After my previous glowing review of the 'Conversations' XMPP Client App for Android I thought it would be a good idea to write a couple of follow up posts to talk about some of the technical topics I could only quickly mention in the review. So this first follow up post is about XMPP federation and why that is a good thing.
Let's have a look at the mainstream: Services like WhatsApp and others use a centralized server system. That makes it easy for users to register to the service initially and to find each other later-on. Unfortunately centralization also means that messages can be intercepted and stored in this central place, usage behaviors can be analyzed and unwanted adds and other things can be injected into the message stream. Also, the centralized server is aware of the IP addresses of all clients connected to it so location profiling is also possible.
Conversations on the other hand is an XMPP client. XMPP is a federated system of many independent servers on the Internet that can communicate with each other. Users are registered with individual servers and there is no central instance, which is why it is called a 'federated' system. If a user who has an account on server A wants to send a message to a user with an account on server B, server A and B communicate with each other to exchange the user's message. To make user IDs unique it looks like an email address, i.e. there's a username, an '@' sign and a server name.
In practice there's two ways to use the system. The simpler case is to create an XMPP account, sometimes also called a 'Jabber' account, on one of the community operated and open XMPP servers. And there are quite many of them. Its no problem if one wants to communicate with a user with an account somewhere else as servers communicate with each other. The other way to use the XMPP system is to run an XMPP server at home, e.g. on a Raspberry Pi. That's obviously a bit more work but if one has previously installed other servers at home such as Owncloud it's not too difficult to do. If the server at home should be part of the overall XMPP federation rather than just serving its own users, it has to be reachable via an official domain name. A dynamic DNS address suffices.
Just like email, really, just instant 🙂
Thanks again for bringing me into this interesting topic.
If only there was more people into it… will take some time and effort to convince them.
If you already have a running Raspberry/Odroid whatever Server it is really easy with Prosody to get to a working setup.
The details might need some tweaking and configuration might be a bit tricky here and there, but overall the hurdle to start with XMPP on your own private server is smaller than you might think.
Of course WhatsApp & Co. are overall easier, but initially this aims at a different audience…
we need a 2-3page tutorial… 😉
Would like to know your Opinion about Textsecure or Threema!
Do you avoid them because they are centralized as well or don’t you generally trust them at all?
Hi Reinhard,
both look nice as well and Textsecure is even OpenSource, which for me is essential when it comes to trust. Interesting alternatives but personally, I prefer running my own server at home and the xmpp federation approach of servers talking to each other.
Cheers,
Martin