Running an XMPP server is dead simple, just install Prosody and make few simple edits to the configuration and you're set. It hardly takes any resources (32 MB resident on my server) so it can happily live on whatever server you're already using. You will want to add some records to your domain to make it all run smoothly but this is well-documented and even works fine on free DNS providers like Namecheap and Cloudflare. Once you've done that you just install Conversations (from F-Droid, of course) and something like Gajim or Dino-im on your laptops and you'll bask in the glory of evading the surveillance dragnet because you're using OMEMO encryption which works end-to-end.
If you happen to have Jitsi Meet installed you'll already have an XMPP server up and running to which you can add some configuration to make it useable for this purpose.
Source: this is what I've been doing for many years
My father is dead so I don't think I can reach him through XMPP - at least not yet. My 85 yo mother is still alive and yes, she is using Conversations on her Samsung A25 which connects to prosody on my server through which she communicates with all of us. I live in Sweden, she lives in the Netherlands, one of my daughters now studies in the Netherlands as well. We have a 'family list' (i.e. a 'multi-user chat' using the muc extension) where we share photos and anecdotes, sometimes we 'talk' one on one. Everything encrypted through OMEMO so Feind hört NICHT mitt.
I have tried Matrix/Element (self-hosted, of course, like everything else I use) and found it lacking compared to XMPP. It just seems to add needless complexity and does not offer anything worthwhile to compensate for it. I tried some Matrix bridges as well but found these lacking for my purposes.
So the answer to your question is 'I ended up with XMPP'.
The first time I did this exercise was in 2018 (when I first set up an XMPP server and Matrix Synapse for Communick) and there simply wasn't any working iOS app. Monal was the only app I found and managed to install for him. It did chat only and would crash. I do not recall to get e2ee working and the fact that it is optional made things confusing even for me - e.g, I wasn't able to switch between a desktop client and Conversations easily.
Element (then called riot.im) managed to do text, audio and video calls. The app had some bugs, but nothing that would block me from calling each other. The UX can still be confusing and I have occasional conversations where my father complains he can not hear me, most of them caused by my father not knowing that kept the video call but switched to the internal phone speaker instead of the external one.
I heard about Siskin some months ago. Honestly, I haven't tried it yet. It might be that is fully functional, but the UI is so bare that there is no way that I'll be able to convince my father to switch to it. He still complains that he'd rather use WhatsApp like everyone else, so whatever XMPP brings now will be a case of "too little, too late".
The problem here is not XMPP or Conversations but the closed nature of iOS which keeps apps like Conversations from being ported there. Apple does not like competition to iMessage or to its app store revenues so it fights tooth and nail to keep its precious as is now clearly on view in Europe with their ridiculous 'core technology fees' and other shenanigans.
Maybe you can give your father a non-iOS phone if that is what is keeping your experiment from succeeding? We're all on Android here, anything from stock Samsung like my mother uses to self-built LineageOS like I use and we have no problems like you describe. I video-chat daily with my mother without problems, we're using Jitsi Meet (hosted on the same server) for larger video meetings, we've used Nextcloud Talk (also hosted on that server-under-the-stairs) as well but now mostly use Conversations. Telegram also works well for video chat but that is neither self-hosted nor end-to-end encrypted so it is not a real comparison to Matrix or XMPP with OMEMO.
> Maybe you can give your father a non-iOS phone if that is what is keeping your experiment from succeeding?
That's a non-starter. He already had Android phones before, never liked them. O have to pick my battles, and getting him to call me Matrix instead of WhatsApp was already enough to call it success.
Besides, my point was less about the specific individual but the systemic issue. iOS is too large of a market segment to ignore, and I can not go around telling everyone "hey, why don't you just drop your shit Apple device and switch to something more open?"
Having set up and administrated both an XMPP and a Matrix server, XMPP is way less a pain in the ass. I've enjoyed dealing with prosody much more than either synapse or dendrite. XMPP doesn't tank my server every time I try to join a new room and it doesn't take forever to start talking in a room after you join it. And provided you're running the server, getting people onto XMPP has not been hard in my experience. I made a basic registration page with simple instructions. I have gotten people with low technical know-how to successfully register accounts and use it without issue. They just create an account, enter their username into a client I recommend, and they're ready to go (I've never even had them complain about OMEMO).
If you go through your contact list right now, how many people are on iOS, and how many of them do you think you could successfully convince to use XMPP as the primary method to reach you?
I don't know iOS users, except one, who already used XMPP. Most people I talk to on a regular basis already use it. The ones that don't either don't bother with apps at all (my grandparents), or are not close enough / frequent enough contacts to bother with anything beyond SMS.
Oh sure, but it's still a counterexample to your statement. I can convince people to use XMPP, and almost nobody is using Matrix if you don't do the convincing.
The big usability issue with Signal is that it has a dark pattern that leads to most users using it without verifying that they are actually talking to who they think they are talking to. If you do verify a particular contact's identity it involves comparing a 60 digit decimal number. The 7 emojis seen in the linked article are arguably better but a short decimal number would have been good too and would have eliminated the issue that the emojis don't look the same.
Neither seems to provide any sort of conceptual framework to allow the user to react in a reasonable way when something goes wrong with the identity stuff...
OMEMO running over XMPP is pretty terrible for identity stuff, at least for the clients I have encountered.
I am not sure how you would get the 60 digits from the other person in your clipboard.
My point is that users should have the chance to know what they are doing. There seems to be a tendency to deliberately keep them in the dark. A 4 digit code is objectively more usable than a 60 digit code.
