Personal XMPP server to skirt the NSA?
I'm interested in running a secure, end to end encrypted chat service that I can host on my own network and allow friends and family to connect to from various clients and smartphones.
Is this feasible? I did some googling and am a bit bewildered. Can anyone point me in the right direction?
7 comments
[ 3.7 ms ] story [ 32.9 ms ] threadMy gut says that StartSSL is about as anti-NSA as they can be, but you never know ...
At that level of paranoia – I'd question the appropriateness of relying on a "cloud VM". If you're worried about compromised CAs, perhaps a RaspberryPi (or similar inexpensive device) on your home net connection - with a write-locked SD card to boot from and a usb drive mounted with no-exec - and firewalled up the wazoo. Who knows how many guys have Snowden-like access to the VM hypervisor at n-random cloud hosting provider? Inside your "server", all the cleartext and metadata is readily available to root, and to root on the hypervisor as well.
I'd lean much more strongly towards Linux or even one of the various BSDs if I were doing this. I'm not about to audit all of the Linux/OpenBSD code myself – but I'd feel somewhat more comfortable with them knowing the code is at least available for me to review and that there's a much smaller chance of the NSA or FBI being able to "lean on" enough people to be able to keep backdoors undisclosed.
(Having said that, if you've got a "spare" Mac and are comfortable with OS X, you'd almost certainly be able to set up a system that's "secure enough against ubiquitous recording-of-all-traffic" surveillance, and if the NSA chooses to target you specifically, you've probably got to admit your privacy battle is lost from the start…)
You can always try to implement the same with freeswitch or if XMPP is a must you can use something like OpenFire (http://www.igniterealtime.org/projects/openfire/)