Planet IM

June 13, 2020

Dear Government: Please Don’t Muck With Encryption

I was prompted to write this after hearing that the Obama Administration is meeting with the creators of a petition for strong encryption (edit: you can now read the EFF’s thoughts).

Over the past year officials of various governments have expressed a desire to limit encryption or require backdoors to allow government spying (FBI director James Comey, UK Prime Minister David Cameron, US President Barack Obama). This is misguided.

The road to hell is paved with good intentions.

Encrypted communication is hard enough as it is

Considering the number of severe vulnerabilities in SSL/TLS discovered over the past five years I’m surprised https is even still useful. Building encrypted communication software is difficult. Requiring it to be intentionally weakened in specific ways will lead to an increase in unintentional bugs and less secure software.

(This paragraph added eight hours after initial posting:) There’s an underlying question of how feasible it is to add a backdoor to a given encrypted system. When looking at low level encryption protocols it’s potentially impossible. For example, trying to add a backdoor to PGP would fundamentally change PGP. It would no longer be PGP. For a higher level encryption system where encrypted messages transit through an intermediary, perhaps the system could be changed so that messages transit through a government-controlled system, and perhaps the protocol could be changed such that the intermediary decrypts then re-encrypts the message. While these types of changes are feasible, they add complexity to the system. Complexity reduces reliability of the system as a whole and increases the cost of maintenance and initial development.

You can’t stop criminals from using encryption without backdoors

Encryption software without backdoors already exists. Requiring backdoors in a few countries won’t cause this software to stop existing. It won’t prevent cryptographers and software developers in other countries from developing stronger encryption products. Criminals in the US will continue to be able to use strong encryption software regardless of any law preventing it. Making strong encryption illegal reduces the security for those of us with good intentions while acting as only a weak deterrent for those with bad intentions.

Backdoors would be used inappropriately

Regardless of whatever strict requirements are placed upon usage of backdoors, they will be abused. Maybe a hacker will break into a government computer and steal a secret decryption key. Maybe a disgruntled government worker will spy on his boss. The exact scenario is immaterial. Time is infinite, abuse is inevitable.

Therefore it’s not helpful to have a conversation about whether a backdoor will or will not be abused. It is only helpful make the best prediction about how much abuse will happen and decide if this amount is tolerable.

Massive data breaches happen quite frequently. I’ll concede that US intelligence agencies have a decent track record so far (though the Chelsea Manning and Edward Snowden leaks are two titanic counterexamples). I’m not optimistic.

Privacy is a requirement for free speech

The Guardian article mentioned above sums it up well, “the right to privacy runs right in parallel to our right for free expression. If you can’t say something to a friend or family member without the fear the government, your neighbour or your boss will overhear, your free expression is deeply curtailed.”

This argument pertains less to backdoors, where presumably a warrant would be required, and more to banning encryption outright, as David Cameron desired.

Encryption for everyone

Encryption, by the way, is pretty important. Without https and without encrypted Wi-Fi anyone within a few hundred feet of your laptop would be able to see everything you’re doing. Every website you open. The contents of every email you send. How much money is in your bank account. People could capture your login credentials and wire transfer all your money to their own account. Trade stock in your brokerage account. Turn off automatic bill pay for your electricity or mortgage. Buy things with your Amazon account.

Personally I place a high value on my privacy and a low value on the potential of intercepting terrorist communication via a backdoor. The dubious benefits of backdoors do not justify the costs.

Tangentially related blog posts from me:
Violating the Fourth Amendment
Should the NSA be allowed to scan our personal email?

Tigase XMPP Client Apps

Our XMPP Chat Apps philosophy

Web based, JavaScript, React and so on app are great… for developers.

We do care about users and we understand that the only way to provide users with great experience is through native apps.

Therefore we have put a lot of effort and dedication to develop native client for each platform separately. Each of our apps is tailored for the best experience and native feeling. Plus they are optimized for each platform, so they are lightweight but also powerful and take full advantage of what is offered by the environment they are running on.

All our applications offer the same set of features, so no need to replace them over and over again below. Here is the list:

  • Simple Chat - yes, this is the good, old 1-1 chat.
  • Group Chat - like the old IRC, now it is MUC (Multi User Chat). You can create chat rooms, public or private, open or password protected with moderators and so on…
  • Push notifications - if the app is not running on the device, the user is not connected to the XMPP server but he can still receive notifications about new messages from people.
  • iOS has now call silencing from unknown. We had this before them. All new chats from unknown users go to separate tab “From unknown” and you can turn off push notifications about messages from people who are on on your contact list. Plus, of course Tigase XMPP Server has a built-in anti-spam filtering which helps too.
  • Voice and Video calls are pretty much standard nowadays and Tigase client support it as well.
  • Multi-account support - you can add as many accounts on different servers as you want on your client and communicate through all these accounts at the same time
  • Files Sharing - yes, photos, documents, anything can be send through the XMPP client to your buddies either on the simple 1-1 chat or to entire team in a group chat. Client displays photos nicely, so you can see them directly in the app.
  • OMEMO - E2E encryption is available on all our client apps.

