Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I was very disappointed when I found out they don't use TLS when federating XMPP. Basically, if you're chatting with someone who uses them for XMPP (Jabber) service, your stuff is riding in the clear between the two servers.

It's been like this for years.



People should use OTR anyway. That way not even Google can see your messages.


How many gmail chat users use an external IM client?


I don't know. Most of them?


I was thinking almost none of them.


I reckon nearly all of them. Pointless this sort of speculation isn't it?


The client built into the gmail interface supports OTR.


Wrong OTR

Edit: that came out a little curt. The OTR protocol is different than what Gmail calls OTR. Gmail's just turns off logging; the protocol is encryption.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: