Add support for OMEMO Encyrption

[Flowdalic]

The offspring of this years GSOC XSF projects is OMEMO. An axolotl and PEP based open standard for end-to-end encryption. Would be great to see support for it in Xabber.

XEP: XEP-0384: OMEMO Related Smack issue: SMACK-743 ProtoXEP: http://conversations.im/xeps/multi-end.html More info: http://conversations.im/omemo/

[TurkeyMan]

Finally, security has arrived in IM without compromise. Please add this protocol! I will switch back from Conversations when it comes.

[Buntbart]

+1

[falsefifth]

+10

[vanitasvitae]

I'm working on an OMEMO Smack module as part of my bachelors thesis, so Xabber might use this in the future.

[imp1sh]

yes, please support OMEMO in xabber.

[climf]

Thanks for all the fish, but the addition of this fish would be more better.

[vanitasvitae]

I'm considering to implement OMEMO in Xabber using smack-omemo and smack-omemo-signal. How can I get further in touch with you?

[tdemin]

Looks like smack-omemo has been implemented, any progress on it in Xabber?

[andrewnenakhov]

We have some other more immediate plans. We have 100% confirmation that at least 80-90% of Russian Xabber users use it for buying drugs. And since our crowdfunding campaign goes rather slow,we... Let's say, not too interested into stretching ourselves and give one more encryption method for this cathegory of users. In fact, we are considering removing Xabber from Russian play store at all,we have some very unwanted attention from authorities because of OTR, but to add yet more to it... No. Definitely not now.

If patreon campaign will reach certain milestones,maybe.

[Buntbart]

Can you explain how unwanted attention by authorities is affected by crowdfunding efforts?

[rugk]

Not good. Time to setup a warrant canary, is not it? Also with this background the crowdfunding campaign will certainly not go faster… if we have to fear interference of some authorities.

Also, you hopefully know that this argumentation is definitively crap. And unless you track your users (which I don't think so) you cannot know what your users are doing with your messenger. So where did you got this number?

[andrewnenakhov]

@Buntbart that's easy. On one hand we have some difficulties with authorities who vaguely threat they can destroy my business in an instant (it's very easy in russia. police just storms the office, takes away all computers, returns it after 3 years, if ever, end of story). On the other we have an audience of users who constantly moan of a feature I don't personally need at all, and pay me nothing. If we put these two together, a clear solution is to screw Russian audience, I don't really care what client they will use.

@rugk this argumentation is based on facts. Over the years we have seen just so many help requests on our email support in so many languages, requests in Russian stands out in it by some very unusual metrics rarely present in other groups - phony names and inadequate requests, users clearly have no idea how XMPP works. Plus we've recently launched our own XMPP service that requires users to provide name and surname. And guess what, out of several thousands registrations Russian locale names and surnames once again look very... different from Germans.

So, since I have zero sympathy for junkies, and Russian audience is proving to be worthless to me, while giving me some headache. So, I think we'll be removing Xabber from Russian Google Play.

And once again on OMEMO: so far I'm the only one who paid for development of Xabber, I had some spare money to create an app that I like. I like current Xabber, and I have some plans to redesign it to make it even better looking. I have some plans to create several protocols to make XMPP work much better on mobile devices. I have some plans to bring Xabber for Web to many desktop platforms with Electron framework. I have some plans for all these versions of Xabber to work seamlessly with one another, so you can pick up your conversation on phone after chatting on desktop. That what I want and what I'm paying developers for.

What I don't want is OMEMO, it's worthless to me. And since I'm a bit out of spare money, I have to make Xabber a viable source of income, I have some Ideas how to do that, and OMEMO does not play into any of these ideas. If some of you want this feature badly, pay me a for development of it (we charge $3500 per developer man/month). If you are not willing - well, sorry, we serve only customers, not freeriders.

I actually don't understand this desire for encryption. Some ejabberd developer recently said in email group that XMPP community is affected by severe crypto-cancer, and I fully agree with him. For most uses, OTR or OMEMO just gives user an illusion of safety, not really meaningful increase in it. If you want your messages to be safe, you can just run your own server, that's easy and rather cheap. Just be wary of certificate errors.

TL,DR: OMEMO is for junkies and crypto-nerds who pay us nothing, get lost, or pay.

[imp1sh]

It's sad to hear that you have problems with the authorities. Don't let them oppress you if you didn't do anything wrong. On the other hand there are normal people - who don't use this to deal drugs - who just want their privacy to be protected and also have some convenience. That what's OMEMO is all about.