We, at Tigase use all our XMPP apps ourselves.

All Open Source

All our XMPP Chat applications are open source with code available in public repositories on GitHub.

Stork IM - Tigase Android XMPP Client

Our first mobile client we created. Native Android app designed and written from ground up, again and again…

We experimented, made mistakes and learned. So here it is. Android Java, native app. Lightweight, fast and powerful.

Our Android client works on most Android devices. It offers a set of typical features you would expect from a chat application plus a lot more, not typical features.

Siskin IM - Tigase iOS XMPP Client

Our second mobile client. This one for iOS, optimized to run on phones and tablets.

It is a native Swift app optimized for iOS for both phones and tablets.

Simple to use but with many advanced options for more demanding users.

We suggest to start using it in a simple mode and gradually explore other features and options.

Beagle IM - Tigase MacOS XMPP Client

Mobile devices are good when you are on the go. But we are software developers and we work on real computers all the time. Hence we also have and offer a real desktop, native chat client.

Again, it’s a native Swift app designed from ground up and optimized for desktop MacOS.

Feature set matches all other other apps.

If you work on MacOS, we honestly recommend to try it out.

Tigase XMPP Libraries

Our software philosophy

Actually nothing new and nothing surprising here. We want to have as much of a reusable code as possible. And this reusable code should have a simple but powerful API to be useful for quickly creating software.

That’s it.

And this is how we design and develop our XMPP libraries. Check them out.

Documentation to all our projects is available online and sample codes? Take a look at our XMPP Chat apps which are open source too.

Tigase Instant Communication, Presence and Messaging

What is “Instant Communication”

First things first. What is this all about?

We say this is “Instant communication” or “Near real-time communication” and indeed, this is about communicating, talking, sending messages, sending other information, documents. Instant or real-time means, whatever you send, is sent right away, it is also delivered right away.

Would the receiving person get it right away too? Well, it depends, if the person is online, it gets it right away and can respond right away.

Messaging really means chatting, talking. It’s not just sending and receiving messages. You send a message, friend receives it in real-time and can respond right away. You see the full chat history, context, you just talk. And you can chat with many people at the same time, in what we call group chat rooms. It’s like sitting at the table with friends and talking to them.

What special about this system is, that You know if your friends are online. If you send a message to online friend you can expect his response right away, if he is offline, you know about it and you know you may have to wait for a response. No guessing. This is the “Presence” part in the title. Presence is just a status of the other person: online, offline, busy, away, and so on… So you not only can send a message to your friend instantly but also can know his current status, also in real-time. As soon as somebody changes his status, you know it right away.

Presence is also much more than just online status. Presence can optionally carry on additional information, like location, mood, what your friends are listening to and just anything your friend chooses to share with you.

And… “last but not least”, the system is not just for people talking. It’s for devices as well. Anything that can send some information, share some data, update it’s status can effectively use our software. IoT is an ideal example where our software excels and shows it’s full power.

How is it different from e-mail?

Simple enough. It all looks similar to email, send and receive messages. What’s more, even a user address looks exactly like email. So what is the difference?

There are a few significant differences:

  1. E-mail is not real-time and is not instant. It may be quite fast but it may also be quite slow (a couple of minutes) until the email is actually delivered and this is still considered a norm for email messages.

    XMPP is actually near real-time and instant. Typical delivery time is way below 1 second.

  2. E-mail is not really for chatting or talking. It’s more like sending letters, longer texts. It’s not really suitable for sending short messages or notifications.

    XMPP is just for that. Chatting, talking, sending short messages or notifications. However our software has expanded on the basic features and allows rich text formatting using Markdown language. You can send long texts and even letters nicely formatter which are pleasant to read.

  3. E-mail has no presence information. You send an email message but you do not know whether your friend is online, when he gets the message, when he can read the message and finally respond. You just send an email and wait.

    XMPP does have presence information. Plus all kinds of confirmations built-in. You know if your friend is online, when he received the message, read it and you know when to expect a response. You know whether your friend is available to talk right now or busy doing something.

  4. E-mail was designed and created very long time ago. When the high security and privacy was not such a big concern, there was no spam, and other attacks. Over time security of email improved but there are many different techniques and standards not always adopted by every email provider. Spam has been a huge problem for a long time and so far nobody knows how to solve it.

