Browse Source

maybe last fixes guide

pull/1/head
ugrnm 8 years ago
parent
commit
dd1a716011
  1. 53
      raw/beginners_guide_to_xmpp_speak.md

53
raw/beginners_guide_to_xmpp_speak.md

@ -10,57 +10,56 @@ status: draft
<a name='xmpp'></a>
###XMPP
[Extensible Messaging and Presence Protocol](https://xmpp.org/about). - A communications protocol based on XML that has been in development since 1999. Ever since the standard has been incrementally developed to add more functionality. It is the underlying technology that powers a lot of well known chat applications such as Whatsapp and GTalk.
[Extensible Messaging and Presence Protocol](https://xmpp.org/about). - A communications protocol based on XML that has been in development since 1999. Ever since the standard has been incrementally developed to add more functionality. It is the underlying technology that powers a lot of well known chat applications such as WhatsApp and Google Talk.
<a name='jabber'></a>
<span style="color:#fe4a49">Jabber</span> -
The original trademarked name of the for the Jabber service.. [Jabber.org](https://en.wikipedia.org/wiki/Jabber.org) is the original instant messaging (IM) service based on XMPP. Afterwards many different servers and clients have emerged. "Jabber" is to "XMPP", what "e-mail" is to "SMTP" and what "web" is to "HTTP".[ref][https://wiki.xmpp.org/web/Usability/Glossary](https://wiki.xmpp.org/web/Usability/Glossary)[/ref]
The original trademarked name of the Jabber service. [Jabber.org](https://en.wikipedia.org/wiki/Jabber.org) is the original instant messaging (IM) service based on XMPP. Afterwards many different servers and clients have emerged. "Jabber" is to "XMPP", what "email" is to "SMTP" and what "web" is to "HTTP".[ref][https://wiki.xmpp.org/web/Usability/Glossary](https://wiki.xmpp.org/web/Usability/Glossary)[/ref]
<a name='muc'></a>
<span style="color:#fe4a49">MUC</span> -
"Multi User Chat", the jargon for groupchat in XMPP world. This feature needs to be supported by both the clients and the servers. See [XEP-0045](#xep).
"Multi-User Chat", the jargon for groupchat in XMPP world. This feature needs to be supported by both the clients and the servers. See [XEP-0045](#xep).
<a name='roster'></a>
<span style="color:#fe4a49">ROSTER</span> -
is your list of contacts
is your list of contacts.
<span style="color:#fe4a49">JID</span> - Jabber ID / XMPP address. The identifier for a user account. It looks a lot like an e-mail address: user@server.com. It is a bit confusing but chatrooms also have a similar address: roomname@muc.server.com.
<span style="color:#fe4a49">JID</span> - Jabber ID / XMPP address. JID is the identifier of a user account. It looks a lot like an email address: user@server.com, but it is not. Some users might use the same name for both their email and JID but most of the time these are completely different things. Following the same logic, chatrooms also have a similar address: roomname@muc.server.com.
<a name='xep'></a>
###XEP - XMPP Extension Protocol</span>
[XEP-0045 MUC](https://xmpp.org/extensions/xep-0045.html) - defines support for Multi User Conferences, in other words, group chats.
[XEP-0045 MUC](https://xmpp.org/extensions/xep-0045.html) - defines support for Multi-User Chats, in other words, group chats.
[XEP-0163: PEP](http://xmpp.org/extensions/xep-0163.html) - Personal Eventing Protocol allows amongst others for automatically publishing avatars and OMEMO public keys
[XEP-0163: PEP](http://xmpp.org/extensions/xep-0163.html) - Personal Eventing Protocol allows amongst other things to automatically publish avatars and OMEMO public keys.
[XEP-0313: MAM](http://xmpp.org/extensions/xep-0313.html) - Message Archive Management, an extension that allows one to receive messages while offline)
[XEP-0313: MAM](http://xmpp.org/extensions/xep-0313.html) - Message Archive Management is an extension that allows one to receive messages while offline.
<a name='federated'></a>
<span style="color:#fe4a49">federated server</span> -
A group of decentralised servers that agreed upon certain standards to communicate with eachother. The federated XMPP protocol enables the user to select a client of preference and connect to a XMPP server of choice.
A group of servers which agreed upon certain standards to communicate with each other. Such a group is a federation of servers. The federated XMPP protocol enables the user to select a client of preference and connect to their XMPP server of choice.
<a name='centralized'></a>
<span style="color:#fe4a49">centralized service</span> -
A vertical integrated service that includes both the client- and server software.