If verifying these digits make any sense, that means you already have a trusted channel you rely on to communicate these digits. You would use that trusted channel to transfer these digits. How do you want to communicate them?
> A 4 digit code is objectively more usable than a 60 digit code.
It's more usable, but that would assume synchronicity (like a TOTP) or something else to be secure, while the 60 digits do not AFAICT. So there's a usability tradeoff. You can't truncate a hash function and assume it's just as safe. They could add more options on top of the current one though.
Overall I think the intersection of pairs of users who:
* want to verify their safety numbers
* have very infrequent physical contacts
* would struggle to use another trusted channel to communicate their safety numbers
is small enough for this not to be a priority for Signal.
Typically people would compare identity numbers over a voice channel. A sort of biometrics. It's been suggested that Signal add a voice channel feature for that purpose[1].
If a system is using a 4 digit number for identity verification, chances are it is something like a PAKE[2]. See OTR's (Off The Record) simplified Socialist Millionaire's Protocol for a practical example that allows the use of any string based on shared knowledge.
I find that XMPP interoperability (terrible as it is) is still just miles ahead of Matrix. For all intents and purposes Element controls the protocol and despite that I almost constantly find friction communicating the client for Android and the desktop Electron-based client. With 3rd party clients it is a nightmare.
When https://siskin.im/ is seriously touted as the best iOS client for XMPP, you already lost 50% of the market share in the US. And if you don't have any usable app for 50% of your users in one of the most important markets, you can not really claim "interoperability", can you?
Don't get me wrong, it would be great if more people were using XMPP. Now that I am more involved in the Fediverse space I'm learning how many wheels are being reinvented and XMPP has already solved. If more people learned about https://movim.eu I'd be able to shut off Communick and move on to do something else to do with my life, but the reality is that XMPP failed to achieve critical mass because it never had someone to complete control the protocol.
No, I don't have any problem about claiming interoperability in this context as it is completely orthogonal. You could also claim that not having animated gifs also makes it unusable for 99% of the population (an statement I might even agree with) and it would be irrelevant to interoperability.
iOS simply sucks here and lowering down your pants to marry yourself to the whims of these insane "platforms" if anything most likely reduces your interoperability.
You should be realistic and consider that there is no point to any "E2EE" messaging solution on iOS as _by construction_ all the metadata (at the very least) is going to be leaked to Apple (and they in turn will leak that to the authorities, as was pointed in HN quite recently), precisely by the push notifications crap you'd be forced to adopt as part of the pants lowering requiered to support iOS.
> iOS simply sucks here and lowering down your pants to marry yourself to the whims of these insane "platforms"
We can be here grandstanding and dismissing other people's choices or we can be pragmatic and find ways to grow the alternative networks to the point where the "mainstream" can no longer ignore it.
If you want to continue using XMPP, great. But those that are on Apple are not going to drop their beloved iDevices just because we are telling them how cool XMPP is. Your inflexibility will do nothing but keep you isolated and able to talk with a handful of other people that are stubborn as you. However, if you let yourself accept that encouraging other people to adopt Matrix will at the same time (a) bring progress to those on iOS and (b) increase the utility of your own XMPP server, as now there will be more people being able to reach you through a bridge.
> We can be here grandstanding and dismissing other people's choices or we can be pragmatic and find ways to grow the alternative networks to the point where the "mainstream" can no longer ignore it.
I have been trying the pragmatic way for over 30 years and it. simply. doesn't. work. The mainstream will drop privacy, federation, and anything in a heartbeat just because the new network comes with a client which can do animated GIFs. There's simply no way to continuously try to match the race of ever-diminishing-usefulness features and if you even try to point that then someone calls you "dismissive and grandstanding".
The only (possible) way forward is legislation. Carrots do not work.
> The mainstream will drop privacy, federation, and anything in a heartbeat just because the new network comes with a client which can do animated GIFs.
ICQ had animated gifs. MSN had animated gifs. Viber has animated gifs. Telegram has animated gifs.
Why shouldn't people expect animated gifs from any decent messenger? Who are we to police what people should prefer for such a crucial piece of technology?
At best it can be described as a "hacker's idea of a functional mobile app". The UI is crude, antiquated and not at all following the Apple guidelines.
I'm not saying that I can do better, but I can bet that if you show it to 100 iphone users, 98% would not be interested in having it as their main messenger app.
- Install Conversations on Android
- In a prompt, there's a "create an account", I create one (it's with conversations.im)
- I have an account
- At this point there's a slight confusion between "what discussions are happening" and "what discussions do you know about", but I manage to find a room to a discussion I'm interested in
- Get in, see the messages
My goal is "let's have a communication protocol that is secure, enables applications with modern features on all major platforms and is not controlled by any single entity".
If not for the last point, I'd be using WhatsApp just fine. But because of it, Matrix/Element is currently the best we have. Is it great? Absolutely not, but it is the best we have at the moment, and to call it a "trashfire" without putting things in perspective is a disservice.
Interestingly Delta Chat kind of fits the bill thanks to their investigation of webxdc, i.e. mini apps that run entirely within the chat and never connect to the outside world, only with peers in the chat: https://webxdc.org/
I can't say if this is the future, but I like it taking another direction. Taking a few steps back, this model solves a lot of problems with a very easy UX for beginners: shared calendar, shared expenses, shared notes can all happen inside your chat, which is naturally the place where you already share stuff with people, but now it can be more without any server installation or anything.
