Discord has gotten into the surveillance state game, and anyone who values their privacy is trying to find an alternative. There’s one technology everyone seems to have forgotten about: XMPP.

If you are looking for a public server, then you have missed the entire point of XMPP. If you want to invite your friends, you can. It’s pretty easy, they don’t have to do anything. You can send them a link, and it asks for username and and a password, and that’s it. You don’t have to give anyone an email address.

You are going to run this yourself. Think of it like taking care of a pet, it’s a thing that you need to put in some work to make survive.

Here is a shocking vulnearability in every online service today: Every single one tells a third party something about what you’re doing.

Discord has data breaches. The require a govenment ID.

Here’s what’s available, right now:

Server Capabilities

• Supports direct chat, chat rooms, 1-to-1 calls, and 1-to-1 streaming.
• 1GB+ max size for filesharing, if you want. Free Nitro!
• Crystal clear call quality.
• Direct peer-to-peer voice chat, falling back to server when direct connections are impossible.

Privacy

• End-to-end encrypted.
• Also supports E2E encrypted group chats.
• Can be self-hosted.
• Does not need to call third party servers at all.
• Has multiple mature clients (collectively) implementing most of the features.
• • We will assume Gaijim on desktop, Conversations on Android, and Monal+Siskin on iOS.
• Uses OpenPGP. Solid cryptography, that you set up yourself. It’s not “post-quantum”, but neither are we as a species. In fifteen years you’ll need to update a certificate.
• • This is a fundamental technology. If OpenPGP is broken, it is a global emergency. Your chatroom will have a fix at the speed of COVID research.

Abstract Concrens and Philosophy

• Enshittification-proof. XMPP is a stable standard, it can never be overhauled for the sake of quarterly profit.
• Will never break in a way that requires a mass community migration. In 50 years this protocol will still exist and have implementations.
• Designed around federation: XMPP negotiates a way for you to talk to each other, and gets out of the wy.
• Has a working client setup on iOS 14, from the modern app store. It’s jank, but in exchange, you can turn off the ability of your server to send push notifications at all.
• You do not have to provide any information other than “I am a computer.” At no point does any component of the system require an email address.
• No black magic. You see the entire configuration of the whole server, which is simple enough to understand completely.
• Easy to understand completely. No black box magic.
• Uses ~25MB of RAM, runs great on the cheapest server you can find
• Designed to be modded.

Developer Concerns

• Presence is a core primitive.
• User identity is not connected to device identity, server identity. This is hard to explain, but you don’t authenticate with the server you’re trying to connect to. You authenticate with your home server, who authenticates as a server with the target server. If you have a login somewhere, you can use it anywhere.
• Unrelated concepts are fully teased apart: transport, identity, capability negotiation, and everything else are separated.
• To send a message to a federated identity, you… send a message to that identity. No need to call for any kind of user session object.

Protecting Children

You want to protect children online? Setting up your own XMPP server is by far the most effective way to make sure they are not tageted by predators, or exposed in a data leak.

Keeping children safe from strangers

• If you turn off server-to-server connections, children can use it with their friends, and have a social network, but they cannot be found by strangers in the internet.
• Giant lists of children don’t exist, because no one is asking them for their contact information. No AI is indexing anything about them.
• • Notifications will work less well, and they’ll complain about that. They’ll be ok without it.
• There are extremely powerful administration controls. Servers may be hard-coded to accept or reject any resource on the XMPP network, including individuals, rooms, and servers.

Keeping chldren safe from parents

This is a somewhat counterintuitive point to avertise, but the sad fact is that most child abuse is not done by predators, but by parents.

• The standard is fully documented in case of an emergency, but the underlying commands are incomprehensible terminal lingo. What does “ssh [email protected]” mean? You’re going to find out, but an impulsive parent will likely not find it worth the time to figure out what is going on.
• Checking this is possible, but really annoying to do. Your privacy is protected by inconvenience.
• Connections can be traced in the event of a poice investigation, but without effort the information is mostly meaningless.

I would suggest parents let it go, taking care of something is a sign of responsibility.