A vertically integrated service that includes both exclusive client and server software. In this scenario, most of the time, the user can only run one specific client and only interact with other users from the same service.
## Software: Clients
As featured in our guide on [XMPP clients](http://homebrewserver.club/picking-modern-xmpp-clients.html):
<a name='conversations'></a>
[Conversations](https://conversations.im/) - Mobile client for Android
[Conversations](https://conversations.im/) - Mobile client for Android.
<a name='gajim'></a>
[Gajim](https://gajim.org/) - Desktop client for Linux distributions
[Gajim](https://gajim.org/) - Desktop client for Linux distributions, BSD, and Windows.
<a name='chatsecure'></a>
[ChatSecure](http://chatsecure.org/) - Mobile client for Apple iOS, 'experimental', but in active development
[ChatSecure](http://chatsecure.org/) - Mobile client for Apple iOS, 'experimental', but in active development.
<a name='adium'></a>
[Adium](https://adium.im/) - Desktop client for Apple OSX
[Adium](https://adium.im/) - Desktop client for Apple macOS.
[There are many more clients available](https://xmpp.org/software/clients.html). Check your local F-Droid/Google Play Store/AppStore.
[There are many more clients available](https://xmpp.org/software/clients.html). Check your local F-Droid/Google Play Store/AppStore.
## Software: Server
@ -70,40 +69,40 @@ As featured in our guide on [XMPP clients](http://homebrewserver.club/picking-mo
## Encryption
<a name='c2s'></a>
<span style="color:#fe4a49">C2S</span> - The connection between a client and the server
<span style="color:#fe4a49">C2S</span> - The connection between a client and the server.
<a name='s2s'></a>
<span style="color:#fe4a49">S2S</span> - The connection between servers
<span style="color:#fe4a49">S2S</span> - The connection between servers.
### Transport Layer encryption
Encrypts communication while it is in transfer between client and server (c2s) or from one server to another (s2s). The servers where the messages are relayed between can however still read their content. It is probably known to most people in the form of HTTPS, which indicates the communication is encrypted between your browser and the server the website is hosted on.
Encrypts communication while it is in transit between client and server (c2s) or from one server to another (s2s). The servers where the messages are relayed between can however still read their content. It is probably known to most people in the form of HTTPS, which indicates the communication is encrypted between your browser and the server that is hosting the website you visit.
Depending on your thread model, in case you and your contacts share the same trusted XMPP server, transport layer encryption might be enough to safeguard your privacy.
Depending on your threat model, in case you and your contacts share the same trusted XMPP server, transport layer encryption might be enough to safeguard your privacy.
<a name='e2e'></a>
### end-to-end encryption (e2e)
End-to-end encryption encrypts the content of a message. Only the sender and receiver at the ends of the communication chain can read the message, but not the servers in between.
End-to-end ciphers is client side method for encrypting messages. Only the sender, and the receiver, at both ends of the communication chain, can read the message, but not the servers in between.
<a name='otr'></a>
<span style="color:#fe4a49">OTR</span> -
"Off-The-Record" is one of the older forms of e2e encryption available to messaging clients. The big disadvantage of OTR is that both clients need to be online at the same time for the encrypted session to work.
"Off-The-Record" is one of the older forms of e2e encryption available in some messaging clients. The big disadvantage of OTR is that both clients need to be online at the same time for the encrypted session to work.
<a name='omemo'></a>
<span style="color:#fe4a49">OMEMO</span> -
OMEMO Multi-End Message and Object Encryption, OMEMO is the XMPP implementation of the Double Ratchett encryption algorithm developed for Signal by Moxie Marlinspike/Open Whisper Systems. It is the most modern and convenient encryption mechanism that is practically invisible to the user. It also provides so-called forward secrecy meaning that every message is separatly encrypted. In the case that one cipher is intercepted by a third party, only one message can thus be decrypted.
