Can anymany tell me how I'm "supposed" to use end-to-end encryption with XMPP?
As far as I can tell there are three totally different ways to do E2EE:
a)OTR : "[https://xmpp.org/extensions/xep-0364.html](Not intended to be a current standard), or technical specification, as better (albeit, newer and less well tested) methods of end-to-end encryption exist for XMPP. "
b)OpenPGP: There are at least two different XEPs about it. XEP-0027 is obsolete, while XEP-0373 is "experimental" but hasn't been updated in almost three years.
c)OMEMO: "Experimental" and hasn't been updated in over two years.
Is there a way to do E2EE in XMPP which is neither deprecated nor experimental? What's the "Current stable" way to do it?
Just made commits after a long gap to #Convo, my #XMPP app for #KaiOS. Still many basics to be worked out like rendering chats properly and allowing users to start a new conversation, but at least it's hackily usable :xmpp:
PS: if anyone familiar with #ConverseJS can help with making a headless version of the #OMEMO plugin that would be much appreciated! Please boost if you know anyone who can help there 🔒
I think at this point it's worth thinking about why we need text chats and voice/video calls integrated with each other like what #XMPP (try to), #Matrix, and #Discord do
Why not just go back to #IRC or something like #AIM for text, and something like #Skype for calls like the old days :sagume_think:
File exchange in #XMPP nowadays is either HTTP upload (covered by #OMEMO) or #jingle file transfer, which should be e2e encrypted, too, but I'm not sure about it.
The last I’ll say on Beeper/Apple/iMessage debacle:
I think it’s within Beeper’s right to attempt at reverse engineering iMessage, but not Apple’s responsibility to be forced or even expected to host Beeper customers. It’s clear Apple doesn’t want to and I don’t blame them. If this ever went to court, Apple would obliterate Beeper—even if they switched lawyers. It’s not Beeper’s right to push the burden and expense of hosting on Apple.
@richmurrills@snazzyq even then I'd not call anything #open unless people have full custody of ALL keys (!) and can #SelfHost the entire #backend as well as choose from a variety of #clients and build their own.
@saagar@signalapp@retr0id Even then I'd say this is flaky at best, since one can't really evidence that to be the case if tuere's neither FLOSS clients nor Server implementatioms to test against...
I recommend #XMPP - #OMEMO for most users [#Gajim and #monoclesChat are excellent clients for that!] but if you are an organization then consider #Zulip and if you already have a #Mailserver and use #PGP / MIME then @delta / #DeltaChat may be a good option [tho I'd recommend using a seperate eMail account for that!]...
#XMPP is really cool - would love to replace other messengers with that. But sometimes #OMEMO is a bitch. If you chat with people changing their clients or using multiple ones the messages sometimes get encrypted for the wrong client. OMEMO in MUCs can also be a hazzle.
Gestern habe ich mir #Mobian@mobian mit #Phosh auf mein #Pinephone pro installiert.
Was soll ich sagen? ... Ich bin begeistert!
Gut, die Akkulaufzeit ist sehr klar verbesserungswürdig.
Aber "nur für Entwickler geeignet" ist es definitiv nicht mehr. Für mein Empfinden: es ist eine stabile Beta-qualität.
Kamera, GPS, Rotation, Telefon, SMS, WiFi, Mobile Daten, Karten, ...
Sehr viel besser, als das vorinstallierte Manjaro mit KDE. ...
Als nächstes synchronisierte ich mir Kalender und Kontakte mit meiner Nextcloud. 👍
Was mir aktuell noch ernsthaft fehlt ist ein QR-Code-Scanner (wie z.B. Cobang) und die Batterieoptimierung / eine bessere Batterie.
Das Jahr für ein stabiles #LinuxOnMobile ist nicht mehr weit!
Besonders gelungen ist bei @mobian mit #Phosh auch die "App" #Chats, die neben #SMS ganz selbstverständlich anbietet, einen #XMPP oder #Matrix-Account hinzuzufügen.
Ich habe leider nur noch nicht gefunden, wie ich dort #OMEMO für XMPP aktiviere. ... Naja, wird schon noch werden.
> What do you think the future of XMPP will be like? I think it might be the protocol I enjoy using the most
Interesting, and refreshing, to see optimistic XMPP thoughts on, I guess, adoption? After 25 years?
People have been proclaiming the death of Jabber/XMPP for many a moon, yet its utility and existence just below the surface of mainstream awareness remains healthy. Yes, it is sometimes thought of as long forgotten, and no, it's not losing any um, ... Market share, so to speak.
