So if you don’t need to create an account, how do you know you’re talking to who you think you’re talking to?

I can see this being valuable as a Lemmy style service where I’m sharing information and reading information but want to be anonymous. But not a good service if I want to talk to my mom about a sensitive subject and protect my privacy.

Yes, I really have t looked into this before. I just vaguely remembered jokes about PGP from a security class a while back, so looked it up. It does look like the encryption scheme used in XMPP does solve this issue.

Wikipedia saves the day again:

OMEMO is an extension to the Extensible Messaging and Presence Protocol (XMPP) for multi-client end-to-end encryption developed by Andreas Straub. According to Straub, OMEMO uses the Double Ratchet Algorithm “to provide multi-end to multi-end encryption, allowing messages to be synchronized securely across multiple clients, even if some of them are offline”.[1] The name “OMEMO” is a recursive acronym for “OMEMO Multi-End Message and Object Encryption”. It is an open standard based on the Double Ratchet Algorithm and the Personal Eventing Protocol (PEP, XEP-0163).[2] OMEMO offers future and forward secrecy and deniability with message synchronization and offline delivery.

Precise language is important if you want to understand and communicate truth. It helps a lot to understand the difference between privacy and anonimity there is a scenario where a person doesn’t care that an adversary knows their id, but does care about the content of their messages. In which case, differentiating tools that provide that particular service requires language to discuss it.

PGP is a very curious choice. A quick Google search says a downside of this is that it does not provide “forward secrecy”. From the Wikipedia page on forward secrecy, it prevents things like the following.

If an adversary can steal (or obtain through a court order) this static (long term) signing key, the adversary can masquerade as the server to the client and as the client to the server and implement a classic man-in-the-middle attack.