Got Jabber?

by Peter Saint-Andre

2005-03-14

Over the weekend, a story broke on Slashdot that AOL's "terms of service" for the AOL Instant Messenger service specify that AOL has the right to use any messages you send in any way it wants. Although it turns out that this "new" TOS was first posted in February 2004 and in any case applies to AOL's web forums rather than their IM service (or so they say -- probably the lawyers got confused), lots of folks are uncomfortable with the implications and have started to switch to Jabber as the open, secure, privacy-respecting alternative. To which we naturally say: welcome!

Ted Leung thinks that this is the time to push for greater adoption of Jabber technologies. I agree, except that it's always the time to push for greater Jabber adoption. :-) The fundamental reasons why it's a bad idea to depend on AOL, MSN, and Yahoo for your instant messaging needs have not changed in the 5+ years that Jabber technologies have been available. But this recent fiasco (whether public relations or real) is a great reminder why Jabber is better.

I'd like to address some misconceptions and misunderstandings in the many blog posts out there (good background information is available in a previous post of mine). For instance, Troy Brumley writes:

Brian Rice suggested that I look at Jabber. It isn't exactly what I was looking for, but the service looks interesting. