Earlier this morning, I discovered http://me.jappix.com. It utilizes a Jappix instance to provide a public-facing profile for those using the federated system, and acts as a way for people to discover other users. Jappix itself can also be used as a social network, with status updates and commenting systems. All it requires is a proper XMPP account or server to act through.Now, XMPP is something which I have taken a deep interest in for quite a time. It uses web standards—especially XML—to send messages from one client to another, or even between multiple servers. Unlike AOL Instant Messenger, Yahoo! Messenger, or even Skype, XMPP is designed to be decentralized and federated, allowing anyone to run their own XMPP server for people to send messages to. This includes using conference servers to hold group chats, and the Jingle protocol for audio (and video) calls. Additionally, XMPP itself is designed to take advantage of plug-ins and upgrades, such as offline messages, end-to-end encryption using GNU Privacy Guard keys, and even the ability to access other IM services like AOL Instant Messenger.It is, in my humble opinion, the ultimate solution for chat and messaging. However, relatively few people use it, as it does not come as the stock chat service on any mobile device, or any desktop platform. In addition, many of the clients include very odd and complex power user tools, and some become confused when a client requires that the username and domain must be entered separately*. It is, for all intents and purposes, a clusterfuck.This is why many people prefer Skype and Google Hangouts. While they are—in my opinion—inferior products to XMPP, they are much easier to set up and use. They are also default applications on Windows and Windows Phone (Skype), and Android (Google Hangouts). People prefer to use something easy, and the rule of defaults** is something which is hard to fight.
Now, with this said, there are some services which use XMPP chat servers for their IM environment, namely Google Talk and LiveJournal Talk. However, neither of these are federated servers, meaning that if you want to talk to someone outside of the server, you will not be able to. This makes it even more difficult to use the service, as despite being XMPP, you are blocked from chatting with others you wish to talk to.
Then there is Telegram. It is a semi-open system that is supposed to be cryptographically sound, though I have seen many reports that they are not actually secure at all, especially due to a lack of end-to-end encryption. There is also apparently a way to break the keys used in their secret chat system, but I am no cryptography expert, so any attempt to explain it should fall to a bit of digging. I would suggest Steve Gibson's explanation in Security Now Episode 444 for at least some of the issues.
Personally, I would trust Telegram more if I were able to run my own server, or at least see cryptographers fully audit the methods used by the service. I would also trust them more if they did not require a telephone number…or alert people who have my number when I make an account. That is not security. That is creepy.
In all honesty, XMPP with GNU Privacy Guard keys is still much more secure, as the encryption is from client to client. Additionally, the connection itself can be secured though TLS encryption, which is also used by websites to provide secure connections (HTTPS). If you truly want to make sure your conversation is not being read by people other than your intended recipiant, then I would highly suggest this method over any other, but I am slightly biased.
Regardless, I truly needed to get these thoughts out of my head and onto my blog. Hopefully, it will encourage some people to look into using XMPP themselves. If you do, I highly suggest XMPP.jp, or Jappix itself for your server of choice, though there are plenty to choose from.
*: Pidgin, one of the more popular clients, does this very thing. However, they are not known for being friendly towards users.**: For those who do not know, the "Rule of Defaults" states that most people will stick to default applications when using a device, such as a computer or smartphone, and ignore alternatives. MSN Messenger, Skype, Internet Explorer, Safari, Windows Media Player, and Google Chrome (on many modern pre-built PCs) are examples of this mentality.