ChatSecure – Free and open source encrypted talk for iOS

ChatSecure

ChatSecure v4.1.0 – Media Messaging

This release contains major improvements to how media messages are treated. We’ve added support for both XEP-0363: HTTP Upload and the aesgcm:// scheme, permitting for mobile-friendly asynchronous end-to-end encrypted file transfers.

Previously we used a rather obscure protocol called OTRDATA that utilized OTR TLVs to send arbitrary data through existing OTR sessions. It worked reasonably well… sometimes. It was subject to throttling by XMPP servers, had a lot of encoding overhead, and wouldn’t work unless both parties were online and were in an active OTR session.

This fresh file transfer mechanism was designed to work well with OMEMO, and should treat numerous devices and group talks once that work is ended. To see if your server supports XEP-0363, check the “Server Information” section of your account details. If not, contact your server administrator or in the meantime test it out on a server from this list.

Up next will be improvements to group talk, multi-device conversation history, and better reliability of thrust notifications. If you like what we’re doing, don’t leave behind that sustainable open source starts with you! Thank you so much to everyone who has pledged their support! ❤️

Download the latest ChatSecure version here:

What’s fresh in Four.1.0

  • XEP-0363: HTTP Upload support for much quicker and reliable media messaging. [1]
  • XEP-0352: Client State Indication. Helps reduce network usage when running in the background.
  • End-to-end encryption for file transfers in OMEMO or OTR sessions [Two].
  • Inline media previews for incoming URLs. (Optional)
  • Bug fixes and refactoring.
  • Tor 0.Trio.0.9

Caveats

  • Your server administrator must enable support for XEP-0363. See mod_http_upload for Prosody [Three] and ejabberd [Four] for more details.
  • Encrypted file transfer is required in OMEMO/OTR, but has limited compatibility for receiving clients. Users on the other end will receive aesgcm:// links [Two].
  • Inline media previews are enabled by default, but can be disabled on a per-account basis. This feature should be disabled if you have extreme privacy concerns or do not trust your contacts. This setting is always disabled for Tor accounts.
  • Known bug related to adding friends and setting up the very first OMEMO session. These will be addressed in a future release.
References
  1. https://xmpp.org/extensions/xep-0363.html
  2. https://github.com/iNPUTmice/ImageDownloader
  3. https://modules.prosody.im/mod_http_upload.html
  4. https://docs.ejabberd.im/admin/configuration/#mod-http-upload
  5. https://xmpp.org/extensions/xep-0352.html

ChatSecure v4.0.9 – Sustainable Open Source Starts With You

ChatSecure v4.0.9 – Sustainable Open Source Starts With You

The v4.0.9 release marks the beginning of a fundraising experiment to measure the long term viability of user-driven open source privacy software development. ChatSecure has been around for over five(!) years now, and grown from a puny hobby project to a total time mission to prevent the centralization of communication.

This growth wouldn’t have been possible without the generous funding and support of organizations like The Guardian Project, OpenITP, and the Open Technology Fund along the way. The open source privacy software scene would not be almost as vibrant without grant funding, and many projects you’ve heard of receive large amounts of funding from similar sources.

Unluckily there are large risks with this funding model:

  • Funders generally do not support ongoing software maintenance. Grants require specific milestones and deliverables.
  • The grant cycle can be very long. It can take over a year and numerous iterations inbetween a concept and secured funding.
  • Even after numerous rounds of negotiation, funders may ultimately determine not to fund your vision.
  • Fundraising is a utter time job. For a puny team, that means less time can be spent on improving the product.
  • There’s also the elephant in the room. Albeit “Internet freedom” appropriations may be safe for now, a large chunk of this funding pool could also quickly dry up, leaving many projects scrambling to keep the lights on.

Other funding models don’t work well either for devices in this space. Venture capital is incapable of funding “privacy software” products without eventually introducing something to monetize you by violating your privacy. The upfront cost of paid App Store builds prevents vulnerable users without reliable access to payment services from downloading the app. Services like Patreon may work for some projects, but most infrequently receive enough funds to actually pay anyone for development. Suggesting white labels and consulting services can also work to fund core development, but it doesn’t scale well and can take a considerable amount of time.

❤️ This Is For You

You, the user, are the reason this project exists. We’ve now put the power of direct funding in your mitts. There are fairly a few of you now, and if a relatively puny fraction of you can contribute a few bucks a month, you will prove that open source privacy software development can be sustainable.

