The Matrix.org network has great potential, but after years of dealing with glitches, slow performance, poor UX, and one too many failures, I’m done with it.
I’m afraid that’s quite outside my field of expertise. I can only report how my experience on XMPP has been as a user, though perhaps @poVoq@slrpnk.net, who hosts it, may be able to weigh in on that. Edit: ah, I see you already have 😄
Though from my untrained eye, it seems that Jabber.ru was compromised due to not enabling a particular feature on their server
“Channel binding” is a feature in XMPP which can detect a MiTM even if the interceptor present a valid certificate. Both the client and the server must support SCRAM PLUS authentication mechanisms for this to work. Unfortunately this was not active on jabber.ru at the time of the attack.
And it seems that hosting it externally on paid hosting service (hetzner and linode) left them particularly vulnerable to this attack, and tgat it could’ve been mitigated by self hosting the XMPP locally, as well as activating that feature.
I’m afraid that’s quite outside my field of expertise. I can only report how my experience on XMPP has been as a user, though perhaps @poVoq@slrpnk.net, who hosts it, may be able to weigh in on that. Edit: ah, I see you already have 😄
Though from my untrained eye, it seems that Jabber.ru was compromised due to not enabling a particular feature on their server
And it seems that hosting it externally on paid hosting service (hetzner and linode) left them particularly vulnerable to this attack, and tgat it could’ve been mitigated by self hosting the XMPP locally, as well as activating that feature.