XMPP servers are really good these days, you know. And, I repeat, if you run your own server, you don't really need e2ee, cause the only one who can access the DB with your messages is a server operator - yourself, i this case, and why would you protect you from yourself?
Also, if you are concerned about privacy, chances are, you are not a private individual and have specially trained people to install that server for you.
Then again, even if you DO need encryption to transmit a critical password or something, well, XMPP clients developers know their business (at least, some of them do), so it is unlikely that you'd be able to screw up something.
> And, I repeat, if you run your own server, you don't really need e2ee, cause the only one who can access the DB with your messages is a server operator - yourself, i this case, and why would you protect you from yourself?
The typical idea is being concerned that a state will physically seize your server—you know, real security and privacy concerns.
> Also, if you are concerned about privacy, chances are, you are not a private individual and have specially trained people to install that server for you.
Is this not ultimtely what iMessages is to people?
If you want real security, you minimize externalized trust. By running your own server you do not have to trust anyone but yourself. And if the server is your own, you don't even need e2ee because in the threat model against which e2ee is helpful the offender is server operator. Replace server operator with yourself, and you remove the need for e2ee.
Of course, if you want a cozy sense of being secure, instead of real security, you say, 'I use end-to-end encryption which I was told makes reading my messages impossible'. With iMessages you can't really verify if your messages are not being sniffed (unlike Signal, or XMPP, I must add), and we now have proven Apple DOES have a potential way to read your messages if they really want it. But you TRUST them not to read your messages. So why bother with E2EE at all, if you already trust them not to spy on you?
(Also, how come people who religiously insist on using an always-on E2EE for their chats are totally fine with Gmail which stores every mail totally unencrypted?)
There is no such thing as “real security”, only varying degrees of protection from a specific threat model. You’ve clearly gained a lot of confidence thinking about this specific threat model while neglecting a more general and useful way to engage in discussion about threat models.
Among other things, you don’t write all the software that goes on your computer, let alone build the hardware yourself, so you’re not “really” secure at all. And because you do claim “real security”, I can’t square your statements with any threat model I can imagine.
> XMPP servers are really good these days, you know.
I definitely would trust Apple more than a random "XMPP servers are really good these days you don't need e2e when you run your own" random commenter on the Internet.
Yup, apparently I should blindly trust you, a person who didn't even bother to read about iMessage architecture [1] even when it was spelled out for him. But yeah, tell me more how your own server is better.
And if someone's trust for his own service is fleeting... uh-oh.