You can now showcase your continued support directly within the app. The current options are ☕️ $Two.99/mo, �� $Five.99/mo, and �� $Nineteen.99/mo. Hopefully these are enough choices for now, and we’re welcome to any feedback or suggestions. If you’re already a supporter, or don’t have the spare cash right now, you can help in other ways like improving a translation, submitting a bug report, or simply spreading the word.

Thank you so much for your support!

Download the latest ChatSecure version here:

ChatSecure v4.0 – OMEMO and Signal Protocol

ChatSecure v4.0 – OMEMO and Signal Protocol

We’re excited to announce the release of ChatSecure v4.0, our largest step forward in usability since the addition of thrust messaging six months ago. The most significant fresh feature is OMEMO Encryption, a mobile-friendly encryption scheme pioneered by Conversations that adapts Signal Protocol to the XMPP world.

Using OTR on mobile has always been problematic because it was designed for desktop computers and synchronous conversations. For example, if you don’t have an active OTR session, you can’t commence a fresh secure session if your contact is offline. Even if you do have an OTR session, it can go stale if one of the sides is purged from RAM due to low memory. This can lead to messages that vanish into the ether with no standardized way for the recipient to indicate which message they couldn’t decrypt.

OMEMO fixes all of these problems, and opens doors to fresh features that were unlikely with OTR, like multi-client support, encrypted group talk, and more reliable file transfers. Multi-client conversations would work particularly well with our planned Desktop client, so we’re excited to add support for these features in future releases.

There are some other major switches in this release that improve the user practice, such as the outgoing message queue and enhanced identity management. The message queue automatically negotiates OMEMO and OTR sessions and permits you to resend messages in case of failure.

The fresh profile view permits you to view a contact’s OMEMO and OTR fingerprints, switch each fingerprint’s trust settings, and modify the default encryption method. We’ve made significant switches to the way trust is treated for fresh contacts by adopting the TOFU or “trust on very first use” model. The very first time you see OMEMO or OTR fingerprints for a contact, they will emerge as trusted and marked with “TOFU” in the user interface. Any subsequent fingerprints will be untrusted and need to be by hand verified. In this release you can compare fingerprints out-of-band by pressing on the cell and bringing up the system share dialog, but we plan to streamline the fingerprint comparison process in the future.

There are hundreds of other switches under the fetish mask that fix bugs, improve spectacle, and enhance reliability. On the roadmap for v4.1 and beyond are improvements to group talk, including OMEMO encryption, multi-device talk history synchronization (XEP-0313 MAM), read receipts (aka talk markers XEP-0333), improved file transfer, and more.

We’re excited to see people practice this fresh frontier for XMPP usability. We will be working with the Zom project to bring OMEMO support to their suite of apps, and we expect other apps will begin adopting OMEMO as well.

Thank you to everyone who helped make this release a reality!

The End of ChatSecure Android

The End of ChatSecure Android

The developers of the Android version have hard forked the code and are no longer maintaining the upstream version. If you still use ChatSecure Android you should migrate to another app instantly. For a similar user practice and the best compatibility with the latest features of ChatSecure iOS, we recommend downloading Conversations.

The development of ChatSecure iOS is unaffected by this switch and we will proceed to release fresh features and updates.

ChatSecure iOS v3.Two.Three – XMPP Thrust

ChatSecure iOS v3.Two.Trio – XMPP Thrust

We’re excited to announce that XMPP shove (XEP-0357) is now available, ultimately permitting users to receive shove messages from any contact. This feature is only available when used with compatible XMPP servers, and requires special modules to be enabled for Prosody ( mod_cloud_notify ) or ejabberd ( mod_push ).

Our next release will concentrate on OMEMO support for multi-device asynchronous end-to-end encryption, which will provide large usability gains over OTR on mobile devices. Gratefully the GPL + App Store licensing issues concerning SignalProtocol have been resolved. You can attempt OMEMO today in other apps such as Conversations, Gajim, and Cryptocat.

  • XMPP thrust for supported servers (XEP-0357)
  • Improved subscription requests UI
  • Basic vCard nickname support
  • Fix issues with missing messages during stale OTR sessions
  • Improved IPv6 support for NAT64/DNS64
  • Fix some issues with presence/availability
  • Added button to view your password
  • Fix issue where message view would emerge numerous times
  • Automatically begin OTR sessions when contact is online
  • Send error messages back to contact when messages cannot be decrypted

ChatSecure – Free and open source encrypted talk for iOS

ChatSecure

ChatSecure v4.1.0 – Media Messaging

This release contains major improvements to how media messages are treated. We’ve added support for both XEP-0363: HTTP Upload and the aesgcm:// scheme, permitting for mobile-friendly asynchronous end-to-end encrypted file transfers.