    XMPP came to be long time after e-mail. When all the email weaknesses and problems were well known. So it was designed from ground up to solve the problems. Security is embedded in the XMPP core, privacy was the main concern and preventing Spam and DOS attacks was taken into consideration from the very beginning.

How is it different from SMS / Text Messages?

SMS / Text messages are instant, aren’t they? They are sent and delivered in real-time, aren’t they?

At first, it all sounds like SMS / Texting. People chat over SMS all the time. Is XMPP any different.

There are a few significant differences:

  1. Presence - is completely missing from SMS/Texting. You have no idea whether the person is at their device to read the message and text you back. You are sure, that he gets the message, usually, right away, unless their device is turned off. But you have no way of knowing if the device is on or off, whether your friend is close by to the device, and not busy to respond.
  2. User address/ID - for SMS / Texting, this is just a phone number. Sure, nowadays it is kind of personal thing but if it changes, then friends may have problem finding out your new number, may have problem contacting you at all. So you have to take a good care of letting them know about the phone number change. But even if you have still your number and poeple can text you, the device may be far on the table when you rest on the coach with your tablet. To read a text from a friend or send somebody SMS you would have to interrupt your rest, find your phone and type the message on the screen. Don’t mention about all your chat history. When your mobile is gone, all the SMSes / Texts are gone too.

    With XMPP, this problem does not exist. You can have multiple applications connected to your one user address and can chat with friends using whatever device you have handy with you. And all your friends will always recognize you as you. And you can choose to store your chat history on the server and you can see it on any devices and app you connect with.

  3. Chat feedback. With SMS / Text you send a message and… wait. In XMPP, you send a message, you see when it was delivered, you also see when the friend read it and finally you can even see when the friend starts typing response.

How is it different from Twitter, FB?

Twitter and Facebook are social networking services. Although you can send a message to other people, these services are not really designed for effective, real-time communication. They are more like publications, where you can post a message, a longer article, photo or just anything for people to see, when they come over to your profile.

In theory, the XMPP in it’s core can do all that can be done on Twitter and Facebook and also so much more. It’s just a matter of implementing apps that can make use of all the XMPP capabilities.

The Tigase XMPP Server could serve as a social networking platform out of the box and there already are systems like this. Our focus, however, is on real-time communication, hence our apps are designed as effective messaging clients.

How is it different from Skype, ICQ, AIM, FB Messenger, iMessage and others big names?

Ok, so, there are chat / messaging systems available already. They are instant and near real-time. Big brands are behind them they are not going anywhere any time soon. They also offer voice and video calls and all the features and maybe even more.

How XMPP is different and how Tigase is different and better then?

First of all XMPP is a public and open standard. So, you know what is under the hood, how it works, you can evaluate if it is secure. You can easily create own tools, apps, servers to connect to the world wide XMPP network. Well, the XMPP by desgin is extensible, so you can easily customize and extend the basic XMPP protocol with more features and capabilities.

None of this is true for the big name systems.

You do not really know how your messages are sent and delivered by the big names. How your personal data is handled. Even if you assume, they are big with big pockets, so they can implement secure systems and can take care of your data. There are other important questions: It safe? Who has access to it? Would they sell your profile to third-party?

XMPP and Tigase for that matter allows you to deploy your own instant communication system, independent from any other, you keep all your data, you control everything, you decide what is allowed, who can communicate with whom. And still while having independent system for your needs, you can communicate with other users who are on XMPP.

And if you want some extra features, customization, there is no way to have it on the big name systems. You just have to rely on what is there and adjust yourself to what is available.

How is it different from Slack?

And again, it all sounds like Slack. So similar in every aspect. Is there any difference?

Indeed there is. In principle XMPP has all the same features as Slack has. Probably even some more. The main differene is that with XMPP you can choose software vendor (Tigase is one of them but there are many others), deploy your own system, independent which is under your full control, you keep your data and you decide what happens with them.

Tigase XMPP Server

Tigase XMPP Server is Java based software

Tigase XMPP Server is a standalone application written in Java. It is not a “web server” system. It runs independently from any other software. In most cases all it needs to run is Java Virtual Machine (JVM). For extended functionality it may require a few external libraries for the most part it is all in-house developed software.

Java based but still very efficient

Java is known and infamous for it’s high resource requirements and slowness. This unfortunate, bad reputation is a result of early impressions from the first years of Java and also from poorly written, bloated Java monster software. Poorly written and poorly maintained software results in tons of redundand code and overall slagishness.

There are, however, many Java programs which are good examples how efficient, fast and resources friendly Java code can be. And Tigase XMPP Server is one of these good examples.

