this post was submitted on 12 Jun 2025
1 points (100.0% liked)

XMPP

426 readers
1 users here now

XMPP (aka Jabber) is the community-owned standard for real-time federated messaging.

For a quick start click here

JoinJabber.org support chat

JoinJabber.org admin support chat

XMPP.net Provider List

Also see JoinJabber.org FAQ

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
1
Email is dead to me. How should I tell govs and companies to reach me? (beehaw.org)
submitted 3 weeks ago by [email protected] to c/[email protected]
12 comments fedilink hide all child comments
 

cross-posted from: https://beehaw.org/post/20493770

^ indeed this is cross-posted back to the same community it originated, because slrpnk.net was offline when the post was introduced and Lemmy is not advanced enough to sync caches with original communities.

Email is a non-starter for reasons such as not being in control over who the other party chooses as an email supplier (thus resulting in Microsoft being fed all email traffic).

So snail-mail is the winner. My snail-mail obviously gives a mailing address. From a practical standpoint, that’s all I need. But it would be good to show some kind of electronic means of communication in the letterhead. Not directly for practical use but more of an expression that says “I’m not a luddite but you need to fix your shit” (in so many words).

Requirements:

  • must be secure. A low standard of security is fine; it just cannot be so shitty that giant surveillance capitalists can see and exploit the payloads.
  • must not rely on any non-standard or proprietary protocols.
  • must have at least one FOSS toolchain available.
  • must be suitable for documents sent asynchronously.
  • ideally a different unique address can be furnished to each recipient.

Candidates:

  • XMPP
  • onion e-mail (email service by surveillance capitalists cannot send to @*.onion addresses)
  • (hypothetical) clearnet email address hosted by a server that blocks inbound MS & Google server connections
  • fax number

One problem with the above candidates is I don’t think the 1st two options have any kind of aliasing (I only know of one onion email service that deliberately lacks a clearnet alias, and it does not have aliasing on the userid portion). So I would have to create many accounts and they would never actually get traffic. They would just be symbolic. And the third candidate does not even exist AFAIK.

Problems with the fax number: these are not cheap and I would need a fax number for different countries. Also fax services are gatewayed so some senders send an email to a fax service the dispatches a fax, in which case Microsoft would still see the payload.

top 12 comments
sorted by: hot top controversial new old
[–] [email protected] 0 points 3 weeks ago

For email I try to at least proxy my addresses and then encrypt it on the way to my real email account, but I basically just do that for fun without knowing if it really helps. To complete my privacy LARP, I log into my email via ArcaneChat, which plans to support XMPP at some point in the future.

[–] [email protected] 0 points 3 weeks ago (1 children)

Well governments will use any open standard that can reliably contact individuals (as that is the easiest way to do their jobs) That is why the 3 most supported options are:

  • mail
  • phone
  • email

They would use IRC, XMPP, Matrix, etc if they would reliably send you a message and enable them to reliably receive messages from you. The problem is that those options are not reliable.

The other alternative is they provide a website (that they control) that you can login in to but it is then on you to routinely login and people are bad at that and thus few organizations even support that approach.

[–] [email protected] 0 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

I find XMPP to be /more/ reliable than email, which is largely due to anti-spam zealots like #SpamHaus who block or blackhole email on the basis of IP address, along with countless other anti-spam techniques that cause collateral damage to legit email. I actually cannot send email to Google or MS users because of this crazed zealotry that has lost sight of the purpose of security: availability.

XMPP is certainly glitchy and has a variety of issues, but at least it has not yet been sabotaged by anti-spam zealots, and large corps using anti-spam measures as an excuse to break the platform for those not patronising a large corp.

The other alternative is they provide a website

That’s for person→gov msgs. It is not something I can put in my letterhead as a way for them to reach me. Also, the webforms likely just result in an email transmission that traverses MS servers in-the-clear anyway.

[–] [email protected] 0 points 3 weeks ago (1 children)

ok, lets just assume xmpp is reliable enough to use. And a government agency is will to adopt it to prove that all out.

What libraries for Java/C# are available under an FSF approved license that would enable one to securely send XMPP messages to the public?

As governments don't like being mailed or emailed anything. They want you to login to a thin wrapper around a database and perform basic data entry so that they don't have to pay someone to do that data entry.

They are only going to message you to deal with password resets or data entry tasks they want you to do (legally required renewals, reviews, etc).