[andrewnenakhov]

@imp1sh convenience... For me, convenience is using multiple devices, syncing history between them, making in searchable, etc. You can have all of that by running own server, that's not too hard or costly. And with OMEMO, once chat is encrypted, you cant' search it, you can't really sync it, etc. - and if you somehow can, then it means that you have an illusion of safety, not better safety.

My endgoal for Xabber, is to make XMPP messaging as ubiquitous for instant messaging as email. But to fight Telegram or Whatsapp we need to bring a knife to a knife fight, and OMEMO is hardly that knife. I don't really mind it's addition to Xabber, but, well, someone better pay for it. Btw, OTR was added on precisely same terms - some guy from Moscow volunteered and paid for our initial expenses developing OTR encryption back in 2013 (or 2012? don't remember... )

I prefer to receive payments with bitcoin. Oh, if you ask me, integration to send bitcoin is more essential for Xabber than OMEMO.

[schiessle]

And with OMEMO, once chat is encrypted, you cant' search it, you can't really sync it,

How do you come to this conclusion? With OMEMO and Message Carbons (XEP-0280) I can have encrypted chats synced to all my devices, i can switch seamlessly between the clients during a chat and on all devices I can search the chat history just fine.

[andrewnenakhov]

@schiessle login from new device and try searching your history like you do on telegram. Client-side search is fail. Anyway, I don't mind you doing a PR with this functionality, we'll test it and accept it in project if it's done well. I don't get it why you all want me to work for free so you can have convenient OMEMO in your device. I don't need or want OMEMO, so I have very little incentive to pay for development of OMEMO. Isn't it fair to be paid by those who actually want it? Anyway you all have free alternatives.

Also, message carbons is NOT sufficient to fully sync messages. You at least need to use an archive on server to catch up with those messages sent while you were offline (offline messages will not do if you had 2 devices offline- only one of them will receive offline messages, other will have nothing without archive).

[schiessle]

I don't get it why you all want me to work for free so you can have convenient OMEMO in your device. I don't need or want OMEMO, so I have very little incentive to pay for development of OMEMO. Isn't it fair to be paid by those who actually want it?

Nothing wrong with that. And I don't want to force your to do anything. Just want to challenge your assumption about OMEMO encryption.

[andrewnenakhov]

@schiessle my assumption is that heavy lifting should be done by server (client-centristic mentality has already cost XMPP it's potential place as a mainstream messaging protocol). If server does not know contents of messages, it can't search it.

Also, if you store ALL you history on device, instead of small portion of recent messages, well, if your device gets seized, guess what happens? all your history belongs to them, so much for 'security'. Better way would be having a trusted server and having just an immediate portion of your history on device, while accessing more distant history with PIN checked by server. But with this crypto-cancer in community it'll hardly happen anytime soon.

(I'd order implementation of server-side search in Xabber in no time, if I had any server available that would support such feature)

[rugk]

Please keep to the facts:

• Your link about "crypto cancer" is about server-to-server SSL connections as far as I see. Also what drives users away according to the comment is spam. (That was taken out of context. Read: "Spam is a bigger problem that missing s2s encryption." Actually as far as I understand the user replying meant: In the XMPP community there is crypto cancer, because many people still do not want to use s2s encryption.) So if you quote stuff, please make sure it fits into what you actually want to prove and don't twist the facts. As far as it goes the topic was not about e2e crypto at all.
• I feel like you have no (correct) information about OMEMO/how OMEMO works. In short: OMEMO is far better than OTR. See this page.. TL;DR: In contrast to OTR it actually allows you to use multiple devices, search your messages, send messages when the other is not online, etc.
• The thread model you describe in the last comment is solved very simple: Encrypt your messages locally (i.e. full disk encryption). When the messages are stored on the server and someone gets your device, they can also just instantly download all the old messages. Saving (unencrypted) messages on servers only saves space on the client and makes it easier for authorities to scan messages when they seize a server. (Because if you run your own server, they could also seize your server instead of your local device.) TL;DR: Only encryption helps. (whether it is FDE on the local device, or server or something like OMEMO)

What I agree with is that people can of course support you, if they want to have a good coverage of OMEMO clients and want this feature. Especially as it is not easy to implement. (You certainly need to find a library for it, as otherwise you can do too much wrong in the crypto.)

▶️ So anyone who wants this feature, here is a BugBounty: Xabber – Add support for OMEMO Encyrption Support it or use another client software, which already has OMEMO support. That are your choices.

