XMPP E2EE tracking #1838

New Issue

jonah · 2020-04-18T08:56:50Z

Mikaela commented

2020-04-18 08:56:50 +00:00

(Migrated from github.com)

XMPP is under thread of delisting in https://github.com/privacytoolsIO/privacytools.io/pull/1836 as there is currently only one client known that has OMEMO enabled by default, Conversations.

I wish to relist it as soon as it comforms the criteria and I hope this issue can be used for tracking issues related to that.

From XMPP Compliance Suites 2020 / Future development there are a few interesting specifications linked:

XEP-0420: Stanza Content Encryption
- draft
XEP-0384: OMEMO Encryption
- draft
XEP-0396: Jingle Encrypted Transports - OMEMO
- deferred
XEP-0374: OpenPGP for XMPP Instant Messaging
- deferred

XMPP is under thread of delisting in https://github.com/privacytoolsIO/privacytools.io/pull/1836 as there is currently only one client known that has OMEMO enabled by default, [Conversations](https://conversations.im/). I wish to relist it as soon as it comforms the criteria and I hope this issue can be used for tracking issues related to that. From [XMPP Compliance Suites 2020 / Future development](https://xmpp.org/extensions/xep-0423.html#future) there are a few interesting specifications linked: * [ ] [XEP-0420: Stanza Content Encryption](https://xmpp.org/extensions/xep-0420.html) * draft * [ ] [XEP-0384: OMEMO Encryption](https://xmpp.org/extensions/xep-0384.html) * draft * [ ] [XEP-0396: Jingle Encrypted Transports - OMEMO](https://xmpp.org/extensions/xep-0396.html) * deferred * [ ] [XEP-0374: OpenPGP for XMPP Instant Messaging](https://xmpp.org/extensions/xep-0374.html) * deferred

👍 1 👀 1

dngray commented

2020-04-18 09:32:50 +00:00

(Migrated from github.com)

I've subscribed to this issue, because I am curious to see how it develops.

I think we that we can continue with https://github.com/privacytoolsIO/privacytools.io/pull/1836.

I've subscribed to this issue, because I am curious to see how it develops. I think we that we can continue with https://github.com/privacytoolsIO/privacytools.io/pull/1836.

jonah commented

2020-04-19 04:18:05 +00:00

We're going to relist "Matrix" as "Riot" in #1836 because we realized we wanted to avoid recommending protocols (which is mostly helpful for administrators) and focus on recommending clients (which is more helpful for end-users, our target).

So we can rethink criteria a bit, and maybe that deserves its own issue, but what it boils down to is:

The client needs to be secure and privacy-respecting (which I think Conversations is)
- I think we should also agree now whether we only want OMEMO (this is my current assumption) or if OTR is acceptable.
Users need to be able to communicate across platforms to avoid vendor lock-in.

The second point being where I think "XMPP" is currently failing, because Conversations is Android-only... I'm not against listing XMPP clients per-operating-system if we need to, but I'm not aware of any other decent clients, so what we're waiting for is...

Android: Conversations
iOS
- Having used ChatSecure and Monal I feel incredibly uncomfortable with recommending either. Unless they have drastically changed in the past 6 months.
Linux: Dino?
- Which may not be a good recommendation due to the lack of tagged releases multiple people have brought up, so I don't know if we want to consider it.
macOS
Windows

A web-client would also be neat but is perhaps wishful thinking. But I think when decent clients materialize for all of the above platforms we can probably list that set of clients as our general "XMPP" recommendation for RTC.

We're going to relist "Matrix" as "Riot" in #1836 because we realized we wanted to avoid recommending *protocols* (which is mostly helpful for administrators) and focus on recommending *clients* (which is more helpful for end-users, our target). So we can rethink criteria a bit, and maybe that deserves its own issue, but what it boils down to is: 1. The client needs to be secure and privacy-respecting (which I think Conversations is) - I think we should also agree now whether we only want OMEMO (this is my current assumption) or if OTR is acceptable. 2. Users need to be able to communicate across platforms to avoid vendor lock-in. The second point being where I think "XMPP" is currently failing, because Conversations is Android-only... I'm not against listing XMPP clients per-operating-system if we need to, but I'm not aware of any other decent clients, so what we're waiting for is... - [x] Android: Conversations - [ ] iOS - Having used ChatSecure and Monal I feel incredibly uncomfortable with recommending either. Unless they have drastically changed in the past 6 months. - [ ] Linux: Dino? - Which may not be a good recommendation due to the lack of tagged releases multiple people have brought up, so I don't know if we want to consider it. - [ ] macOS - [ ] Windows A web-client would also be neat but is perhaps wishful thinking. But I think when decent clients materialize for all of the above platforms we can probably list that set of clients as our general "XMPP" recommendation for RTC.

👍 3

Mikaela commented

2020-04-19 11:02:08 +00:00

(Migrated from github.com)

https://conversejs.org/

❤️ 2

nitrohorse commented

2020-04-19 19:35:40 +00:00

(Migrated from github.com)

For iOS clients, I believe Monal has the most active development with Siskin coming in 2nd and now ChatSecure in 3rd.

Having used ChatSecure and Monal I feel incredibly uncomfortable with recommending either. Unless they have drastically changed in the past 6 months.

No, I don't think either has drastically changed in terms of UX or UI.

