XMPP is a federated chat protocol.

This thread is for cataloguing knowledge and experience with it.

I will start with the clients.

Dino (desktop, Linux only?)

- Works but is very simple and uses GTK3.

- Lacks some more advanced features.

- Works with Tor (proxychains) but leaks.

- Can't into certificates

https://dino.im/

Conversations (android)

- Works.

- Works with Orbot.

https://conversations.im/

Profanity (terminal)

- Has OMEMO issues it seems.

- Works with Tor (proxychains).

https://profanity-im.github.io/

Gajim (desktop)

- Python bloat machine. Old versions allow OMEMO in weird places.

- Probably insecure. No Tor.

https://gajim.org/

PSI+ (desktop)

- Old looking, but fine with single window mode

- Only works with Tor if you are using an Onion address

https://sourceforge.net/projects/psiplus/

PSI (desktop)

- Same as PSI but worse I guess?

https://psi-im.org/

Monal IM (iOS)

- Can't receive OMEMO Messages from Dino

https://monal.im/

Zom (iOS and Android)

- Apparently have become a Matrix client?

https://zom.im/

ChatSecure (iOS)

https://chatsecure.org/

Siskin (iOS)

- OMEMO does not work in groups

https://siskin.im/

Vacuum IM

I've seen some people use Xabber on their phones.

I've found that most clients do work with Tor if you are using an Onion address. Otherwise, they seem to leak DNS requests, unless you are using TorDNS where at least Dino will promptly fail. Pretty sure this is due to TorDNS not supporting some types of DNS requests.

thanks for this

Is it better and more secure than signal?

Ravenman

Is it better and more secure than signal?

XMPP? I would say so since Signal is highly centralized, and it's certainly more private (for example you don't have to give a phone number).

A new project I heard about today, a fork of Blabber.im which itself is a fork of Conversations: https://codeberg.org/Arne/monocles_chat

Don't forget about Fnord Messenger https://gt.kalli.st/kallist/conversations It's a fork of Conversations with only cosmetic changes. While it hasn't received any commits in a year or so, it still doesn't matter.

diego

Don't forget about Fnord Messenger https://gt.kalli.st/kallist/conversations It's a fork of Conversations with only cosmetic changes. While it hasn't received any commits in a year or so, it still doesn't matter.

Tkabber has also been forgotten about.

I remember seeing clients using XMPP for code collaboration as well. On Eclipse, I've used the Saros plugin, but it did seem very restrictive in terms of messaging.

https://www.saros-project.org/

nice to be here ready to learn alot

shadow

Tkabber has also been forgotten about.

Also mcabber. Both tkabber and mcabber have OTR and PGP support, but lack HTTP upload/OMEMO. They also rarely get updates anymore, however they're stable clients so it doesn't matter much.

think i found a red-room but I'm not sure if it counts because the site isn't red should probably report it???

snopdog

think i found a red-room but I'm not sure if it counts because the site isn't red should probably report it???

What does this have to do with XMPP? If it doesn't, please don't post off-topic stuff or you may get banned for spam.

Profanity, from my past experience, has been pretty good and should have more information for users than "..."

It supports PGP, OTR, OMEMO. It's a terminal client and has a ton of options. There are some issues with carbons, but I generally think there should be more coverage!

shadow

I've found that most clients do work with Tor if you are using an Onion address. Otherwise, they seem to leak DNS requests

I use psi+ with tor with the built in proxy settings. and it doesn't seem to leak DNS when using clearnet addresses (atleast in wireshark)?

What do they leak to? the exit node ISP or the user's?

proxychains4 does leak though.

ironcastor

shadow

I've found that most clients do work with Tor if you are using an Onion address. Otherwise, they seem to leak DNS requests

I use psi+ with tor with the built in proxy settings. and it doesn't seem to leak DNS when using clearnet addresses (atleast in wireshark)?

What do they leak to? the exit node ISP or the user's?

proxychains4 does leak though.

Say your using a host that supports Tor C2S. You JID is user@example.com, but they allow you to connect via iuanstiescnyursietkirsntikmiuf.onion.

In my experience clients don't have good support for this, or will try to connect to clearnet DNS first even if a proxy is set in-program. They will also usually ignore settings like this for files, and just straight up connect via clearnet and download an image or something.

I tried Dino yesterday because of catastrophic issues with Gajim, and it doesn't even have an "advanced" option or anything, just automatically assumes you are a clearnet cattle clown.

shadow

... clearnet cattle clown.

That made me chuckle.

So I was able to connect Dino, Profanity and Gajim to a .onion XMPP account using torsocks (included in the little-t tor package) and at least that part worked. According to the developer(s) torsocks "ensures that DNS requests are handled safely." (1) However, there is also a disclaimer that states "if the application is not using the libc or for instance uses raw syscalls, torsocks will be useless."

What about using a Whonix gateway? (2) Would that be enough to address the DNS leak problem? I have played around with this and it seems to torify everything (the entire operating system) without having to deal with proxychains/torsocks.

For posterity's sake I also tried Pidgin (3) with lurch 0.7.0 (OMEMO plugin) (4) and to my surprise it worked (at least between Pidgin 2.14.13 and Gajim 2.1.0).

1 - https://github.com/dgoulet/torsocks

2 - http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Other_Operating_Systems

2 - (clearnet) https://www.whonix.org/wiki/Other_Operating_Systems

3 - https://pidgin.im/

4 - https://github.com/gkdr/lurch

Wanderer

shadow

... clearnet cattle clown.

That made me chuckle.

So I was able to connect Dino, Profanity and Gajim to a .onion XMPP account using torsocks (included in the little-t tor package) and at least that part worked. According to the developer(s) torsocks "ensures that DNS requests are handled safely." (1) However, there is also a disclaimer that states "if the application is not using the libc or for instance uses raw syscalls, torsocks will be useless."

What about using a Whonix gateway? (2) Would that be enough to address the DNS leak problem? I have played around with this and it seems to torify everything (the entire operating system) without having to deal with proxychains/torsocks.

For posterity's sake I also tried Pidgin (3) with lurch 0.7.0 (OMEMO plugin) (4) and to my surprise it worked (at least between Pidgin 2.14.13 and Gajim 2.1.0).

1 - https://github.com/dgoulet/torsocks

2 - http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Other_Operating_Systems

2 - (clearnet) https://www.whonix.org/wiki/Other_Operating_Systems

3 - https://pidgin.im/

4 - https://github.com/gkdr/lurch

Not sure about torsocks (it is usually ineffective, along with "torify") but I have tried proxychains and found DNS leaks despite it being able to allow connections to onion domains (referring to mostly Dino/Gajim/PSI+ here).

A transparent proxy is an actual solution, yes. However, it's like killing a mosquito with a bomb.

Death to ALL skeeters!