20 Jan
2026
20 Jan
'26
7:28 p.m.
Le mardi 20 janvier 2026, 19:45:35 heure normale d’Europe centrale Thilo
Molitor a écrit :
To be honest, I don't understand the
"encrypted roster" discussion.
Even if the server does not see the roster at all, it is able to fully infer
which jids are part of a user's "roster" by just checking the PubSub
subscriptions and fetches of that user.
Isn't an "encrypted roster" implemented this way just a farce?
Or do I miss something important here?
-tmolitor
The JID is not visible, it's a random ID in the pubsub items, and the fetches
are done whenever client want to sync. There is a single node to subscribe,
you can't get any information from that, beside a very approximate size of the
roster, and the <reserved> element is there to make it muddy.
The server can know who you are communicating with by checking "from" and
"to"
from message (until we have something like sealed sender), or checking PEP
requests (for OMEMO for instance), but the goal here is to hide the sensitive
metadata (name, and groups, possibly other things).
This is a first step toward metadata reduction. The server can vaguely guess
the relations of the entity, but it has less information than before. Other
steps such as sealed sender will be discussed (notably at the incoming
summit).
Best,
Goffi