Add XMPP clients #60
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#60
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The section about messengers is sadly very misleading in my opinion.
Have you ever used ChatSecure?
I suppose you recommend it becuase it runs on multiple mobile operating systems.
Are you aware that it is different on each of these, has different featuers?
Can it do http_upload, carbons? Do you tell people about how OTR can also be a pain if you have multiple devices? It doesn't seem so, which will result in users trying the software, seeing that it doesn't work as expected and saying its no good.
In my opinion the best XMPP client for mobile is Conversations, which is mentioned on the page too.
I think one should just mention XMPP in general and then link to a broader explanation of it. Explaining that behaviour of clients can differ depending on which XEPs they support. And listing a good pre selection for people who do not want to read all those details. Which in my opnion is: Conversations for Android, Gajim and Swift for desktop. I can't speak for iOS since I don't use it.
This would also give the user the right impression: it's not just for mobile but for all kinds of things. Currently in my opinion it looks like its a mobile only thing.
Just today: http://www.reuters.com/article/us-iran-cyber-telegram-exclusive-idUSKCN10D1AM?sp=alcms
So much about secure and privacy
There's a list which compares different servers and their support for different XEPs (https://gultsch.de/compliance.html). However, privacytools.io suggests using OTR/openPGP, while there is a far more sophisticated encryption (OMEMO) available, which is currently supported by Conversations, Gajim and CryptoCat (ChatSecure for iOS already announced to support it with the next app release).
@jubalh So your idea is to add a "XMPP" recommendation and link to several different clients for Desktop, iOS and Android?
As far as I know: Conversations for Android and Chatsecure is still good for iOS?
Please help me out here.
@privacytoolsIO :)
Maybe these tips are helfpul:
A list with clients and which XEPs they support. https://www.zash.se/xmpp-clients.html
http://xmpp.iodoru.org/details.html mentions which XEPs are important to have a usable chat experience.
I agree usual users shouldnt have to think about such things thats why currently many clients try to make things easier and implement all the important XEPs.
The best client is Conversations I'd say, I even have the feeling that its the leading example and often drags the others along.
Gajim is a good client for the desktop, but it needs some tweaking (going to settings and download plugins for some of the XEPs). Swift-im is another good client which wants to make things easy.
Cannot talk about iOS since I dont have any such devices :/
TODO: Add XMPP clients.
Are we OMEMO yet?
I could make a PR for this but how should/would it be added? It seems a bit odd to have an entire section dedicated to XMPP when it's really just a sub-section of the Encrypted Instant Messenger section.
I think that Conversations for Android still applies, but I have gotten image that Chatsecure needs its own module or something like that in the XMPP server and Monal may be better. However I am not an iOS user personally so this information is second (or more) hand.
On PC, Gajim works ~everywhere and another worth mentioning client is Dino however it may be Linux-only.
I am not sure if this or https://github.com/privacytoolsIO/privacytools.io/issues/141 is a better place for this, but there are at least two XMPP clients/servers with registration using phone number and contact discovery that way:
@infosec-handbook on https://github.com/privacytoolsIO/privacytools.io/issues/779#issuecomment-471687384
Are you familiar with Kontalk or Quicksy I mentioned here? I think they are attempting to be WhatsApp-like experience. I think the XEPs can be found out from https://compliance.conversations.im/, but it could have a simpler UI. On OMEMO and XMPP, I think my recommended list would be:
Isn't Signal still uploading contacts to server frequently to check that they are using Signal?
I read the link and your reader feedback seems to already say everything.
I wonder if you are trying to do the opposite here, but I think in the end it boils down to all IM systems being horrible and having their flaws.
@Mikaela
Kontalk and Quicksy rely on phone numbers, AFAIK. Quicksy is a modified Conversations client built by the developer of Conversations, and uses the same registration process as Signal. However, compared with Signal, Conversations/Quicksy don't enforce encryption, and as I mentioned in #779, XMPP comes with server-side account management that exposes most personal data to the server administrator.
I know this website. However, this isn't an official XMPP website but a list of servers that comply with XEPs used by Conversations. Moreover, this website doesn't rate any privacy aspects like "who runs the server?", "where is the server located?", "is the server software up-to-date?", "is there a privacy policy?", "does this server offer TLS with PFS?" etc.
The last time we used Gajim, it wasn't user-friendly. Dino seems to be better here.
I don't know Monal, but people recommended ChatSecure as the best iOS client before. However, development of ChatSecure seems to fall asleep. One big problem of some messengers is that they only partially support OMEMO. For instance, some clients allow OMEMO-encrypted 1-to-1 chat, however, they don't support group (MUC) chats.
As for ConverseJS, many people criticize JS-based encryption as being insecure by design, so it doesn't make sense to recommend it.
Besides, another point is the state of end-to-end encryption in XMPP:
AFAIK, Conversations is the only messenger that tries to enforce OMEMO in some situations. And, AFAIK, no messenger explains benefits/drawbacks of no encryption/OpenPGP/OTR/OMEMO. New users have to guess what is best for them.
In all cases, Signal works fine. The disadvantage is that you need to manually enter the phone number of your chat partner before you can chat.
Our main point here is that it doesn't make sense to tell people every other month to switch their messenger since someone showed up somewhere and decided that the current recommendation must be changed due to strange reasons.
Exactly. We already tried to summarize this in https://infosec-handbook.eu/blog/discussion-secure/#sm (and this section is only about the technical part of such discussions).
@privacytoolsIO/editorial thoughts?
Judging by https://github.com/privacytoolsIO/privacytools.io/pull/1048#issuecomment-514817075 this has been done.
It's been removed again?