XMPP (Extensible Messaging and Presence Protocol) - also called "Jabber" - is a protocol for exchanging messages over the Internet. The protocol was published as early as 1999 and was approved as an official Internet standard by the Internet Engineering Task Force (IETF) in 2004. XMPP is under constant development. New extensions of the protocol are specified in so-called XEPs.
A XMPP address looks like an email address but its not an email address. But XMPP is comparable to email. You choose one of the many providers among the XMPP servers and create an account there. You can also run an free and open source XMPP server software yourself. With an account on you can send instant messages to all other XMPP addresses worldwide. As with email, you need an extra program installed - an XMPP client. There are many clients for all the different platforms available. There are XMPP clients for Mac or the desktop PC and for mobiles as well. In the following I would like to discuss the use of XMPP on a smartphone
. For this I have to make a short introduction.
And why is there this annoying fish?
Do you have WhatsApp?
Too many people today rely with all communication via smartphone on a single company, owned by an Internet giant, that generates its profit purely from the exploitation of user information. Every single user entrusts himself completely to this company - with all his private conversations and metadata.
However, it can become problematic when we entrust our secrets and very personal to a "closed source" application with a central infrastructure in the backend. Nothing else happens, when we chat and talk on the phone with our family, our friends or our partner. We talk about the most personal things without always being aware of it.
WhatsApp’s end-to-end encryption system is based on Open Whisper Systems’ open-source Signal protocol. You may know the company as the developers of chat application Signal, a WhatsApp competitor that prides itself on putting security and privacy first. The most important criticism of a central infrastructure like WhatsApp and Signal use them, is the meta data that is generated. The central Signal or Whatsapp server does not see any content, but it does see when I exchange messages with whom and even where the communication partners are at the time based on the IP addresses. They also have your phone number. Because without a phone number, you can't register as a user of these services. What happens to this data and whether the operator has the ability to deny state power and capital access to this valuable information is anyone's guess.
Thanks for all the fish!?
OMEMO is an implementation of the Signal protocol as an XMPP XEP extension. This is end-to-end encryption of chat messages that the XMPP server operator cannot read. OMEMO also supports communication with multiple devices simultaneously. OMEMO stands for M
essage and O
If you go to the project's homepage, you will recognize the fish from this page. The fish is the logo of the OMEMO
project. With OMEMO you no longer trust user identities (its the classical xmpp-address), but device identities (like the phone number equivalent like mentioned above). There is no need of a phone number while using a XMPP-Client on a smartphone.
For the Android smartphone, I always recommend the alternative app store called F-Droid. There is a lot of good software available for free. There's even a flashlight app that doesn't want to access your contacts and location. You can download F-Droid
from thier homepage.
The XMPP client Conversations
is a very good alternative to Whatsapp or Signal, if you want to use XMPP for instant-messaging. The App comes with a full implementation of OMEMO. "Conversations" is also available in the Play Store for a small fee. With the F-Droid-Store you can download it directly.
At the end i have to add, that i use my own XMPP server accessible under the URL jemand.klaut.fish
Registration for other users are blocked, but if you want to use the XMPP-server jemand.klaut.fish, just contact me and I will provide you with an account. To avoid abuse of my service, I had to take this step and restrict registrations.