Today it is still complicated to recommend an open source and secure messenger to family and friends. Each messenger has its pros and cons. Concerning decentralized messengers, we often see a kind of centralization around several servers instead of a real decentralization of the network. It is not easy to install its own server. For example in the case of users of email which is a decentralized messaging system, even if it is not instantaneous, most only use a few large services like Hotmail, Yahoo and Gmail. As a result, when a too great percentage of users is grouped into a too small number of services, we lose the pros of decentralization and suffer of the cons of centralized services. Services are no more redundant and don't allow much freedom of choice to users. To better decentralize messengers, I discovered Snikket which offers to install our own instant messaging server easily. Could it be a good track?
A small presentation of XMPP
Among available instant messengers most have or are using an open source protocol which was created at the end of the last century: XMPP (also known as its previous name "Jabber"). It is an extensible protocol (the "X" of XMPP stands for "eXtensible") and generally softwares using it add their own custom pieces on top of it. Indeed, Google Talk was using XMPP and other messengers like Apple's iChat, Facebook Messenger and Skype have or have had integrations with XMPP. A security report from Cisco Talos shows that the Zoom videoconferencing software uses XMPP too (however, the security breach mentioned is due to Zoom's custom implementation and not due to XMPP on its own). Concerning WhatsApp, it seems it is using FunXMPP which looks like a lightened version of XMPP.
XMPP is thus a widespread protocol, but most people have never heard of it and only used it through interfaces integrated onto other proprietary ecosystems. This is kind of a frustrating idea for people who would like to promote the use of secure and free software ("free as in freedom") services. Commercial XMPP services are broadly used, but not the open source ones.
I'm not an XMPP expert. I could only install some XMPP clients a few years ago to look at it. Yet, I have never got the opportunity to use it daily because nobody was ready to install a XMPP client. We have to face the fact that it is easier to tell everybody to go on Facebook Messenger to communicate instead of telling them to create an account on jabberfr.org or another server, then to install a compatible XMPP client for its platform: Gajim, Psi or Dino for GNU/Linux, Psi also for Windows, BeagleIM for MacOS, Conversations for Android and ChatSecure for iOS (this is not an exhaustive list). Even though, it is not sure you will well communicate because each client and each server does not necessarily implement the same XEP (XEP is the name of the possible extensions of the XMPP protocol). That implies that sharing files doesn't always work, nor videoconferencing, etc. In short, many choices are possible, but it is not clear for somebody who just want to communicate with other people without having a technical background.
Presentation of Snikket
I discovered Snikket a few days ago and I let me hope that this project is on the right track. Snikket is a project created by the developers of Prosody which is a XMPP server. So the people behind Snikket are already experienced with XMPP but it doesn't stop here. As a matter of fact it is not just another XMPP client, but more a standardization, or a vertical integration, of already existing XMPP services. In concrete terms, to communicate with Snikket messenger, you need to install a Snikket server or join an already existing one, then install the Snikket client on your smartphone. The same name is used for the mobile app and the server app. This project doesn't reinvent the wheel because the Snikket client is in fact just the Conversations app which color has been changed from green to yellow, and the server is Prosody combined with Let's Encrypt.
I have the feeling that the people behind the Snikket project have at least understood partly XMPP's shortcomings in its adoption by the general public. The project tries to simplify user's experience by explaining them clearly its functioning and by giving one simple answer to which app to install. By offering only one app per platform you don't need to think much which one to choose and the interactions between all the different apps work without having to configure anything.
Another point: Snikket works by invitation. It means it is required that somebody gives us an invitation to join the network, or else you need to install your own server. I think I can see several reasons for this choice. First of all, it helps system administrators to manage progressively the traffic of users on their servers. It can avoid service outage due to an overload. Secondly, it allows to have one Snikket server per family or circle of friends. As soon as they register, users of the service can communicate with other users they know (members of a server automatically see in their contact list other members of the same server). Finally, it allows to limit the size of servers. The whole point of the project is to facilitate servers creation. In that respect it is possible to create its own server when there is no other to join. It could help to increase the number of Snikket servers and to really have a quite homogeneous decentralized network.
It is really easy to setup a Snikket server. I could try it by myself and I had a fully operational messaging service in 30 minutes.
Here again a clear choice has been done. The installation is done with Docker and Docker-compose. To sum up, you need to:
- Have a Linux server
- Point three domain names to this server (chat.example.com, groups.example.com and share.example.com)
- Install Docker and docker-compose
- Copy Snikket's configuration file
- Run the service with docker-compose
I find that a good job has been done to make the installation of the messaging server easy. The next level could be to directly offer a virtual image to be run in a "cloud" hosting provider with only some domain name to specify. It could also be possible to offer an application for Synology's NAS and also an application for the Yunohost platform. How far is it possible to facilitate a server's installation? The ideal would be to spread system administration skills.
Once the Snikket server installed, you need to run a command on the server to generate an invitation and to share the link with the person who wishes to join the network. This page shows the instructions to install the mobile application and to join the Snikket network. Maybe there could be still some improvements, but it is already a great step in terms of onboarding.
A clarification: Snikket's application is today only available on Android, but it is possible to use other XMPP app for other platforms. I could test ChatSecure on an iOS device and it worked with the Snikket server. However the registration is a little bit different. You first need to install the XMPP app on the smartphone, then follow the invitation link in the browser and once on the invitation page, click on "register an account manually" to create your XMPP account on the web interface. Afterwards you can enter your credentials into the XMPP app to connect.
There are already many instant messengers and all suffer or benefit of the network effect. So it is never obvious to foresee the success of a messenger.
In Snikket's case, I think it is a good initiative for spreading the XMPP protocol. The initiators, I think, are on the right track for it. In comparison with Matrix, which is also an open source messenger that I follow closely, I think the reference implementation Synapse is too complex to install and too resource-consuming. As for the web and mobile interface of Riot, I find it too heavy and not reactive enough. Even if I use today more Riot than XMPP, I prefer not to host a Matrix server while I feel capable to host one in XMPP.
For the future, I hope that Snikket's team will manage to keep a rythm (despite the current context due to Covid-19) and that it will manage to create a move. Snikket has been publicly announced during the FOSDEM in February and is still considered in alpha stage. I look forward to Snikket reaching maturity.
Check out Snikket.