Previously we used a rather obscure protocol called OTRDATA that utilized OTR TLVs to send arbitrary data through existing OTR sessions. It worked reasonably well… sometimes. It was subject to throttling by XMPP servers, had a lot of encoding overhead, and wouldn’t work unless both parties were online and were in an active OTR session.

This fresh file transfer mechanism was designed to work well with OMEMO, and should treat numerous devices and group talks once that work is ended. To see if your server supports XEP-0363, check the “Server Information” section of your account details. If not, contact your server administrator or in the meantime test it out on a server from this list.

Up next will be improvements to group talk, multi-device conversation history, and better reliability of thrust notifications. If you like what we’re doing, don’t leave behind that sustainable open source starts with you! Thank you so much to everyone who has pledged their support! ❤️

Download the latest ChatSecure version here:

What’s fresh in Four.1.0

  • XEP-0363: HTTP Upload support for much swifter and reliable media messaging. [1]
  • XEP-0352: Client State Indication. Helps reduce network usage when running in the background.
  • End-to-end encryption for file transfers in OMEMO or OTR sessions [Two].
  • Inline media previews for incoming URLs. (Optional)
  • Bug fixes and refactoring.
  • Tor 0.Trio.0.9

Caveats

  • Your server administrator must enable support for XEP-0363. See mod_http_upload for Prosody [Three] and ejabberd [Four] for more details.
  • Encrypted file transfer is required in OMEMO/OTR, but has limited compatibility for receiving clients. Users on the other end will receive aesgcm:// links [Two].
  • Inline media previews are enabled by default, but can be disabled on a per-account basis. This feature should be disabled if you have extreme privacy concerns or do not trust your contacts. This setting is always disabled for Tor accounts.
  • Known bug related to adding friends and setting up the very first OMEMO session. These will be addressed in a future release.
References
  1. https://xmpp.org/extensions/xep-0363.html
  2. https://github.com/iNPUTmice/ImageDownloader
  3. https://modules.prosody.im/mod_http_upload.html
  4. https://docs.ejabberd.im/admin/configuration/#mod-http-upload
  5. https://xmpp.org/extensions/xep-0352.html

ChatSecure v4.0.9 – Sustainable Open Source Starts With You

ChatSecure v4.0.9 – Sustainable Open Source Starts With You

The v4.0.9 release marks the beginning of a fundraising experiment to measure the long term viability of user-driven open source privacy software development. ChatSecure has been around for over five(!) years now, and grown from a petite hobby project to a total time mission to prevent the centralization of communication.

This growth wouldn’t have been possible without the generous funding and support of organizations like The Guardian Project, OpenITP, and the Open Technology Fund along the way. The open source privacy software scene would not be almost as vibrant without grant funding, and many projects you’ve heard of receive large amounts of funding from similar sources.

Unluckily there are large risks with this funding model:

  • Funders generally do not support ongoing software maintenance. Grants require specific milestones and deliverables.
  • The grant cycle can be very long. It can take over a year and numerous iterations inbetween a concept and secured funding.
  • Even after numerous rounds of negotiation, funders may ultimately determine not to fund your vision.
  • Fundraising is a utter time job. For a puny team, that means less time can be spent on improving the product.
  • There’s also the elephant in the room. Albeit “Internet freedom” appropriations may be safe for now, a large chunk of this funding pool could also quickly dry up, leaving many projects scrambling to keep the lights on.

Other funding models don’t work well either for instruments in this space. Venture capital is incapable of funding “privacy software” products without eventually introducing something to monetize you by violating your privacy. The upfront cost of paid App Store builds prevents vulnerable users without reliable access to payment services from downloading the app. Services like Patreon may work for some projects, but most infrequently receive enough funds to actually pay anyone for development. Suggesting white labels and consulting services can also work to fund core development, but it doesn’t scale well and can take a considerable amount of time.

❤️ This Is For You

You, the user, are the reason this project exists. We’ve now put the power of direct funding in your arms. There are fairly a few of you now, and if a relatively puny fraction of you can contribute a few bucks a month, you will prove that open source privacy software development can be sustainable.

