It's been over a year since my colleagues and I at the Progressive Technology Project abandoned Skype, first for IRC and soon after for XMPP. Thanks to the talented folks maintaining it's been a breeze to get everyone setup with accounts (8 Euros/year is quite worth it) and a group chat going.

However, our group chats have not been using end-to-end encryption... until now. It wasn't exactly painless, so I'm sharing some tips and tricks.

  • Use either Conversations for Android (f-droid or Play) or Gajim for Windows or Linux. At the time of this writing, these are the only two applications I know of that support OMEMO, the XMPP extension that supports end-to-end encryption. Chat Secure for iOS, however, is just a release away. We managed to get things working with most of us using both Gajim and Conversations. It would probably have been much easier and smoother if everyone were only using Conversations because OMEMO is built-in to core, rather than Gajim, where OMEMO support is provided via an extension.
  • If you are using Gajim... After installing the OMEMO plugin in Gajim, fully restart Gajim. Similarly, if you add or remove a contact from your group, it seems you have to fully restart Gajim. Not sure why. If something is not working in Gajim, try restarting it.
  • Ensure that everyone in your group has added everyone else in the group to their roster. This was the single biggest and most confusing part of the process. If you are missing just one contact in your roster, then messages you type into the group chat will not show up without any indication as to what happened or why (on Gajim). Take this step first or prepare for confusing failures. Remember: everyone has to have everyone else in their roster.
  • Create the group in the android Conversations app, not in Gajim. There are strict requirements for how the group needs to be setup (private, members only and non-anonymous). I tried creating the group in Gajim and followed the directions but couldn't get it to work. Creating the group in Conversations worked right away. Remember: don't add members to the group unless everyone has them in their roster!
  • You can give your group a easy to remember name in your Gajim bookmarks, but under the hood, it will be assigned a random name. Conversations will show you the random name via "Conference Details" and Gajim will show it under the tab in the Messages window. When inviting people to the group you may need to select the random name.
  • Trust on First Use. In our experiment, we created a group for four people and we were all on a video and voice chat while we set things up. Three out of the four of us had both Gajim and Conversations in play. That meant 4 different people had to verify between 5 and 6 fingerprints each. We decided to use Trust on First Use rather than go through the process of reading out all the fingerprints (for the record, it still took us an hour and 15 minutes to get it all working). See Daniel Gultsch's interesting article on Trust on First Use.
  • If you get an error "This is not a group chat" it may be because you accidentally added the group as a contact to your roster. Click View -> Offline contacts. And if you see your group listed, delete it and close the tab in your Messages window (if one is open for it). You may also need to restart Gajim. Repeat until it no longer shows up in your roster.

Anyone interested in secure XMPP may also find the Riseup XMPP page useful.

I've been playing around with these same technologies for the last few days, and it is cool to see that others are successfully using them, albeit with some hassle.
Comment by Anonymous Thu 05 Jan 2017 02:47:51 PM EST
Have you heard about
Comment by Anonymous Thu 05 Jan 2017 02:48:20 PM EST
Looks interesting... but I'm not convinced it's worth creating a whole new protocol. A lot of work has been put into XMPP. There are a lot of clients, bots, extensions etc already.
Comment by jamie [] Thu 05 Jan 2017 05:07:43 PM EST
Is there any particular reason to use Gajim, instead of Pidgin?
Comment by Anonymous Fri 06 Jan 2017 09:37:31 PM EST

The main reason to use gajim instead of pidgin is because pidgin does not (yet) support OMEMO:

Comment by jamie [] Mon 09 Jan 2017 11:13:54 AM EST

chat will not show up without any indication as to what happened or why (on Gajim). Take this step first or prepare for confusing failures. Remember: everyone has to have everyone else in their roster.

This is true for conversations as well. Pretty cumbersome to have everyone in your roster, clicked magic buttons to 'verify' their identity and start chasing.

Comment by Anonymous Sat 21 Jan 2017 02:16:19 AM EST