For most things, and especially as a chat/communications platform between people, I migrated away and onto other solutions, leaving it alone and largely dormant for nearly two decades; yet it has always been part of my infra - mostly just between me and machines I've managed (notifications mostly).
I think part of the reason for it being so summarily dismissed was due to the rise of things like AIM, YIM, etc., and its perceived 'death knells', following Google's choice to (at least publicly) migrate away from it in the course of killing some of their public services.
More significantly however, IMO, were the abhorrently ugly and unintuitive UIs most chat clients sported - I'll call that era the time when XMPP clients mostly appeared like something you'd see on Angelfire or GeoCities web pages - before the MySpace and subsequent early Faceplant years following the breakage of the Pimp my Myspace page phenomina.
Like Samuel Clemens, once stated, ... "The report of my death was an exaggeration." If XMPP were itself able to express such sentiment, I believe it certainly would, lolz.
XMPP is simple to use, fast, secure (not by default), and by creating a situation where the user is transparently ignoring the JID + "/resource" and numerical priority that served to constantly confuse laypersons with multiple devices, the neo-adoption of XMPP and the introduction of 'pretty' clients has to a large degree, made it seem as if XMPP is something that is rather novel in the communications (chat) sector.
Clients like Conversations, at least on the #Android platform, have enabled this renaissance. There's also more desktop clients that sport a good look (pretty), offering an intuitive UX.
Is it going to be the next great thang? Doubtful. As @silverpill stated:
> I think It will remain a small network, unless something really bad happens to matrix (its main competitor).
... There's that elephant in the room.
On the other hand, for those of us who were early adopters of the hopeful #Matrix protocol, the promise hasn't quite been realized as expected, and further, it's been rife with disappointments - How many times have I myself integrated Matrix into system monitoring infrastructure only to feel that dissapointment?
XMPP doesn't offer me that - it works, every fucking time, fast, and I need it fast. I need to be able to call my customers and tell them that there's a problem and that I'm working on a fix before they even know there's a problem. I can plugin Zabbix, Observium, Nagios, Cacti, #NetFlow, etc., and when I hear that cacaphony of an alarm in the middle of the night, know that I need to get out of bed and start putting out fires.
I use Matrix - daily, all the time. But when people close to me ask which one of my non-email contact methods is best (besides actually calling me on the phone), I let them in on a little secret - "If you really need to get a hold of me, like, right now, and want my undivided attention when some IM pings me, then use my Jabber address". It's the first thing I check when I wake up, and I don't even usually check Matrix (it's mostly just for discussions and private chats nowadays anyway in my work flow).
Do I care if it's going to be the next great thing? Well, I prolly, when thinking about it, would prefer that it not be - Here's why:
Mass adoption by my friends and colleagues who I converse with would only serve to dilute the priority to which I assign my #XMPP communications
Migrating from Matrix (or something else) to XMPP for my virtual social interactions would prolly spur me towards wishing I had a dumb beeper again on my belt, lolz.
Sure, I can take advantage of different JIDs/resources, and even install separate XMPP clients if I wished, but managing different alert sounds, etc., and, ... Basically just complicating something that is so simple and effective the way I use it now kinda defeats the purpose of having a (mostly) dedicated interface between me and my boxes :p
Well, that's my 2 cents ;) and of course, my XMPP addy is in my profile if someone wants a priority chan to rattle my cage - but please do use #OMEMO as a matter of practice, even untrusted e2ee is better than clear text and I believe that we should, whenever practical, use encryption by default....... because. Just because :)
a client made by an enterprise who will willingly backdoor your messages
a client made by 3 people that get random breaking changes that completely obliterate flow
a client that is one giant html5 canvas that uses 100% of your browser gpu power
a client that requires systemd
way too many abandoned android and ios clients
please use fedi we have:
an instance software which is so popular but so feature deprived it makes no sense why it exists, also it's trademarked in a bad way
an instance software that has so much code rot it spawned 500 forks to try and fix it only to become rotten themselves
an instance software that doesn't really know what it's doing and instead implemented 3 different api standards, and this is the fork i'm talking about. no one should talk about the upstream project.
Where I speak some advantages Signal has over the bigger richer rest of tech:
“We don’t have to be full of shit. We’re not a surveillance company. I’m not trying to pretend Facebook is good. I don’t have to toe a party line that is divorced from reality”
I personally use #XMPP+#OMEMO for 1:1 chats and have deployed and maintained several #Zulip / https://zulip.com instances as a #corporate & #organizational chat, as it's more user-friendly than #IRC yet also allows for the necessary granularity and auditability.