementation.

What has changed?

Here is a blog post by a widely respected cryptographer on why XMPP+OMEMO is not secure: https://soatok.blog/2024/08/04/against-xmppomemo/

Oh, ok.

I don’t understand.

To clarify: KDE Plasma has both an X11 and Wayland session, on the Wayland session X11 apps run using the provided Xwayland server.

The difference is that there are some restrictions for X11 apps, like on many distros X11 apps can’t detect all keypresses when not focused or steal mouse focus.

Love me some Aesop Rock!

It (Wayland) is the default session, but supports both for now. OP mentioned they chose the X11 session because games lose mouse lock, which is why GNOME wasn’t an option since it doesnt support X11.

Why is Artix in the schizo tier? It is a pretty awesome project.

I hate how LLMs have made any talk about machine learning immediately cause a bad reaction for most people. ML isn’t inherently bad. LLMs are a neat technology, but it is hard for people to understand that when capitalism does what capitalism does best (extract and pervert). Now no one is excited to see anything related to ML.

I remember when GAN images started to be shown around the internet (which looked like acid trips lol) and I was so excited to see the technology improve. Now no one is excited to see anything ML because it is being used to do the worst things: spy, replace workers, cheat, propagandize, steal from the commons, lie, destroy the environment, destroy the economy, and (of course) kill people.

MDMA

deleted by creator

Linux Mint has LMDE based on Debian.