You can now demonstrate your continued support directly within the app. The current options are ☕️ $Two.99/mo, �� $Five.99/mo, and �� $Nineteen.99/mo. Hopefully these are enough choices for now, and we’re welcome to any feedback or suggestions. If you’re already a supporter, or don’t have the spare cash right now, you can help in other ways like improving a translation, submitting a bug report, or simply spreading the word.

Thank you so much for your support!

Download the latest ChatSecure version here:

ChatSecure v4.0 – OMEMO and Signal Protocol

ChatSecure v4.0 – OMEMO and Signal Protocol

We’re excited to announce the release of ChatSecure v4.0, our largest step forward in usability since the addition of thrust messaging six months ago. The most significant fresh feature is OMEMO Encryption, a mobile-friendly encryption scheme pioneered by Conversations that adapts Signal Protocol to the XMPP world.

Using OTR on mobile has always been problematic because it was designed for desktop computers and synchronous conversations. For example, if you don’t have an active OTR session, you can’t embark a fresh secure session if your contact is offline. Even if you do have an OTR session, it can go stale if one of the sides is purged from RAM due to low memory. This can lead to messages that vanish into the ether with no standardized way for the recipient to indicate which message they couldn’t decrypt.

OMEMO fixes all of these problems, and opens doors to fresh features that were unlikely with OTR, like multi-client support, encrypted group talk, and more reliable file transfers. Multi-client conversations would work particularly well with our planned Desktop client, so we’re excited to add support for these features in future releases.

There are some other major switches in this release that improve the user practice, such as the outgoing message queue and enhanced identity management. The message queue automatically negotiates OMEMO and OTR sessions and permits you to resend messages in case of failure.

The fresh profile view permits you to view a contact’s OMEMO and OTR fingerprints, switch each fingerprint’s trust settings, and modify the default encryption method. We’ve made significant switches to the way trust is treated for fresh contacts by adopting the TOFU or “trust on very first use” model. The very first time you see OMEMO or OTR fingerprints for a contact, they will emerge as trusted and marked with “TOFU” in the user interface. Any subsequent fingerprints will be untrusted and need to be by hand verified. In this release you can compare fingerprints out-of-band by pressing on the cell and bringing up the system share dialog, but we plan to streamline the fingerprint comparison process in the future.

There are hundreds of other switches under the bondage mask that fix bugs, improve spectacle, and enhance reliability. On the roadmap for v4.1 and beyond are improvements to group talk, including OMEMO encryption, multi-device talk history synchronization (XEP-0313 MAM), read receipts (aka talk markers XEP-0333), improved file transfer, and more.

We’re excited to see people practice this fresh frontier for XMPP usability. We will be working with the Zom project to bring OMEMO support to their suite of apps, and we expect other apps will embark adopting OMEMO as well.

Thank you to everyone who helped make this release a reality!

The End of ChatSecure Android

The End of ChatSecure Android

The developers of the Android version have hard forked the code and are no longer maintaining the upstream version. If you still use ChatSecure Android you should migrate to another app instantly. For a similar user practice and the best compatibility with the latest features of ChatSecure iOS, we recommend downloading Conversations.

The development of ChatSecure iOS is unaffected by this switch and we will proceed to release fresh features and updates.

ChatSecure iOS v3.Two.Trio – XMPP Shove

ChatSecure iOS v3.Two.Three – XMPP Thrust

We’re excited to announce that XMPP shove (XEP-0357) is now available, ultimately permitting users to receive shove messages from any contact. This feature is only available when used with compatible XMPP servers, and requires special modules to be enabled for Prosody ( mod_cloud_notify ) or ejabberd ( mod_push ).

Our next release will concentrate on OMEMO support for multi-device asynchronous end-to-end encryption, which will provide large usability gains over OTR on mobile devices. Gratefully the GPL + App Store licensing issues concerning SignalProtocol have been resolved. You can attempt OMEMO today in other apps such as Conversations, Gajim, and Cryptocat.

  • XMPP thrust for supported servers (XEP-0357)
  • Improved subscription requests UI
  • Basic vCard nickname support
  • Fix issues with missing messages during stale OTR sessions
  • Improved IPv6 support for NAT64/DNS64
  • Fix some issues with presence/availability
  • Added button to view your password
  • Fix issue where message view would emerge numerous times
  • Automatically begin OTR sessions when contact is online
  • Send error messages back to contact when messages cannot be decrypted

ChatSecure – Free and open source encrypted talk for iOS

ChatSecure

ChatSecure v4.1.0 – Media Messaging

This release contains major improvements to how media messages are treated. We’ve added support for both XEP-0363: HTTP Upload and the aesgcm:// scheme, permitting for mobile-friendly asynchronous end-to-end encrypted file transfers.

