Welcome to 2017! As crazy as this year begins, let’s start with hot topics: privacy, security, encryption and XMPP. We look into clients, configurations, servers and spam like it’s 1984. Or 2049?
We’re pleased to announce the first version of ejabberd for 2017. This new ejabberd 17.01 follows closely the previous release. It includes mostly bug fixes over all the previous refactors. ejabberd 17.01 is a rock-solid stable base for upcoming improvements. It will give you the best experience you ever had with ejabberd.
Encrypt all your online (IM) communication, there is no good reason anymore to not doing it. Use a XMPP+Omemo client (Conversations on Android and ChatSecure on iOS) or a Matrix+Olm client (Riot).
The goal was from the beginning to write a “minimalistic graphical user interface for a secure (fail hard) and trustworthy XMPP client”. Fail hard means exactly that: if it can’t authenticate the server, don’t send the password. If there is no end-to-end encrypted session, don’t send the message.
In recent months, security researchers, hackers, and other dwellers of the cyber-criminal underground have noticed an uptick in XMPP (formerly Jabber) spam. At the bottom of the vast majority of these messages is a service named XSender (XSNDR) that provides rentable XMPP spam slots for anyone looking to peddle legal or illegal products.
Admins of schokokeks.org recently put some effort into enabling many modern XMPP and TLS features on their ejabberd server, for example making it fully compatible with Conversations client. Now they are sharing their config publicly!
Did you know that DuckDuckGo, the decentralized non-tracking search engine, operates its own public XMPP server?
Here’s a list of XMPP servers available as hidden services for use with the Prosody server and mod_onions.