• One of you, the one of you who is cool and actually knows things about computers, should bite the bullet and set one up.

Downsides

• It’s kind of annoying to set up.
• Individual clients suck. Some suck a lot. You can always find one that does what you want, but it can be annoying.

You may also want to take a look at the command line glossary

Viewing a file:

less /path/to/file 

Keeping an eye on a file as messages are being written:

tail -f /path/to/file

Editing a text file:

nano /path/to/file

Show the contents of a folder

ls /path/to/folder/

If you need more details, you can use ls -haltr for an extended view.

See the current directory

pwd

Move to a different directory:

cd /path/to/directory/

Special abbreviations supported by cd: * To go to the previous directory, use cd -. * To go up a level, use cd .. * To go to your home directory use cd ~

Clear the screen if there’s too much text:

clear

To print an entire file to the screen:

cat /path/to/file

To search for text in a file:

grep "your search term" /path/to/file

grep supports an enormous number of options. A few helpful ones: * -A x and -B x: Show x lines above or below the found match * -i: ignore case * -v: Exclude lines with this match instead of including

As an example, to check for Jingle errors in the Prosody logs:

cat /var/log/prosody/prosody.log | grep -i "jingle"

Install software:

sudo apt install name_of_package_to_install

View the manual for a piece of software:

man programname

Examine network configuration

ifconfig

This command will list the IP addresses for the network devices attached to your machine, and some assorted statistics.

Check your DNS records

dig yourdomain.com

Change firewall rules

All managment is done through ufw.

To open a port:

sudo ufw allow 5222/tcp

To set your host to allow all outgoing connections:

sudo ufw default allow outgoing

To set your host to deny all incoming connections:

sudo ufw default deny incoming

List running processes

ps aux

To check if a machine is reachable at all

ping domain_or_ip_address

ping -6 domain_or_ip_address will perform this check over IPv6.

Make a copy of a file

cp /path/to/source/file /path/to/location/to/copy/to/new_filename

So for example, to backup your Prosody config to a file named BACKUP.prosody.cfg.lua:

cp /etc/prosody/prosody.cfg.lua /etc/prosody/BACKUP.prosody.cfg.lua

This command is different from moving a directory, which is mv, and has the same syntax.

To look for a file or folder

Running:

find /folder/to/search/under

will give you a complete listing of all files inside that folder. Your search can be narrowed down further using grep.

Find also supports executing a command on all matching files it finds, using the -exec flag

Changing ownership or group of a file

Change owner:

chown ownername:groupname /path/to/file

Change just one file’s group:

sudo chgrp groupname /path/to/file

Change group for every file in a folder:

sudo chgrp -R groupname /path/to/folder/

Connect to a remote machine

ssh username@machine_name_or_ip_address

Other commands

Not yet documented.

• nc
• netstat
• openssl (openssl s_client -connect uwuis.me:5349 -6)
• turnserver -c /etc/turnserver.conf -v
• ip
• sudo ss -tlnp | grep 5349
• sudo ss -tlnp | grep 5349
• openssl s_client -connect 127.0.0.1:5349
• ufw
• iptables
• nft
• prosodyctl check turn -v --ping=stun.conversations.im
• traceroute
• curl: Download a file.
• httrack: Mirror a website.
• whois: Tells you who owns a domain. Completely redacted by almost all registrars, but it will at minium get you registrar information.
• du: Disk usage. Tells you the total size of a directory in blocks, about half a kilobyte. Use du -h for human readable formatting (traditional Kuffixes)
• df: Free disk space
• prosodyctl  systemctl  journalctl
• certbot
• dig SRV _xmpp-client._tcp.uwuis.me
• rsync: Sync the files between two directories, local or remote.
• pandoc: Convert any text format to any other.
• python: Launch a python interpreter.
• fg
• mkdir
• exit
• kill
• nohup
• tar
• rm
• rmdir
• gzip
• top
• watch
• chmod
• ab: Benchmark a host’s connection capacity.
• touch
• emacs
• time
• nslookup
• wc
• fdupes
• ffmpeg
• exit
• open
• killall

