What XMPP-client should I use? I used to run PSI+, but that isn't developed anymore

When you want to be a 1337 Linux user, but you don't know shit, so you just hate on XAMPP.

What this guy said, used both at work, pretty good. Adium's notification for group chat messages was annoying to setup though.

I use bitlbee

>I'd rather use this piece of shit that only supports 1 protocol than this well-known software that supports everything under the sun
nice “app” mentality you got going on there

I use ejabberd but it's a bitch to work with and set up

Even something as simple as migrating your installation from one server to another is a pain in the ass.

XMPP is dead, user.
>Facebook Messenger bridge gone
>Google Talk bridge gone
>Apple bridge never existed because Apple

>XMPP is dead
What else are you supposed to use for IM?

Tox :^)

IRC is still alive

XMPP + OTR

Use DuckDuckGo's server or make your own on a popped b0x

ICQ

Feels more like Skype than MSN, no thanks.
Not made for IM.
kek

>Not made for IM.
Well it still works better than whatever proprietary piece of shit people keep suggesting as a replacement, and it's still alive 30 years later because of that, so clearly it must be doing something right.

matrix

>proprietary piece of shit
XMPP isn't proprietary.

It really sucks that Telegram is only open on the client side though.

I assumed it would be some convoluted P2P shit like Tox, but looking it up, it seems like something really similar to XMPP with federated servers. This could be nice.

noob question, can xmpp be fully p2p or does it always need a central server?

Matrix is basically XMPP. There's no difference apart from hipster marketing.

In principle you could run an XMPP server on every peer, and use it for that user only. But the point of having more centralized XMPP servers is that they're always online, which lets you do stuff like sending and storing offline messages.

Overall, XMPP is decentralized - not centralized. There's not a single “XMPP” server, there's a gigantic network of XMPP servers that are themselves organized in a p2p manner, and each XMPP server has a number of local clients around it. So it acts as a central server for its local area, but not for the entire network.

>Matrix is basically XMPP
It seems to be a new protocol though. XMPP has issues, like big overhead due to using XML.

Yes, but I mean feature-wise Matrix is basically XMPP. The protocols are equivalent in terms of their overall design and what they provide

That sounds just like what I want!

Great, so install pidgin, pick an XMPP server near you (or host your own) and off you go!

Thanks for the explanation user. The benefit of using cockli's server per example to a local server would be tightened security and better Tor support per example?

I'd love to have a fork of Psi+ replacing all the internals so it's a Matrix client instead.

>The benefit of using cockli's server per example to a local server would be tightened security and better Tor support per example?
I'm not sure I would trust cockli to have any amounts of security whatsoever, so I wouldn't agree with that statement.

Also, I'm not sure what you mean by “better Tor support”. Are you using Tor to connect to your XMPP server? First of all, that's one of the most dangerous things you could possibly do, second of all, how would that depend on the XMPP server?

I'd love to have a weechat plugin that turns it into an XMPP or Matrix (idc) client.

Which actually exists for matrix (github.com/torhve/weechat-matrix-protocol-script), but last time I tried it it was a broken piece of shit and didn't actually work

>First of all, that's one of the most dangerous things you could possibly do
Why? Wouldn't OTR be enough to not get my ass handed to me by the exit node?

1. You're leaking metadata. OTR doesn't encrypt who you talk to. Is the other party using Tor as well? Can you guarantee that? OTR also doesn't encrypt the connection to the server, which will still be something like TLS. (Do you trust TLS?)

2. Using Tor sets you up for OPSEC failures. It's basically great power at great responsibility. Yes, you gain a lot - but fuck up once and you will get your ass handed to you. Even something like time-of-day correlation can be enough to help bust you.

3. Connecting to something that either personally identifies you or narrows you down to a comparatively tiny set of users (e.g. all accounts on that XMPP server) is a great way to almost completely negate the benefits of using Tor.

What do you miss?

Yeah number 3 and number 1 were my greatest concern, you always depend on the second party's OPSEC as well.
Is TLS really that weak against govt actors/non govt actors?
Thanks for all the insight user.

xmpp.jp

Die some reason, there ia still one google-user I can Talk to.

i2p.rocks

has both tor and i2p hidden service access.

Use Conversations on android and ejabberd on CentOS as server.

>is tls weak against state actors
if they control a trusted CA they are god.

1) Client to server connection is secured with TLS, OTR is a second layer of encryption that encrypts the body of the message and it is end-to-end.
The server know who you write to and when, nothing more, nothing less.

TLS is fine as long as you sign your own certificate and configure your server in the right way.
It even provides perfect forward secrecy.

Unless you're tightly controlling the set of acceptable certificates (e.g. hard-coding a CA or public key pinning), TLS is trivial to defeat even for non-govertnment a ctors.

Anybody with a valid CA can forge valid TLS certs for any domain they want. This idea hasn't been drilled enough into peoples' heads.

>1) Client to server connection is secured with TLS, OTR is a second layer of encryption that encrypts the body of the message and it is end-to-end.
Maybe if could read past the first sentence of my post before responding to it, you would see that I already mentioend and commented on this.

carrier pigeon