.-.__.-.__.-.__.-._.-. ( why ain't XMPP more ) "-"(popular as a message)" "-"( protocol )"""" '-..-"-..-' O ,_ o ____ \"\___,-'7 ____..-"_.-"| ) (/ | |==== | a_ /@ E |## |==== | =: T ::= ) __ |## |==== | \/\ <, {__\ |___|====____| 7"\_// \ \\ _/____\_ /( (@) \ )) '.,____,.'-.,( \_____ ) \ // ._ _ | (((__ ~ ) _// Y = | '-,_ / | __,..--"' "-,/_ ┌────────────────────────────────────┐ │XMPP - What it is and how to use it │ └────────────────────────────────────┘ [Menu] Hello, today I'm going to talk to you about XMPP and how to use it to replace everyday messengers. Sorry for the absence, there are things coming up that require a bit of time :D [0x1] What is XMPP/Jabber? The "Extensible Messaging and Presence Protocol" or XMPP is a real-time messaging communication protocol based on XML, it is originally used for instant messaging but is also used for other things. as audio and video communication, it was created in 1999 by the Jabber open-source community, so many people know XMPP by Jabber for example, and yes it is totally Open-Source, and has already been passed through several changes involving security, XMPP is Federated, which means that it can communicate with other domains (federations) and that you can create your own federation to communicate with other making it decentralized and great for people who want more privacy when messaging. Obviously, it's not the best when it comes to security. There are things that could be done by default, but generally you'll need a little help from your XMPP client to make your messaging more secure. And speaking of clients, which ones are the best for people learning about XMPP? Well, let's talk about that right now. [0x2] XMPP clients Some XMPP clients are very basic; some still work on a terminal basis (TUI), and others are all colorful and full of functions to help the novice user, and are usually open-source :3. What I used as a start in XMPP was the Dino, a very simple client that already shows some federations to create an account with, is completely open source and has OMEMO encryption for exchanging messages. I think it's good because it has a very "discord" theme to it, as well as having fully functional and practical video and text calls. Another one I used and still use is Pidgin. It's another one that I found intuitive, very practical, but you may need to look a little to understand how its features work, such as sending messages and trusting new contacts. Also, for encryption, you'll have to use a plugin for OTR, which is a bit "meh", but it works. I still use it and don't see much reason to switch to another Windows client. On Linux, I recommend Profanity. It's a TUI client for Linux and it's actually a very good client. It supports OMEMO/PGP/OTR, but getting it to run on Windows requires a few tricks and I didn't find it that practical. So, I use Pidgin on Windows; it's good, even if you're a fan of IRC and like to send messages via the terminal, it's a great thing to try out. What's more, in the months I've been using it, I haven't had any problems with its encryption. And for Android (yeah, there is an XMPP client for Android), we have Conversations, which is an open-source client for Android, with OMEMO/PGP encryption and works very well for old phones, like mine, which doesn't have the best phone in the world xD. [0x3] How to use it? Well, each client has its own way of using it, and I'm going to show you how to use the most practical and simple one... the Dino, with images and texts for each thing. To download, you can go to the official Dino website and download or from Microsoft (:/) if you're on Windows. Once downloaded, your respective version, depending on whether you're on Linux or Windows, will appear on a screen like this: ┌────────────────────────────────────────────────────────────────────────────┐ └────────────────────────────────────────────────────────────────────────────┘ Well, by clicking on "set-up account", we can see that it will ask for a JID and you might be wondering, what is that? JID is JabberID, basically your identifier for sending and receiving messages. It is made up as follows: bezumiya@pwned.life Your username composed of "@" and your XMPP domain. As an example above, it's like an "e-mail" address in a nutshell. Well, if you already have a JID somewhere, great! You can log in as normal. But if you don't, you can create an account with an XMPP provider. Some I like are: - gnu.gr - disroot.org - pwned.life - exploit.im - thesecure.biz - xmpp.ru/jp/cz/is I'm not going to recommend the ones Dino recommends, as I've never used them and don't know much about them. As an example, I'll create one in gnu.gr by going to https://gnu.gr:5281/register and just creating the account :D. This way, we can log into our account using Dino. To log in to Dino and send a message, all we have to do is click on the "+" and follow and enter the JID of the person we're going to talk to. In this case, it will be my own account, bezumiya@pwned.life, for testing purposes. ┌──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐ └──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ yayy we have some communication on the other side :D that's great in this other account I'm using pidgin to show that xmpp works for any client, but some functions may not work, such as OTR not working natively in DINO and when a client tries to use OTR but this message appears on the client. ┌────────────────────────────────────────────────────────────────────────────────────────┐ └────────────────────────────────────────────────────────────────────────────────────────┘ [0x4] Extra tips. Well, I think you've learned a bit about using XMPP (I hope) and I think that to finish this text there are a few tips, the first of which is to always use tor or a vpn when creating an account with a provider. most of them log your ip when you create the account, preferably use it all the time, because if you only use it to send messages you won't have a very strong lag if you don't use it for voice and video calls. I strongly recommend using privacy-aware servers such as disroot.org or exploit.im and others this """article""" was done while I was doing another article, so sorry for the delay, this is more a sign of life than anything else : D i hope this helps someone in some way.