[andrewnenakhov]

@rugk facts are:

• crypto-cancer has taken over all XMPP community, especially users who do not program anything themselves, they just want it for no real reason but their paranoia. It's not only about s2s connections, it's about 'let's encrypt everything'. That link is just one example of this. This thread is another. Dozens of frequent requests 'do us OMEMO' in our email is another. We'd do OMEMO if these requests were based on something more than endless moaning
• client-side search is fail, I tell you once again.
• you do not read what I say above. Search for word PIN and read once more. Yes, server should be updated for such security model. But securing data on device is infinitely harder and less reliable than on server

OTR or OMEMO solves only one security problem - if you don't trust your chat provider, because the only real advantage it gives you over unencrypted messaging is that XMPP.org admin can read your messages. If you have your own server, this risk goes away. Yes, it requires some efforts to maintain server, but you want security or illusion of security? Unlocking your device without your consent is much easier than unlocking server.

What is particularly hilarious with this XMPP crypto-cancer is that all these folks who email me about how essential is encryption for messaging usually email me via gmail.com

TL;DR: please, stop trying to convince us to implement OMEMO. We know what it is. We don't want it for now, because we have limited resources that we prefer to put on things we believe more important for Xabber. If you want us to divert resources in direction you want, we have commercial rates for such work. Thank you for your attention and interest in our project.

[schiessle]

OTR or OMEMO solves only one security problem - if you don't trust your chat provider, because the only real advantage it gives you over unencrypted messaging is that XMPP.org admin can read your messages. If you have your own server, this risk goes away.

FWIW, not really unless you you chat only with people who have a account on the same server. Otherwise you don't know at which servers your messages end up. Also thhe argument "if someone hacks your device, he has complete access to the chat history" is also true for the server aka "if someone hacks your server (or one of your chat partners), he has complete access to the chat history"

[andrewnenakhov]

@schiessle prime audience for the use of end to end encryption (drug addicts) are far more likely to have their device seized than their server.

[Buntbart]

Thank you for the clear words. Then I know now that I don't have to wait for Xabber with OMEMO anymore and stay with Conversations, although I don't want to buy drugs at all. Consistently, you might want to take OTR out so that Xabber becomes useless for junkies and the authorities leave you alone. OTR is certainly also one of the functions for junkies that you don't need personally. After that, you could take care of a nice surface in peace.

[andrewnenakhov]

@Buntbart you know, every single junkie user I talked to said exactly the same. :-D

We certainly won't remove OTR functionality from Xabber - most likely we'll simply pull down Xabber with OTR from Russian Google Play store. Our authorities are luckily not too interested in foreign drug dealers and addicts. Then we'll possibly provide a "Xabber for Business" version without encryption for our normal Russian users (all seventeen of them)

And I'm not saying we won't ever support OMEMO - it's just not our first, second or third priority. Have you seen Xabber for Web? Creating a multi-platform chat app that works extremely well for federated chat, everywhere - that's what we are truly aimed at.

[vanitasvitae]

The way you talk about your users makes me feel really sorry for you :(

It feels like Xabber is really not the app I'd recommend to privacy aware users anymore. Neither because its encryption, nor the will of the devs to protect their users.

I respect that decision though and will stop bothering you anymore :)

[yurkobb]

From xabber.com:

Xabber is secure. You may choose to encrypt your conversations. Say ‘no’ to David Cameron and his NSA/FBI/CIA/FSB friends!

You should probably change that to reflect you actual "priorities".

[andrewnenakhov]

@vanitasvitae the only privacy-aware users we've encountered so far are junkies, drug dealers and encryption nerds like folks in this thread. Nerds comprise maybe 1 or 2% of users who are interested in data protection. Any yes, I think you would talk even worse of our users if you did get to read contents of our inbox on support email.

And I'm actually offended by your insinuations about our 'will of the devs to protect their users'. Luckily for us, we DON'T have any user data, and we clearly won't submit to installing backdoors or stuff to our app. However you CLEARLY don't understand dangers of such stance in Russia.

Linkedin is already blocked in Russia because it refused authorities access to user's data. Facebook will be blocked too if it won't submit. Viber has submitted too, so... it's either you are working in Russia and providing info or being blocked. Company like mine can be instantly seized by armed police, computers taken away, property sealed, company instantly bankrupted, I get jailed. Courts and laws don't really function in Russia, I might very well be sentenced for 'organizing a darknet criminal network to sell drugs and weapons', all because some crypto-nerds want OMEMO.

So we simply plan to put our users (even junkies, yes) out of danger to their data being compromised by pulling our app from our country play store.