Previously we used a rather obscure protocol called OTRDATA that utilized OTR TLVs to send arbitrary data through existing OTR sessions. It worked reasonably well… sometimes. It was subject to throttling by XMPP servers, had a lot of encoding overhead, and wouldn’t work unless both parties were online and were in an active OTR session.

This fresh file transfer mechanism was designed to work well with OMEMO, and should treat numerous devices and group talks once that work is finished. To see if your server supports XEP-0363, check the “Server Information” section of your account details. If not, contact your server administrator or in the meantime test it out on a server from this list.

Up next will be improvements to group talk, multi-device conversation history, and better reliability of shove notifications. If you like what we’re doing, don’t leave behind that sustainable open source starts with you! Thank you so much to everyone who has pledged their support! ❤️

Download the latest ChatSecure version here:

What’s fresh in Four.1.0

  • XEP-0363: HTTP Upload support for much swifter and reliable media messaging. [1]
  • XEP-0352: Client State Indication. Helps reduce network usage when running in the background.
  • End-to-end encryption for file transfers in OMEMO or OTR sessions [Two].
  • Inline media previews for incoming URLs. (Optional)
  • Bug fixes and refactoring.
  • Tor 0.Three.0.9

Caveats

  • Your server administrator must enable support for XEP-0363. See mod_http_upload for Prosody [Three] and ejabberd [Four] for more details.
  • Encrypted file transfer is required in OMEMO/OTR, but has limited compatibility for receiving clients. Users on the other end will receive aesgcm:// links [Two].
  • Inline media previews are enabled by default, but can be disabled on a per-account basis. This feature should be disabled if you have extreme privacy concerns or do not trust your contacts. This setting is always disabled for Tor accounts.
  • Known bug related to adding friends and setting up the very first OMEMO session. These will be addressed in a future release.
References
  1. https://xmpp.org/extensions/xep-0363.html
  2. https://github.com/iNPUTmice/ImageDownloader
  3. https://modules.prosody.im/mod_http_upload.html
  4. https://docs.ejabberd.im/admin/configuration/#mod-http-upload
  5. https://xmpp.org/extensions/xep-0352.html

ChatSecure v4.0.9 – Sustainable Open Source Starts With You

ChatSecure v4.0.9 – Sustainable Open Source Starts With You

The v4.0.9 release marks the beginning of a fundraising experiment to measure the long term viability of user-driven open source privacy software development. ChatSecure has been around for over five(!) years now, and grown from a petite hobby project to a utter time mission to prevent the centralization of communication.

This growth wouldn’t have been possible without the generous funding and support of organizations like The Guardian Project, OpenITP, and the Open Technology Fund along the way. The open source privacy software scene would not be almost as vibrant without grant funding, and many projects you’ve heard of receive large amounts of funding from similar sources.

Unluckily there are large risks with this funding model:

  • Funders generally do not support ongoing software maintenance. Grants require specific milestones and deliverables.
  • The grant cycle can be very long. It can take over a year and numerous iterations inbetween a concept and secured funding.
  • Even after numerous rounds of negotiation, funders may ultimately determine not to fund your vision.
  • Fundraising is a total time job. For a petite team, that means less time can be spent on improving the product.
  • There’s also the elephant in the room. Albeit “Internet freedom” appropriations may be safe for now, a large chunk of this funding pool could also quickly dry up, leaving many projects scrambling to keep the lights on.

Other funding models don’t work well either for implements in this space. Venture capital is incapable of funding “privacy software” products without eventually introducing something to monetize you by violating your privacy. The upfront cost of paid App Store builds prevents vulnerable users without reliable access to payment services from downloading the app. Services like Patreon may work for some projects, but most uncommonly receive enough funds to actually pay anyone for development. Suggesting white labels and consulting services can also work to fund core development, but it doesn’t scale well and can take a considerable amount of time.

❤️ This Is For You

You, the user, are the reason this project exists. We’ve now put the power of direct funding in your mitts. There are fairly a few of you now, and if a relatively petite fraction of you can contribute a few bucks a month, you will prove that open source privacy software development can be sustainable.

