Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Set up your own XMPP server or use an existing one?

  • 15-02-2015 7:10pm
    #1
    obsidianclock
    Closed Accounts Posts: 158 ✭✭


    Dear all,

    I have been searching online and on the face of it, it doesn't seem to be that difficult to set up your own XMPP server.

    It would seem that eJabberd is a very easy to set up and use implementation.

    As you all know, Google Talk has abandoned open standards for instant messaging with their new "Hangouts" protocol.

    However, using client software which supports OTR, and possibly via using an XMPP server which also operates as a tor hidden service such as that used by rows.io you can theoretically at least have an end to end encrypted chat with another user, without giving away your location.

    I hope you'll all agree that given the alternatives, this is probably the best way to conduct a conversation with someone safely online.

    The only question that remains, is do we need to set up our own server anonymously e.g through a VPS which can be paid for by Bitcoin, or is it better to use an established server?

    The advantage of having your own server of course is that you can be sure that no traffic data is logged. However I am leaning towards using a public server on the basis that it might be more difficult to distinguish the metadata of your individual conversations amongst the noise.

    Would love to hear your thoughts.

    e.g I am familiar with TorChat. As I understand it, it is not actively being maintained and the new version is not yet available.


Comments

  • #2
    Vangel
    Registered Users, Registered Users 2 Posts: 6 Vangel


    OTR + XMPP
    Use a Russian service such as exploit.im

    Worked good for me.


  • #3
    obsidianclock
    Closed Accounts Posts: 158 ✭✭obsidianclock


    bedlam wrote: »
    If you want anonymous IM, Ricochet is a promising replacement for TorChat

    Otherwise, a public service would be better than rolling your own as the latter is far harder to do anonymously. If the public service has a HS great other wise you'll want to use SOCKS proxy to router your connection via Tor. OTR will give you end to end encrypted chat but the servers will know who you are talking to and your buddy list will be stored with them.

    Assuming anonymity is less of a priority over control of the services give prosody a look, much easier than ejabberd.

    Some XMPP services that have Hidden services:

    Bedlam,

    Many thanks for this. I was dimly aware of Ricochet but have had a bad experience with TorChat in the past and was a bit wary.

    This isn't actually a reflection on the level of security offered by TorChat or Ricochet at all - it's just that my friends and I use a live CD (I use TAILS) when chatting - as such it's very difficult to have the same username from one session to the next unlike with registering an account with an XMPP server.

    Think I'll follow your advice and use Ricochet or one of the public servers listed - many thanks!


  • #4
    obsidianclock
    Closed Accounts Posts: 158 ✭✭obsidianclock


    Vangel wrote: »
    OTR + XMPP
    Use a Russian service such as exploit.im

    Worked good for me.

    Very interesting thanks. Do you know if they have an .onion address?


  • #5
    obsidianclock
    Closed Accounts Posts: 158 ✭✭obsidianclock


    bedlam wrote: »
    Use Tails with USB and set up a persistent partition, that way you can store your Pidgin settings / account details on an encrypted partition.



    You are registering a new XMPP account each time you boot tails?

    Hi bedlam,

    Actually I have just seen that TAILS allows Ricochet users to back up their settings to SpiderOak or a persistent partition, so I stand corrected!

    The advantage of registering an account with an established XMPP server is that you can have the same username and password each time. Ricochet and Torchat generate a username and tor hidden address for each session - then again this is probably much more secure.. You just need a way to exchange usernames securely!


  • #6
    obsidianclock
    Closed Accounts Posts: 158 ✭✭obsidianclock


    From reviewing the website, it's not immediately clear if Ricochet supports OTR... such a shame as it seems otherwise perfect! :)


  • Advertisement
  • #7
    obsidianclock
    Closed Accounts Posts: 158 ✭✭obsidianclock


    bedlam wrote: »
    It does not, both clients are hidden services so communications are end to end encrypted over Tor.

    edit: https://github.com/ricochet-im/ricochet/issues/28

    Forgive my paranoia bedlam, of course if you're running your own hidden service, you'll be protected by the awesomeness of elliptic curve cryptography - what worries me is that some relays still haven't updated to use this yet - still it seems the best way forward!

    You still need a secure way of exchange usernames on ricochet each time as far as I can tell but it's a small price to pay!


  • #8
    obsidianclock
    Closed Accounts Posts: 158 ✭✭obsidianclock


    bedlam wrote: »
    It's just a once off unless you are not storing client configuration.

    True - it's not too much of a bother. The software looks very promising, think I'll try and load it up into a persistent install of TAILS! :)


Advertisement