(and to think I've personally spent more than $150k to listen to this.... how cool is that?)

[imp1sh]

@andrewnenakhov I pity your situation. Maybe just close the ticket and let it rest. The issuer doesn't seem to be interested in this any more. Other security aware users will probably choose different software.

[vanitasvitae]

@andrewnenakhov Sorry, I did not intend to offend you. I can imagine that your situation in russia is not the best. I just dislike the way you talk about your users and the fact, that you throw all people interested in crypto into one category labelled "drug addicts". This is exactly that kind of rhetoric, which might one day outlaw cryptography completely ("who has nothing to hide...").

Anyways I wish you the best for your future and the future of the project :)

[andrewnenakhov]

@imp1sh no, this ticket might as well remain. Just not top priority for us. We'll probably do it eventually, maybe even this year. Current priority - redesign (Xabber is going to look GREAT), proper push notifications support since ejabbed now supports it, THEN I'll possibly ask our devs to do OMEMO if I won't have more immediate ideas.

@vanitasvitae you too wouldn't like our users if you talked to them. Luckily for us, so far Xabber is popular only within Russian criminal underground, if we measure by inadequate help requests that are 85% in Russian (if you read them often, you can see person interested in drugs at a glance). If you read carefully, I was always referring to our Russian audience, not all encryption users. Well, some folks here who constantly push us to 'do us OMEMO now' irritate me a bit, but that's ok.

So the rest of the world will be as fine as it was before, no changes will be made. I'd consider moving Xabber to another jurisdiction, but that's a matter of money. Maybe even transferring rights to FSF, though I don't know if they are interested in this.

[vanitasvitae]

Don't want to get too much offtopic, but does the FSF host Android applications? I only know of IceCat mobile...

Excited to see the new Xabber design :)

[rugk]

I'd consider moving Xabber to another jurisdiction,

Good idea. 👍

But I see it like @vanitasvitae does. I think all users, who commented on this issue here are interested in having a private messenger. I doubt that anyone here is a drug dealer. Your equation "cares for privacy = drug dealer" does not make sense, even if the authorities maybe urge you to think that. And as said, your statistics are not good (help requests are not a good sign to measure your whole user base; many people may not need any help) and you take numbers out of nowhere.

I see that your situation is difficult and developing such a secure messenger is… well… maybe even dangerous. I seriously feel sorry for that. However, that does not change the fact that you – as a dev of an important FLOSS app – care for the privacy/security of your users, who you don't know (for the same reason; don't think you know them because some dumba**es mail you). You can say, we cannot do this for legal reasons, we need to move the company (etc.) to another country or similar things (i.e. we need money). That's okay and we all understand that, but your inner motivation is questionable from your statements you do here. And throwing false facts into the discussion does not help either…

[andrewnenakhov]

I think all users, who commented on this issue here are interested in having a private messenger.

Yes, @rugk all eleven of you are hardly drug dealers.

However we get hundreds or thousands of installations every day that result in dozens help requests every day that are always the same: "Not connectin" "What to enta" "How does this work", etc. When I'm in the mood I sometimes ask WHY they want to use Xabber - guess what they say? Not single one knows what XMPP is or why it is useful.

You see only your side of equation - and we see who majority of our Russian users are, so trust me, we know better. I don't want to debate on this further.

However, that I do care about is worldwide adoption of federated messaging based on open standards. You might not understand it, but 10 years ago XMPP has lost it's historic chance to become THE standard for instant messaging. Maybe it will never regain this position, and that is what grieves me. While geeks all over the place invented XEP after XEP after XEP that work with each other badly, WhatsApp and Telegram created great products that took world by a storm. It is not that WhatsApp was that good - it's just that XMPP community didn't have anything to answer to it. All XMPP developers are stormed by 'advanced users' who demand obscure features, and being humans developers often submit to these demands (I am guilty of it myself), so apps in the end become a bloated mess like Gajim that crashes every other days right after start. (I love Gajim but indeed it does crash way too often) - and good luck trying to incite users to use it as their primary messenger.

So my goal is to create product that will work no worse than Telegram (indisputably best messenger in the world), on as many platforms as we can. After we do that, we might think about geeks and their demands of privacy and security.

[vanitasvitae]

However, that I do care about is worldwide adoption of federated messaging based on open standards. You might not understand it, but 10 years ago XMPP has lost it's historic chance to become THE standard for instant messaging. Maybe it will never regain this position, and that is what grieves me.

