XMPP was designed long time ago without anonymity kept in mind. Depending on the capabilities of your XMPP client it may leak some sensitive information about your software configuration such as the time on your machine, your timezone, geolocation (XEP-0080), version of your operating system and version of your XMPP client. Some XMPP clients can also download a content (pictures, files) authomatically that may be used by attacker to reveal your IP address. Thus, if anonymity matters for you, it is always better to run XMPP client inside some virtual operating system (on virtual machine), that doesn’t share its software configuraton with your main operating system.
OTR enabled by default
not in Debian repo, but has signed portable installation and built-in updater
clumsy interface, wrt account connectivity
only global status options (can’t set per account)
has fewer user-configurable privacy options (compared to pidgin, gajim). Hopefully, that’s because they’re all set to safe defaults.
default has no stream-isolation: https://trac.torproject.org/projects/tor/ticket/14382. Whonix + Tor Messenger has stream isolation per xmpp server because port 9152 has IsolateDestAddr on Whonix-Gateway. Multiple accounts on same server will share circuits. Needs per-account proxy settings as is common on other chat clients.
wow.wow.wow. Love what I’m reading here: https://coy.im/about/
These guys are our kindred spirits. If coyIM does what it says it does, Tor Messenger is dead-on-arrival.
I’ll mostly just be repeating what’s on their About page… so what… it’s good.
new release yesterday. previous release 2 months ago. active development.
written in Golang.
supports one protocol (xmpp).
The goal of CoyIM is not to have every feature under the sun. Instead we want to carefully pick and choose the features that are necessary to create a good chat experience, while keeping the attack surface of the system to a minimum.
built-in OTR enabled by default. Tor enabled if present. (confirmed using netstat - port 9050).
! automatically connects to onion version of xmpp server if it exists (confirmed)
! automatic stream isolation of accounts (confirmed using onioncircuits: two accounts on same server going to same dest address and port were routed over different circuits. ?using IsolateSocksAuth like Tor Browser?)
(probably not a long enough delay to matter but it’s a nice touch)
If more than one account is configured, when connecting CoyIM will insert random delays before connecting to each account, in order to make fingerprinting of connections between accounts harder
yellow banner on top of home page indicating unaudited. nice transparency.
optionally encrypted config files
all dialog options explained clearly on the dialog
blob is signed. navigate to download directory for sigs
On their wishlist:
disposable one-click xmpp accounts
less config options are better
logging, maybe (personally, I wouldn’t mind having this)
ricochet does not use an inside application encryption layer. The only encryption is the one used by Tor onions. Therefore it does not provide OTR like encryption features. Maybe not catastrophic but also not great. Source:
unMessage uses stronger encryption, Double Ratchet Algorithm for in application encryption, which is similar to OMEMO (which is similar to OTR). More details:
The ‘Wire’ chat is created by Estonian ex-Skype mastermind (pre MS takeover) announced that they will opensource both client and server code. Multiple code audits over time show they are improving their codebase. The most recent by JP Aumasson (who uncovered bugs in Signal) confirms its robust crypto implementation. IM protocol uses Moxie’s ratchet. VoIP recently became E2E encrypted otherwise past notes say its RTP with SRTP. E2E encrypted group VoIP planned which no other major client has:
RTP is usually UDP based. Now that they are open source we can potentially ask for a TCP implementation like they did for Skype before. Maybe suggest Tor support too.
Server still has some proprietary components as of now (April 2017) but opening it up.
Both components client and server are released under strong copyleft licenses. However I noticed there are extra restrictions on client modification if the derivative app wants to connect to the Wire company server - that seems normal considering projects like Signal even forbid this from happening at all. They are aiming for a federated network anyhow so this restriction is less problematic long term.
Another point is contributions must happen under a CLA. Looking thru it: it seems a defensive agreement to make sure no one can abuse patents against them, copyrights are co-owned between contributors and them, promises that any contributions will be kept under an OSI or FSF license. Sounds reasonable.
Odd fact: signal (android app) does not work on a phone without google installed. Requires google services to run.
There’s more. I have a few online friends who keep dragging me into signal. But my main problem isn’t signal requiring google (which I’m not a fan of, for obvious reasons). My problem is that I don’t own a cellphone at all. I was glad when the users won the Linux battle on PC, but very sad when they lost the whole war by surrending to iOS/Android on their shiny smartphones. Most likely I would not buy a phone until it will be possible to install a standard Linux distribution on it, like I can do on my PC. I did a very superficial search online and it looks like signal also has a desktop app. Yet, to register an account, one still needs to have a phone to receive some authorization code to it. I would be glad to hear your feedback on this if you have anything to add.