[jdev] Heml.is and federation..

Matthew Wild mwild1 at gmail.com
Fri Jul 12 19:24:32 UTC 2013


On 12 July 2013 19:56, Steffen Larsen <zooldk at gmail.com> wrote:
> I just stumbled upon https://heml.is, which is a new XMPP client for IOS and Android. Anyone knows these guys?

https://en.wikipedia.org/wiki/Peter_Sunde and others (some also behind
the payment service Flattr).

> It uses XMPP and PGP for encryption, but do any of you guys know if they federate?.. What I can see from skimming their page, its yet another silo, due to the fact of PGP and their own infrastructure.
> So federation and using your own domain does not seem feasible, right? Anyone want to discuss this and the alternatives besides OTR? Security labels?

"
== Your server only? ==
Yes! The way to make the system secure is that we can control the
infrastructure. Distributing to other servers makes it impossible to
give any guarantees about the security. We’ll have audits from trusted
third parties on our platforms regularily, in cooperation with our
community.

For those interested in a bit of our tech backend infrastructure:
We’re building encrypted tunnels/MPLS networks between countries, with
anycast ingress/egress points so that your traffic should pass as few
borders as possible. Messages will be sent to as close as possible to
the recipient, which makes it impossible for agencies like NSA and FRA
to see who’s talking to whom. This sort of virtual local network makes
Heml.is much more secure than a regular system that can’t avoid border
crossings.
"

Needless to say I disagree with this model, or their assertions (which
secure s2s solves just as well).

Regards,
Matthew


More information about the JDev mailing list