What is XMPP?
XMPP (Jabber) is an open protocol for instant messaging communication that has been under development from 1999. All technical features of the protocol are described by XEPs. There are many applications using this standard, which nonetheless remain compatible with each other.
The primary benefits of XMPP over all other instant messaging systems is that XMPP is open, free, does not belong to or is controlled by a single company. It is also federated (distributed), so anyone can run his/her own messaging server. If desired, the server can be closed (i.e. not allowing communication with other servers) or fully federated: enabling communication across any existing servers like email. XMPP has many built-in privacy and security features enabling strong cryptography using standard widely audited algorithms and software components. For example, end-to-end encryption can use GPG/PGP, OTR and OMEMO protocols (see wiki.404.city).
The possibility to run one’s own private server, coupled with wide availability of public servers open to anonymous registration (see open public servers), makes XMPP the most suitable for high privacy and security. An more modern open source messaging solution is Matrix. However, it has poorer privacy features and much more bloat (see here for comparison and Matrix privacy problems). For example, several years ago, the privacy platform Disroot decided to migrate back from Matrix to XMPP.
-
Check out this for problems with Matrix:
-
Join the XMPP network using any open public server.
Why not WhatsApp, Telegram, Skype etc.?
Most other messaging systems have fatal privacy flaws and security vulnerabilities. Mandatory use of the single "official" software client brings about a monoculture where any security vulnerability affects all users. Moreover, the closed source code of these systems does not allow independent audit. Nonetheless, it allows manufacturers to implement hidden undocumented features, advertising trackers and backdoors.
One of the fundamental vulnerabilities is the push alert mechanism in both Android and IPhone platforms. This will affect all apps using the push mechanism, even those that position themselves as "encrypted" and "secure." XMPP is based on direct client-server connections does not depend on push alerts mechanism.
Some examples
-
The Kremlin Has Entered the Chat: Putin’s regime may have access to Telegram chats
-
WhatsApp was hacked and attackers installed spyware on people’s phones
-
Where WhatsApp Went Wrong: EFF’s Four Biggest Security Concerns
-
Sources: Facebook Has Fired Multiple Employees for Snooping on Users
-
We Now Know What Information the FBI Can Obtain from Encrypted Messaging Apps
Is Signal open source? What is wrong with it?
Recommended clients
-
Desktop PC
-
Pidgin: Supports many messaging protocols, e.g. Telegram, Discord, Slack, Hangouts etc.
-
Miranda NG: Fully featured (Microsoft Windows only), best choice for XMPP
-
Gajim: Fully featured, best choice for XMPP
-
Email clients, such as Thunderbird and eM Client
-
-
Android
-
Conversations: Fully featured and powerful
-
Blabber.im: Fully featured and powerful
-
Xabber: Fully featured and powerful
-
Yaxim: Extremely lightweight
-
Quicksy: An easy-startup fork of Conversations
Note: account registration is by phone number that is unsecure
(due to inherent SS7 vulnerabilities) and compromises privacy.
-
-
iOS and MacOS
-
Monal: Fully featured and powerful
-
Web-based clients
-
More client software can be found at XMPP.org
More information
More on XMPP is https://en.wikipedia.org/wiki/XMPP, XMPP wiki and XMPP.org
Lists of public servers: There are many public servers running on the Internet that are open to use by anyone. Below are just few of the available lists:
Non-free provider: jmp.chat is a paid XMPP-based service that combines messaging, VoIP, SMS, MMS, telephone numbers, etc.
-
See also https://soprani.ca/ and https://cheogram.com/ projects for unification of open communication networks.
Back to budaev.info
Go back to budaev.info