More verbose logging for Prosody

If you are debugging Prosody, it can be helpful to enable debug logging:

log = {
        debug = "/var/log/prosody/prosody.log";
        error = "/var/log/prosody/prosody.err";
        { levels = { "error" }; to = "syslog";  };
}

Fix module installation problems

This can affect any modulle not included by default with Prosody, which at time of writing includes the following modules from this tutorial: * cloud_notify * unified_push * s2s_whitelist * s2s_blacklist

You can install missing modules using prosodyctl:

sudo prosodyctl install --server=https://modules.prosody.im/rocks/ mod_cloud_notify

(Replace mod_cloud_notify with mod_{whatever_youre_installing})

If you get luarocks errors, it’s probably because you need to install luarocks: sudo apt install luarocks

Depending on your distribution, you may also need to install lua development libraries:

sudo apt install liblua5.4-dev

Problems with IPv6

IPv6 support has a number of issues out of the box. These are largely due to the somewhat scattershot support for IPv6 globally - A further tutorial is coming (it’s good to do), but in the meantime this guide is focused on getting features up, running, and stable.

However, if you are working on IPv6 support, one piece of information that’s good to know: DigitalOcean does not always bind the IPv6 address correctly to the host. This may require messing with something called “netplan”, (I managed to get it working on one host with this), so best of luck.

Run: sudo nano /etc/prosody/prosody.cfg.lua

This file is somewhat long, but is almost entirely comments explaining how to use this file. Somewhere in the middle, you will see a section labeled “Certificate file”, underneath which is a section labeled “Private key file”.

Add the line > cert=/etc/letsencrypt/live/yourdomain.com/fullchain.pem

to the certificate section and

pkey=/etc/letsencrypt/live/yourdomain.com/privkey.pem

to the private key file section. Again, make sure to edit the domain.

sudo nano /etc/prosody/prosody.cfg.lua

Under the section titled “Specify the address of the TURN service (you may use the same domain as XMPP),” add:

turn_external_host = “yourdomain.com” turn_external_port = 3478 turn_external_secret = “some_long_gibberish_secret_key_that_does_not_need_to_be_memorable”

Installing Coturn

Coturn provides a STUNserver to help voice calls (and other connections) connect, even if your device is on an unusual network (like a cell tower) that does not allow direct connections.

STUN (Session Traversal Utilities for NAT) provides tools for finding an IP address the client is capable of talking to, and TURN (Traversal Using Relays around NAT) will route data through your server as a falback if needed. Without this installed, calling will be extremely unreliable to connect.

Feb 14, 1999

My name is Tufts, the Time Traveling Unicorn From The Future, and this is my logbook. By the time you receive this message, the robot wars will have begun. You will need to save the future from the satanic billionaire pedophile cabal.

As you know, the only way to win against advanced artificial intellegence is to send a unicorn back in time to search for ancient alien technology.

When the world ended in 2000, the timeline cracked. A portal opened, leading straight to the faraway land of 1999. To save the future, we found a way to step through it.

People here are finally waking up to the potential of the internet. Everyone is talking about “seeing The Matrix”, and the engineers here are preparing for the Y2K superbug. But that’s the first thing that bother me - As I remember it, Y2K never happened. So where did it go?

I suspect, but cannot yet prove, that your timeline has already started moving backwards. Software is getting worse, not better. There are years missing between you and 2020. The little holes have started creeping in - I remember reading the Berenstein bears, and watching Loony Toons on TV. Is this all caused by some shadowy complex trauma?

No. It’s the millenium portal.

At this rate, the entire internet will be enshittified surveillance state within a year. The only thing that can save us is 1990s VoIP telephony. Are you a bad enough dude to evade the president?

The only thing you need to do to fight robots is to pass the one CAPTCHA that never fails: No robot in existence will ever give you $5. Where we’re going… you will need $5.

Attached are blueprints for a technology called XMPP. Assemble them in your timeline, you have just this shining moment in time to escape the AI deep state. I’ll try to talk to you soon. If I’m not back before Overwatch II becomes Overwatch I… well, good luck. You’ll need it.