I always liked XMPP and SIP as messaging protocols. So easy to read and understand and implement. Both are extensible and can be made secure.
Watch the most popular clients[1] gain traction as countries (e.g. UK) pass laws mandating that tech companies backdoor their apps/encryption.
[1] Conversations for Android and Gajim for Debian.
I'm slowly building my own XMPP client, one key thing I'm running into trouble with is there seems to be no standard library for End to End Encryption other than Signal's own, I don't want to have to relicense my entire project for one dependency, I would rather keep my project Apache licensed. The other problem is voice and video options seem to be married to some Java specific library (Jingle) which is fine if you're using Java, but I'm not, seems nobody has implemented a solution to this in other languages that I'm interested in as well.
For the End to End I could try my best to implement it using existing libraries as pieces I can use, but I'm not comfortable doing that.
Maybe someday the Snikket SDK[0] will be ready for use. I suppose you could look at it now anyway. Honeybee[1] is already using it for voice.
[0]: https://github.com/snikket-im/snikket-sdk [1]: https://git.sr.ht/~anjan/honeybee
Funnily enough honeybee is AGPL, but snikket is not, I will take a peek at Snikket, its interesting that it is in fact coded in Haxe. I am always fascinated with the capabilities of Haxe.
Let me know if you have any questions about the SDK (now called https://borogove.dev )
It doesn't have OMEMO in the native builds yet, but that will be happening this year.
We do have voice in the native builds but not video yet.
Honestly getting voice first would be a good stand out feature, even the glorious Pidgin struggles with it.
It’s your choice of course, but in the messaging world of gatekeepers and walled gardens, I think AGPL makes the most sense. It’s a key tool we’re going to need if we want to be successful at having a federated network.
https://github.com/matrix-org/vodozemac
seems like to contain a reimplementation of the Signal Protocol in Rust - apache licensed.
Curious how they managed that, if its 'clean room' its fine, if they're looking at the source for Signal, that could be bad. Funnily enough, my client is in Rust.
it's clean room.
I’m not 100% sure on this in the case of AGPL, but I think you don’t need to relicense your project if you include AGPL code; you only need to make sure your project respects all the freedoms the AGPL requires it to (in a suitable way).
So your own code would still be under Apache, and people could follow only the Apache conditions if they only use your code. But combined with the APGL part, the project as a whole would of course have to follow the APGL conditions.
> you don’t need to relicense your project if you include AGPL code; you only need to make sure your project respects all the freedoms the AGPL requires it to (in a suitable way).
correct
GPL and AGPL typically imply that your entire project is licensed under those conditions is my understanding. I find it silly to licensed something MIT or BSD but pull in some GPL code, since now the entire thing needs to comply. GPL is about end-user freedom by force against the developer. Don't get me wrong I love the GPL, but if I want to use a specific license I rather stick to that license.
You might be interested in this article by soatok [0] which discusses OMEMO and XMPP. Soatok has many reservations but I think if you use the most recent OMEMO version I think it should probably be fine.
Also of interest, OpenMLS [1]
Yes. Unfortunately it seems that Matrix is the winner, but I think Matrix is over-engineered.
XMPP was nice. Especially in the old times when Google Hangouts and Facebook Chat were also XMPP based. Being able to talk to people on another service without needing an account there was a nice thing to have for a few months.
The interop was a nice feature implemented by their engineers, but it violated the lock-in operational principles of the gatekeeper services, so it had to be abandoned. Let's see if the EU Digital Markets Act will bring back XMPP interfaces to the big ones... ;)
So far it looks more like walled gardens are the real winners.
What you maybe see as overengineering, I see as a prerequisite for wider adoption.
These days aren't the old days any more, when you only ever used a native app without e2ee on a computer.
What are the reasons Matrix is the winner? Are they inherent to the protocol itself or something else?
Matrix has a pretty comprehensive featureset with clients across a broad range of platforms.
The accusations of it being overengineered come typically due to the Synapse server implementation being slow. This is basically an artefact of Matrix being quite complicated to provide a byzantine fault tolerant decentralised equivalent to WhatsApp or Slack etc - and time has gone into fixing stability and usability rather than performance. Meanwhile performance is getting better, but progress is slow due to tragedy-of-the-commons related funding challenges. We will get there in the end, though.
Thanks for the response Matthew! But please go to sleep!
Yes it's unfortunate how much Synapse's unperformant implementation has decreased general confidence in the protocol itself. I'm confident it will get better
Just by what people seem to use.
Pardon my pedantry, but Facebook Chat was never XMPP-based. They ran an XMPP gateway into their proprietary messaging system, but there was no S2S.
My main problem with matrix is that it feels sluggish. I'm told the experience can be improved by running your own homeserver so I'll be trying that sometime this year.
LOL if using a chat app requires running a server maybe better just use something that doesn't suck like XMPP?
In my limited experience, running a homeserver sucked. Really hard to do on limited resources. Then again, that was a long time ago so maybe things have improved and perhaps Dendrite has come along. But Synapse sucked to run IME.
Those slides were interesting! And I use Claude similarly... kinda like Rubber Duck debugging except it's like Rubber Human debugging.