This text has been through tentative peer review by XSF members as well as a handful of IT and security specialists, but has not been reviewed in-depth.
If you spot any mistakes, please reach out.
Why dissidents have ample reason to use XMPP
Here at phryk evil mad sciences, LLC we get awfully frustrated whenever leftists talk about secure messaging and extoll the virtues of Signal and Telegram but don't even mention XMPP – the eXtensible Messaging and Presence Protocol.
A grave injustice we aim to rectify in this text.
XMPP – a comparison
Let's get the executive overview and see how XMPP compares to messaging solutions currently recommended in leftist circles; Namely Signal, Telegram and Matrix.
For this comparison we chose only qualities that are relevant to security, reliability and resilience – y'know stuff that miiight be relevant for dissidents in the sort of cybrepunk dystopia we somehow found ourselves in.
If you know what all of this means – congratulations, you're done here! Get yourself a cookie and pat yourself on the back, you're extremely well informed.
For the rest of us, let's break down what all of this means, shall we?
Tech Terminlogy Turnips
First, we need to make sure we're on the same page with a couple of terms.
A piece of software that provides a service over the internet. Common examples
are web- and mailservers but also ones people don't usually interact directly
with, like servers used to look up domain names like
or clock synchronization (NTP).
A piece of software made to communicate with a certain kind of server. Common examples include browsers, e-mail programs and most messenger apps. Diagrams on this page will depict clients using this triangly boi:
An agreed-upon (usually standardized) way for software to exchange data. Basically the language that clients and servers use to talk to each other in a way they understand. XMPP is a protocol. Another one is HTTP which your browser and our server communicated in to deliver you this website.
To summarize in our context: XMPP is the protocol the Prosody server running on this machine uses to talk with the chat programs used to access the messaging features offered by it and these chat programs are XMPP clients.
Encryption is the act of making data unreadable to anyone but the intended recipient of it. This is usually done by leveraging unsolved math problems. Much of todays encryption is based on the unsolved problem of factorizing the result of multiplying two large prime numbers – for computers, it is trivial to multiply two large primes, but no algorithm to determine the two primes used from only the result exists.
Technically this is not exactly true. There is a known quantum algorithm, that might be able to solve this problem, but current quantum computers are still far removed from running practical attacks. As this might change in the future, cryptographers have been actively working on inherently "quantum-safe" encryption schemes, an early example of which might be [Keccack].
When a computer is taken over or privileged access is gained by malicious actors, we say the machine is compromised.
Comes in two basic flavors:
- Data compromise: When data is exfiltrated from a running machine or the machine is taken offline for forensic analysis and has its data extracted (trivial if the machine is set up without disk encryption).
- Operational compromise: When a machine is compromised and kept running. When done by state organizations, the goal is usually to identify and de-anonymize the users of services provided by said machine. An operational compromise always implies a data compromise.
A vulnerability is a special type of software bug that allows a would-be attacker to do things with the software they aren't authorized to do. They can range from inoccuous things like "allows users in the same network to make the computer go beep!" all the way to "allows users in the same network to make centrifuges for nuclear enrichment explode".
Now, that we have that out of the way, let's dive in and untangle things.
Decentralization means multiple things.
Firstly, the distribution of authority and control within a system. This means that no one entity can decide over how and by whom a system is used and leads to decentralized systems being much more resilient to coercion by powerful actors like the pigs and "intelligence" orgs.
Simply put, it's easy to coerce one CEO, but coercing thousands of people who run a network independently from each other in all parts of the globe is a different story.
This is opposed to what we see on virtually all commercial4 online communication services, which can be visualized like this:
Here, we can see how everyone () has to go to the one true authority for a service they want to use, like for Twitter, Discord or Spotify.
This authority can freely decide who gets to participate – and to what degree. It can exclude people entirely or decide with what and whom they can interact. From hiding posts that are inconvenient like labor abuses perpetrated by said authority to censorship of LGBT++ issues to large-scale algorithmic manipulation of information like defining "filter bubbles" for people, this central authority can dictate who gets to see and do what.