OMEMO Multi-End Message and Object Encryption, OMEMO is the XMPP implementation of the Double Ratchett encryption algorithm developed for Signal by Moxie Marlinspike at Open Whisper Systems. It is the most modern and convenient encryption mechanism that is practically invisible to the user. It also provides so-called forward secrecy, which means that every message is separatly encrypted. In the case that one cipher is intercepted by a third party, only one message can thus be decrypted.
<a name='tofu'></a>
<span style="color:#fe4a49">TOFU</span> -
Trust On First Use. A mechanism where the received fingerprint is assumed trusted immediately and is therefore checked as verified. Used in ChatSecure for OTR and OMEMO, called 'Blind Trust' in Conversations
Trust On First Use. A mechanism where the received fingerprint is assumed trusted immediately and is therefore checked as verified. Used in ChatSecure for OTR and OMEMO, called 'Blind Trust' in Conversations.
<a name='openpgp'></a>
<span style="color:#fe4a49">OpenPGP</span> -
Pretty good Privacy, the oldest available method of end-to-end encryption which requires quite some knowledge and maintenance by users. OMEMO is designed to provide similar or better encryption with less hassle. To use OpenPGP in Conversation athird party app called OpenKeyChain is required.
Pretty good Privacy is the oldest generic method for end-to-end encryption. It requires quite some knowledge and maintenance frmo its users. OMEMO is designed to provide similar or better encryption with less hassle. To use OpenPGP in Conversation a third party app called OpenKeyChain is required.
<a name='threat'></a>
<span style="color:#fe4a49">Threat Model</span>. When thinking about security and privacy one has to realise one can't protect him/herself against every kind of threat. Either one doesn't have the resources, the time or it becomes impssible because measures against one form of threat open up vulnerabilities against another. In that sense the concept of a 'threat model' is useful. What poses a credible threat to you and your situation? Who represents that threat? WWhat kind of resources does this threat posess? The answer to these questions should inform you on what kind of measures one should take and which ones have the highest priority.
<span style="color:#fe4a49">Threat Model</span>. When thinking about security and privacy it is important to note that there is no such thing as a protection against every and any possible threats. By aiming too large and aimlessly at a universal form of privacy, there is a risk of missing obvious blind spots because of lack of resources, lack of time, and lack of knowledge to cover all possible situations. In that sense the concept of a *threat model* is very useful. In a threat model, an assessment of what has to be secured and who could be willing to acquire your information and at what cost, is established in a realistic fashion. What poses a credible threat to you and your situation? Who represents that threat? What kind of resources does this threat possesses? The answer to these questions should inform you on what kind of measures one should take and which ones have the highest priority.
Obviously this differs from situation to situation. Commonly the government and government intelligence agencies are seen as the big threat towards everybodies privacy. In the case you organise politically or are a dissident in your society a this threat is likely. For most people however it much more realistic and effective to base their threat model not on a government but rather on their dependence on large corporations which make money out of surveillance their data. In that case it might be much more effective not to invest a lot of time to teach yourself how to use OpenPGP with google mail but rather to switch to a different mailprovider all together, and encourage your friends while your at it.
Obviously this differs from situation to situation. Are you a political activists or dissident trying to organise for direct action and trying to avoid surveillance from governement agencies? Are you the user of a popular social network, trying to protect as much as possible your most confidential information from your private life? Are you an office worker trying to leak confidential information about unethical activities of your employer while remaining anonymous? Are you a user of public or private torrent trackers hoping to get away with mass downloading and uploading of whole seasons of The Great British Baking Show? Every situation is different, every situation needs a specific understanding of what is at stake and what would be the consequence if what you try to protect is exposed. Don't believe in magical solutions, do your homework.
This list is partly based [on this glossary](https://wiki.xmpp.org/web/Usability/Glossary)

Loading…
Cancel
Save