Modern XMPP project discussion - 2025-09-23

  1. Omni rizzler

    > Any advice in why I would prefer to use a windows XMPP client vs a browser based one? Gajim vs Movim? I have found in the past some chat apps (discord) perform better in-browser so I save a browser instance/"app" rather than use the client. Also eliminates software updates, which is nice. Movim loads a lot , takes time and I had issues with memo encrypted chat with it but gajim is fast and stored a lot more msg but I have not tried the memo encription on it yet

  2. L29Ah

    browser is slow and insecure

  3. L29Ah

    discord client is a browser in disguise iirc

  4. edhelas

    > browser is slow and insecure Explain :p

  5. funderscore

    > discord client is a browser in disguise iirc It's electron yes

  6. funderscore

    > browser is slow and insecure Slow, maybe. But insecure? Explain more

  7. menel

    When you use plastic Bowser you load the code when you open the website from the server. So you have to absolutely trust thr lle source where you load it from every time you open it

  8. menel

    With a real client you only have to trust on updates, and not the same server you chat with.

  9. menel

    Webclient is like loading code and executing it from a website every time you open it.

  10. L29Ah

    funderscore: how many remote code execution vulnerabilities are found in chromium every year?

  11. edhelas

    > Webclient is like loading code and executing it from a website every time you open it. Maybe we should try to cache some of the things in the browser, I'll tell the W3C to think about it 🤔

  12. edhelas

    Fun fact, the native apps are leaking way more personal information than their web version because the browser is having a very limited surface attack. The Discord App knows which apps are running on your computer, the Discord Web App don't know anything.

  13. edhelas

    But the issue are web apps :p

  14. L29Ah

    discord is malware, typical xmpp client isn't

  15. L29Ah

    if you have no option not to run malware, better run it in a shitty browser than in your system as a non-sandboxed code indeed

  16. L29Ah

    s/browser/& sandbox/

  17. funderscore

    Yes thats the thing

  18. funderscore

    Browsers typically run code inside a sandbox

  19. funderscore

    so it can't access all your stuff. While a native app can do whatever it wants

  20. funderscore

    > When you use plastic Bowser you load the code when you open the website from the server. > So you have to absolutely trust thr lle source where you load it from every time you open it But this is a very good point also ^

  21. funderscore

    (And to set expectations, I am not a huge fan of WebClients, I prefer tui)