Secondly, decentralization on a technical level means the distribution of a system over multiple machines. For this, XMPP uses an approach called federation, which looks like this:
As you can see, the system is split over a bunch of different servers, that communicate with each other (that's those thicc green lines), in order to facilitate interactions beyond the particular server someone uses – an approach you might already be familiar with from e-mail, where you can send e-mails between accounts on riseup.net and disroot.org without a problem.
This is also one of the reasons why XMPP addresses look exactly like e-mail addresses.
Did you know that disroot provides both e-mail and XMPP services? You can get the same address to be reachable through both mediums!
This sort of decentralization makes the XMPP network more resilient against destructive interference (think government takedowns), since the network itself has no single point of failure.
Short of global thermonuclear war, a monstruous solar flare frying all electronics on the planet or a global collapse of the internet, the powergrid or both, we are not aware of any threat that could really destroy a network like this. And even in these cases, a decentralized network will fare better because pockets of it can survive and eventually reconnect.
Technically, many commercial4 services look a bit like this under the hood nowdays, being technically somewhat decentralized. The key difference is that these services still act like the first diagram when it comes to authority and control, thus enabling an absolute dictate of what is sanctioned on their platform and introducing an organizational single point of failure that is beholden to the powers that be.
XMPP is better than that because it is decentralized in technology as well as in authority and control. We can't dictate to the good folks at disroot that they have to ban someone from their service or vice-versa. We can, however, collaborate and for example share information on known threats in order to help keep the people who entrust us with their private communications safe.
The techies among you might now be a bit disappointed, that we didn't tout P2P as the most bestest mode of decentralization, but while it's true that it's the most technically resilient, it also makes a lot of problems like moderation much, much harder to solve, if not just outright placing the whole onus for it on everyone using it. We do think secure P2P messengers are a great boon for clandestine affinity groups, but at least for now not a good way to build community.
End-to-End Encryption, also shortened to E2EE, refers to encryption of data enacted at the two endpoints of a communication. This means the contents of said communication won't be readable by any of the machines involved in transmitting it.
This differentiates it from transport encryption like TLS, which you already
know – it's what's used whenever you access a site via
https:// like this one.
Transport encryption is enacted between client and server; meaning the server
can read the contents of communications between clients.
When just browsing a website to read something, this isn't a problem and transport encryption is exactly what you want in that case – but as soon as you have people communicating over a service, having only transport encryption means that all communications exist in plainly readable form on the server. An example of this would be the Twitter DMs, which Twitter can and will give to state agencies and probably runs automated analysis on to build more extensive profiling data of you.
E2EE is an essential feature for private communications.
XMPP offers a selection of not one, not two, but three different E2EE schemes!
OTR – Off The Record
Today, OTR is largely a historic thing, at least in the XMPP space. It bears mentioning tho – for one, because there still are clients like Gajim that support it; but also because it was the first widely deployed cryptographic protocol that included plausible deniability as a feature.
Plausible deniability means that even if a communication from you is decrypted, it can't be technically proven that you were the one actually sending it.
It should also not be considered secure by todays standards, especially when dealing with state-actor adversaries.
If you must have a techie explanation for this, it's because of a static key size of 128 bits and reliance on the SHA-1 hash algorithm that isn't considered collision-safe anymore.
OTR only works for direct messaging – i.e. not for chatrooms, file transfers or calls.
Even today, PGP – the grandaddy of E2EE – is not obsolete and enjoys a venerable and versatile existence – not only for E-Mail, but also for encrypted storage, various communications services and, of course, XMPP.
Cryptographically sound and well-audited, PGP has truly stood the test of time – for 30 years now.
Plausible deniability is not one of its features – in fact it was created with the goal of being able to assure without a doubt who you are and as such is probably the closest thing to trustworthy, legally binding digital signatures out there.
