SamuraiLink3A Mastodon exclusive: I'll be presenting my "Secure XMPP" findings at Ohio InfoSec Forum next week.
Results: XMPP is a dumpster fire.
HedgeMage@samurailink3 thanks for spreading the I-wish-it-were-self-evident truth
(Axel Rauschmayer—OLD)@HedgeMage @samurailink3 I thought Mastodon didn’t use XMPP(?)
@rauschma Oh, it doesn't. Mastodon isn't meant to be End-To-End encrypted or "Secure" (beyond using HTTPS on the site). Mastodon is a re-implementation of the GNU Social project (https://gnu.io/social/).
I think Mastodon is "secure enough" for the majority of its use case: Being a public, federated, open-source, Twitter.
My XMPP comments relate to a talk I'm giving next week at an infosec user group meeting.