With the on-going pressure from above for centralized chat platforms to increase age and identify verification, many new people are looking into formerly obscure distributed chat platforms. However, not all of these are created equal, and some are more distributed than others, while others have some confusion to their inner workings.
So, with that being said, how can you determine what the best chat application is? Well, you have to try them, and that's what I've been doing for the past 3-4 years as I've been learning more about how these things work.
This is not a deep-dive into any specific protocol, but a more general high level review of a few of the most popular options currently.
// Chat applications I've hosted
- Session
- XMPP
- Delta Chat
// Session
Session uses swarms of service nodes to onion route (most) data between two parties. It is a cryptocurrency-based project by the Oxen Privacy Tech Foundation which provides audio calling, emoji reactions, and file uploading.
I followed the guide for hosting a SOG (now called a Community) and found setup to be straightforward. However, there are a few things the server operator should be aware of when hosting these. The main, and arguably most dangerous one, is that any uploaded files are stored on your server, regardless of who uploaded them. This is a very risky position for a server operator to be in, when these chats are designed to be public and people are free to upload anything.
You can, of course, disable file uploads, but moderating these chats is a full-time job. Additionally, the development team seems to, in my opinion, have made some questionable decisions. First, all file uploads that aren't on a SOG, for example user-to-user or private group uploads, are uploaded to a CDN in Canada owned by Session. This is a far cry from a distributed design decision. Second, and more alarmingly, calls are routed directly, p2p, between users.
These seem like rushed decisions, especially when OPTF's other project, Lokinet (now forked by its creator as LLARP), already exists and uses the same service nodes as its onion routing backbone while supporting UDP traffic at speeds more than fast enough for gaming or voice calling. Many people think Session uses Lokinet as the two are by the same foundation, however this is not the case. Session uses its own onion network on the same service nodes.
// XMPP
By far the oldest of any on this page, XMPP also has the most widespread adoption. It serves as the basis of Fortnite's chat backend, while also being used by WhatsApp, Zoom, and Nintendo (it even underwent military trial at Navy Exercise Trident Warrior 2006).
Server setup is simple with Prosody and you can quickly create your own XMPP server which will federate with other XMPP servers. It's also easy to peer your server entirely over Tor or I2P with other servers using mod_deepweb.
XMPP clients have good support for different encryption methods, including but not limited to OpenPGP and OMEMO, while servers can be configured to support video and audio calling with STUN/TURN. HTTPS file upload is supported by most servers.
Public chat operators will be glad that files posted by users in public chats are kept on the users' server, and not the chat's.
While its age is a good thing in terms of staying-power, it is also a bad thing, as adoption of XEPs for more modern features, such as XEP-0449: Stickers has been painfully slow. Additionally, clients can become out of sync and encryption in large chats is difficult to manage as the user roster constantly changes.
// Delta Chat
Although I am still hosting an XMPP server, I have become more interested in Delta Chat lately as it provides a lot of features I was looking for while also using a very neat Email backend.
Delta Chat uses SMTP/IMAP for messaging, meaning you can use your existing email account or set up your own email server and start messaging right away. However, you will likely want to take advantage of Chatmail for its encryption enforcement, increased delivery and receipt speed, and customizable push-notification options.
The official Delta Chat client shows users creating an account a list of Chatmail relays available for registration, which makes onboarding that much easier. The client also has support for Webxdc which allows for community applications to be run in chats (Cheogram for XMPP also supports this). File upload, emoji reactions, and stickers (hooray!) are supported out of the box, while video/audio calling relies on having Jitsi set up (but this may change in the future with Iroh being added for realtime P2P for Webxdc applications).
To handle encryption, Delta Chat uses Autocrypt with rPGP. There is only one key per identity (e.g., email) and a user's devices share this key, making managing encryption for large, constantly changing rosters much easier versus XMPP+OMEMO's client-side fan-out where your client queries the XMPP server to fetch public keys and encrypt messages for every single participant in the room (for every device those participants own).
There is a lot of active development in this ecosystem, and I am eager to watch it evolve.
// Honorable mentions
- Jami Uses OpenDHT to connect peers and appears promising, however my experience with the official client Flatpak hasn't been great, with frequent crashes causing me to hold off for now.
- Tox Another p2p e2ee encrypted messenger with support for routing over Tor, however its development status has been frozen for years.