[–] [email protected] 1 points 1 week ago (1 children)

The gov can /want/ all they want. It is the gov who serves the people, not the other way around. And we (the people) are have some control. That is, if you object to the gov’s email policy or hosting company, you can simply withold your email address. You can send them snail mail. Then they have to pay someone to scan it and react. This is in fact what I do.

I include an XMPP address along with OMEMO fingerprints in the letterhead. It’s mostly symbolic. No one actually uses it. Exceptionally, some attempt to use my XMPP address as an email address. So now I write “note: xmpp is not email” next to the xmpp address.

[–] [email protected] 0 points 1 week ago (1 children)

no, the government doesn't serve the people it serves power.

Unless power thinks you as a group are worth the effort, they will ignore your mailed documents, state you failed to file paper work and you now have to deal with (problems incurred due to not having completed the paper work).

Paper processes are going away. Oh, they will keep mailing you stuff for a while but nations and states are implementing SSO systems and the scanning/indexing systems are disappearing. Replaced by "You scan and upload" combined with you extract the relevant bits so we can cut staffing again.

But the point was, there are no good XMPP libraries that would enable a willing government to easily onboard that support. If there were, it would be a very different discussion.

[–] [email protected] 1 points 1 day ago* (last edited 1 day ago) (1 children)

no, the government doesn’t serve the people it serves power.

First of all, you’re wrong, unless you have limited your comment to a particular gov where votes in an election don’t count -- which is not the situation I am in. I’m in a jurisdiction where not only is there a decent voting system, the reps in gov also take public surveys and sentiment into account for operational design. I’m also in a jurisdiction where civil disobedience has effect. E.g. so many cyclists were unlawfully turning right on red that they decided to scrap the prohibition for cyclists.

You also seem to misunderstand the fact that my drop-in-the-ocean action need not change anything, just as my drop-in-the-ocean election vote is never the one vote that makes a difference.

Unless power thinks you as a group are worth the effort, they will ignore your mailed documents, state you failed to file paper work and you now have to deal with (problems incurred due to not having completed the paper work).

This assumes a scenario where I not only have an obligation to submit something but I also have an obligation to supply an email address. Obviously my form of submission accounts for these factors. The inquiry in the OP does not inherently cover such scenarios, and that’s deliberate.

Paper processes are going away.

Only in regions that are largely populated pushovers and digital zombies, without a right to be analog movement (or the rights to have a movement).

But the point was, there are no good XMPP libraries that would enable a willing government to easily onboard that support. If there were, it would be a very different discussion.

Keyword there is /easily/. It was not easy for Munich to replace all their Windows PCs with linux, but difficulty of deployment was not a show-stopper.

The question is essentially: if e-mail is scrapped, what is the next most qualifying replacement for the given requirements? If XMPP is not the answer, what is?

[–] [email protected] 0 points 19 hours ago

unless the people make their power felt, they have no power but when they do the politicians respond to that power (not the individual people).

Most government systems tend to require submissions (licensing, welfare benefits, birth certificates, etc)

Easier makes it possible for low level employees to add support, harder requires political buy-in.

[–] [email protected] 0 points 3 weeks ago

You could set up an incoming email gateway to xmpp so that companies can at least still send you some notifications or password reset emails etc.

[–] [email protected] 0 points 3 weeks ago (1 children)

Deltachat might work for the third candidate.

[–] [email protected] 0 points 3 weeks ago (1 children)

I’ve installed Deltachat but not experimented at all with it. What happens if someone sends an unencrypted msg to an email account that uses Deltachat? I would expect the msg to still be accepted by the mail server and MS to still see the unencrypted traffic.

[–] [email protected] 1 points 2 weeks ago

Depends on how its set up. It's really flexible. You can either set it up so it's essentially isolated from all other email servers and only communicates with other deltachat chatmail(email) instances or it can be set up so it can connect with any (or only allowed) email servers. I think you can mix it somewhat too but you would need to double check that. The more isolated you have it setup I would imagine the more secure it is since if you had all your users on one server the encrypted emails would all stay on the one email server (the devs call this a chatmail server.). It's even got custom (html/js applets) apps you can add to the group chats for games or polls or events and the like.

If it's a newer default chatmail server than it only talks with other chatmail instances so it never gets received I believe. I know you caan't do outgoing with chatmail and am like 80% sure incoming works the same way