xmpp-site/articles/home.md

# Welcome to chat.phryk.net! #

<section class="wide">
<img
    src="/resources/surveillance-thermometer.svg"
    alt="Is it getting hot in here? Are you tired of all that surveillance yet?"
    title="Is it getting hot in here? Are you tired of all that surveillance yet?"
/>
</section>

With the corporations of surveillance capitalism on one side, state agencies
on the other – and caught between them everyone using the internet – today,
it's not only likely but downright guaranteed that you – yes **you**! – are
*under surveillance*.

> ## Take refuge and communicate ##
>
> * Securely
> * Anonymously
> * *Freely*
>
> *On chat.phryk.net!*

Henlo and the bestest of welcomes to **chat.phryk.net**!
Here, a dedicated team of raccoons from [phryk evil mad sciences, LLC](https://phryk.net)
offers free and secure communication for <strike>leftists</strike>terrorists
in the form of a pretty damn spiffy, invite-based messaging service that
integrates into the larger, decentralized **XMPP** network.

This service is, in big part, a reaction to legislation from the EU
Parliament about the automated analysis of the contents of
private communications as well as their forwarding to law
enforcement agencies.

Said legislation, colloquially dubbed ChatControl, already legalized
this practice with another piece of legislation planned to make it
not only legal, but *mandatory* for the providers of "number-independent
interpersonal communication services" like E-Mail and Messengers.
You can read more about it in our short [article tackling the issue].

[article tackling the issue]: /article/chatcontrol

## XM–WHAT now? ##

**XMPP** – *eXtensible Messaging & Presence Protocol* – refers
to the technical specification underlying this service.

No worries if you're not a techie, there's no need to know about
the nitty-gritty specifics, but there are a few key qualities
you should know about because they explain why we advocate the
use of XMPP for secure communications between lefties.

> Some of this might seem boring – and maybe it is – but in an
> age of ubiquitous surveillance you can't really afford not
> knowing this shit at least at a surface level if you want
> to make informed decisions.

* Support for multiple types of strong End-to-End Encryption (E2EE)
* Decentralized
* Free & Open standard
* Extensible
* Not bound to established unique personal identifiers
* Wide array of software using it
    * **XMPP** software covers pretty much any system imaginable
        * We can basically guarantee someone ran this on a toaster
            * We're only half-joking, someone probably actually did.

> If you want a more detailed explanation of these points,
> feel free to partake in the consumption of our text
> [X as in Freedom: Why dissidents have ample reason to use **XMPP**][x-freedom].

[x-freedom]: /article/x-as-in-freedom


## Features, features, features! ##

*   Messaging with other users on this or any other reasonably
    secure server in the wider **XMPP** network
*   Chatrooms
*   File transfers
*   STUN/TURN NAT traversal to support audio/video chats
*   End-to-End Encryption enforcement
*   Mobile connectivity optimizations
*   Support for parallel logins with message synchronization
*   Ephemeral message archive – messages are deleted after one week
*   Browser client in case you can't install apps/programs
*   Web-based invites to onboard *our* comrades. ( ͡° ͜ʖ ͡°)
*   100% score on [compliance.conversations.im]!
*   Fully IPv6-enabled
*   [Free & Open-Source][foss] [Prosody] on a Free & Open-Source 
    [FreeBSD] on disks encrypted with AES-256


## Okay, cool – what do I need? ##

If you have an invite to this service – nothing!
Just go through the invitation process and you'll get
logged onto the service right here in your browser.

Otherwise, you mostly need an **XMPP** client, mostly.

We say mostly, because this service is currently *invite-only* – but
don't worry, **XMPP** still has you covered with lots of servers.
You can take a look at the [Server Directory at the IM Observatory][server-directory]
to see if anything listed there strikes your fancy.
Personally, we deem [jabber.systemli.org] and jabber.ccc.de
trustworthy but audio/video chat might not work properly.

An **XMPP** client is the program used to communicate
through an XMPP service.

We do offer a [in-browser access][conversejs] if you can't install
a client on your device or are still undecided, but we *very*
strongly recommend going native – and we have a few recommendations.