For iOS clients, I believe [Monal](https://github.com/anurodhp/Monal) has the most active development with [Siskin](https://github.com/tigase/siskin-im) coming in 2nd and now [ChatSecure](https://nitter.snopyta.org/ChatSecure/status/1221528522121834496) in 3rd. > Having used ChatSecure and Monal I feel incredibly uncomfortable with recommending either. Unless they have drastically changed in the past 6 months. No, I don't think either has drastically changed in terms of UX or UI.

woj-tek commented

2020-05-06 17:01:47 +00:00

(Migrated from github.com)

@JonahAragon there is SiskinIM for iOS (https://github.com/tigase/siskin-im/) and BeagleIM for macOS (https://github.com/tigase/beagle-im/)

mdosch commented

2020-10-27 16:02:49 +00:00

(Migrated from github.com)

As others already mentioned: Siskin is the client I recommend to iOS people.
Also if you have objections to Dino you could recommend Gajim for Linux and Windows (I'm not sure about the state on Macs).

As others already mentioned: Siskin is the client I recommend to iOS people. Also if you have objections to Dino you could recommend Gajim for Linux and Windows (I'm not sure about the state on Macs).

GintokiHub commented

2020-10-27 16:22:34 +00:00

(Migrated from github.com)

I find gajim quite easy to use actually. It might seem a -littele-bit- imposing at first but it's really quite straightforward IMO.
What are others opinion on the client for windows?

I find gajim quite easy to use actually. It might seem a -littele-bit- imposing at first but it's really quite straightforward IMO. What are others opinion on the client for windows?

mdosch commented

2020-10-28 13:18:46 +00:00

(Migrated from github.com)

Right now Gajim is imo the best client on windows. Maybe Dino will be an
option once they provide a windows build. So far there are only
community builds for windows.

On 27.10.2020 09:22, GintokiHub wrote:

I find gajim quite easy to use actually. It might seem a -littele-bit- imposing at first but it's really quite straightforward IMO.
What are others opinion on the client for windows?

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/privacytools/privacytools.io/issues/1838#issuecomment-717360425

Right now Gajim is imo the best client on windows. Maybe Dino will be an option once they provide a windows build. So far there are only community builds for windows. On 27.10.2020 09:22, GintokiHub wrote: >I find gajim quite easy to use actually. It might seem a -littele-bit- imposing at first but it's really quite straightforward IMO. >What are others opinion on the client for windows? > >-- >You are receiving this because you are subscribed to this thread. >Reply to this email directly or view it on GitHub: >https://github.com/privacytools/privacytools.io/issues/1838#issuecomment-717360425

arendtio commented

2020-12-14 19:56:30 +00:00

(Migrated from github.com)

Just contributing my experience:

Conversations is superb. Quicksy (Conversations flavor + Account) might be worth mentioning, as it has the lowest entrance barrier.
iOS clients are a disaster. Currently, I have ChatSecure and Siskin installed, but neither works in a way that I would recommend it. ChatSecure seems to be the best but it has some serious issues (like asking to confirm valid SSL certificates when they get renewed).
For desktop usage I recommend Gajim. I tried Dino from time to time but always returned to Gajim so far.

All these clients support OMEMO afaik. I don't think that having OMEMO enabled by default should be relevant for listing XMPP clients. On the other hand, I would not recommend clients that only support OTR (used a few years before OMEMO became a thing and still remember those slow transfer speeds).

Haven't tried anything on MacOS yet, but I heard that Monal is a bad but still the best option.

Just contributing my experience: - Conversations is superb. Quicksy (Conversations flavor + Account) might be worth mentioning, as it has the lowest entrance barrier. - iOS clients are a disaster. Currently, I have ChatSecure and Siskin installed, but neither works in a way that I would recommend it. ChatSecure seems to be the best but it has some serious issues (like asking to confirm valid SSL certificates when they get renewed). - For desktop usage I recommend Gajim. I tried Dino from time to time but always returned to Gajim so far. All these clients support OMEMO afaik. I don't think that having OMEMO enabled by default should be relevant for listing XMPP clients. On the other hand, I would not recommend clients that only support OTR (used a few years before OMEMO became a thing and still remember those slow transfer speeds). Haven't tried anything on MacOS yet, but I heard that Monal is a bad but still the best option.

👍 2

albjeremias commented

2021-09-09 16:44:44 +00:00

(Migrated from github.com)

why isn't conversations on privacytools.io ?!

mdosch commented

2021-09-09 16:55:15 +00:00

(Migrated from github.com)

See above, because conversations is android only whereas riot is everywhere.

Mikaela commented

2021-09-09 17:01:17 +00:00

(Migrated from github.com)

I am not sure Element being on iOS is a good argument and I also wouldn't seek for privacy on Matrix in it's current state and if it was up to me, I would add a lot of warnings or simply delist it again. Then again putting in personal effort to do that would be pointless until the team is released from renaming/redomaining etc.

https://mikaela.info/blog/english/2021/08/03/matrix-perfect-privacy-not.html

EDIT:

I self-marked this offtopic instantly after posting.
I opened https://github.com/privacytools/privacytools.io/issues/2424 for discussing the privacy issues with Matrix.

I am not sure Element being on iOS is a good argument and I also wouldn't seek for privacy on Matrix in it's current state and if it was up to me, I would add a lot of warnings or simply delist it again. Then again putting in personal effort to do that would be pointless until the team is released from renaming/redomaining etc. * https://mikaela.info/blog/english/2021/08/03/matrix-perfect-privacy-not.html EDIT: * I self-marked this offtopic instantly after posting. * I opened https://github.com/privacytools/privacytools.io/issues/2424 for discussing the privacy issues with Matrix.

This repo is archived. You cannot comment on issues.