You can now display your continued support directly within the app. The current options are ☕️ $Two.99/mo, �� $Five.99/mo, and �� $Nineteen.99/mo. Hopefully these are enough choices for now, and we’re welcome to any feedback or suggestions. If you’re already a supporter, or don’t have the spare cash right now, you can help in other ways like improving a translation, submitting a bug report, or simply spreading the word.

Thank you so much for your support!

Download the latest ChatSecure version here:

ChatSecure v4.0 – OMEMO and Signal Protocol

ChatSecure v4.0 – OMEMO and Signal Protocol

We’re excited to announce the release of ChatSecure v4.0, our largest step forward in usability since the addition of thrust messaging six months ago. The most significant fresh feature is OMEMO Encryption, a mobile-friendly encryption scheme pioneered by Conversations that adapts Signal Protocol to the XMPP world.

Using OTR on mobile has always been problematic because it was designed for desktop computers and synchronous conversations. For example, if you don’t have an active OTR session, you can’t embark a fresh secure session if your contact is offline. Even if you do have an OTR session, it can go stale if one of the sides is purged from RAM due to low memory. This can lead to messages that vanish into the ether with no standardized way for the recipient to indicate which message they couldn’t decrypt.

OMEMO fixes all of these problems, and opens doors to fresh features that were unlikely with OTR, like multi-client support, encrypted group talk, and more reliable file transfers. Multi-client conversations would work particularly well with our planned Desktop client, so we’re excited to add support for these features in future releases.

There are some other major switches in this release that improve the user practice, such as the outgoing message queue and enhanced identity management. The message queue automatically negotiates OMEMO and OTR sessions and permits you to resend messages in case of failure.

The fresh profile view permits you to view a contact’s OMEMO and OTR fingerprints, switch each fingerprint’s trust settings, and modify the default encryption method. We’ve made significant switches to the way trust is treated for fresh contacts by adopting the TOFU or “trust on very first use” model. The very first time you see OMEMO or OTR fingerprints for a contact, they will emerge as trusted and marked with “TOFU” in the user interface. Any subsequent fingerprints will be untrusted and need to be by hand verified. In this release you can compare fingerprints out-of-band by pressing on the cell and bringing up the system share dialog, but we plan to streamline the fingerprint comparison process in the future.

There are hundreds of other switches under the rubber hood that fix bugs, improve spectacle, and enhance reliability. On the roadmap for v4.1 and beyond are improvements to group talk, including OMEMO encryption, multi-device talk history synchronization (XEP-0313 MAM), read receipts (aka talk markers XEP-0333), improved file transfer, and more.

We’re excited to see people practice this fresh frontier for XMPP usability. We will be working with the Zom project to bring OMEMO support to their suite of apps, and we expect other apps will begin adopting OMEMO as well.

Thank you to everyone who helped make this release a reality!

The End of ChatSecure Android

The End of ChatSecure Android

The developers of the Android version have hard forked the code and are no longer maintaining the upstream version. If you still use ChatSecure Android you should migrate to another app instantly. For a similar user practice and the best compatibility with the latest features of ChatSecure iOS, we recommend downloading Conversations.

The development of ChatSecure iOS is unaffected by this switch and we will proceed to release fresh features and updates.

ChatSecure iOS v3.Two.Three – XMPP Shove

ChatSecure iOS v3.Two.Trio – XMPP Thrust

We’re excited to announce that XMPP thrust (XEP-0357) is now available, eventually permitting users to receive shove messages from any contact. This feature is only available when used with compatible XMPP servers, and requires special modules to be enabled for Prosody ( mod_cloud_notify ) or ejabberd ( mod_push ).

Our next release will concentrate on OMEMO support for multi-device asynchronous end-to-end encryption, which will provide fat usability gains over OTR on mobile devices. Gratefully the GPL + App Store licensing issues concerning SignalProtocol have been resolved. You can attempt OMEMO today in other apps such as Conversations, Gajim, and Cryptocat.

  • XMPP shove for supported servers (XEP-0357)
  • Improved subscription requests UI
  • Basic vCard nickname support
  • Fix issues with missing messages during stale OTR sessions
  • Improved IPv6 support for NAT64/DNS64
  • Fix some issues with presence/availability
  • Added button to view your password
  • Fix issue where message view would show up numerous times
  • Automatically commence OTR sessions when contact is online
  • Send error messages back to contact when messages cannot be decrypted

ChatSecure – Free and open source encrypted talk for iOS

ChatSecure

ChatSecure v4.1.0 – Media Messaging

This release contains major improvements to how media messages are treated. We’ve added support for both XEP-0363: HTTP Upload and the aesgcm:// scheme, permitting for mobile-friendly asynchronous end-to-end encrypted file transfers.

