-
James Clarke
Is this message coming through. Just started using XMPP which was preinstalled on my Yunohost server. Its been a long time since I've used this.
-
James Clarke
Did my message come through?
-
Sam@!
James Clarke: yes hello
-
James Clarke
> James Clarke: yes hello Great!!!
-
James Clarke
Last time I used XMPP I was in secondary school and did not understand the technicals.
-
James Clarke
Now I know more. Its a IETF standard like email which is cool. Unlike email it can easily have end-to-end encryption.
-
James Clarke
How secure is XMPP? By the way if you haven't noticed its my own server I am using.✎ -
James Clarke
By the way if you haven't noticed its my own server I am using. ✏
-
rob
Very, of you use e2e✎ -
rob
Very, if you use e2e ✏
-
James Clarke
Yea. What else is XMPP good for?
-
James Clarke
Do you think people will be able to reach me easily?
-
rob
If they too have an account on a server yes
-
James Clarke
I have email too. But I like to use protocols which are adapted for chat but also popular. And libre software.
-
rob
I run a server as well, so give out accounts for people I want to get on it
-
James Clarke
Which is why I have Signal,Telegram, Matrix,Tox,Email
-
rob
There are some projects that run social networking over xmpp, movim.im for instamce
-
James Clarke
> I run a server as well, so give out accounts for people I want to get on it I am using yunohost. And yes I do for my friends. If they get an account. Its SSO so they get access to Email as well, and other services like gitlab,etc.
-
rob
James Clarke: we try to use this channel for operator related issues. Keeps the noise down
-
James Clarke
Sure. Sorry. Glad it works though. Thanks for helping me verify that.
-
thndrbvr
Menel: > smooth_operator wrote: > the 35% of servers that don't require TLS over s2s still means encryption isn't as ubiquous. i don't see why an op wouldn't want it Exclusively Tor? I think TOR is usually non-https, right? Because it has it's own encryption.
-
Menel
Why menel? Also: that statement was wrong: 35% don't use direct TLS. But all of them use starttls. So ~100% is encrypted.
-
thndrbvr
James Clarke: you may be interested in DeltaChat. It's a program that uses e-mail for IM. It's UI is more that of a typical IM client and creates a folder chats to go.
-
Menel
I don't know much about tor, but I think the first layer of tor is still https for web stuff. Or rather. Its unrelated what you send through the tor tunnel.. And most of the time you send https I suppose
-
thndrbvr
Oh. Sorry, menel. Maybe I clicked the wrong bubble in BlabberIM.
-
thndrbvr
Speaking of socnets using XMPP: GNUsocial, and I believe Diaspora*, and Friendica use it for various things. GS allows posting, reading feeds, among other things. I believe v3 will support Groups as MUCs. Unsure of the details ATM. I think just auto creation of MUCs and the usual usage of commands to post to the Group feed.
-
mjk
thndrbvr: > I think TOR is usually non-https, right? Because it has it's own encryption. onion services are usually http as it's hard to get a cert for .onion domain. otherwise, Tor just tunnels TCP
-
Menel
For an onion service, what normally would be the "exit node" thats where the onion service is hostet right? So the deepest onion layer goes right to the onion service? Then encryption on top of that would be redundant I suppose
-
smooth_operator
> Also: that statement was wrong: > 35% don't use direct TLS. > But all of them use starttls. > So ~100% is encrypted. Menel: i was comparing the columns that stated tls was required vs supported. my interpretation of required was: direct tls only, or starttls is enforced
-
smooth_operator
but it's already been stated those stats aren't correct so those conclusions are up in the air
-
smooth_operator
and for an onion service, it's e2ee across tor to the server. not true for a clearnet service accessed by tor - an exit node terminates the circuit and then establishes connections to the destination server
-
smooth_operator
http over tor to an onion = good https over tor to an onion = good with _some_ added assurance https over tor to not-onion = okay [exit node can monitor tls session, sni, traffic flows] http over tor to not-onion = bad [exit node can monitor everything]
-
Menel
smooth_operator: about tor. yes, I thought so.