The support situation of PGP in XMPP clients is a little messy as there are two different ways of going about it with most clients that do support PGP using the older one and often (reportedly) don't support the previously mentioned identity assurance.
OpenPGP works for direct messaging, but more advanced features like encrypted chatrooms, file transfers and calls are currently either completely unavailable or not widely supported.
For the last couple of years, this has been where the cool kids play. In essence, OMEMO is a copy of the cryptographic protocol of Signal*. In this regard it's similar to what Matrix is doing.
*: Not to be confused with Signals network protcol.
Sorry if that's confusing – tech often is.
This is good praxis – as the first rule of cryptographic engineering is to "never roll your own" cryptographic protocol (hello, Telegram!) or, even worse, encryption algorithm.
Additionally, Signals cryptographic protocol is one of the most well-audited and generally looked at cryptographic protocols out there.
OMEMO is also the only E2EE solution for XMPP that works not only for direct messaging and chatrooms, but also for file transfers and calls.
This, combined with the fact that – unlike OpenPGP – OMEMO offers plausible deniability, is why we currently recommend the use of OMEMO for the E2EE needs of dissidents.
Anonymity is commonly used to denote that the real-life identity of a communications' sender is unknown.
Extending on that true anonymity – loosely paraphrased – means that it's mathmatically impossible to figure out the real-life identity of the sender from captured data. In short, this is what you want if you expect being specifically targeted by state-level actors (i.e. not just by regular mass surveillance).
Linguistically, one could make the point that most things that are called anonymous should actually be called pseudonymous since they usually involve an identity that allows connecting different communications from the same sender. For the purpose of this article the difference in meaning is negligible, so we use the word anonymous the way it's commonly understood.
If you want to know about how this distinction can actually make a difference, hit us up and we'll tell you all about affinity groups, decentralized sabotage and the propaganda of the deed. 😇
With that out of the way – Identity compartmentalization is how you achieve true anonymity and describes the management of multiple independent identities that can't be connected with each other by outside observers.
At the most basic level, practicing identity compartmentalization means never creating any link between the identity to be protected and any other held by the same person or group.
Today, basically all commercial4 services (as well as Signal and Telegram) require providing at least one unique personal identifier that can be expected to be easy to connect with your real-life identity – usually this is your mobile phone number or e-mail address.
For services operating under the principles of surveillance capitalism, these identifiers are extremely valuable. This is especially true for phone numbers as those can be used to connect online identities to peoples legal identity with near-perfect reliability – even more so when we consider widespread bans on anonymous SIM cards.
As an aside, please do not expect "anonymous" SIM cards to protect your identity by themselves. Every SIM card is uniquely identifiable via its IMSI and every phone through its IMEI. Additionally, mobile phones (including "dumbphones") enable constant location tracking. To use an "anonymous" SIM card efficiently, you must never use it in a phone registered to your name and never at locations you frequently visit. The relevant data for this is already known to be given out by mobile service providers to state organizations. We might put out an OPSEC guide at some point going into this in more detail.
But when you're not beholden to the InCeNtIvE pReSsUrEs of surveillance capitalism, you can just forego this data – after all…
And so, XMPP doesn't require you to provide any such identifier – a central point in enabling people to create truly anonymous identities.
While this is more or less all that's needed for true anonymity on the protocol side actually achieving this level of anonymity necessitates more on the part of the people using the service.
- always access the service through TOR, including for account creation
- never communicate your real identity through the anonymous one
- keep your device free of malware
- avoid physical surveillance when using the service
TOR is a tool to anonymize people on the internet. It works by passing data through multiple, randomly chosen intermediate machines on the internet.
Free & Open standard
Like the technical specifications that standardize the web, the XMPP specification and all of its extensions are publicly viewable for free.
The body governing XMPP is the XMPP Standards Foundation, usually called XSF for short.
