Add XMPP servers #141
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#141
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
We should add XMPP servers too.
I can suggest 2:
Jabber servers comparison list: https://gultsch.de/compliance_ranked.html
Posted here
cock.li has XMPP for all of it's domains
Maybe mention prosody and ejabberd for the self-hosting crowd?
We recently wrote an article about the power of XMPP admins. For instance, they are able to:
The clear recommendation here is to always run your own XMPP server and never use one on the internet run by people you don't know. Even if you trust the admin, there is the risk that your personal data and tons of metadata will be exposed due to a data breach. This is basically a security and privacy nightmare.
What's wrong with that? XMPP is just the protocol we choose for OTR. Metadata might be something of concern, but just informing users is better than abandoning the idea of third party XMPP servers altogether.
@Shifterovich
Sorry, I don't get your point this time. I said, besides metadata XMPP server admins can read and manipulate your personal data including contacts, groups, vCards and passwords. For instance, they are able to:
Admins are still able to do so if you enable OMEMO/OTR/OpenGPG and connect via Tor. Another point is that users can't see whether an admin monitors their activities. This is neither secure nor privacy-friendly.
Therefore, I would only recommend running your own XMPP server and abandon the idea to recommend third party servers which look to be thrustworthy while there is no proof. (Only my two cents!)
If you always use OTR, how is receiving an unencrypted message from one of your friends a major concern? What you listed isn't anything specific to XMPP, it's like that with all sorts of third party servers. I see your point but we should be warning users about this instead of deciding what's good for them. There are secure ways to communicate over insecure channels. One of them is only trusting OTR messages.
This has moved to https://compliance.conversations.im/ where you recognise at least Disroot.org. Many Diaspora* pods are also running XMPP servers.
This doesn't exist anymore.
Could https://xmpp.org/getting-started/ be linked to instead or should Privacytools.io host XMPP in addition to Matrix?
We could host our own XMPP server, but we should advise our users not to have all their accounts centralized on our servers (using PTIO Matrix, XMPP, Mastodon, etc).
@privacytoolsIO/editorial Do you have new thoughts on this?
@JonahAragon commented at https://github.com/privacytoolsIO/privacytools.io/pull/915#pullrequestreview-242417487:
and so did @blacklight447-ptio at https://github.com/privacytoolsIO/privacytools.io/pull/915#issuecomment-496449555
Could this be read as an support to not list specific instances (until hypothetical privacytools.io XMPP server starts?) and instead link to the previously mentioned lists?
Edit: in the sibling issue we also have a question on how should XMPP be added, as a separate page? https://github.com/privacytoolsIO/privacytools.io/issues/60#issuecomment-377622021
https://www.privacytools.io/software/im/ currently has XMPP clients in a sublist in worth mentioning and I hope that if people are interested in it, they click the link to XMPP.org and thus find https://xmpp.org/getting-started/ which two of the lists mentioned above.
If this is not a satisfying solution, please request reopening with new comments or preferably suggestions.