Recommend XMPP for Real-Time Communication #208
-
XMPP is the IETF Internet Standard for federated instant messaging and there are clients with support for OMEMO (end-to-end encryption) for all major platforms. I think XMPP would be a good fit for the Real-Time Communication category. See also:
|
Beta Was this translation helpful? Give feedback.
Replies: 0 comments 14 replies
-
The main reason we don't is because a lot of clients don't support E2EE for all private actions. For example some things might be encrypted with OMEMO, other things might not be like file transfers or status updates. In general XMPP is not a very private protocol, at least from the server admin side of things: https://infosec-handbook.eu/articles/xmpp-aitm/ With Matrix really the only exposed metadata at the moment is your matrix ID In the future Matrix will be moving towards a server-less mode to improve that further https://matrix.org/blog/2021/05/06/introducing-the-pinecone-overlay-network/ |
Beta Was this translation helpful? Give feedback.
-
I've been using XMPP for over a decade now and it largely "just works" at the end of the day with no frills. XMPP clients like Conversations, Dino, and Gajim are reasonably polished these days and work out of the box. You can have a compliant server with either ejabberd or prosody in under an hour if you have basic Linux sysadmin skills. The community has even been more active than ever and you can quickly jump into suitable chat rooms as listed on https://search.jabber.network. I remember the early Matrix client (whatever it was called) literally sent your mouse coordinates when in window to the server and had Google Analytics included, largely left a sour taste in my mouth. XMPP can trivially and seamlessly connect to any IRC room via Biboumi and can even call landlines via jmp.chat, both fullly free (as in freedom)! Not to mention that Vector IM (?) has $50 million in VC funding they eventually need to pay back. +1 for XMPP |
Beta Was this translation helpful? Give feedback.
-
To begin with, Matrix doesn't have any decent servers, and the majority of Matrix servers have no privacy policy. |
Beta Was this translation helpful? Give feedback.
-
It's important to emphasize https://wiki.xmpp.org/web/XMPP_E2E_Security. Only OMEMO (XEP-0384) seems a recommendable proposal. |
Beta Was this translation helpful? Give feedback.
-
@lrq3000 don't want to delay your PR but might also be good to look in to this. |
Beta Was this translation helpful? Give feedback.
-
XMPP won't be added to @lrq3000's PR as that is a legacy migration PR and we're not going to extend the window further for that. It is also worth noting we want to really limit recommendations on PG to things that have privacy related features. If we're worried about metadata and associated data with that we might want to strengthen the criteria. At this time it looks like Matrix has some hope of reducing metadata with their P2P functionality. https://matrix.org/blog/2021/05/06/introducing-the-pinecone-overlay-network/ |
Beta Was this translation helpful? Give feedback.
-
Hello and sorry for the necroposting, but I just wanted to point out the following: The "privacy VS metadata" is a false dichotomy. Metadata does matter as much as the content of the conversation for user privacy, if not more in most cases. It's not just a minor remark. I'm not asking for any action specifically, just please keep this in mind when evaluating options, thanks :) |
Beta Was this translation helpful? Give feedback.
The main reason we don't is because a lot of clients don't support E2EE for all private actions.
For example some things might be encrypted with OMEMO, other things might not be like file transfers or status updates.
In general XMPP is not a very private protocol, at least from the server admin side of things: https://infosec-handbook.eu/articles/xmpp-aitm/
With Matrix really the only exposed metadata at the moment is your matrix ID
@user:example.com
, room nick, and what room IDs your account is in.In the future Matrix will be moving towards a server-less mode to improve that further https://matrix.org/blog/2021/05/06/introducing-the-pinecone-overlay-network/