Hello everyone! Are there any benefits of hosting your own XMPP server, considering I always use end-to-end encryption in all of my chats?
I host my own. I’d say my contacts are split between XMPP and Matrix with many people having both. A lot of business use self hosted XMPP servers too. For example, Cisco communications solutions are based on XMPP.
The issue with free public servers is that you have no accountability. If they go away, or are left unmaintained, there’s nothing you can do about it.
My two cents, host at home, or at an infrastructure provider you pay for service.
Good points! Thank you :)
Absolutely. The only real privacy issue you face using a public XMPP server is that you trust all of your metadata (everything inferred and included with the message besides actual text content) to the server administrator. If all of your XMPP messages are moving through your server, you are in control of your metadata.
e2ee only protects the content of your messages, but not the meta-data. If you run your own XMPP server or use a small one run by someone you trust, the meta-data is much better protected than on a larger public XMPP server.
What kind of meta-data could it be?
For example the IP address of all the devices you use to connect to the server.
Also all the internal communication that happens between users on the same server… like who is connected to whom and talks to whom at what time etc. Some of it will of course leak to remote servers in a federated network, but with your own server as an inter-mediator a lot of the meta-data is only known to your own server.
e2ee is actually massively over-emphasised and basically snake-oil by the large centralized networks (like WhatsApp or Signal). The data they are really interested in is the meta-data that allows them to make accurate advertisement profiles of their users. And the CIA famously kills people based on meta-data alone.
That is the main improvement messengers like Session and SimpleX Chat try to solve. As long as Signal requires a phone number (a highly identifying piece of information), there will always be metadata.
Using a small trusted XMPP server is IMHO the only real solution as it approaches the problem not as a technical issue but a social one. Any technical “solution” (like those you mentioned) will be at best improve the situation for a few people that really understand what is happening on the protocol level and leave everyone else with an even worse footgun situation than before. There are so many examples of this that I lost track of counting then :(
I totally agree with your reasoning, XMPP is a better solution than Signal and Session imo. Having more control over your metadata is definitely valuable, however, I think SimpleX Chat could be a really good alternative to XMPP. The concept is really solid, a decentralized system of unidirectional message queues.
100% agree with you. Been keeping an eye out for something more streamlined to bring the whatsapp crowd over. XMPP ain’t it due to different servers with different features being a thing. So I only have a few contacts there. But as soon as SimpleX has a desktop client I’m moving over. Not because XMPP is bad, but because it’s not able to pull less privacy driven peope over.
I agree, once SimpleX implements a desktop client, read receipts, and account sync, it will be a great solution for the masses. The mobile apps are incredibly good for how young the project is, so I have high hopes for the desktop client.
deleted by creator
[This comment has been deleted by an automated system]
XMPP has Slidge now, which is arguably the better bridging system than anything Matrix currently has.
[This comment has been deleted by an automated system]
Group chats are supported in the latest version.
[This comment has been deleted by an automated system]
Thank you! But I’m not sure about moving to Matrix, since all of my contacts use XMPP. Also I believe I can communicate with Matrix users via bridge, if I’m correct?
There is a XMPP to Matrix bridge (aria-net.org fork of Bifrost is best), but to be honest the experience isn’t great from the XMPP side.
[This comment has been deleted by an automated system]
You could determine which XEPs to support…? Also, the usual benefits of hosting your own services. But neither is really a strong selling point IMHO.