Yes. Unfortunately it seems that Matrix is the winner, but I think Matrix is over-engineered.
XMPP was nice. Especially in the old times when Google Hangouts and Facebook Chat were also XMPP based. Being able to talk to people on another service without needing an account there was a nice thing to have for a few months.
The interop was a nice feature implemented by their engineers, but it violated the lock-in operational principles of the gatekeeper services, so it had to be abandoned. Let's see if the EU Digital Markets Act will bring back XMPP interfaces to the big ones... ;)
My main problem with matrix is that it feels sluggish. I'm told the experience can be improved by running your own homeserver so I'll be trying that sometime this year.
I'm slowly building my own XMPP client, one key thing I'm running into trouble with is there seems to be no standard library for End to End Encryption other than Signal's own, I don't want to have to relicense my entire project for one dependency, I would rather keep my project Apache licensed. The other problem is voice and video options seem to be married to some Java specific library (Jingle) which is fine if you're using Java, but I'm not, seems nobody has implemented a solution to this in other languages that I'm interested in as well.
For the End to End I could try my best to implement it using existing libraries as pieces I can use, but I'm not comfortable doing that.
Funnily enough honeybee is AGPL, but snikket is not, I will take a peek at Snikket, its interesting that it is in fact coded in Haxe. I am always fascinated with the capabilities of Haxe.
Curious how they managed that, if its 'clean room' its fine, if they're looking at the source for Signal, that could be bad. Funnily enough, my client is in Rust.
You might be interested in this article by soatok [0] which discusses OMEMO and XMPP. Soatok has many reservations but I think if you use the most recent OMEMO version I think it should probably be fine.
I’m not 100% sure on this in the case of AGPL, but I think you don’t need to relicense your project if you include AGPL code; you only need to make sure your project respects all the freedoms the AGPL requires it to (in a suitable way).
So your own code would still be under Apache, and people could follow only the Apache conditions if they only use your code. But combined with the APGL part, the project as a whole would of course have to follow the APGL conditions.
> you don’t need to relicense your project if you include AGPL code; you only need to make sure your project respects all the freedoms the AGPL requires it to (in a suitable way).
GPL and AGPL typically imply that your entire project is licensed under those conditions is my understanding. I find it silly to licensed something MIT or BSD but pull in some GPL code, since now the entire thing needs to comply. GPL is about end-user freedom by force against the developer. Don't get me wrong I love the GPL, but if I want to use a specific license I rather stick to that license.
It’s your choice of course, but in the messaging world of gatekeepers and walled gardens, I think AGPL makes the most sense. It’s a key tool we’re going to need if we want to be successful at having a federated network.
I always liked XMPP and SIP as messaging protocols. So easy to read and understand and implement. Both are extensible and can be made secure.
Yes. Unfortunately it seems that Matrix is the winner, but I think Matrix is over-engineered.
XMPP was nice. Especially in the old times when Google Hangouts and Facebook Chat were also XMPP based. Being able to talk to people on another service without needing an account there was a nice thing to have for a few months.
The interop was a nice feature implemented by their engineers, but it violated the lock-in operational principles of the gatekeeper services, so it had to be abandoned. Let's see if the EU Digital Markets Act will bring back XMPP interfaces to the big ones... ;)
So far it looks more like walled gardens are the real winners.
What you maybe see as overengineering, I see as a prerequisite for wider adoption.
These days aren't the old days any more, when you only ever used a native app without e2ee on a computer.
Pardon my pedantry, but Facebook Chat was never XMPP-based. They ran an XMPP gateway into their proprietary messaging system, but there was no S2S.
What are the reasons Matrix is the winner? Are they inherent to the protocol itself or something else?
4 replies →
My main problem with matrix is that it feels sluggish. I'm told the experience can be improved by running your own homeserver so I'll be trying that sometime this year.
5 replies →
Watch the most popular clients[1] gain traction as countries (e.g. UK) pass laws mandating that tech companies backdoor their apps/encryption.
[1] Conversations for Android and Gajim for Debian.
I'm slowly building my own XMPP client, one key thing I'm running into trouble with is there seems to be no standard library for End to End Encryption other than Signal's own, I don't want to have to relicense my entire project for one dependency, I would rather keep my project Apache licensed. The other problem is voice and video options seem to be married to some Java specific library (Jingle) which is fine if you're using Java, but I'm not, seems nobody has implemented a solution to this in other languages that I'm interested in as well.
For the End to End I could try my best to implement it using existing libraries as pieces I can use, but I'm not comfortable doing that.
Maybe someday the Snikket SDK[0] will be ready for use. I suppose you could look at it now anyway. Honeybee[1] is already using it for voice.
[0]: https://github.com/snikket-im/snikket-sdk [1]: https://git.sr.ht/~anjan/honeybee
Funnily enough honeybee is AGPL, but snikket is not, I will take a peek at Snikket, its interesting that it is in fact coded in Haxe. I am always fascinated with the capabilities of Haxe.
2 replies →
https://github.com/matrix-org/vodozemac
seems like to contain a reimplementation of the Signal Protocol in Rust - apache licensed.
Curious how they managed that, if its 'clean room' its fine, if they're looking at the source for Signal, that could be bad. Funnily enough, my client is in Rust.
2 replies →
You might be interested in this article by soatok [0] which discusses OMEMO and XMPP. Soatok has many reservations but I think if you use the most recent OMEMO version I think it should probably be fine.
Also of interest, OpenMLS [1]
[0] https://soatok.blog/2024/08/04/against-xmppomemo/
[1] https://github.com/openmls/openmls
I’m not 100% sure on this in the case of AGPL, but I think you don’t need to relicense your project if you include AGPL code; you only need to make sure your project respects all the freedoms the AGPL requires it to (in a suitable way).
So your own code would still be under Apache, and people could follow only the Apache conditions if they only use your code. But combined with the APGL part, the project as a whole would of course have to follow the APGL conditions.
> you don’t need to relicense your project if you include AGPL code; you only need to make sure your project respects all the freedoms the AGPL requires it to (in a suitable way).
correct
GPL and AGPL typically imply that your entire project is licensed under those conditions is my understanding. I find it silly to licensed something MIT or BSD but pull in some GPL code, since now the entire thing needs to comply. GPL is about end-user freedom by force against the developer. Don't get me wrong I love the GPL, but if I want to use a specific license I rather stick to that license.
It’s your choice of course, but in the messaging world of gatekeepers and walled gardens, I think AGPL makes the most sense. It’s a key tool we’re going to need if we want to be successful at having a federated network.