Yes. Unfortunately it seems that Matrix is the winner, but I think Matrix is over-engineered.
XMPP was nice. Especially in the old times when Google Hangouts and Facebook Chat were also XMPP based. Being able to talk to people on another service without needing an account there was a nice thing to have for a few months.
The interop was a nice feature implemented by their engineers, but it violated the lock-in operational principles of the gatekeeper services, so it had to be abandoned. Let's see if the EU Digital Markets Act will bring back XMPP interfaces to the big ones... ;)
My main problem with matrix is that it feels sluggish. I'm told the experience can be improved by running your own homeserver so I'll be trying that sometime this year.
In my limited experience, running a homeserver sucked. Really hard to do on limited resources. Then again, that was a long time ago so maybe things have improved and perhaps Dendrite has come along. But Synapse sucked to run IME.
I'm slowly building my own XMPP client, one key thing I'm running into trouble with is there seems to be no standard library for End to End Encryption other than Signal's own, I don't want to have to relicense my entire project for one dependency, I would rather keep my project Apache licensed. The other problem is voice and video options seem to be married to some Java specific library (Jingle) which is fine if you're using Java, but I'm not, seems nobody has implemented a solution to this in other languages that I'm interested in as well.
For the End to End I could try my best to implement it using existing libraries as pieces I can use, but I'm not comfortable doing that.
You might be interested in this article by soatok [0] which discusses OMEMO and XMPP. Soatok has many reservations but I think if you use the most recent OMEMO version I think it should probably be fine.
Funnily enough honeybee is AGPL, but snikket is not, I will take a peek at Snikket, its interesting that it is in fact coded in Haxe. I am always fascinated with the capabilities of Haxe.
Curious how they managed that, if its 'clean room' its fine, if they're looking at the source for Signal, that could be bad. Funnily enough, my client is in Rust.
I’m not 100% sure on this in the case of AGPL, but I think you don’t need to relicense your project if you include AGPL code; you only need to make sure your project respects all the freedoms the AGPL requires it to (in a suitable way).
So your own code would still be under Apache, and people could follow only the Apache conditions if they only use your code. But combined with the APGL part, the project as a whole would of course have to follow the APGL conditions.
> you don’t need to relicense your project if you include AGPL code; you only need to make sure your project respects all the freedoms the AGPL requires it to (in a suitable way).
GPL and AGPL typically imply that your entire project is licensed under those conditions is my understanding. I find it silly to licensed something MIT or BSD but pull in some GPL code, since now the entire thing needs to comply. GPL is about end-user freedom by force against the developer. Don't get me wrong I love the GPL, but if I want to use a specific license I rather stick to that license.
Watch the most popular clients[1] gain traction as countries (e.g. UK) pass laws mandating that tech companies backdoor their apps/encryption.
[1] Conversations for Android and Gajim for Debian.
I always liked XMPP and SIP as messaging protocols. So easy to read and understand and implement. Both are extensible and can be made secure.
Yes. Unfortunately it seems that Matrix is the winner, but I think Matrix is over-engineered.
XMPP was nice. Especially in the old times when Google Hangouts and Facebook Chat were also XMPP based. Being able to talk to people on another service without needing an account there was a nice thing to have for a few months.
The interop was a nice feature implemented by their engineers, but it violated the lock-in operational principles of the gatekeeper services, so it had to be abandoned. Let's see if the EU Digital Markets Act will bring back XMPP interfaces to the big ones... ;)
So far it looks more like walled gardens are the real winners.
What you maybe see as overengineering, I see as a prerequisite for wider adoption.
These days aren't the old days any more, when you only ever used a native app without e2ee on a computer.
My main problem with matrix is that it feels sluggish. I'm told the experience can be improved by running your own homeserver so I'll be trying that sometime this year.
In my limited experience, running a homeserver sucked. Really hard to do on limited resources. Then again, that was a long time ago so maybe things have improved and perhaps Dendrite has come along. But Synapse sucked to run IME.
I'm slowly building my own XMPP client, one key thing I'm running into trouble with is there seems to be no standard library for End to End Encryption other than Signal's own, I don't want to have to relicense my entire project for one dependency, I would rather keep my project Apache licensed. The other problem is voice and video options seem to be married to some Java specific library (Jingle) which is fine if you're using Java, but I'm not, seems nobody has implemented a solution to this in other languages that I'm interested in as well.
For the End to End I could try my best to implement it using existing libraries as pieces I can use, but I'm not comfortable doing that.
You might be interested in this article by soatok [0] which discusses OMEMO and XMPP. Soatok has many reservations but I think if you use the most recent OMEMO version I think it should probably be fine.
Also of interest, OpenMLS [1]
[0] https://soatok.blog/2024/08/04/against-xmppomemo/
[1] https://github.com/openmls/openmls
Maybe someday the Snikket SDK[0] will be ready for use. I suppose you could look at it now anyway. Honeybee[1] is already using it for voice.
[0]: https://github.com/snikket-im/snikket-sdk [1]: https://git.sr.ht/~anjan/honeybee
Funnily enough honeybee is AGPL, but snikket is not, I will take a peek at Snikket, its interesting that it is in fact coded in Haxe. I am always fascinated with the capabilities of Haxe.
Let me know if you have any questions about the SDK (now called https://borogove.dev )
It doesn't have OMEMO in the native builds yet, but that will be happening this year.
We do have voice in the native builds but not video yet.
Honestly getting voice first would be a good stand out feature, even the glorious Pidgin struggles with it.
https://github.com/matrix-org/vodozemac
seems like to contain a reimplementation of the Signal Protocol in Rust - apache licensed.
Curious how they managed that, if its 'clean room' its fine, if they're looking at the source for Signal, that could be bad. Funnily enough, my client is in Rust.
it's clean room.
I’m not 100% sure on this in the case of AGPL, but I think you don’t need to relicense your project if you include AGPL code; you only need to make sure your project respects all the freedoms the AGPL requires it to (in a suitable way).
So your own code would still be under Apache, and people could follow only the Apache conditions if they only use your code. But combined with the APGL part, the project as a whole would of course have to follow the APGL conditions.
> you don’t need to relicense your project if you include AGPL code; you only need to make sure your project respects all the freedoms the AGPL requires it to (in a suitable way).
correct
GPL and AGPL typically imply that your entire project is licensed under those conditions is my understanding. I find it silly to licensed something MIT or BSD but pull in some GPL code, since now the entire thing needs to comply. GPL is about end-user freedom by force against the developer. Don't get me wrong I love the GPL, but if I want to use a specific license I rather stick to that license.