xmpp-site/articles/home.md

9.6 KiB
Raw Permalink Blame History

Welcome to chat.phryk.net!

Is it getting hot in here? Are you tired of all that surveillance yet?

With the corporations of surveillance capitalism on one side, state agencies on the other and caught between them everyone using the internet today, it's not only likely but downright guaranteed that you yes you! are under surveillance.

Take refuge and communicate

  • Securely
  • Anonymously
  • Freely

On chat.phryk.net!

Henlo and the bestest of welcomes to chat.phryk.net! Here, a dedicated team of raccoons from phryk evil mad sciences, LLC offers free and secure communication for leftiststerrorists in the form of a pretty damn spiffy, invite-based messaging service that integrates into the larger, decentralized XMPP network.

This service is, in big part, a reaction to legislation from the EU Parliament about the automated analysis of the contents of private communications as well as their forwarding to law enforcement agencies.

Said legislation, colloquially dubbed ChatControl, already legalized this practice with another piece of legislation planned to make it not only legal, but mandatory for the providers of "number-independent interpersonal communication services" like E-Mail and Messengers. You can read more about it in our short article tackling the issue.

XMWHAT now?

XMPP eXtensible Messaging & Presence Protocol refers to the technical specification underlying this service.

No worries if you're not a techie, there's no need to know about the nitty-gritty specifics, but there are a few key qualities you should know about because they explain why we advocate the use of XMPP for secure communications between lefties.

Some of this might seem boring and maybe it is but in an age of ubiquitous surveillance you can't really afford not knowing this shit at least at a surface level if you want to make informed decisions.

  • Support for multiple types of strong End-to-End Encryption (E2EE)
  • Decentralized
  • Free & Open standard
  • Extensible
  • Not bound to established unique personal identifiers
  • Wide array of software using it
    • XMPP software covers pretty much any system imaginable
      • We can basically guarantee someone ran this on a toaster
        • We're only half-joking, someone probably actually did.

If you want a more detailed explanation of these points, feel free to partake in the consumption of our text X as in Freedom: Why dissidents have ample reason to use XMPP.

Features, features, features!

  • Messaging with other users on this or any other reasonably secure server in the wider XMPP network
  • Chatrooms
  • File transfers
  • STUN/TURN NAT traversal to support audio/video chats
  • End-to-End Encryption enforcement
  • Mobile connectivity optimizations
  • Support for parallel logins with message synchronization
  • Ephemeral message archive messages are deleted after one week
  • Browser client in case you can't install apps/programs
  • Web-based invites to onboard our comrades. ( ͡° ͜ʖ ͡°)
  • 100% score on compliance.conversations.im!
  • Fully IPv6-enabled
  • Free & Open-Source Prosody on a Free & Open-Source FreeBSD on disks encrypted with AES-256

Okay, cool what do I need?

If you have an invite to this service nothing! Just go through the invitation process and you'll get logged onto the service right here in your browser.

Otherwise, you mostly need an XMPP client, mostly.

We say mostly, because this service is currently invite-only but don't worry, XMPP still has you covered with lots of servers. You can take a look at the Server Directory at the IM Observatory to see if anything listed there strikes your fancy. Personally, we deem jabber.systemli.org and jabber.ccc.de trustworthy but audio/video chat might not work properly.

An XMPP client is the program used to communicate through an XMPP service.

We do offer a in-browser access if you can't install a client on your device or are still undecided, but we very strongly recommend going native and we have a few recommendations.

All of these are Free & Open-Source Software and support the OMEMO E2EE standard, which has quickly become the most popular E2EE scheme in the XMPP ecosystem.

Platform Client E2EE for File Uploads E2EE for Chatrooms E2EE for audio/video chats
Android Conversations YES, UNVERIFIED YES, UNVERIFIED YES, UNVERIFIED
iOS Siskin UNVERIFIED UNVERIFIED UNVERIFIED
macOS Beagle UNVERIFIED UNVERIFIED UNVERIFIED
Linux, BSD Dino YES, UNVERIFIED YES, UNVERIFIED NO, UNVERIFIED
Windows, Linux, BSD, macOS Gajim UNVERIFIED UNVERIFIED UNVERIFIED

After installing one of these, it's simple just enter your JID (<yourname>@phryk.net) and password and start chatting!

Roadmap

This service already offers a lot of features, but is still lacking some things we want in order to further improve the security and usability of XMPP.

What's there? What's to come?

Please note that we only talk about server capabilities here, to see what each of the XMPP clients we support can do, please refer to our list of supported clients.

Feature Are we there yet?
Basic XMPP YES
Mobile Optimizations YES
File Uploads YES
Community Chatrooms YES
Invite-based Registration YES
Invite Creation for Community Members NO
TLS-only Setup YES
STUN/TURN NAT Traversal Service for A/V Calls YES
Settings Bot or Dialogue NO
Improved Moderation Tools NO
Self-destructing Message Archive YES
E2EE enforcement Grace Periods YES
E2EE enforcement for Direct Messaging YES
E2EE enforcement for Chatrooms YES
E2EE enforcement for File Uploads1 NO
E2EE enforcement for Audio/Video Calls NO
Extended Cryptographic Canaries NO2
Client-side or Encrypted Contact Rosters3 NO
Automated testing NO

For more information about the protocol-level capabilities of this service, see our entry at compliance.conversations.im.


  1. End-to-End-Encrypted uploads are an area of ongoing research in the XMPP community, with only one preliminary XEP that has limitations and is supposed to be superseded by a well-engineered follow-up. As such, full-fledged official support and enforcement will take a while. ↩︎

  2. We put a good bunch of work into this, but it's currently just not possible with GnuPG because it's a giant garbage fire. We're currently waiting for the good folks at Sequoia to finish and release the python bindings for sequoia-sop so we can do this in a way that's not complete shit. 🤷 ↩︎

  3. This is not a feature most (if any) non-P2P messaging solutions have and might not be technically possible/viable, but we're planning to look into it anyhow. XMPP is already better than Signal in this regard as your JID won't be leaked to everyone in the same chatroom as you. ↩︎