SoylentNews is people
SoylentNews
from the wait-for-Government-makes-it-illegal-headline dept.
IM services start to block unencrypted chats. XMPP upgrade is rolling out now.
A host of instant messaging services will begin refusing unencrypted connections from today under a pledge to harden the extensible messaging and presence protocol (XMPP). Developers pledged in 2012 to begin testing client-to-server and server-to-server encryption for XMPP as of January in a move heralded as an initial step to secure the communications protocol against criminals and government spies. The XMPP Standard Foundation initiative covered 70 providers but could not be enforced. Peter Saint-Andre, the technologist behind the initiative, welcomed the go live date. "Today, a large number of services on the public XMPP network permanently turned on mandatory encryption for client-to-server and server-to-server connections," Saiont-Andre said. "This is the first step toward making the XMPP network more secure for all users."
http://www.theregister.co.uk/2014/05/20/im_upgrade _locks_out_lazy_eavesdroppers/
https://raw.githubusercontent.com/stpeter/manifest o/master/manifesto.txt
Users can check the security of xmpp services here. https://xmpp.net/
(Score: 4, Interesting) by cockroach on Tuesday May 20 2014, @03:56PM
As far as I understand XMPP end-to-end encryption does not solve everything. No matter how strongly you encrypt your conversations, as long as S2S connections are unencrypted third parties can see presence notification, i.e. they will see who your friends are and (possibly) when you connect / disconnect.
It's basically like e-mail: while encrypting your messages with PGP prevents random strangers from reading them the headers are still unencrypted and third parties can intercept them to figure out who is writing to whom. Encrypting traffic between the servers can reduce that risk.