diff --git a/doc/EN/app_xmpp.org b/doc/EN/app_xmpp.org index 6c1d04fb..098133a0 100644 --- a/doc/EN/app_xmpp.org +++ b/doc/EN/app_xmpp.org @@ -22,6 +22,8 @@ With regard to chat apps you might have read a lot of stuff about /end-to-end se A well written article on the state of XMPP and how it compares to other chat protocols [[https://gultsch.de/xmpp_2016.html][can be found here]]. +* Using with Profanity +You can install the [[./app_profanity.html][profanity app]] via *Add/remove apps* on the *Administrator control panel*. Logging in and then selecting *Run App* and *profanity* will start it. * Using with Gajim In mid 2016 [[https://gajim.org/][Gajim]] became the first desktop XMPP client to support the [[https://en.wikipedia.org/wiki/OMEMO][OMEMO end-to-end security standard]], which is superior to the more traditional [[https://en.wikipedia.org/wiki/Off-the-Record_Messaging][OTR]] since it also includes multi-user chat and the ratcheting mechanism pioneered by Open Whisper Systems. To install it: @@ -52,59 +54,6 @@ If you wish to make backups of the OMEMO keys then they can be found within: If you wish to use OpenPGP to encrypt your messages then go to *Edit/Accounts*, select your account and then the *Personal Information* tab. You can then choose your GPG key. When initiating a chat you can select the *Advanced* button and then select *Toggle OpenPGP Encryption*. OpenPGP is not as secure as OMEMO, but does allow you to use XMPP in a similar style to email in that the recipient of the message does not necessarily need to be online at the same time that you send it. -* Using with Profanity -The [[https://profanity.im][Profanity]] shell based user interface and is perhaps the simplest way to use XMPP from a laptop. It's also a good way to ensure that your OTR keys are the same even when logging in from different laptops or devices, and it also means that if those devices later become compomised then there are no locally stored OTR keys to be found. - -#+BEGIN_SRC bash -ssh username@domain -p 2222 -#+END_SRC - -Then select XMPP. Generate an [[https://en.wikipedia.org/wiki/Off-the-Record_Messaging][OTR]] key with: - -#+BEGIN_SRC bash -/otr gen -#+END_SRC - -Then to start a conversation using OTR: - -#+BEGIN_SRC bash -/otr start otherusername@otheruserdomain -#+END_SRC - -or if you're already in an insecure chat with someone just use: - -#+BEGIN_SRC bash -/otr start -#+END_SRC - -Set a security question and answer: - -#+BEGIN_SRC bash -/otr question "What is the name of your best friends rabbit?" fiffi -#+END_SRC - -On the other side the user can enter: - -#+BEGIN_SRC bash -/otr answer fiffi -#+END_SRC - -For the most paranoid you can also obtain your fingerprint: - -#+BEGIN_SRC bash -/otr myfp -#+END_SRC - -and quote that. If they quote theirs back you can check it with: - -#+BEGIN_SRC bash -/otr theirfp -#+END_SRC - -If the fingerprints match then you can be pretty confident that unless you have been socially engineered via the question and answer you probably are talking to who you think you are, and that it will be difficult for mass surveillance systems to know the content of the conversation. For more details see [[https://www.profanity.im/otr.html][this guide]] - - When accessed via the user control panel the client is automatically routed through Tor and so if you are also using OTR then this provides protection for both message content and metadata. - * Using with Jitsi Jitsi can be downloaded from https://jitsi.org diff --git a/website/EN/app_xmpp.html b/website/EN/app_xmpp.html index 04ad2961..5a0fac79 100644 --- a/website/EN/app_xmpp.html +++ b/website/EN/app_xmpp.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -71,6 +71,7 @@ pre.src-fortran:before { content: 'Fortran'; } pre.src-gnuplot:before { content: 'gnuplot'; } pre.src-haskell:before { content: 'Haskell'; } + pre.src-hledger:before { content: 'hledger'; } pre.src-java:before { content: 'Java'; } pre.src-js:before { content: 'Javascript'; } pre.src-latex:before { content: 'LaTeX'; } @@ -188,7 +189,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2013 Free Software Foundation, Inc. +Copyright (C) 2012-2017 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -259,15 +260,23 @@ With regard to chat apps you might have read a lot of stuff about end-to-end A well written article on the state of XMPP and how it compares to other chat protocols can be found here.

-
-

Using with Gajim

-
+
+

Using with Profanity

+
+

+You can install the profanity app via Add/remove apps on the Administrator control panel. Logging in and then selecting Run App and profanity will start it. +

+
+
+
+

Using with Gajim

+

In mid 2016 Gajim became the first desktop XMPP client to support the OMEMO end-to-end security standard, which is superior to the more traditional OTR since it also includes multi-user chat and the ratcheting mechanism pioneered by Open Whisper Systems. To install it:

-
su -c 'echo "deb ftp://ftp.gajim.org/debian unstable main" > /etc/apt/sources.list.d/gajim.list'
+
su -c 'echo "deb ftp://ftp.gajim.org/debian unstable main" > /etc/apt/sources.list.d/gajim.list'
 sudo apt-get update
 sudo apt-get -y install gajim-dev-keyring
 sudo apt-get -y install git tor python-dev python-pip gajim-nightly
@@ -275,7 +284,7 @@ mkdir ~/.local/share/gajim/plugins -p
 cd ~/.local/share/gajim/plugins
 git clone https://github.com/omemo/gajim-omemo
 sudo pip install protobuf==2.6.1, python-axolotl==0.1.35
-

+

@@ -299,8 +308,8 @@ If you wish to make backups of the OMEMO keys then they can be found within:

-
~/.local/share/gajim
-
+
~/.local/share/gajim
+

@@ -309,94 +318,9 @@ If you wish to use OpenPGP to encrypt your messages then go to Edit/Accounts<

-
-

Using with Profanity

-
-

-The Profanity shell based user interface and is perhaps the simplest way to use XMPP from a laptop. It's also a good way to ensure that your OTR keys are the same even when logging in from different laptops or devices, and it also means that if those devices later become compomised then there are no locally stored OTR keys to be found. -

- -
-
ssh username@domain -p 2222
-
-
- -

-Then select XMPP. Generate an OTR key with: -

- -
-
/otr gen
-
-
- -

-Then to start a conversation using OTR: -

- -
-
/otr start otherusername@otheruserdomain
-
-
- -

-or if you're already in an insecure chat with someone just use: -

- -
-
/otr start
-
-
- -

-Set a security question and answer: -

- -
-
/otr question "What is the name of your best friends rabbit?" fiffi
-
-
- -

-On the other side the user can enter: -

- -
-
/otr answer fiffi
-
-
- -

-For the most paranoid you can also obtain your fingerprint: -

- -
-
/otr myfp
-
-
- -

-and quote that. If they quote theirs back you can check it with: -

- -
-
/otr theirfp
-
-
- -

-If the fingerprints match then you can be pretty confident that unless you have been socially engineered via the question and answer you probably are talking to who you think you are, and that it will be difficult for mass surveillance systems to know the content of the conversation. For more details see this guide -

- -

-When accessed via the user control panel the client is automatically routed through Tor and so if you are also using OTR then this provides protection for both message content and metadata. -

-
-
- -