We put a lot of effort to optimize, design it and implement efficient code. Here are some interesting facts:

  • The main binary code to run Tigase XMPP Server is less then 3MB
  • In some cases it can be run with as little as 10MB of RAM, usable, typical XMPP chat system can be deployed on 50MB of RAM
  • It was successfully tested to handle over 30 millions messages per second
  • It runs on production systems with over 10 million users
  • It runs on production systems processing over 5 millions messages per second
  • Typical message processing time is below 0.01 second if database is not involved

Reliable

We frequently put Tigase XMPP Server through very rigorous testing. Running hundreds of automated tests, performance tests and long-lasting reliability tests. This allows us to discover bugs, inconsistencies, bottlenecks, memory leaks and other potential problems in long-running applications.

Every release is thoroughly tested and verified before publication.

Tigase XMPP Server is known to run for over 3 years without restart on a production system.

Secure

XMPP was designed from ground up to be secure. Tigase, however, does not stop there. We took additional steps to make sure Tigase provides up to date security.

Through extensive testing, third-party verification, we make sure it is a well written software, resistant to all common attacks, including SQL injection, DOS attacks, man-in-the-middle attacks and many others.

We closely track changes and developments in the security protocols and make sure Tigase is up to date, uses only safe ciphers and algorithms.

Additional, hardened mode, turns Tigase into very restrictive configuration, which may break connectivity with older apps and servers, but on the other hand, ensures that security it tightest possible for demanding customers.

Very Scalable

Tigase uses resources very efficiently. It can easily handle half a million users on a single server or more. But no matter how efficient the server is and how optimized the software is, there is a limit on how much a single server can handle.

Therefore, from the very beginning we planned on making Tigase scalable. Out of the box Tigase offers near-linear scalability or exact linear for some use cases.

It can be deployed on large number of servers over distributed data centers and cloud providers to provide a single logical system for practically unlimited number of online users sending millions of messages per second.

Cloud independent

Tigase XMPP Server is Java application and can be deployed on anything that can run Java programs. It does have some special integration features for Amazon AWS cloud system but it can run on any Cloud. Our customers deploy Tigase on Google Cloud, Microsoft Azure cloud and many others and also on in-house dedicated data centers.

Tigase has a built-in load balancer to better distribute connected users and devices but it can also play nicely with external load balancers which are used on different environments.

Extensible

Tigase XMPP Server can be used as it is.

Out of the box it is capable to provide sufficient functions for typical XMPP systems and in many cases for not so standard XMPP services.

There are, however, deployments with specific requirements or third-party systems with which Tigase has to integrate. For such cases, Tigase XMPP Server offers exceptional flexibility. Well designed and rich API allows adding custom elements like blocks.

There is no single line of code in Tigase which is fixed. Anything and everything can be replaced with custom made code and plugged-in through configuration file.

Administrator friendly

From our experience we know that starting a complex system is a big challenge. However, even greater challenge is maintaining such a system long-term. Therefore, we have put a lot of effort to make sys ops life easier.

There is a huge number of tools built-into the Tigase XMPP Server which make maintaining Tigase much simpler than expected:

  • Command line tool to execute all admin tasks
  • Web UI for admin to see critical system parameters and performance metrics
  • Thousands of runtime performance metrics allow to diagnose system in real-time
  • Built-in self-monitoring system which can send notifications via email or XMPP if it detects problems
  • Detailed diagnostic log can be switched on/off
  • Detailed diagnostic log for a single user can be switched on/off
  • Audit Log
  • Self-fault recovery
  • Automatic cluster reconfiguration

Easy to track performance

Proper monitoring is one of key areas we focus during development, testing and maintaining services. Tigase XMPP Server offers thousands of run-time performance metrics, which allow to track the system in real-time.

Every significant processing unit generates performance metrics, therefore if there is any slow down or a bottleneck it is very easy to diagnose the system, locate the problem and fix it.

Easy to integrate

There are many ways to integrate third-party systems with Tigase XMPP Server.

It has very well thought and rich API which allows to add new components and plugins. These plugins can interact with other systems to exchange information.

However, Tigase employs a common pattern for so called “Connection Managers” which are responsible for network communication. Each connection manager talks a different protocol and Tigase can easily learn new protocols to connect to virtually any external service to exchange information in real-time.

Tigase also offer access through REST API which can be easily extended using various scripting languages. This is a powerful feature which allows to add new REST API calls using a programming language of your choice.

Tigase XMPP Server can be also configured to retrieve users’ data from different databases storing data in different formats. This allows for an easy integration with other systems without writing a single line of code.

Last updated: July 12, 2020 09:00 PM