Рус

To main page

Security notes

You have to enable TLS/SSL if you use any type of clear net connection with our server. Otherwise, the connection will not be established, because we disabled non-encrypted communications. However, as TLS/SSL potentially may harm the anonymity of the clients, and the connections inside the Tor network are already encrypted and authenticated, we disabled TLS/SSL for the Tor hidden service connection.

We use those cipher suits for TLS connection that provide the best security with PFS. You can see the parameters supported by our server on this test link.

Some XMPP clients allow you to make so-called certificate pinning when TLS/SSL is used. It is manual specification of a correct fingerprint for the XMPP server TLS/SSL certificate. We signed this fingerprint with the help of our PGP key. The certificate pinning is a good countermeasure against attacks on PKI; therefore, we suggest you to use this option for TLS/SSL connection (verify the fingerprint using our PGP signature first!) if it is possible.

Both addresses of our server (securejabber.me and giyvshdnojeivkom.onion) are added as uids to our PGP key. Given the domain name or onion address is changed, the corresponding uids will be revoked and uids with new addresses will be added. Notice that our PGP key is the only way that gives you authentical information about addresses and certificates of our XMPP server.

XMPP was designed long time ago without anonymity kept in mind. Depending on the capabilities of your XMPP client it may leak some sensitive information about your software configuration such as the time on your machine, your timezone, geolocation (XEP-0080), version of your operating system and version of your XMPP client. Some XMPP clients can also download a content (pictures, files) authomatically that may be used by attacker to reveal your IP address. Thus, if anonymity matters for you, it is always better to run XMPP client inside some virtual operating system (on virtual machine), that doesn't share its software configuraton with your main operating system.

To main page