XMPP

From LinuxReviews
Jump to navigationJump to search
Extensible Messaging and Presence Protocol (XMPP)
International standardRFC 6120 (Core) (2011)

RFC 6121 (IM & Presence) (2011)
RFC 7622 (Address Format) (2015)
RFC 3922 (CPIM) (2004)

RFC 3923 (Encryption) (2004)
Introduced1999; 22 years ago (1999)
IndustryOpen Instant messaging
Websitewww.xmpp.org

Extensible Messaging and Presence Protocol (XMPP, historically known as "Jabber") is a simple and efficient open federated protocol for instant messaging with support for contact lists, presence information and file transfers.

XMPP and the XMPP network works somewhat like e-mail. Anyone can setup their own server and usernames look exact like e-mail addresses do, you@yourserver.tld goes to you on yourserver.tld (though additional data can be provided to an address, like you@yourserver.tld/resource). Users connect to a local server and that local server does server to server communications so users on that local server can talk to users on other servers.

XMPP is a small and simple protocol with a very small surface compared to more complex instant messaging and chat systems like Matrix.

Adoption

XMPP is not a widely adopted or well-known protocol. XMPP adoption is similar to what GnuPG has (not) archived, the free software community has adopted it to a large degree and nobody else else cares, not even a little.

Facebook and many other big technology companies have adopted XMPP at one time or another. Those who did mostly built their own proprietary extensions on top of it, disabled federation and adopted it to their own little isolated island before they eventually got rid of it in favor of some closed proprietary solution.

Server Software

The two best XMPP server solutions are, as of 2021, ejabberd and Prosody. Prosody is marketed as being "easy to setup and configure" and it is. It is also very light-weight, not that ejabberd is particularly heavy in comparison to most other server software.

Server Security

Individual XMPP servers are expected to have a valid TLS certificate used for server-to-server communications. Let's Encrypt is the cheapest (free) way to get one. This does not prevent XMPP servers from seeing all user messages in plain-text, end-users and the software they use have to add some kind of security on top of their messages to get any actual security. The XMPP compliance tester, available at compliance.conversations.im, will give sites without a valid TLS certificate a very low score.

Client Software

XMPP is supported, in one way or another, by a lot of software. A lot of it does not support all the features the protocol can provide, and a lot lacks support for any kind of encryption.

XMPP have, historically, had two ways of adding security on top of it: GnuPG encryption and OMEMO encryption. OMEMO is in some ways more secure since it provides perfect forward security (keys are thrown away when a conversation ends). OMEMO has become the most popular choice (to the degree XMPP is popular).

The two best clients for GNU/Linux users are, as of 2021, Gajim (available for Linux and macOS) and Dino (only for GNU Linux).

Gajim (gajim.org) is pretty old, it is tried and true. It has a traditional GTK+ user interface. Dino is a newer application written in Rust with one of those border-line useless GNOME interfaces.

Conversations is best option for Android. It is not available for free in the Google Play Store, but it can be had for free in the alternative F-Droid free software store. Conversations has OMEMO support and a very easy and user friendly mobile interface.

There are no good XMPP clients for iOS, though ChatSecure and Siskin IM do exist. ChatSecure supports OMEMO encryption, but it has trouble detecting OMEMO fingerprints from non-ChatSecure clients. It is also somewhat limited in terms of features. Sinskin is slightly better, but it has very poor support for multi-user chats.

The situation for macOS is similar to the iOS, there aren't any good options beyond Gajim and the only way to get Gajim working on macOS is to build it from source. That's not a good option for most macOS users - though it is possible.

Links


Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.