xabber-android
xabber-android copied to clipboard
redsolution
Add support for OMEMO Encyrption
The offspring of this years GSOC XSF projects is OMEMO. An axolotl and PEP based open standard for end-to-end encryption. Would be great to see support for it in Xabber.
XEP: XEP-0384: OMEMO Related Smack issue: SMACK-743 ProtoXEP: http://conversations.im/xeps/multi-end.html More info: http://conversations.im/omemo/
Finally, security has arrived in IM without compromise. Please add this protocol! I will switch back from Conversations when it comes.
I'm working on an OMEMO Smack module as part of my bachelors thesis, so Xabber might use this in the future.
I'm considering to implement OMEMO in Xabber using smack-omemo and smack-omemo-signal. How can I get further in touch with you?
We have some other more immediate plans. We have 100% confirmation that at least 80-90% of Russian Xabber users use it for buying drugs. And since our crowdfunding campaign goes rather slow,we... Let's say, not too interested into stretching ourselves and give one more encryption method for this cathegory of users. In fact, we are considering removing Xabber from Russian play store at all,we have some very unwanted attention from authorities because of OTR, but to add yet more to it... No. Definitely not now.
If patreon campaign will reach certain milestones,maybe.
Can you explain how unwanted attention by authorities is affected by crowdfunding efforts?
Not good. Time to setup a warrant canary, is not it? Also with this background the crowdfunding campaign will certainly not go faster… if we have to fear interference of some authorities.
Also, you hopefully know that this argumentation is definitively crap. And unless you track your users (which I don't think so) you cannot know what your users are doing with your messenger. So where did you got this number?
@Buntbart that's easy. On one hand we have some difficulties with authorities who vaguely threat they can destroy my business in an instant (it's very easy in russia. police just storms the office, takes away all computers, returns it after 3 years, if ever, end of story). On the other we have an audience of users who constantly moan of a feature I don't personally need at all, and pay me nothing. If we put these two together, a clear solution is to screw Russian audience, I don't really care what client they will use.
@rugk this argumentation is based on facts. Over the years we have seen just so many help requests on our email support in so many languages, requests in Russian stands out in it by some very unusual metrics rarely present in other groups - phony names and inadequate requests, users clearly have no idea how XMPP works. Plus we've recently launched our own XMPP service that requires users to provide name and surname. And guess what, out of several thousands registrations Russian locale names and surnames once again look very... different from Germans.
So, since I have zero sympathy for junkies, and Russian audience is proving to be worthless to me, while giving me some headache. So, I think we'll be removing Xabber from Russian Google Play.
And once again on OMEMO: so far I'm the only one who paid for development of Xabber, I had some spare money to create an app that I like. I like current Xabber, and I have some plans to redesign it to make it even better looking. I have some plans to create several protocols to make XMPP work much better on mobile devices. I have some plans to bring Xabber for Web to many desktop platforms with Electron framework. I have some plans for all these versions of Xabber to work seamlessly with one another, so you can pick up your conversation on phone after chatting on desktop. That what I want and what I'm paying developers for.
What I don't want is OMEMO, it's worthless to me. And since I'm a bit out of spare money, I have to make Xabber a viable source of income, I have some Ideas how to do that, and OMEMO does not play into any of these ideas. If some of you want this feature badly, pay me a for development of it (we charge $3500 per developer man/month). If you are not willing - well, sorry, we serve only customers, not freeriders.
I actually don't understand this desire for encryption. Some ejabberd developer recently said in email group that XMPP community is affected by severe crypto-cancer, and I fully agree with him. For most uses, OTR or OMEMO just gives user an illusion of safety, not really meaningful increase in it. If you want your messages to be safe, you can just run your own server, that's easy and rather cheap. Just be wary of certificate errors.
TL,DR: OMEMO is for junkies and crypto-nerds who pay us nothing, get lost, or pay.
It's sad to hear that you have problems with the authorities. Don't let them oppress you if you didn't do anything wrong. On the other hand there are normal people - who don't use this to deal drugs - who just want their privacy to be protected and also have some convenience. That what's OMEMO is all about.
@imp1sh convenience... For me, convenience is using multiple devices, syncing history between them, making in searchable, etc. You can have all of that by running own server, that's not too hard or costly. And with OMEMO, once chat is encrypted, you cant' search it, you can't really sync it, etc. - and if you somehow can, then it means that you have an illusion of safety, not better safety.
My endgoal for Xabber, is to make XMPP messaging as ubiquitous for instant messaging as email. But to fight Telegram or Whatsapp we need to bring a knife to a knife fight, and OMEMO is hardly that knife. I don't really mind it's addition to Xabber, but, well, someone better pay for it. Btw, OTR was added on precisely same terms - some guy from Moscow volunteered and paid for our initial expenses developing OTR encryption back in 2013 (or 2012? don't remember... )
I prefer to receive payments with bitcoin. Oh, if you ask me, integration to send bitcoin is more essential for Xabber than OMEMO.
