SoylentNews is people
SoylentNews
from the wait-for-Government-makes-it-illegal-headline dept.
IM services start to block unencrypted chats. XMPP upgrade is rolling out now.
A host of instant messaging services will begin refusing unencrypted connections from today under a pledge to harden the extensible messaging and presence protocol (XMPP). Developers pledged in 2012 to begin testing client-to-server and server-to-server encryption for XMPP as of January in a move heralded as an initial step to secure the communications protocol against criminals and government spies. The XMPP Standard Foundation initiative covered 70 providers but could not be enforced. Peter Saint-Andre, the technologist behind the initiative, welcomed the go live date. "Today, a large number of services on the public XMPP network permanently turned on mandatory encryption for client-to-server and server-to-server connections," Saiont-Andre said. "This is the first step toward making the XMPP network more secure for all users."
http://www.theregister.co.uk/2014/05/20/im_upgrade _locks_out_lazy_eavesdroppers/
https://raw.githubusercontent.com/stpeter/manifest o/master/manifesto.txt
Users can check the security of xmpp services here. https://xmpp.net/
(Score: 1) by cockroach on Tuesday May 20 2014, @03:49PM
Unfortunately Google does not seem to play along. Since most of my XMPP contacts are on Google Talk I won't be enforcing s2s encryption on my server just yet. Still, it's nice to see that the bigger players are willing to do this even though it may alienate some users who suddenly find themselves disconnected from their Google friends.
(Score: 5, Informative) by Anonymous Coward on Tuesday May 20 2014, @04:11PM
Your contacts are not on Google Talk.
Google has been stepping away from XMPP since last May, when they axed Talk for Hangout. Since then, they've been pruning XMPP from Google Voice (and killing off third-party software in the process), and it's not clear that XMPP has a future with Google Hangouts.
So, your contacts might well not be on Google Hangout far into the future.
Meanwhile, universities have been killing off their Jabber servers: at UF, they replaced it with MS Lync, mostly for secretaries who use it to communicate between offices. http://news.it.ufl.edu/infrastructure/jabber-servi ce-to-be-retired/ [ufl.edu]
There's too much chance for privacy with Jabber: there are programs that encrypt your data to make it harder for bosses, governments and companies to spy on workers, citizens, and users, plus, if you run your own federated server, that makes it even harder for one company to rule all your data. Jabber won't be around much longer; it's going to be replaced by a balkanized set of panoptica that refuse to communicate with each other: Lync for the office, New Beta Hangouts++ or whatever Google calls post-Jabber Hangouts for home users, Facebook/Snapchat, etc. It's the 90's all over again, but with even more spying.
(Score: 0) by Anonymous Coward on Tuesday May 20 2014, @10:42PM
Conspiracy theories (or conspiracy facts, nowadays) aside, it may not be necessary to imagine that Google refuses to use s2s encryption because they want to pwn your data: instead, it may simply be that they've terminated their investment in Jabber and are not going to deploy any resources to improve a dead product line.