[Extensible Messaging and Presence Protocol](https://xmpp.org/about). - A communications protocol based on XML that has been in development since 1999. Ever since the standard has been incrementally developed to add more functionality. It is the underlying technology that powers a lot of well known chat applications such as Whatsapp and GTalk.
The original trademarked name of the for the Jabber service.. [Jabber.org](https://en.wikipedia.org/wiki/Jabber.org) is the original instant messaging (IM) service based on XMPP. Afterwards many different servers and clients have emerged. "Jabber" is to "XMPP", what "e-mail" is to "SMTP" and what "web" is to "HTTP".[ref][https://wiki.xmpp.org/web/Usability/Glossary](https://wiki.xmpp.org/web/Usability/Glossary)[/ref]
"Multi User Chat", the jargon for groupchat in XMPP world. This feature needs to be supported by both the clients and the servers. See [XEP-0045](#xep).
<spanstyle="color:#fe4a49">JID</span> - Jabber ID / XMPP address. The identifier for a user account. It looks a lot like an e-mail address: user@server.com. It is a bit confusing but chatrooms also have a similar address: roomname@muc.server.com.
[XEP-0163: PEP](http://xmpp.org/extensions/xep-0163.html) - Personal Eventing Protocol allows amongst others for automatically publishing avatars and OMEMO public keys
[XEP-0313: MAM](http://xmpp.org/extensions/xep-0313.html) - Message Archive Management, an extension that allows one to receive messages while offline)
A group of decentralised servers that agreed upon certain standards to communicate with eachother. The federated XMPP protocol enables the user to select a client of preference and connect to a XMPP server of choice.
[Prosody](http://prosody.im/) - Open Source XMPP Server software written in [LUA](https://www.lua.org/about.html). It is actively being developed and is notable for the [large ammount of supported XEPs](http://prosody.im/doc/xeplist).
Encrypts communication while it is in transfer between client and server (c2s) or from one server to another (s2s). The servers where the messages are relayed between can however still read their content. It is probably known to most people in the form of HTTPS, which indicates the communication is encrypted between your browser and the server the website is hosted on.
Depending on your thread model, in case you and your contacts share the same trusted XMPP server, transport layer encryption might be enough to safeguard your privacy.
End-to-end encryption encrypts the content of a message. Only the sender and receiver at the ends of the communication chain can read the message, but not the servers in between.
"Off-The-Record" is one of the older forms of e2e encryption available to messaging clients. The big disadvantage of OTR is that both clients need to be online at the same time for the encrypted session to work.
OMEMO Multi-End Message and Object Encryption, OMEMO is the XMPP implementation of the Double Ratchett encryption algorithm developed for Signal by Moxie Marlinspike/Open Whisper Systems. It is the most modern and convenient encryption mechanism that is practically invisible to the user. It also provides so-called forward secrecy meaning that every message is separatly encrypted. In the case that one cipher is intercepted by a third party, only one message can thus be decrypted.
Trust On First Use. A mechanism where the received fingerprint is assumed trusted immediately and is therefore checked as verified. Used in ChatSecure for OTR and OMEMO, called 'Blind Trust' in Conversations
Pretty good Privacy, the oldest available method of end-to-end encryption which requires quite some knowledge and maintenance by users. OMEMO is designed to provide similar or better encryption with less hassle. To use OpenPGP in Conversation athird party app called OpenKeyChain is required.
<spanstyle="color:#fe4a49">Threat Model</span>. When thinking about security and privacy one has to realise one can't protect him/herself against every kind of threat. Either one doesn't have the resources, the time or it becomes impssible because measures against one form of threat open up vulnerabilities against another. In that sense the concept of a 'threat model' is useful. What poses a credible threat to you and your situation? Who represents that threat? WWhat kind of resources does this threat posess? The answer to these questions should inform you on what kind of measures one should take and which ones have the highest priority.
Obviously this differs from situation to situation. Commonly the government and government intelligence agencies are seen as the big threat towards everybodies privacy. In the case you organise politically or are a dissident in your society a this threat is likely. For most people however it much more realistic and effective to base their threat model not on a government but rather on their dependence on large corporations which make money out of surveillance their data. In that case it might be much more effective not to invest a lot of time to teach yourself how to use OpenPGP with google mail but rather to switch to a different mailprovider all together, and encourage your friends while your at it.
This list is partly based [on this glossary](https://wiki.xmpp.org/web/Usability/Glossary)
------------------------------------------------
This guide is a companion to our article [Have You Considered The Alternative?](http://homebrewserver.club/have-you-considered-the-alternative.html) on instant messaging. Also check out our guide on [configuring the self-hosted XMPP server Prosody](http://homebrewserver.club/configuring-a-modern-xmpp-server.html), and our guide on [XMPP clients](http://homebrewserver.club/picking-modern-xmpp-clients.html).
