JMP (Was: Librem5 (and why I am no longer interested))

15 replies [Last post]
chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

This is in response to tonlee's comment here.[1]

>> use SMS with free software using Gajim and JMP Chat's SMS bridge. You'll
>> be able to send/receive texts,

> Could you start a new post and tell how you did this?

I don't think you will find it complicated. See the instructions here,[2] and let me know if anything is unclear. (I'll see your response sooner if you send it to the mailing list, but I check the forum occasionally.)

Note that the current JMP instance uses a North American carrier for the relay bridge, so users have a +1 phone number. Hopefully the developer (or someone else, it's free software) will add instances for other regions at some point.

> If sms can you
> then get zero knowledge encryption?

What do you mean by zero-knowledge encryption? Doing web search, I see information about the concept in general, but nothing nothing about applying it to SMS.

[1] https://trisquel.info/en/forum/librem5-and-why-i-am-no-longer-interested?page=2#comment-139785
[2] https://jmp.chat/

tonlee
Offline
Joined: 09/08/2014

I can say what I am looking for. I reject sms as a privacy providing
system. What I cannot find is a free software
option where like sms it does not matter if sending and
receiving device is turned on at the same time and messages are
zero knowledge encrypted. Zero knowledge encryption is when
only sender and receiver have the encryption keys.

There is signal. Some will not use signal because it requires a
phone number.

There is wire. Which I have tested. And like sms a message gets
stored on a server for some time. Even if whatsapp was free
software I would not install it, because whatsapp transfers a
copy of contact data onto their servers. One person refused
to use signal because he would not give the signal servers his
phone number. Because he has whatsapp installed, whatsappp
got my phone number. Signal has a tracker. https://reports.exodus-privacy.eu.org/en/reports/60211/ is that one tracker to
much? There is no report on wire. I do not know what data wire
transfers onto their servers. Therefore I cannot ask people
to install wire.

I have tested riot. Apparently it requires both sending and
receiving phone to be turned on.

Does jmp messaging work if both devices are not turned on
at the same time? If protocol is sms, can you then zero knowledge
encrypt messages?

What about jitsi and jami? Does jitsi sip require both
sending and receiving device to be turned on when
messaging?

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> Does jmp messaging work if both devices are not turned on
> at the same time?

Yes.

> If protocol is sms, can you then zero knowledge
> encrypt messages?

The protocol is XMPP. When communicating with other JMP users you can use OMEMO[1] for end-to-end encryption. When communicating with SMS users via the XMPP-to-SMS bridge, you can't use end-to-end encryption. There's no way around that. You can't use encryption unless the other party uses it too.

[1] https://en.wikipedia.org/wiki/OMEMO

tonlee
Offline
Joined: 09/08/2014

Thanks.

> You can't use encryption unless the other party uses it too.

Can you verify.
I have to have a xmpp account if I want to do omemo
messaging with chatsecure or conversations? Which
program is the best for desktop?

The person you are communicating with also has to have
a xmpp account?

Is there a list of xmpp servers you can
choose from?

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> I have to have a xmpp account if I want to do omemo
> messaging with chatsecure or conversations?

> The person you are communicating with also has to have
> a xmpp account?

Yes, both users will need XMPP accounts and clients in order to use OMEMO.

> Which
> program is the best for desktop?

I personally use Gajim. Here's a page that tracks that status of OMEMO support for various XMPP clients.

https://omemo.top/

> Is there a list of xmpp servers you can
> choose from?

You might find this page useful.

https://dismail.de/serverlist.html

tonlee
Offline
Joined: 09/08/2014

I have tested
dino.im
on debian 9 and another gnulinux system.
https://github.com/dino/dino/wiki/Distribution-Packages
On none of them does omemo work.

