Modern XMPP project discussion - 2024-03-14

I have a doubt about invitations. Maybe people could dispel it ;-) Use case: $JABBER_USER is a dancing instructor. They like to go out and dance, and they always need to find new clients, i.e. people who like to learn to move their body. $JABBER_USER has business cards (e.g. ISO A8 paper) they hand out to interested people they meet at dance events. Now it would be cool, if there were a QR code printed on the cards with an account-and-subscription URI on it. I wonder, if it were possible to have a "generic" URI, i.e. for multiple recipients of the paper business cards?

Certainly

Rather than putting the URI on the card though, it's generally better to put a web link

Otherwise it assumes the recipient already has an XMPP client. If not, it just won't work and they'll scratch their head. Every scanner can open https://

Snikket and Prosody both support multi-use invites (in different ways)

Snikket has a 4-week limit on them currently, though I'm planning to remove that with some UX changes

Hi, I wonder if events couldn't be supported directly on XMPP through the .ics format?

I'm either a genius or utterly stupid

Océane, you can certainly use XMPP to send .ics files, sure

It's up to the recipient what they do with those

Indeed but could XMPP clients such as Movim encode them and parse their contents directly in the web interface?

They definitely could, yes

Oh wow, so cool!

Time to file some feature requests :)

Indeed, that's what I'm gonna do!

I think it is indeed a great idea

MattJ: What does dispel mean, and what is a "generic" URI?

What's wrong with invitations?

xmpp: URIs? those only work if you have a client installed

Yes but what do you want to do instead?

Go to some converse site?

Or a matrix.to-like thing?

That would be the https:// things MattJ mentions

But what would it do?

open the play store or whatever link to install a client

Do you mean joining an XMPP chatroom from any program, e.g. another XMPP chatroom or https://search.jabber.network?

I'm not being sarcastic

I'm not sure I get the full context

> open the play store or whatever link to install a client That's not generic though ↺

What if the user is using an iPhone, Linux, or Windows device?

But I guess I can give a one-click link to XMPP users so they can add me on XMPP

then you get them to client site. like gajim for example

(Or am I, uh, splaining people here)

Océane, yeah basically its this https://github.com/modernxmpp/easy-xmpp-invitation with a demo here https://xmpp.link/#romeo@montague.lit

people would see the second one

Oh snap, I see – an HTTPS gateway to XMPP programs

Yeah basically matrix.to

Oh now I get it

Honestly I think that people can actually send _two_ links

But sad that Cheogram is not in the list

I send https://chapril.org/XMPP.html to my French contacts, and then I tell them to add oceane@disroot.org – it works every time

at the moment i do it myself. cant trust any other way for it not to go wrong

I'm also not sure this would be a good idea because people need to create accounts on server that may or may not implement the XEPs that are relevant to IM -- this looks like a bad idea honestly

or through voice/video call very slowly

A cleaner solution is the Chapril's, basically a comprehensive tutorial to create an account on _your_ server through an XMPP client that makes consensus for your platform

I'm pretty sure the people advocating for abandoning the XMPP do this because they've had a bad experience with either a client like Psi+ or a server that doesn't implement the correct XEPs

I've never had to send anyone some kind of tutorial to use XMPP because a lot of my friends are veeery stubborn and they only SMS or call me now

Or use my Mumble server

> A cleaner solution is the Chapril's, basically a comprehensive tutorial to create an account on _your_ server through an XMPP client that makes consensus for your platform nobody is going to read a tutorial. give a client to the person you want to sign up and a server

the less questions the better

Anyway XMPP isn't a post-Snowden messenger so it depends on your use case, there's no reason to force XMPP on your peers

it has happened that they havent picked the server i told them either

what does "post-Snowden" mean?

2014 and later? ✏

sounds like you have a different threat model than XMPP yes :)

Any computer, or even some piece of garbage pretending to be one, like Windows or Android, is modular enough to let your contacts switch back-and-forth between several messengers

that sounds like a nightmare.

personally at least

Hmm I mean stuff that encrypts your contacts _and_ your metadata, like Signal, the DIME, or Briar

Sorry, * your messages _and_ your metadata

all these three have a different threat model. so first we need to define the threat model

Indeed, and I don't mean that my definition of my threat model should prevail, but I just think that we shouln't assert XMPP on our friends

It's good enough to be adopted easily nowadays anyway

Signal would be dead if the central server dies, though

i think we are going ot tho

I'd love to see an XMPP solution to the metadata problem, or some P2P extension for security

for here

I have a solution, I host my server. No metadata for outsiders. But signal on the other hand, lots of metadata there, if I assume a bad intended server. It's irrelevant that it encrypts contacts, if the server can see with what number/contact one exchanges messages. And a server must know this to route the message. So a compromised signal server is only marginally better then a compromised xmpp server. But you can't choose the signal server to be operated by someone you trust. And a single big server has more attraction to be attacked by everyone.

just dont use servers /s

just don't use computers /s but also not

Océane: agreed with the above, even if some magic and inaccessible crypto was making Signal better in some way, the fact that it's centralized throws away any privacy guarantee in exchange for "goodwill trust us"

While you can self host XMPP on tor or anything of your fancy

MattJ (or anybody else) Could you post an HTTPS URL example for a generic account-and-subscribe? I like to know how it could look like. Thanks!

It can look like anything you want

If you mean the HTML page itself, a Snikket invite looks like this: https://demo.snikket.chat/invite/-Su39hX8YNyoXtNnRhb7ctFO/

A standard Prosody invite looks like this: https://auth2.superxmpp.com/invite?6F7eGB_xTAS26hxapuoeTAvq

Both of those can work with xmpp.link if you format the URL correctly

But for a business card you could make a nicer URL (without the token at the end) and a static page

I did that for FOSDEM, so it was easier for people to type manually if they didn't have a QR scanner