XMPP Chat Server

The Need

I have been looking for a way to start dropping my dependance on centralized insecure services.

SMS

is very centralized and has long been in use. Its easy to say just text me and give a number. It is also built in to nearly every kind of phone service meaning it is effectively universal.

Matrix

A very nice platform, distributed, privacy focused, lots of features. The issue I ran into with this solution is it is very challenging to setup an independant server and from what I have read online it is a nightmare to maintain.

What’s App, Telegram, Signal, etc…

Many are not open source, the few that are are typically do not share the server platform, backups are either challenging or impossible. Many also only feign privacy, while they hang on to encryption keys.

In Comes XMPP

XMPP allows for a lot of flexibility, since the protocol is focused around text messages, it means resources required to run and scale are small. Server setup is a breeze even without Docker’s help ( at least for Prosody, more on that later )
Even running a server with a large user base can often be done on low end hardware.

With the low learning curve and the small resource requirements this allows for nearly everyone to run their own server and with the open model it allows each of those servers to be able to communicate quickly and easily.

Since the premise of XMPP communication is not dissimilar to email, it allows for pretty much immediate communication with the wider community.

Prosody Server

I was able to get an XMPP server set up in under an hour using Prosody. And with that server I was able to immediately join public channels and communicate with my account on another public server immediately. This is due to XMPPs design to be not unlike email, using account names such as Bob@example.com means that your server simply reaches out to example.com and looks for an XMPP server, connects and sends the message.

The web documentation was well written and when using OpenBSD the install also provided example config files which helped speed up the initial setup considerably. I setup a few DNS records and got a Let’s Encrypt cert for the server and was ready to go.

Now there are two modes to run the server in, public and private. What this refers to is the new user registration policy. Public means open registration, new users can create an account with little to no restriction. Private means all user registration is manual ( though you could automate this with a custom backend ). These modes are selected in the config file. Once you have created a user account you should be able to log in and start using you very own XMPP server to chat with the world.

The Bad

With all the awesome stuff this protocol achieves there are a few drawbacks, first and foremost would be spam, while I have not run across this yet, it is a battle that may need to be fought if you are running a server out there, especially if it is one with public registration. With the protocol being open anyone can theoretically send you a message. Most apps have the ability to reject messages from unknown users so this can cut spam down considerably. If you wish to be able to communicate with the wider community and have a public server you will need a method of detecting and dealing with spam accounts getting created on your server.

Second would be lack of features, while I actually consider this a bit more of a pro, some folks may want full voice and video chat, screen sharing, kanban boards and more. XMPP is just basic messaging. So anything you can do with an email you can do with this. Voice / Video calls are available on some XMPP clients, though it has little to do with the server, thought the server can help when either client is using NAT.

And lastly this is not inherently privacy centered, meaning if you wish to remain fully anonymous, this may not be the protocol for you. When you message on public boards you can often use an alias, this allows you XMPP address to remain hidden from the public, but the server will still know how to reach you. Some clients support using TOR and you can make this anonymous with some effort, but do your research before releasing anything to wikileaks with it :slight_smile: .

If you would like to join my server just send me a message with your desired username and I’ll get you added on.

1 Like