52
submitted 2 years ago* (last edited 2 years ago) by VitabytesDev@feddit.nl to c/selfhosted@lemmy.world

After the arrest of Pavel Durov, I wanted to move from Telegram to something end-to-end encrypted. I know Signal is pretty good, but I think it is better to have our messages in my own server.

I have already looked in XMPP, but it required SSL certs and I did not have the mood to configure them.

Do you know any other selfhosted messaging service for a group of 4-5 friends, or an easy way to configure an XMPP server? Or shall I use Signal after all (I don't really care that much about being selfhosted, I just thought it would be more privacy friendly)?

UPDATE: I managed to set up an XMPP server using prosody with the SSL certs. We have been testing it with my friend and it seems to go well.

you are viewing a single comment's thread
view the rest of the comments
[-] tal@lemmy.today 1 points 2 years ago* (last edited 2 years ago)

I have already looked in XMPP, but it required SSL certs and I did not have the mood to configure them.

There are definitely XMPP clients that do end-to-end encryption that do not rely on TLS for key exchange, though.

https://en.wikipedia.org/wiki/Off_the_record_messaging

Off-the-record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.

The primary motivation behind the protocol was providing deniable authentication for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of the participants. The initial introductory paper was named "Off-the-Record Communication, or, Why Not To Use PGP".[1]

I've used Pidgin with the libOTR plugin that implements that protocol.

[-] czan@aussie.zone 7 points 2 years ago* (last edited 2 years ago)

These days I think OMEMO is a better choice than OTR, if your client supports it.

[-] tal@lemmy.today 1 points 2 years ago
this post was submitted on 19 Sep 2024
52 points (89.4% liked)

Selfhosted

60693 readers
334 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS