- What security of my communications are your providing?
We setup this chat server using the recommendations of the manifesto “A public statement about ubiquitous encryption on the federated XMPP network.“. You can see the result in the xmpp.net website.
Your connection to the jabber server must be encrypted using SSL/TLS (both when connecting as a client to the server, or from server to server). We strongly advise you to use OTR to encrypt your communications end-to-end with your friends.
- What guarantee do you provide about the security and confidentiality of my discussions? / What are you logging?
We promise that we will always keep the least possible data in the server. That said, for technical reasons, we have to keep the following data in the server:
- The messages you send to someone offline are stored in the server waiting for this person to login. The messages are then sent to him/her and destroyed from the server.
- Your list of contacts (that’s how xmpp/jabber protocol is working)
- The date of last connection for each account, so that we can delete account when they are unused for 6 months. (But we don’t keep the IP address from where you connect.)
- The password of your account, not the clear password, but a salted-hashed version of it (read “encrypted and not easy to decrypt”))
- The (non mandatory) email associated to your account, if you lose your password we don’t keep it in cleartext though, it’s also hashed with a salt.
We don’t keep any log of anything apart from that list. The current European and French legislation has been canceled by the CJEU, and was not applicable to private communications anyway.
- Who is allowed to access this server?
Benjamin Sonntag, Sébastien and the rest of the technical team at Octopuce where the server is hosted. Benjamin is a cofounder of La Quadrature du Net, Sébastien is a volounteer for La Quadrature & the French Data Network federation.
- Where is physically located this server?
- Can I connect using Jitsi (or another Java xmpp client)?
Yes ! We setup a dhparam of 1024 bits so that Java applications can still connect to this chat server.
- Are the source code and configuration of this server available somewhere? Under which license?
Of course, we are following the spirit of Free Software, as such, we publish all our source code and configuration of our services (Prosody, Apache etc.)Everything is here, in the GitLab of La Quadrature du Net.
- I have a question!
Good! Drop us an email at jabber [at] laquadrature.net, and we will try to answer your question \o/