XMPP and Metadata
4 months ago
- #Privacy
- #XMPP
- #Metadata
- The talk discussed metadata in XMPP, focusing on data retention and server visibility.
- Metadata in messaging includes sender, receiver, timestamp, and payload size.
- XMPP is a federated protocol for messaging and presence, extensible and using XML.
- Server trust is crucial in XMPP as all client data passes through the server.
- Four passive metadata threats in XMPP: server compromise, data correlation, static data exploitation, and network attackers.
- Client network attackers can see timing, size of calls, and interactions outside XMPP like HTTP uploads.
- Server network attackers have more visibility, including client and server connections and correlation of data.
- Server compromise risks include access to user accounts, rosters, bookmarks, and groupchat data.
- Solutions proposed include adding noise to network activity, encrypting roster data, and improving groupchat privacy.
- Other protocols like Signal, Matrix, and SimpleX were compared, highlighting their metadata handling and privacy features.