
Show HN: ChatSecure iOS v4.0 – OMEMO and Signal Protocol - chrisballinger
https://chatsecure.org/blog/chatsecure-v4-released/?hn=true
======
ge0rg
Congratulations! It's nice to see that we now have both Android
(https:/mconversations.im) and iOS covered by usable and secure XMPP clients!

~~~
gtirloni
The list of features at conversations.im is impressive. Despite the fact that
nobody I know is using it, I wanted to have a quick look but it's a paid app
(I know, GPL, etc). And one I know I won't be actively using. There is too
much friction to try it out.

~~~
erlehmann_
One can get Conversations from the F-Droid store without spending money:
[https://f-droid.org/](https://f-droid.org/)

~~~
openplatypus
Then you can support project but paying for really reliable service and for
few extra € you can even use your own domain.

------
bradknowles
So, how does this compare with the Signal app, WhatsApp, and other secure chat
clients that use the same library?

What makes ChatSecure a better choice? What can I do with it that they can't?

~~~
LukeShu
I'm not familiar with ChatSecure, but from what I can tell:

It ChatSecure is an XMPP client; XMPP being an open federated protocol.

Signal uses Google infrastructure; while this isn't an issue for security
purposes (because everything is encrypted), some people don't like it, some
people like to run their own servers. With a "centralized" protocol like
Signal, running your own server means you are cut off from everyone on the
main server; with a "federated" protocol like XMPP your server can communicate
with the other servers, so you can chat with users on other servers.

The innovation with ChatSecure over other XMPP clients is that it has
implemented an XMPP extension (XMPP is an extensible protocol) called "OMEMO"
that implements encryption, by borrowing substantially from the Signal
protocol. This is an improvement over OTR, the status-quo way of doing
encrypted XMPP, which the linked page explains was designed around desktop
usage and doesn't work well with phones.

~~~
chrisballinger
That's correct. Our main differentiator from Signal/WhatsApp/Wire/Telegram/etc
is that we have no centralized messaging infrastructure. Users are free to run
their own servers, or connect to any 3rd party providers they trust. We also
have integrated Tor support, but plan to remove that once iCepa reaches
maturity.

~~~
BuuQu9hu
How many trustworthy and well administered XMPP servers are out there?

BTW, for anyone wanting to setup a modern XMPP server, check out this:

[http://www.enricozini.org/blog/2017/debian/modern-and-
secure...](http://www.enricozini.org/blog/2017/debian/modern-and-secure-
instant-messaging/)
[http://www.trueelena.org/computers/howto/modern_xmpp_server....](http://www.trueelena.org/computers/howto/modern_xmpp_server.html)

~~~
chrisballinger
Most public servers are pretty bad in terms of modern XMPP features [1]. Trust
is also a big issue, but one of our goals is to solve this problem by making
it much easier to run your own server. We currently default to Dukgo for new
registrations but they don't support many of the XEPs required for a good
mobile experience (0198, 0313, 0357).

1\. [https://gultsch.de/compliance.html](https://gultsch.de/compliance.html)

------
bredren
Congratulations to Chris and team on getting this release out the door.

~~~
chrisballinger
Thanks! It's been quite the rollercoaster. We're extremely grateful that Moxie
resolved the App Store / GPL license issue with their Signal Protocol
libraries.

~~~
lelandgaunt
Thanks for your contribution. How can one report usability bugs?

------
antihero
Ok so a few problems, on every network I've tried.

DuckDuckGo: Adding people doesn't seem to work via QR code, at all. And the
client gets weird when trying to delete the account.

evil.im: Adder never gets notified that they have been "accepted", so can't
view the conversation except via notification.

null.pm: Adding works fine, but OMEMO just stays at yellow exclamation marks.

dismail.de (supposedly has a fully green bar): No QR code adding, no
notification of accepted contact request, OMEMO is fucked.

talker.to Basically the same as dismail.de.

So is there an actual server that is reliable and supports the requisite
features set to make this a usable experience?

Are these client bugs?

Because otherwise this is going nowhere. I'm sitting next to my mate and
cannot actually find a server that allows us to communicate normally.

I'm trying to set up a Jabber prosody server and I _think_ it's working. I
have no idea how to test if it is really. I got A/A on the server test thing.

How do they compile a list like this?

[https://gultsch.de/compliance_ranked.html](https://gultsch.de/compliance_ranked.html)

Do they have a suite that I can run against my own server?

~~~
chrisballinger
Thanks for testing so thoroughly. Some of these problems are likely related to
server incompatibilities, but others are definitely client bugs like the QR
code stuff. Please report individual issues here [1]. Thank you!

1\. [https://github.com/chatsecure/chatsecure-
ios/issues](https://github.com/chatsecure/chatsecure-ios/issues)

~~~
antihero
Of course, thanks for the good work :)

------
antihero
Yay! Amazing! I literally checked out ChatSecure yesterday due to the WhatsApp
issues and looked at the GitHub issues to see if it supported OMEMO, and here
we are! Thank you so much, it's like Christmas :)

------
mp3geek
Unless I'm looking at the wrong git repo, the Android version seems to be
rather undeveloped?

[1]
[https://github.com/guardianproject/ChatSecureAndroid](https://github.com/guardianproject/ChatSecureAndroid)

~~~
upofadown
Last I heard was that the past Android version of chatsecure was being
abandoned. Conversations would become the new Android client. Any future work
on the original Android chatsecure will go to the Zom project:

* [https://github.com/zom/zom-android](https://github.com/zom/zom-android)

------
tristan-k
Congratulations! Is there any ETA on MAM in ChatSecure and will the beta-
testing in TestFlight continue?

~~~
chrisballinger
MAM will be in 4.1, but there's currently no timeline for that release yet. We
plan to do a 4.0.1 release soon to resolve some bugs, and then start working
on 4.1. If you signed up for the 4.0 beta, you'll get notifications for the
next beta as soon as its ready.

------
mrmondo
Well done! I take it group chat is now in place as well?