Membership at the XSF is not needed to collaborate on the improvement of XMPP – but if you do want to become a member, applications are open to anyone actively working in the wider XMPP ecosystem, so collaboration is largely possible independently of the usual axes of discrimination like class, gender, race or sexual orientation.
"largely" mostly because we're assuming that the XSF, like pretty much everything in tech, has a "representation problem". We are currently not an XSF member but might become one in the future. That said, our own impression of the XMPP community has been that it's a very welcoming space.
Standardization is done publicly, ensuring transparency so the risk of bad actors smuggling in trojan horse "features" is counterbalanced by all the privacy-minded hackers out there who would immediately cry foul and probably set up an alternative standardization organization for XMPP within a week should such a thing ever happen to one of their favorite means of communication.
Furthermore, building software using these specifications does not incur any licensing costs, which – let us assure you – are a very real thing. They are just one of the many ways in which "intellectual property" holds humanity back.
For these reasons XMPP is an extremely good fit for Free & Open Source Software, which is essentially the only kind of software you can have any trust in.
From the roster of services we're looking at here, Matrix is the only contender also coming defined as an open standard.
What Matrix doesn't have is a built-in extension mechanism in its spec. This means that for every single new or changed feature, a new version for the whole specification has to be released.
XMPP on the other hand, keeps its core specification slim, but defines such an extension mechanism, allowing for broader experimentation and gives the ecosystem a dimension of direct democracy by what extensions the people writing the servers and clients as well as those running XMPP servers choose to support.
This, we argue, leads to a strong ability to evolve the network into new and unexpected directions and thus offers a greater capability for it to adapt to new threats and challenges – in other words to keep meeting peoples' needs in an ever-changing landscape.
You might have heard about Jitsi and it's a great example for this in action. Jitsi is based on XMPP but extends it in ways which are not standardized, meaning Jitsi services aren't usable with normal XMPP clients (except for text chat). This has inspired the community to collaborate on a set of extensions to bring the same features to the wider ecosystem. Now, the first XMPP clients have integrated audio and video calls with OMEMO encryption with encrypted a/v conferencing slowly appearing on the horizon.
While Signal and Telegram have some third-party clients which, to the best of our knowledge, aren't being persecuted out of existence, they're likely never going to be officially supported.
This is yet another way in which most messaging solutions introduce a single point of failure. With only one client and server implementation, any vulnerabilities found in them are much more valuable for attackers because every single user on the network is vulnerable at once.
XMPP and Matrix have a diverse software ecosystem supporting them with multiple server and client implementations each, eliminating this single point of failure.
When a critical vulnerability in the Signal or Telegram clients are found you can't securely use these services until the vulnerability has been fixed in the client. With XMPP and Matrix you can just switch to a client or server that isn't affected by whatever the vulnerability of the day is.
Oh, did we mention that using multiple accounts in parallel is routinely supported in all common XMPP messengers? If you are worried about staying reachable, it's easy to have accounts on a bunch of different XMPP servers and use all of them on all your different devices running different clients at the same time.
There are of course also downsides to choosing XMPP over other messaging solutions, with the one which is probably making itself felt the most being that some newer or more advanced features like (end-to-end encrypted) audio and video calls or stickers aren't supported over by all clients (and servers).
It's easy to overlook – especially if you're coming from a background of only commercial4 solutions – that like most other Free and Open endeavours, the XMPP ecosystem is created and maintained almost entirely by volunteer labor and won't ever be able to give you the same level of polish as a multi-billion dollar corporation, especially when considering that this labor is split up between all the different clients and server implementations and not centralized on just one of each.
If you don't see why lefties should suck it up and bear with a slightly worse user experience to gain privacy, you should probably read up on what the fuck is actually happening in the technology space and what sorts of threats leftist dissidents can face.
A couple good starting points to get you clicking through Wikipedia:
Please realize that by exclusively using privacy-breaking services, you are not only compromising your own privacy, but also that of your friends, families, lovers and comrades.
