After the arrest of Pavel Durov, I wanted to move from Telegram to something end-to-end encrypted. I know Signal is pretty good, but I think it is better to have our messages in my own server.
I have already looked in XMPP, but it required SSL certs and I did not have the mood to configure them.
Do you know any other selfhosted messaging service for a group of 4-5 friends, or an easy way to configure an XMPP server? Or shall I use Signal after all (I don’t really care that much about being selfhosted, I just thought it would be more privacy friendly)?
UPDATE: I managed to set up an XMPP server using prosody with the SSL certs. We have been testing it with my friend and it seems to go well.
SSL certs is so easy with let’s encrypt, that really shouldn’t be a blocker.
If you want something easy I think you have your answer with Signal
I know, but for some reason my router does not let me access my domain (with duckdns) when connected to my network. So even if I get certs for the domain, I will not be able to access it. I have set up local DNS entries (with Pi-Hole) to point to my srrver, but I don’t know if it possible to get certs for that, since it is not a real domain.
EDIT: Fixed it. (See reply for fix)
I have set up local DNS entries (with Pi-Hole) to point to my srrver, but I don’t know if it possible to get certs for that, since it is not a real domain.
So long as your certs are for your fully qualified domain there’s no problem. I do this, as do many people — mydoman.com is fully qualified, but on my own network I override the DNS to the local address. Not a problem at all — DNS is tied to the hostname, not the IP.
I managed to fix this problem by pointing my domain name to my private IP address (with pihole’s local DNS entries), so I could access it. Then, I just got certs for the domain and applied them with nginx.
Most people use either Matrix or XMPP. Both work.
There is a nice overview of chat protocols here: https://www.messenger-matrix.de/
I mostly use matrix as of today. I think it’s alright. It’s a bit difficult to explain encryption and device verification to other people… I think that could be designed better. But apart from that it works very well. So does XMPP which I’ve used before that. Have a look at the messenger matrix and all the options before deciding on an ecosystem. I’d take one of the friends and do some evaluation before dragging the whole group in. You can do that with some pre-existing servers before learning how to host the server part.
And btw: With most of them you can just use some public servers. You should do that unless you’re willing to put in the effort to maintain an own server. That’d give you complete control over the infrastructure… But it’s also a liability to maintain a server, do the updates etc for a group of friends and maybe years to come… End to end encryption will keep the content of your messages private, anyways. (If you use it.)
Use XMPP. Thanks to Let’s Encrypt being implemented in basically every reverse proxy, setting it up is a matter of seconds.
What about p2p messengers?
IMO, Briar is the best option. I recently started a project to connect users in the Briar private groups and forums. We just need to get enough users active to get the network effect working for us and not against us.
something end-to-end encrypted.
required SSL certs and I did not have the mood to configure them.
…right…
Did you look into snikket? It’s XMPP-in-a-box.
https://snikket.org/ is the easy to configure XMPP server, but it still needs SSL certificates. But that’s fairly easy to do with Snikket AFAIK.
Or you could simply ask the Snikket developers to host a server for you for a small fee. If you are US or Canada based https://jmp.chat/ is also a great service, and it includes a free Snikket server as an add-on.
Simplex is an option, you can host your own servers and it has crossplatform GUI + CLI
I think it’s pretty cool, and it’s pretty easy to set up (there are a lot of options you may wanna look at though)
I’m considering Zulip
https://zulip.readthedocs.io/en/latest/production/install.html
I have already looked in XMPP, but it required SSL certs and I did not have the mood to configure them.
There are definitely XMPP clients that do end-to-end encryption that do not rely on TLS for key exchange, though.
https://en.wikipedia.org/wiki/Off_the_record_messaging
Off-the-record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.
The primary motivation behind the protocol was providing deniable authentication for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of the participants. The initial introductory paper was named “Off-the-Record Communication, or, Why Not To Use PGP”.[1]
I’ve used Pidgin with the libOTR plugin that implements that protocol.
These days I think OMEMO is a better choice than OTR, if your client supports it.
Neat!
I hear XMPP through Snikket is pretty easy. I just used prosody though
i was trying to find a link to Apache’s chat server that we used to power cruise ship chat applications w/out internet. i didn’t find it but this list i found has some neat projects listed, so i thought i would share that at least: https://medevel.com/26-os-chat-servers/ (no affiliation)
Rocket.chat could be an option
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol NAT Network Address Translation SSL Secure Sockets Layer, for transparent encryption TLS Transport Layer Security, supersedes SSL VPN Virtual Private Network XMPP Extensible Messaging and Presence Protocol (‘Jabber’) for open instant messaging nginx Popular HTTP server
[Thread #980 for this sub, first seen 19th Sep 2024, 20:25] [FAQ] [Full list] [Contact] [Source code]