How did you install gajim? This looks complicated.
https://gajim.org/downloads.php?lang=en#source
https://dev.gajim.org/gajim/gajim/blob/gajim_1.0/README.md

Gajim version in debian 9 64bit is
0.16.6 - 1.1

onpon4
Offline
Joined: 05/30/2012

sudo apt install gajim

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> Gajim version in debian 9 64bit is
> 0.16.6 - 1.1

That will work for SMS. If you also want to send MMS you'll need Gajim >=0.16.7. Here[2] are build instructions for 0.16.9 in Trisquel 8. I would expect the same steps to work in Debian 9.

[1] https://omemo.top/
[2] https://trisquel.info/en/forum/jmp-compatible-gajim#comment-133979

tonlee
Offline
Joined: 09/08/2014

Is is not a problem that gajim is version 0.16.6 - 1.1 regarding
security?

On debian 9 64bit I installed
gajim 0.16.6 - 1.1
gajim omemo 1.0.0 - 2

I can send messages to conversations. They are not omemo
encrypted. On conversations always omemmo is
selected. I cannot send messages from conversations
to gajim.

Any suggestions?
Does omemo work on your computer?

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> Is is not a problem that gajim is version 0.16.6 - 1.1 regarding
> security?

It is only a problem if there have been security fixes since 0.16.6 and the Debian maintainer has neglected to backport these security fixes. Otherwise, the only reason to upgrade will be for new features.

> I can send messages to conversations. They are not omemo
> encrypted.

Run

$ sudo apt install python-axolotl # this is a dependency for Gajim's OMEMO plugin

Then, in Gajim, go to Edit -> Plugins, and go to the "Available" tab and install OMEMO. Then under the "Installed" tab enable it.

tonlee
Offline
Joined: 09/08/2014

It seems it is something about debian 9. Dino.im shows a lock
in the box you send messages from. If you press the lock
you get these options unencrypted, omemo, openpgp.
But omemo and openpgp are grey and cannot get selected. I installed
gajim from synaptic package manager. I installed both
gajim and gajim-omemo. Gajim omemo is installed and active. Therefore
python-axolotl was already installed. I installed python3-axolotl python3-axolotl-curve25519 python3-qrcode.
But omemo does not work in gajim. Does it show on the
graphical user interface if ememo works? Does it work on trisquel 8?

tonlee
Offline
Joined: 09/08/2014

Can you close a xmpp registration?

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> Can you close a xmpp registration?

Yes, but the process of doing so may vary among providers, same as email. See if your provider offers a way to do this automatically. Otherwise you'll need to contact them requesting that they delete your account.

tonlee
Offline
Joined: 09/08/2014

Maybe they get deleted if inactive.
I had a couple of inactive xmpp accounts. They did not work.

Dmitry Alexandrov
Offline
Joined: 03/07/2019

name at domain wrote:
>> If protocol is sms, can you then zero knowledge encrypt messages?
>
> The protocol is XMPP. When communicating with other JMP users you can use OMEMO[1] for end-to-end encryption. When communicating with SMS users via the XMPP-to-SMS bridge, you can't use end-to-end encryption. There's no way around that. You can't use encryption unless the other party uses it too.

name at domain wrote:
>> I have to have a xmpp account if I want to do omemo messaging with chatsecure or conversations?
>> The person you are communicating with also has to have a xmpp account?
>
> Yes, both users will need XMPP accounts and clients in order to use OMEMO.

That’s exactly the problem with all that fashionable stuff. (What number attempt to bring encryption to XMPP is that? Fourth, if I am not mistaken? And none of them are back-compatible?) In two words: it’s too complicated and commanding: install a certain client for a specific protocol, sign-up for a service, generate a set of incompatible keys.

On the other hand, a old good PGP might be easily used even over SMS, whenever such a weird need have arisen.

That’s a clear disadvantage. What about advantages over PGP? Does that OMEMO have any?

tonlee
Offline
Joined: 09/08/2014

> In two words: it’s too complicated and commanding: install a certain client > for a specific protocol, sign-up for a service, generate a set of
> incompatible keys.

No, it is not.
You register on a xmpp server. Then
install an omemo supporting program. Enter xmpp data. Encryption keys
get made.
Then program is ready.