Our goals are not too different after all. I as an "OMEMO developer" (if I'm allowed to call myself such) would love to see a broader adoption of OMEMO on XMPP clients. Xabber is the next big player on the table, so I'd love to see that userbase in the OMEMO pool :)

[casperklein]

1. Thank you @Andrewnenakhov for your open words and the time to answer here all these questions! I really appreciate that (Even if not anybody agrees with you on certain statements.)

2. Summary of that thread to avoid further confusion:

Will there be soon or ever OMEMO support in Xabber by the core devs? Unsure.

Why? Because it's not very high on their priority list. They focus on features they personally need/use or other things they are more interessted in. Nothing wrong with that imho, especially when their own money is involved.

Is there a way to give it more priority? Yes!

https://www.bountysource.com/issues/26498485-add-support-for-omemo-encyrption

or

http://patreon.com/xabber

or

as stated, they are also happy to receive PRs for that.

[vanitasvitae]

as stated, they are also happy to receive PRs for that.

Everybody who wants to get started with that might want to take a look at this blogpost :)

[andrewnenakhov]

@casperklein

Will there be soon or ever OTR support in Xabber by the core devs? Unsure.

You mean OMEMO, right? OTR was in Xabber for ages

[rugk]

Talking about OTR: (Why) Does it make a difference to you whether drug dealers encrypt with OTR or OMEMO? That does hardly matter… (So consequently you'd either have to remove OTR or may add OMEMO.)

[andrewnenakhov]

We don't plan to remove OTR until we have something to replace it with. We might remove Xabber from russian users, so hopefully they'll switch to some other app and feds will stop being interested in us. And OMEMO just requires some work that we aren't really willing to do at this moment, since it'll likely just increase pressure on us.

[casperklein]

Yes. I mean OMEMO. fixed. Thx.

[NourEddineX]

Encryption is not a crime. If russian users or any terrorists group or nazis or any bad people uses whatsapp, no body can say that whatsapp is evil. we have a bigger issue than adding one more encryption protocol @andrewnenakhov

[andrewnenakhov]

Oh, not this again.

Xabber is not evil, and any app is not evil, but you know who is? FSB! (formerly known as KGB)

To be clear, here is a breakdown of what we have from having OTR in Xabber:

• tons of help support requests from idiots who are clearly junkies and know NOTHING about XMPP, just install it because their supplier told them so and are pissed off because it's not as simple as Whatsapp
• visits from FSB operatives who coerce us into installing backdoors into Xabber so they can read chats that are supposed to be secure
• threads like this on GitHub
• zero revenue

Do you have any understanding how easy it is to get jailed in Russia if you cross FSB? So, please, go preach this 'encryption is not a crime' to someone else. We know it's not a crime, but in current situation our options are a bit limited:

• put backdoors into Xabber
• refuse to put backdoors into Xabber (and quite possibly get jailed, for, like, drug trade)
• remove Xabber from russian app store

Of these three, if things will get really heated, the only viable option for us is last one.

[rugk]

remove Xabber from russian app store

That would maybe be the easiest option. And clearly better than adding backdoors and getting jailed or so. I mean those who need it, could still install it from F-Droid or compile it by themselves.

I wonder anyway why drug dealers would install that app. I mean using WhatsApp would maybe not be the worst choice for their threat model.

[andrewnenakhov]

@rugk whatsapp exposes phone numbers, and is also... kinda not really trusted among this group of users. Corporation behind whatsapp might very well start responding to requests to disclose user information including IP addresses and such. XMPP working over TOR has this threat reduced to nothing.

[xeverse]

..

[andrewnenakhov]

@xeverse yeah, elite. Maybe you'll volunteer to answer support requests from our russian users?

[samphunter]

Better way would be having a trusted server and having just an immediate portion of your history on device, while accessing more distant history with PIN checked by server.

You can achieve this locally using a rachet. Just encrypt messages using a rachet (new derived key every message) and only store the key for last X messages. Then have the original key to the first message be encrypted using PIN and a slow key derivation function (lots of iterations). You can possibly store more keys (eg. evry 100 messages) to speed up loading.

I would never trust a server, even if it was mine, because it would have to have access to the messages, meaning if it was seazed, the messages could be extracted.

[ip4market]

You need to do encryption. It doesn't violate and laws. Its should be/must have. OMEMO is good technology and should be implemented.

[andrewnenakhov]

@ip4market so many people here telling us what we should do. Unfortunately, they tend to forget to back their instructions with payment.

[rugk]

Well… if you mean that serious (which I doubt :wink: ) you could setup a bountysource for this issue and collect money for it. I doubt though… that this really solves the initial legal problem that makes this issue staling.