All of these are [Free & Open-Source Software][foss] and support the
[OMEMO E2EE standard][omemo-spec], which has quickly become the most
popular E2EE scheme in the **XMPP** ecosystem.

| Platform                      | Client            | E2EE for File Uploads | E2EE for Chatrooms    | E2EE for audio/video chats|
|-------------------------------|-------------------|-----------------------|-----------------------|---------------------------|
| Android                       | [Conversations]   | **YES, UNVERIFIED**       | **YES, UNVERIFIED**       | **YES, UNVERIFIED**           |
| iOS                           | [Siskin]          | **UNVERIFIED**            | **UNVERIFIED**            | **UNVERIFIED**                |
| macOS                         | [Beagle]          | **UNVERIFIED**            | **UNVERIFIED**            | **UNVERIFIED**                |
| Linux, BSD                    | [Dino]            | **YES, UNVERIFIED**       | **YES, UNVERIFIED**       | **NO, UNVERIFIED**            |
| Windows, Linux, BSD, macOS    | [Gajim]           | **UNVERIFIED**            | **UNVERIFIED**            | **UNVERIFIED**                |

After installing one of these, it's simple – just enter your JID
(`<yourname>@phryk.net`) and password and start chatting!

[compliance.conversations.im]: https://compliance.conversations.im/server/phryk.net/
[foss]: https://en.wikipedia.org/wiki/Free_and_open-source_software
[Prosody]: https://prosody.im/
[FreeBSD]: https://freebsd.org/
[server-directory]: https://xmpp.net/directory.php
[jabber.systemli.org]: https://www.systemli.org/service/xmpp/
[conversejs]: https://chat.phryk.net/converse/
[Conversations]: https://conversations.im/
[Siskin]: https://siskin.im/
[Beagle]: https://beagle.im/
[Dino]: https://dino.im/
[Gajim]: https://gajim.org/
[omemo-spec]: https://xmpp.org/extensions/xep-0384.html


## Roadmap ##

This service already offers a lot of features, but is still lacking some
things we want in order to further improve the security and usability of **XMPP**.

What's there? What's to come?

> Please note that we only talk about *server* capabilities here, to see what
> each of the **XMPP** *clients* we support can do, please refer to our [list of
> supported clients](/clients).

| Feature                                       | Are we there yet? |
|-----------------------------------------------|-------------------|
| Basic **XMPP**                                    | YES               |
| Mobile Optimizations                          | YES               |
| File Uploads                                  | YES               |
| Community Chatrooms                           | YES               |
| Invite-based Registration                     | YES               |
| Invite Creation for Community Members         | NO                |
| TLS-only Setup                                | YES               |
| STUN/TURN NAT Traversal Service for A/V Calls | YES               |
| Settings Bot or Dialogue                      | NO                |
| Improved Moderation Tools                     | NO                |
| Self-destructing Message Archive              | YES               |
| E2EE enforcement Grace Periods                | YES               |
| E2EE enforcement for Direct Messaging         | YES               |
| E2EE enforcement for Chatrooms                | YES               |
| E2EE enforcement for File Uploads[^fc]        | NO                |
| E2EE enforcement for Audio/Video Calls        | NO                |
| Extended Cryptographic [Canaries]             | NO[^c]            |
| Client-side or Encrypted Contact Rosters[^r]  | NO                |
| Automated testing                             | NO                |

For more information about the protocol-level capabilities of this service,
see our entry at [compliance.conversations.im](https://compliance.conversations.im/server/phryk.net/).

[^fc]:  End-to-End-Encrypted uploads are an area of ongoing research in
        the **XMPP** community, with only one preliminary [XEP] that has
        limitations and is supposed to be superseded by a well-engineered
        follow-up. As such, full-fledged official support and enforcement
        will take a while.

[^c]:   We put a good bunch of work into this, but it's currently just not
        possible with [GnuPG] because it's a [giant]  [garbage]  [fire].
        We're currently waiting for the good folks at [Sequoia] to finish
        and release the python bindings for sequoia-sop so we can do this
        in a way that's not complete shit. 🤷

[^r]:   This is not a feature most (if any) non-P2P messaging solutions have
        and might not be technically possible/viable, but we're planning to
        look into it anyhow. **XMPP** is already better than Signal in this
        regard as your JID won't be leaked to everyone in the same chatroom
        as you.

[Canaries]: https://en.wikipedia.org/wiki/Warrant_canary
[XEP]: https://xmpp.org/extensions/xep-0454.html
[GnuPG]: https://en.wikipedia.org/wiki/GNU_Privacy_Guard
[giant]: https://mastodon.social/@phryk/107807889352807387
[garbage]: https://mastodon.social/@phryk/107866591938927511
[fire]: https://github.com/vsajip/python-gnupg/issues/172
[Sequoia]: https://sequoia-pgp.org/