The 2020 review of Messaging Service Providers: XMPP/Conversations

In the last edition of the messenger series 'Secure or not too secure' we looked at Delta Chat which is a provider that uses your existing email account. Personally, we're not fans of this route as a solution but it remains your call. That said, we are big fans of decentralization so it is great to be able to introduce you to a better solution via XMPP.

XMPP

XMPP started back in 1998, what makes it a very early pioneer and was developed to allow the exchange information and data. One beauty of it is that you can host XMPP yourself or chose from many instances.

Decentralization

As already mentioned, XMPP is decentralized, unlike Telegram or Threema where you have the providers' webservers involved. On XMPP you are not using just one centralized server. To chat you need to create on any of many servers an account or host it yourself. If you register on a server you will receive an account in the form of an email address, which ensures the name can not be issued twice. Of course, someone else could register the same name on a different server, but just as with email it will have a different ending you@server.whatever. Have a look to some XMPP servers:

Server overview · XMPP Compliance Tester

Pick and choose your Jabber server from a list of compatible servers or check if your current server supports all required features.

You can chose any server and decide for yourself what ending you want or who you trust to be hosting your account, again, this is unlike Telegram or Threema where you rely on one provider and one server.

Conversations

Conversations is a paid app available via the Google Play store, but you can have conversations free of charge via f-droid which would be always my (and should be your) first choice anyway. There is no Firebase Cloud Messaging! Conversations connects via a TCP connection to the XMPP server which should stay constantly connected, even if you switch from Mobile to Wifi etc.

Call and Video is supported via WebRTC which means it is encrypted on a one-on-one call, similar to Signal, Threema and even Telegram in the newest version.

Another cool feature is that when you share a location on the app you don't use Google Maps but OpenStreetMap instead.

It is always worth mentioning that there are no trackers nor analytics or even crash reports etc.

Conversations is fully open-source, which is always a massive plus as others can verify the code.

Conversations has E2EE (End-to-End-Encryption) which uses OMEMO or alternative OpenPGP. Both of these methods are based on the Double-Ratchet-Algorithm and PEP (XEP-0163). Double Ratchet was developed for Signal, but is also used also by other messaging apps such as Wire. The good news is that OMEMO uses PFS (Perfect Forwarding Secrecy) which should ensure no 'man in the middle' attacks can occur.

OMEMO had an audit in 2016.

https://conversations.im/omemo/audit.pdf

The audit mention under 2.2.3. Malicious device:

"One cannot expect messages to remain confidential when one of the participating devices is malicious. However, a user might suspect at least that the integrity of messages sent by an honest device is guaranteed by the protocol. After all, a secure Signal session with that honest device has been set up. However, the Signal session only protects the random key. A malicious device has access to that key and can thus re-encrypt and re-authenticate any payload with that key, without the receiving party being able to detect it. This is illustratedin Figure 3. The displayed attack only shows the attack in one direction: Eve is able to modify andread anything sent by Alice. Eve needs to apply the same attack to Bob in order to setup up a bidirectional man in the middle attack. Note that Eve needs to strip of her own <key/>element from the list of keys in every message in order to remain undetected from Bob.

Two careful users will not be susceptible to this attack, because neither of them will ever accept an unvalidated key. However, no matter how careful Bob is with validating the identity key of the sending device, he must assume that Alice has never made a mistake and none of the devices were compromised in order to be guaranteed the authenticity of messages that come from any of her devices. This trust in the other party is not necessary, if the messages were authenticated inside the Signal session. Also, Bob could make it less likely for Alice to accept a malicious device by creating a cryptographic link between devices."

Now this doesn't sounds so great, but keep in mind that this audit was done 2016 and audits are usually for the current version of the time. Hopefully this has been addressed in today's version.

E2EE encryption is present in Group and one-on-one chats. This encryption, however, is only guaranteed if both ends are using Conversations, as we have already mentioned XMPP is an older protocol and there are many clients out there, not all of them using E2EE. So make sure your chat partner uses a client that has encryption enabled. Here is a list of clients who have OMEMO enabled:

Are we OMEMO yet?

Tracking the progress of OMEMO integration in XMPP clients.

Are we OMEMO yet?

The good news here again is that you can have OMEMO encryption on almost every platform, including Linux, MacOS and Windows. On iOS you can use Siskin IM to achieve this encryption:

Siskin IM

Lightweight and powerful XMPP client for iPhone and iPad, with audio and video calls and built-in privacy

Siskin IM by Tigase, Inc.Tigase, Inc.

Note: we did not try Siskin and are not sure if group chats are fully E2EE but the one-on-one at least should be encrypted using this client.

Back to Conversations, as with Threema or Signal you can exchange your fingerprint with your chat partner. You can scan a barcode or activate the fingerprint on the chat partner after which the client will show OMEMO encrypted. The chat will also show a closed or open lock, if the lock is closed it indicates the chat is encrypted.

Metadata

Server Logs!

This is a weak point on XMPP, the server admin can theoretically see all logs, which can include your login password, contacts, messages that sent or received (if not encrypted), IP address of all users including your chat partners and all your Groupchats, Administrators, Moderators and Users.

Additionally, you rely on the XMPP administrator (of your chosen server) to do all security updates, keep the servers clean and secure and the TLS/SSL certificates up to date.

Now this may not sound like the kinda setup you want to use, but you can also be your own host and in charge of your own destiny ;) That said, it won't help that your chat opponent could be on an insecure or baldy managed server.

In other words, XMPP and, therefore, also Conversations are not great when it comes to Meta Data protection.

Thanks to XMPP you can synchronize your chats on multiple devices. For example, on Linux you can use Dino which works perfectly with encryption and synchronizes with XMPP servers,and, therefore, with your Conversations app.

Overall, XXMP and  Conversations has the potential to be a an excellent and super secure messenger if you host it yourself. It should be still great if you trust the server is maintained properly and, frankly, most servers should be operated ethical be perfectly fine.

However, keep in mind that problems could emerge when you use XMPP with contacts who are on different servers, as the more servers involved, the higher the risk that one isn't configured correctly or doesn't have an ethically monded admin. That said, if OMEMO encryption is in place the server administrators won't be able to read your messages anyway!

So whilst the beauty of decentralization can also be the problem with this setup, it is,  overall, a great messenger and it is always your call but perhaps use it in conjunction with your own server setup.

Back next month!