[Extensible Messaging and Presence Protocol](https://xmpp.org/about). - A communications protocol based on XML that has been in development since 1999. Ever since the standard has been incrementally developed to add more functionality. It is the underlying technology that powers a lot of well known chat applications such as Whatsapp and GTalk.
<aname='jabber'></a>
<spanstyle="color:#fe4a49">Jabber</span> -
The original name of the [Extensible Messaging and Presence Protocol](https://en.wikipedia.org/wiki/XMPP) (XMPP), the open technology for instant messaging and presence. [Jabber.org](https://en.wikipedia.org/wiki/Jabber.org) is the original instant messaging (IM) service based on XMPP.
The original trademarked name of the for the Jabber service.. [Jabber.org](https://en.wikipedia.org/wiki/Jabber.org) is the original instant messaging (IM) service based on XMPP. Afterwards many different servers and clients have emerged. "Jabber" is to "XMPP", what "e-mail" is to "SMTP" and what "web" is to "HTTP".[ref][https://wiki.xmpp.org/web/Usability/Glossary](https://wiki.xmpp.org/web/Usability/Glossary)[/ref]
<aname='muc'></a>
<spanstyle="color:#fe4a49">MUC</span> -
"Multi User Chat", a groupchat
"Multi User Chat", the jargon for groupchat in XMPP world. This feature needs to be supported by both the clients and the servers. See [XEP-0045](#xep).
<aname='roster'></a>
<spanstyle="color:#fe4a49">ROSTER</span> -
is your list of contacts
<spanstyle="color:#fe4a49">JID</span> - Jabber ID / XMPP address. The identifier for a user account. It looks a lot like an e-mail address: user@server.com. It is a bit confusing but chatrooms also have a similar address: roomname@muc.server.com.
* [XEP-0045 MUC](https://xmpp.org/extensions/xep-0045.html) - Multi User Conference, in other words, group chats.
[XEP-0045 MUC](https://xmpp.org/extensions/xep-0045.html) - defines support for Multi User Conferences, in other words, group chats.
* [XEP-0163: PEP](http://xmpp.org/extensions/xep-0163.html) - Personal Eventing Protocol allows amongst others for automatically publishing avatars and OMEMO public keys
[XEP-0163: PEP](http://xmpp.org/extensions/xep-0163.html) - Personal Eventing Protocol allows amongst others for automatically publishing avatars and OMEMO public keys
* [XEP-0313: MAM](http://xmpp.org/extensions/xep-0313.html) - Message Archive Management, an extension that allows one to receive messages while offline)
[XEP-0313: MAM](http://xmpp.org/extensions/xep-0313.html) - Message Archive Management, an extension that allows one to receive messages while offline)
@ -61,45 +65,45 @@ As featured in our guide on [XMPP clients](http://homebrewserver.club/picking-mo
## Software: Server
<aname='prosody'></a>
[Prosody](http://prosody.im/) - XMPP Server software in active development (as of 2017).
[Prosody](http://prosody.im/) - Open Source XMPP Server software written in [LUA](https://www.lua.org/about.html). It is actively being developed and is notable for the [large ammount of supported XEPs](http://prosody.im/doc/xeplist).
## Encyption methods
## Encryption
<aname='c2s'></a>
<spanstyle="color:#fe4a49">C2S</span> - The connection between a client and the server
<aname='s2s'></a>
<spanstyle="color:#fe4a49">S2S</span> - The conneciton between servers
<spanstyle="color:#fe4a49">S2S</span> - The connection between servers
<aname='e2e'></a>
<spanstyle="color:#fe4a49">E2E</span> - End-to-end encryption encrypts the content of a message, so that only the sender and receiver at the ends of the communication chain can read it.
### Transport Layer encryption
Encrypts communication while it is in transfer between client and server (c2s) or from one server to another (s2s). The servers where the messages are relayed between can however still read their content. It is probably known to most people in the form of HTTPS, which indicates the communication is encrypted between your browser and the server the website is hosted on.
### https/SSL/server-to-server encryption
Encrypts information while it is transfered, but the server can still read it.
Depending on your thread model, in case you and your contacts share the same trusted XMPP server, transport layer encryption might be enough to safeguard your privacy.
### OMEMO/end-to-end encryption
The information is encrypted, and also the server cannot read it .
<aname='e2e'></a>
### end-to-end encryption (e2e)
End-to-end encryption encrypts the content of a message. Only the sender and receiver at the ends of the communication chain can read the message, but not the servers in between.
<aname='otr'></a>
<spanstyle="color:#fe4a49">OTR</span> -
"off the record"
"Off-The-Record" is one of the older forms of e2e encryption available to messaging clients. The big disadvantage of OTR is that both clients need to be online at the same time for the encrypted session to work.
<aname='omemo'></a>
<spanstyle="color:#fe4a49">OMEMO</span> -
OMEMO Multi-End Message and Object Encryption, OMEMO is the XMPP implementation of the Double Ratchett encryption algorithm developed for Signal by Moxie Marlinspike/Open Whisper Systems.
is a client2client encryption tool, it encrypts messages between two conversations.
OMEMO Multi-End Message and Object Encryption, OMEMO is the XMPP implementation of the Double Ratchett encryption algorithm developed for Signal by Moxie Marlinspike/Open Whisper Systems. It is the most modern and convenient encryption mechanism that is practically invisible to the user. It also provides so-called forward secrecy meaning that every message is separatly encrypted. In the case that one cipher is intercepted by a third party, only one message can thus be decrypted.
<aname='tofu'></a>
<spanstyle="color:#fe4a49">TOFU</span> -
trust on first use (Blindly assumes the received fingerprint is trusted and is therefore checked as verified. Used in ChatSecure for OTR and OMEMO, called 'Blind Trust' in Conversations
Trust On First Use. A mechanism where the received fingerprint is assumed trusted immediately and is therefore checked as verified. Used in ChatSecure for OTR and OMEMO, called 'Blind Trust' in Conversations
<aname='openpgp'></a>
<spanstyle="color:#fe4a49">OpenPGP</span> -
Pretty good Privacy, the oldest available method of end-to-end encryption which requires quite some knowledge and maintenance by users. OMEMO is designed to provide similar or better encryption with less hassle. To use OpenPGP in Conversation athird party app called OpenKeyChain is required.
<aname='threat'></a>
<spanstyle="color:#fe4a49">Threat Model</span> -
...
<spanstyle="color:#fe4a49">Threat Model</span>. When thinking about security and privacy one has to realise one can't protect him/herself against every kind of threat. Either one doesn't have the resources, the time or it becomes impssible because measures against one form of threat open up vulnerabilities against another. In that sense the concept of a 'threat model' is useful. What poses a credible threat to you and your situation? Who represents that threat? WWhat kind of resources does this threat posess? The answer to these questions should inform you on what kind of measures one should take and which ones have the highest priority.
Obviously this differs from situation to situation. Commonly the government and government intelligence agencies are seen as the big threat towards everybodies privacy. In the case you organise politically or are a dissident in your society a this threat is likely. For most people however it much more realistic and effective to base their threat model not on a government but rather on their dependence on large corporations which make money out of surveillance their data. In that case it might be much more effective not to invest a lot of time to teach yourself how to use OpenPGP with google mail but rather to switch to a different mailprovider all together, and encourage your friends while your at it.
This list is partly based [on this glossary](https://wiki.xmpp.org/web/Usability/Glossary)