Previously we used a rather obscure protocol called OTRDATA that utilized OTR TLVs to send arbitrary data through existing OTR sessions. It worked reasonably well… sometimes. It was subject to throttling by XMPP servers, had a lot of encoding overhead, and wouldn’t work unless both parties were online and were in an active OTR session.

This fresh file transfer mechanism was designed to work well with OMEMO, and should treat numerous devices and group talks once that work is ended. To see if your server supports XEP-0363, check the “Server Information” section of your account details. If not, contact your server administrator or in the meantime test it out on a server from this list.

Up next will be improvements to group talk, multi-device conversation history, and better reliability of shove notifications. If you like what we’re doing, don’t leave behind that sustainable open source starts with you! Thank you so much to everyone who has pledged their support! ❤️

Download the latest ChatSecure version here:

What’s fresh in Four.1.0

  • XEP-0363: HTTP Upload support for much swifter and reliable media messaging. [1]
  • XEP-0352: Client State Indication. Helps reduce network usage when running in the background.
  • End-to-end encryption for file transfers in OMEMO or OTR sessions [Two].
  • Inline media previews for incoming URLs. (Optional)
  • Bug fixes and refactoring.
  • Tor 0.Three.0.9

Caveats

  • Your server administrator must enable support for XEP-0363. See mod_http_upload for Prosody [Trio] and ejabberd [Four] for more details.
  • Encrypted file transfer is required in OMEMO/OTR, but has limited compatibility for receiving clients. Users on the other end will receive aesgcm:// links [Two].
  • Inline media previews are enabled by default, but can be disabled on a per-account basis. This feature should be disabled if you have extreme privacy concerns or do not trust your contacts. This setting is always disabled for Tor accounts.
  • Known bug related to adding friends and setting up the very first OMEMO session. These will be addressed in a future release.
References
  1. https://xmpp.org/extensions/xep-0363.html
  2. https://github.com/iNPUTmice/ImageDownloader
  3. https://modules.prosody.im/mod_http_upload.html
  4. https://docs.ejabberd.im/admin/configuration/#mod-http-upload
  5. https://xmpp.org/extensions/xep-0352.html

ChatSecure v4.0.9 – Sustainable Open Source Starts With You

ChatSecure v4.0.9 – Sustainable Open Source Starts With You

The v4.0.9 release marks the beginning of a fundraising experiment to measure the long term viability of user-driven open source privacy software development. ChatSecure has been around for over five(!) years now, and grown from a petite hobby project to a total time mission to prevent the centralization of communication.

This growth wouldn’t have been possible without the generous funding and support of organizations like The Guardian Project, OpenITP, and the Open Technology Fund along the way. The open source privacy software scene would not be almost as vibrant without grant funding, and many projects you’ve heard of receive large amounts of funding from similar sources.

Unluckily there are large risks with this funding model:

  • Funders generally do not support ongoing software maintenance. Grants require specific milestones and deliverables.
  • The grant cycle can be very long. It can take over a year and numerous iterations inbetween a concept and secured funding.
  • Even after numerous rounds of negotiation, funders may ultimately determine not to fund your vision.
  • Fundraising is a total time job. For a petite team, that means less time can be spent on improving the product.
  • There’s also the elephant in the room. Albeit “Internet freedom” appropriations may be safe for now, a large chunk of this funding pool could also quickly dry up, leaving many projects scrambling to keep the lights on.

Other funding models don’t work well either for instruments in this space. Venture capital is incapable of funding “privacy software” products without eventually introducing something to monetize you by violating your privacy. The upfront cost of paid App Store builds prevents vulnerable users without reliable access to payment services from downloading the app. Services like Patreon may work for some projects, but most infrequently receive enough funds to actually pay anyone for development. Suggesting white labels and consulting services can also work to fund core development, but it doesn’t scale well and can take a considerable amount of time.

❤️ This Is For You

You, the user, are the reason this project exists. We’ve now put the power of direct funding in your forearms. There are fairly a few of you now, and if a relatively puny fraction of you can contribute a few bucks a month, you will prove that open source privacy software development can be sustainable.

