To main page
You have to enable TLS/SSL if you use any type of clear net
connection with our server. Otherwise, the connection will not be established,
because we disabled non-encrypted communications.
However, as TLS/SSL potentially may harm the anonymity of the clients, and the
connections inside the Tor network are already encrypted and authenticated, we
disabled TLS/SSL for the Tor hidden service connection.
We use those cipher suits for TLS connection that provide the best security
You can see the parameters supported by our server on this
Some XMPP clients allow you to make so-called certificate pinning when TLS/SSL
is used. It is manual specification of a correct fingerprint for the XMPP server
TLS/SSL certificate. We signed
with the help of our PGP key. The certificate pinning is a good countermeasure
therefore, we suggest you to use this option for TLS/SSL connection (verify the
fingerprint using our PGP signature first!) if it is possible.
Both addresses of our server (securejabber.me and giyvshdnojeivkom.onion) are
added as uids to our PGP key. Given the domain name or onion address is changed,
the corresponding uids will be revoked and uids with new addresses will be
added. Notice that our PGP key is the only way that gives you authentical
information about addresses and certificates of our XMPP server.
XMPP was designed long time ago without anonymity kept in mind.
Depending on the capabilities of your XMPP client it may leak some
sensitive information about your software configuration such as the
time on your machine, your timezone, geolocation (XEP-0080
of your operating system and version of your XMPP client. Some XMPP
clients can also download a content (pictures, files) authomatically
that may be used by attacker to reveal your IP address. Thus, if
anonymity matters for you, it is always better to run XMPP client
inside some virtual operating system (on virtual machine), that
doesn't share its software configuraton with your main operating
To main page