And with OMEMO, once chat is encrypted, you cant' search it, you can't really sync it,
How do you come to this conclusion? With OMEMO and Message Carbons (XEP-0280) I can have encrypted chats synced to all my devices, i can switch seamlessly between the clients during a chat and on all devices I can search the chat history just fine.
@schiessle login from new device and try searching your history like you do on telegram. Client-side search is fail. Anyway, I don't mind you doing a PR with this functionality, we'll test it and accept it in project if it's done well. I don't get it why you all want me to work for free so you can have convenient OMEMO in your device. I don't need or want OMEMO, so I have very little incentive to pay for development of OMEMO. Isn't it fair to be paid by those who actually want it? Anyway you all have free alternatives.
Also, message carbons is NOT sufficient to fully sync messages. You at least need to use an archive on server to catch up with those messages sent while you were offline (offline messages will not do if you had 2 devices offline- only one of them will receive offline messages, other will have nothing without archive).
I don't get it why you all want me to work for free so you can have convenient OMEMO in your device. I don't need or want OMEMO, so I have very little incentive to pay for development of OMEMO. Isn't it fair to be paid by those who actually want it?
Nothing wrong with that. And I don't want to force your to do anything. Just want to challenge your assumption about OMEMO encryption.
@schiessle my assumption is that heavy lifting should be done by server (client-centristic mentality has already cost XMPP it's potential place as a mainstream messaging protocol). If server does not know contents of messages, it can't search it.
Also, if you store ALL you history on device, instead of small portion of recent messages, well, if your device gets seized, guess what happens? all your history belongs to them, so much for 'security'. Better way would be having a trusted server and having just an immediate portion of your history on device, while accessing more distant history with PIN checked by server. But with this crypto-cancer in community it'll hardly happen anytime soon.
(I'd order implementation of server-side search in Xabber in no time, if I had any server available that would support such feature)
Please keep to the facts:
- Your link about "crypto cancer" is about server-to-server SSL connections as far as I see. Also what drives users away according to the comment is spam. (That was taken out of context. Read: "Spam is a bigger problem that missing s2s encryption." Actually as far as I understand the user replying meant: In the XMPP community there is crypto cancer, because many people still do not want to use s2s encryption.) So if you quote stuff, please make sure it fits into what you actually want to prove and don't twist the facts. As far as it goes the topic was not about e2e crypto at all.
- I feel like you have no (correct) information about OMEMO/how OMEMO works. In short: OMEMO is far better than OTR. See this page.. TL;DR: In contrast to OTR it actually allows you to use multiple devices, search your messages, send messages when the other is not online, etc.
- The thread model you describe in the last comment is solved very simple: Encrypt your messages locally (i.e. full disk encryption). When the messages are stored on the server and someone gets your device, they can also just instantly download all the old messages. Saving (unencrypted) messages on servers only saves space on the client and makes it easier for authorities to scan messages when they seize a server. (Because if you run your own server, they could also seize your server instead of your local device.) TL;DR: Only encryption helps. (whether it is FDE on the local device, or server or something like OMEMO)
What I agree with is that people can of course support you, if they want to have a good coverage of OMEMO clients and want this feature. Especially as it is not easy to implement. (You certainly need to find a library for it, as otherwise you can do too much wrong in the crypto.)
▶️ So anyone who wants this feature, here is a BugBounty: Xabber – Add support for OMEMO Encyrption Support it or use another client software, which already has OMEMO support. That are your choices.
@rugk facts are:
- crypto-cancer has taken over all XMPP community, especially users who do not program anything themselves, they just want it for no real reason but their paranoia. It's not only about s2s connections, it's about 'let's encrypt everything'. That link is just one example of this. This thread is another. Dozens of frequent requests 'do us OMEMO' in our email is another. We'd do OMEMO if these requests were based on something more than endless moaning
- client-side search is fail, I tell you once again.
- you do not read what I say above. Search for word PIN and read once more. Yes, server should be updated for such security model. But securing data on device is infinitely harder and less reliable than on server
OTR or OMEMO solves only one security problem - if you don't trust your chat provider, because the only real advantage it gives you over unencrypted messaging is that XMPP.org admin can read your messages. If you have your own server, this risk goes away. Yes, it requires some efforts to maintain server, but you want security or illusion of security? Unlocking your device without your consent is much easier than unlocking server.
What is particularly hilarious with this XMPP crypto-cancer is that all these folks who email me about how essential is encryption for messaging usually email me via gmail.com
TL;DR: please, stop trying to convince us to implement OMEMO. We know what it is. We don't want it for now, because we have limited resources that we prefer to put on things we believe more important for Xabber. If you want us to divert resources in direction you want, we have commercial rates for such work. Thank you for your attention and interest in our project.
