search

freedomofpress / encryption-works

Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance
https://freedom.press/training/
Other
354 stars 58 forks source link

Future of XMPP #211

Open psivesely opened 8 years ago

psivesely commented 8 years ago

Presently, I think that the section on XMPP apps is almost where it should be (I'm going to add a link to this quick tutorial on using ChatSecure w/ Orbot, and maybe this one on using Pidgin w/ Tor on GNU/Linux--although I feel it might be lacking).

I'm creating this issue to discuss changes to future editions considering the recent invention of OMEMO and that promising new mobile XMPP apps like Zom around the corner. Conversations, which created and is currently the only app to support OMEMO, is quite stable, featureful, and has nice UI+UX. Unfortunately, you can only get it for free on F-Droid and it's only for Android. Both these things could change in the future. Zom might also be a nice replacement for ChatSecure at some point because of it's focus on simplicity.

6 months from now we should see where Zom, ChatSecure, and Conversations are re-evaluate our mobile XMPP client recommendations. Unfortunately, no desktop clients are working on OMEMO support, AFAIK. However, if one that was audited, easy-to-use, etc. came up or Pidgin/ Adium integrated support, we should definitely recommend using OMEMO on the desktop over OTR as well.

psivesely commented 8 years ago

In light of Tor Messenger #212 and Signal for Chrome #213, I'm re-evaluating this issue. If you've ever used OTR on a mobile phone, you know it is a PITA because mobile connections are not steady. Not to mention ChatSecure is not the most user-friendly app of all time (though hardly the worst either).

If you want to be able to talk between phone + desktop, it seems like Signal is the way to go. If you just want to talk desktop to desktop in the most secure and anonymous way possible, it seems like Tor Messenger is the way to go. For future editions, I think we should actually stop recommending XMPP altogether in favor of these two other solutions.

We may even want to remove the ChatSecure line for this edition. Nobody I have ever met who has used ChatSecure (myself included) has stuck with using it long term because of the inherent difficulties of OTR over mobile, and proliferation of alternatives like Signal. I'm actually going to make a PR w/ this in mind.

psivesely commented 8 years ago

Also, I'm not going to bother with either of the Tor + XMPP guides because the desktop guide is only feasible on GNU/Linux (getting Tor daemon running on Windows and OS X doesn't seem easy) and I'm proposing in #214 we get rid of our ChatSecure recommendation.

psivesely commented 8 years ago

Conversations supports Orbot/Tor now, which means Android users have a second no-root-necessary option for confidential and anonymous messaging. I use Conversations daily w/ Orbot + OMEMO and it is super reliable w/ none of the headache of OTR on mobile. Plus, I use Calyx's hidden XMPP service, which provides a second layer of transport encryption and a second layer of authentication (TLS being the first layer of each of these features).