With the corporations of surveillance capitalism on one side, state agencies on the other – and caught between them everyone using the internet – today, it's not only likely but downright guaranteed that you – yes you! – are under surveillance.
Take refuge and communicate
- Securely
- Anonymously
- Freely
On chat.phryk.net!
Henlo and the bestest of welcomes to chat.phryk.net!
Here, a dedicated team of raccoons from phryk evil mad sciences, LLC
offers free and secure communication for leftiststerrorists
in the form of a pretty damn spiffy, invite-based messaging service that
integrates into the larger, decentralized XMPP network.
This service is, in big part, a reaction to legislation from the EU Parliament about the automated analysis of the contents of private communications as well as their forwarding to law enforcement agencies.
Said legislation, colloquially dubbed ChatControl, already legalized this practice with another piece of legislation planned to make it not only legal, but mandatory for the providers of "number-independent interpersonal communication services" like E-Mail and Messengers. You can read more about it in our short article tackling the issue.
XM–WHAT now?
XMPP – eXtensible Messaging & Presence Protocol – refers to the technical specification underlying this service.
No worries if you're not a techie, there's no need to know about the nitty-gritty specifics, but there are a few key qualities you should know about because they explain why we advocate the use of XMPP for secure communications between lefties.
Some of this might seem boring – and maybe it is – but in an age of ubiquitous surveillance you can't really afford not knowing this shit at least at a surface level if you want to make informed decisions.
- Support for multiple types of strong End-to-End Encryption (E2EE)
- Decentralized
- Free & Open standard
- Extensible
- Not bound to established unique personal identifiers
- Wide array of software using it
- XMPP software covers pretty much any system imaginable
- We can basically guarantee someone ran this on a toaster
- We're only half-joking, someone probably actually did.
- We can basically guarantee someone ran this on a toaster
- XMPP software covers pretty much any system imaginable
If you want a more detailed explanation of these points, feel free to partake in the consumption of our text X as in Freedom: Why dissidents have ample reason to use XMPP.
Features, features, features!
- Messaging with other users on this or any other reasonably secure server in the wider XMPP network
- Chatrooms
- File transfers
- STUN/TURN NAT traversal to support audio/video chats
- End-to-End Encryption enforcement
- Mobile connectivity optimizations
- Support for parallel logins with message synchronization
- Ephemeral message archive – messages are deleted after one week
- Browser client in case you can't install apps/programs
- Web-based invites to onboard our comrades. ( ͡° ͜ʖ ͡°)
- 100% score on compliance.conversations.im!
- Fully IPv6-enabled
- Free & Open-Source Prosody on a Free & Open-Source FreeBSD on disks encrypted with AES-256
Okay, cool – what do I need?
If you have an invite to this service – nothing! Just go through the invitation process and you'll get logged onto the service right here in your browser.
Otherwise, you mostly need an XMPP client, mostly.
We say mostly, because this service is currently invite-only – but don't worry, XMPP still has you covered with lots of servers. You can take a look at the Server Directory at the IM Observatory to see if anything listed there strikes your fancy. Personally, we deem jabber.systemli.org and jabber.ccc.de trustworthy but audio/video chat might not work properly.
An XMPP client is the program used to communicate through an XMPP service.
We do offer a in-browser access if you can't install a client on your device or are still undecided, but we very strongly recommend going native – and we have a few recommendations.
All of these are Free & Open-Source Software and support the OMEMO E2EE standard, which has quickly become the most popular E2EE scheme in the XMPP ecosystem.
Platform | Client | E2EE for File Uploads | E2EE for Chatrooms | E2EE for audio/video chats |
---|---|---|---|---|
Android | Conversations | YES, UNVERIFIED | YES, UNVERIFIED | YES, UNVERIFIED |
iOS | Siskin | UNVERIFIED | UNVERIFIED | UNVERIFIED |
macOS | Beagle | UNVERIFIED | UNVERIFIED | UNVERIFIED |
Linux, BSD | Dino | YES, UNVERIFIED | YES, UNVERIFIED | NO, UNVERIFIED |
Windows, Linux, BSD, macOS | Gajim | UNVERIFIED | UNVERIFIED | UNVERIFIED |
After installing one of these, it's simple – just enter your JID
(<yourname>@phryk.net
) and password and start chatting!
Roadmap
This service already offers a lot of features, but is still lacking some things we want in order to further improve the security and usability of XMPP.
What's there? What's to come?
Please note that we only talk about server capabilities here, to see what each of the XMPP clients we support can do, please refer to our list of supported clients.
Feature | Are we there yet? |
---|---|
Basic XMPP | YES |
Mobile Optimizations | YES |
File Uploads | YES |
Community Chatrooms | YES |
Invite-based Registration | YES |
Invite Creation for Community Members | NO |
TLS-only Setup | YES |
STUN/TURN NAT Traversal Service for A/V Calls | YES |
Settings Bot or Dialogue | NO |
Improved Moderation Tools | NO |
Self-destructing Message Archive | YES |
E2EE enforcement Grace Periods | YES |
E2EE enforcement for Direct Messaging | YES |
E2EE enforcement for Chatrooms | YES |
E2EE enforcement for File Uploads1 | NO |
E2EE enforcement for Audio/Video Calls | NO |
Extended Cryptographic Canaries | NO2 |
Client-side or Encrypted Contact Rosters3 | NO |
Automated testing | NO |
For more information about the protocol-level capabilities of this service, see our entry at compliance.conversations.im.
-
End-to-End-Encrypted uploads are an area of ongoing research in the XMPP community, with only one preliminary XEP that has limitations and is supposed to be superseded by a well-engineered follow-up. As such, full-fledged official support and enforcement will take a while. ↩
-
We put a good bunch of work into this, but it's currently just not possible with GnuPG because it's a giant garbage fire. We're currently waiting for the good folks at Sequoia to finish and release the python bindings for sequoia-sop so we can do this in a way that's not complete shit. 🤷 ↩
-
This is not a feature most (if any) non-P2P messaging solutions have and might not be technically possible/viable, but we're planning to look into it anyhow. XMPP is already better than Signal in this regard as your JID won't be leaked to everyone in the same chatroom as you. ↩