Luckily, with Conversations, XMPP has an amazing client on the forefront of what can be done with XMPP right on the most common operating system on the planet: Android.
For most "real" computers, XMPP has Dino which isn't very far behind and has quickly become one of the major players of the ecosystem. We wholeheartedly recommend it.
And if you absolutely need ALL THE FEATURES, Gajim totally has your back.
On a security-related note, to our understanding XMPP services currently have the choice between keeping peoples' contact lists on the server or breaking some aspects of multi-client support, including for OMEMO.
The problem with this is that in case of a compromise, your entire contact list would be known to the attacker. While this is true of most instant messaging services (with the notable exception of Signal), it is still something to keep in mind.
We're looking to work on this aspect, but haven't read enough of the relevant extension specifications yet to properly reason about the technical feasibility and involved challenges.
A bit of information on security audits
OMEMO as well as (parts of?) Matrix' cryptographic protocol have both been through a security audit – which is a fancy way to say they were analyzed for flaws by security experts. While this is an important step for any cryptographic protocol to reach maturity, these are often misunderstood.
A security audit is neither an assurance that something is secure nor does it mean any of the issues reported in them are still around. They are an important tool to improve security – nothing more, nothing less.
If you're a curious and inclined techie, you can read the results of these audits here:
A key point resulting from many of the aspects we discussed here is that unlike most commercial4 messengers (as well as Signal and Telegram!), XMPP does not force you to have a mobile phone involved at all.
This is extremely relevant since carrying around a mobile phone means your location is continually trackable. We know that this data is being shared with state organizations in the wake of the COVID-19 pandemic and we also know that this data is used for largely automated "targeted" killings with drones.
If this sounds overly dramatic to you, please watch the talk The Global Assassination Grid by US Air Force whistleblower Cian Westmoreland, ponder the adage of "One man's terrorist is another man's freedom fighter" and realize that a) not all of our comrades live in The West™ and b) circumstances change with signs not exactly pointing to global peace for the future.
This mass surveillance of virtually everybody's movements is, in our honest opinion, one of the most worrying (and dystopian) developments of the century.
In this context, the wide reliance on phone-bound messengers acts not only to keep people trackable, but also to coerce people who wouldn't normally use them to make themselves trackable or face broad social exclusion – in other words, if you're only reachable in a way that requires a mobile phone, you require others to give up privacy to contact you and thus reinforce the systemic erosion of liberties through mass surveillance.
Concerning Matrix, we would like to point out that we chose XMPP over it not only because Matrix lacks an extension mechanism, but also because it tries to do datastreams on top of HTTP. HTTP is inherently pull-based, but built on top of TCP which is explicitly designed to handle datastreams – this means Matrix had to re-invent datastreams which duplicates a lot of effort, adds overhead in computation and bandwidth while also introducing a new venue for bugs and vulnerabilities. Additionally, most Matrix clients are fucking Electron apps, which basically ship an entire fucking browser which hogs an insane amount of resources and is always outdated and thus much more likely to contain known vulnerabilities.
Signal-wise, unless you actually want to get rid of your mobile phone to avoid the constant location tracking, we don't advocate you necessarily get rid of it, but rather that you should also have a secure messaging solution that isn't bound to your phone.
As for Telegram… don't use it? 🤷
While XMPP is what we espouse, we do think there are other messaging solutions more leftists should know about:
- Deltachat is Free & Open Source Software for E2EE messaging based on e-mail with integrated creation of burner e-mail accounts
- Tox is a free and open protocol for peer-to-peer (serverless) E2EE messaging
Do not confuse being a commercial service with charging a monetary price for use. Services like WhatsApp, SnapChat and TikTok are very much commercial, they're just "free" for you because you aren't their customer, but their livestock. Your data is the product and shady organizations of all kinds are their actual customers. ↩↩↩↩↩