SamuraiLink3A Mastodon exclusive: I'll be presenting my "Secure XMPP" findings at Ohio InfoSec Forum next week.
Results: XMPP is a dumpster fire.
HedgeMage@samurailink3 thanks for spreading the I-wish-it-were-self-evident truth
@HedgeMage I really really want XMPP to be the secure self-hosted Signal alternative, but it just can't happen with this architecture (not without a substantial rewrite anyway).
OMEMO is a good start, but it has a host of issues. At this point, there's no benefit (and serious detriments) to using self-hosted XMPP over Signal or WhatsApp.
I know that gives the FOSS fanboys (like myself) concerns, but it's the truth. XMPP isn't safe for the average user.