OTR or OMEMO solves only one security problem - if you don't trust your chat provider, because the only real advantage it gives you over unencrypted messaging is that XMPP.org admin can read your messages. If you have your own server, this risk goes away.
FWIW, not really unless you you chat only with people who have a account on the same server. Otherwise you don't know at which servers your messages end up. Also thhe argument "if someone hacks your device, he has complete access to the chat history" is also true for the server aka "if someone hacks your server (or one of your chat partners), he has complete access to the chat history"
@schiessle prime audience for the use of end to end encryption (drug addicts) are far more likely to have their device seized than their server.
Thank you for the clear words. Then I know now that I don't have to wait for Xabber with OMEMO anymore and stay with Conversations, although I don't want to buy drugs at all. Consistently, you might want to take OTR out so that Xabber becomes useless for junkies and the authorities leave you alone. OTR is certainly also one of the functions for junkies that you don't need personally. After that, you could take care of a nice surface in peace.
@Buntbart you know, every single junkie user I talked to said exactly the same. :-D
We certainly won't remove OTR functionality from Xabber - most likely we'll simply pull down Xabber with OTR from Russian Google Play store. Our authorities are luckily not too interested in foreign drug dealers and addicts. Then we'll possibly provide a "Xabber for Business" version without encryption for our normal Russian users (all seventeen of them)
And I'm not saying we won't ever support OMEMO - it's just not our first, second or third priority. Have you seen Xabber for Web? Creating a multi-platform chat app that works extremely well for federated chat, everywhere - that's what we are truly aimed at.
The way you talk about your users makes me feel really sorry for you :(
It feels like Xabber is really not the app I'd recommend to privacy aware users anymore. Neither because its encryption, nor the will of the devs to protect their users.
I respect that decision though and will stop bothering you anymore :)
From xabber.com:
Xabber is secure. You may choose to encrypt your conversations. Say ‘no’ to David Cameron and his NSA/FBI/CIA/FSB friends!
You should probably change that to reflect you actual "priorities".
@vanitasvitae the only privacy-aware users we've encountered so far are junkies, drug dealers and encryption nerds like folks in this thread. Nerds comprise maybe 1 or 2% of users who are interested in data protection. Any yes, I think you would talk even worse of our users if you did get to read contents of our inbox on support email.
And I'm actually offended by your insinuations about our 'will of the devs to protect their users'. Luckily for us, we DON'T have any user data, and we clearly won't submit to installing backdoors or stuff to our app. However you CLEARLY don't understand dangers of such stance in Russia.
Linkedin is already blocked in Russia because it refused authorities access to user's data. Facebook will be blocked too if it won't submit. Viber has submitted too, so... it's either you are working in Russia and providing info or being blocked. Company like mine can be instantly seized by armed police, computers taken away, property sealed, company instantly bankrupted, I get jailed. Courts and laws don't really function in Russia, I might very well be sentenced for 'organizing a darknet criminal network to sell drugs and weapons', all because some crypto-nerds want OMEMO.
So we simply plan to put our users (even junkies, yes) out of danger to their data being compromised by pulling our app from our country play store.
(and to think I've personally spent more than $150k to listen to this.... how cool is that?)
@andrewnenakhov I pity your situation. Maybe just close the ticket and let it rest. The issuer doesn't seem to be interested in this any more. Other security aware users will probably choose different software.
@andrewnenakhov Sorry, I did not intend to offend you. I can imagine that your situation in russia is not the best. I just dislike the way you talk about your users and the fact, that you throw all people interested in crypto into one category labelled "drug addicts". This is exactly that kind of rhetoric, which might one day outlaw cryptography completely ("who has nothing to hide...").
Anyways I wish you the best for your future and the future of the project :)
@imp1sh no, this ticket might as well remain. Just not top priority for us. We'll probably do it eventually, maybe even this year. Current priority - redesign (Xabber is going to look GREAT), proper push notifications support since ejabbed now supports it, THEN I'll possibly ask our devs to do OMEMO if I won't have more immediate ideas.
@vanitasvitae you too wouldn't like our users if you talked to them. Luckily for us, so far Xabber is popular only within Russian criminal underground, if we measure by inadequate help requests that are 85% in Russian (if you read them often, you can see person interested in drugs at a glance). If you read carefully, I was always referring to our Russian audience, not all encryption users. Well, some folks here who constantly push us to 'do us OMEMO now' irritate me a bit, but that's ok.
So the rest of the world will be as fine as it was before, no changes will be made. I'd consider moving Xabber to another jurisdiction, but that's a matter of money. Maybe even transferring rights to FSF, though I don't know if they are interested in this.