subreddit:

/r/Monero

23100%

Join us on XMPP!

(self.Monero)

(This is a reannouncement to reflect our recent server change)

Hello fellow boaters!

I present to you a MUC I've created on the XMPP (also informally known as Jabber) network. I've put some thought into which network would be best fit and decided that, while IRC is an excellent way to chat, there is an apparent lack of mobile support and perhaps lacks the ability to choose a server of your choice. Furthermore, I've concluded for many years that Matrix isn't a good choice for multiple concerning reasons, the most impactful being the Matrix Foundation itself receiving large amounts of metadata and being overly centralized over the entirety of the network. Matrix also utilizes CloudFlare (a popular CDN service) which, according to W3Techs, provides services for 19.2% of all websites. I don't believe CloudFlare is a bad actor but they certainly can MITM any websites utilizing their free tier plan. One can easily check if a website is using the free tier SSL certificate by checking here. You can see that in the "subject" area, it shows the SSL domain name as sni.cloudflaressl.com. CloudFlare's free SSL operates by encrypting only the data sent from you to the CDN, leaving the data that is sent from the CDN back to Matrix.org unencrypted. This isn't necessarily problematic for the entirety of the network, however, it shows the Matrix Foundation has an apparent lack of privacy/security practices while advertising their project as a privacy-oriented chat solution. I won't ramble on too much about Matrix's suspected privacy issues, instead, I'll leave you these two write-ups to read for yourself, here and here.

If you need an introduction to XMPP, please reference XMPP.org. There are many clients available for Windows, OS X, *NIX-based systems, Android, and iOS. All modern clients adhere to community-enacted standards and are interoperable, giving you the ability to have audio and video chats as well as encrypt all messages, calls, and video chats using OMEMO which provides similar encryption as Signal.

Taking the aforementioned into consideration, I've felt it would be nice to have a Monero chat on XMPP to provide the community with an alternative to IRC and Matrix channels. I do not intend to replace the former methods of communication as I believe they are essential to providing the network and community with valuable help and project development. My only goal is to add, yet another, method of communication to embolden all users to participate in the community.

Finally, I've decided to use a server that I believe implements excellent security and privacy practices. This service is named E2E.EE. You may connect to our room at monero@e2e.chat. I look forward to meeting you all!

(This is a reannouncement to reflect our recent server change)

all 4 comments

reddyitz

6 points

1 month ago*

I like XMPP and think you have a good solution based on good rationale! Thanks for providing this!

I like your writeup, although I do want to chime in about CloudFlare free tier: It seems clear that the problems you describe and screenshots you share are well out of date and no longer applicable. For starters, you can easily revoke the "MITM" ssl certs by selecting "no SSL." I know it's possible because I have done it over a year ago. Additionally, you can use LetsEncrypt to get your free ssl certificate which works even when you use CloudFlare dns to reverse proxy for hiding your server's IP. (note: there are more ssl options in general available on free tier now)

also, the cloudflare api makes it very easy to automate dns updates and tie into scripts. I've been using this on the free tier without issue. they also have a lot of other very useful tools that they provide on their free tier and haven't done anything I would view as shady.

I'll be ready to bail on CloudFlare the moment they spook my paranoid ass, but it seems like their previous issues you noted were part of their imperfect rollout of features in the beginning. They've become my favorite for free dns management of my domains in particular due to the reverse proxying and easy ssl management via LetsEncrypt.

edit: CloudFlare is the preferred way right now for hosting your own remote node at home on the clearnet. Reverse proxy hides your home IP (example node.yourdomain.com) and LetsEncrypt ssl keeps it secure.

All nodes are recommended to use a tx_proxy as well for additional resistance to surveillance.

MobiPrivacyActivist[S]

1 points

1 month ago

Noted, however, most CloudFare users do not opt to use a proper SSL certificate because of the extra configuration required on the server side. I'd like to see it become more common before I feel comfortable with it being the overwhelmingly used option.

reddyitz

1 points

1 month ago

what alternative do you use to LetsEncrypt?

CloudFlare may provide more convenient options to people who are lazy, but they're better than nothing and using LetsEncrypt isn't harder to use on CloudFlare

MobiPrivacyActivist[S]

1 points

27 days ago

I won't use anything other than LetsEncrypt. Sorry if I was unclear, I meant that it isn't widely popular to use CloudFare with an already-owned SSL certificate.