---
README.md | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index bd8af3c..c46f2a1 100644
--- a/README.md
+++ b/README.md
@@ -115,13 +115,18 @@ About privacy
Slidge (and most if not all XMPP gateway that I know of) will break
end-to-end encryption, or more precisely one of the 'ends' become the
-gateway itself. If privacy is a major concern for you, my advice would
-be to:
+gateway itself. Communication between Slidge and the client will not use OMEMO,
+so messages are also exposed to the XMPP server. If privacy is a major concern
+for you, my advice would be to:
- use XMPP + OMEMO
- self-host your gateways
- have your gateways hosted by someone you know AFK and trust
+Additionally, note that communication between the XMPP server and the component
+are not encrypted; they are expected to run on the same host or in a secured
+network.
+
Related projects
----------------
--
2.38.1
Thanks Hugo!
I am all for disclosing how slidge work and not providing a fake
feeling of privacy. However, I don't want to scare potential adopters
by making it sound like it's worse than it actually is,
especially in the README. I think it is already clear that slidge is
a convenient way to route all your comms
to XMPP and not a "privacy solution" or anything like it.
>Communication between Slidge and the client will not use OMEMO,
>so messages are also exposed to the XMPP server. For slidge to work, the XMPP server needs special configuration, so
basically you are expected to be the XMPP server admin. I know that you
plan to run slidge on a rpi and prosody on a VPS you don't trust, but
this is an unusual setup. Maybe this OMEMO part should be in the user
docs. >Additionally, note that communication between the XMPP server and
the component
>are not encrypted; they are expected to run on the same host or in a secured
>network.
OK for this part, but I think it would fit the admin docs better than the
README. At least it should mention that this is not an implementation choice by
slidge, but rather just the spec, cf https://xmpp.org/extensions/xep-0114.html
That said, I agree that the README part about privacy is meh, and I
should rephrase it a bit, I'll work on that. I should probably write a FAQ
instead... maybe?
To not provide this false feeling of privacy, I chose not to mention
that by using slidge instead of $LEGACY_NETWORK_OFFICIAL_APP,
at least you avoid leaking all sort of data like your address book,
location, or anything that the data collection in your pocket provides.
Additional note: to have CI jobs run on you rpatches (if it's repaired...),
the subject should be [PATCH slidge]. Not a problem at all for a README/doc
patch, but in case you put in some work about that slixmpp-omemo integration,
it's good to know ;)
-- nicoco