You can now showcase your continued support directly within the app. The current options are ☕️ $Two.99/mo, �� $Five.99/mo, and �� $Nineteen.99/mo. Hopefully these are enough choices for now, and we’re welcome to any feedback or suggestions. If you’re already a supporter, or don’t have the spare cash right now, you can help in other ways like improving a translation, submitting a bug report, or simply spreading the word.

Thank you so much for your support!

Download the latest ChatSecure version here:

ChatSecure v4.0 – OMEMO and Signal Protocol

ChatSecure v4.0 – OMEMO and Signal Protocol

We’re excited to announce the release of ChatSecure v4.0, our largest step forward in usability since the addition of thrust messaging six months ago. The most significant fresh feature is OMEMO Encryption, a mobile-friendly encryption scheme pioneered by Conversations that adapts Signal Protocol to the XMPP world.

Using OTR on mobile has always been problematic because it was designed for desktop computers and synchronous conversations. For example, if you don’t have an active OTR session, you can’t begin a fresh secure session if your contact is offline. Even if you do have an OTR session, it can go stale if one of the sides is purged from RAM due to low memory. This can lead to messages that vanish into the ether with no standardized way for the recipient to indicate which message they couldn’t decrypt.

OMEMO fixes all of these problems, and opens doors to fresh features that were unlikely with OTR, like multi-client support, encrypted group talk, and more reliable file transfers. Multi-client conversations would work particularly well with our planned Desktop client, so we’re excited to add support for these features in future releases.

There are some other major switches in this release that improve the user practice, such as the outgoing message queue and enhanced identity management. The message queue automatically negotiates OMEMO and OTR sessions and permits you to resend messages in case of failure.

The fresh profile view permits you to view a contact’s OMEMO and OTR fingerprints, switch each fingerprint’s trust settings, and modify the default encryption method. We’ve made significant switches to the way trust is treated for fresh contacts by adopting the TOFU or “trust on very first use” model. The very first time you see OMEMO or OTR fingerprints for a contact, they will show up as trusted and marked with “TOFU” in the user interface. Any subsequent fingerprints will be untrusted and need to be by hand verified. In this release you can compare fingerprints out-of-band by pressing on the cell and bringing up the system share dialog, but we plan to streamline the fingerprint comparison process in the future.

There are hundreds of other switches under the rubber hood that fix bugs, improve spectacle, and enhance reliability. On the roadmap for v4.1 and beyond are improvements to group talk, including OMEMO encryption, multi-device talk history synchronization (XEP-0313 MAM), read receipts (aka talk markers XEP-0333), improved file transfer, and more.

We’re excited to see people practice this fresh frontier for XMPP usability. We will be working with the Zom project to bring OMEMO support to their suite of apps, and we expect other apps will begin adopting OMEMO as well.

Thank you to everyone who helped make this release a reality!

The End of ChatSecure Android

The End of ChatSecure Android

The developers of the Android version have hard forked the code and are no longer maintaining the upstream version. If you still use ChatSecure Android you should migrate to another app instantaneously. For a similar user practice and the best compatibility with the latest features of ChatSecure iOS, we recommend downloading Conversations.

The development of ChatSecure iOS is unaffected by this switch and we will proceed to release fresh features and updates.

ChatSecure iOS v3.Two.Three – XMPP Shove

ChatSecure iOS v3.Two.Three – XMPP Shove

We’re excited to announce that XMPP thrust (XEP-0357) is now available, ultimately permitting users to receive thrust messages from any contact. This feature is only available when used with compatible XMPP servers, and requires special modules to be enabled for Prosody ( mod_cloud_notify ) or ejabberd ( mod_push ).

Our next release will concentrate on OMEMO support for multi-device asynchronous end-to-end encryption, which will provide giant usability gains over OTR on mobile devices. Gratefully the GPL + App Store licensing issues concerning SignalProtocol have been resolved. You can attempt OMEMO today in other apps such as Conversations, Gajim, and Cryptocat.

  • XMPP shove for supported servers (XEP-0357)
  • Improved subscription requests UI
  • Basic vCard nickname support
  • Fix issues with missing messages during stale OTR sessions
  • Improved IPv6 support for NAT64/DNS64
  • Fix some issues with presence/availability
  • Added button to view your password
  • Fix issue where message view would emerge numerous times
  • Automatically embark OTR sessions when contact is online
  • Send error messages back to contact when messages cannot be decrypted

Related video:

Leave a Reply

Your email address will not be published. Required fields are marked *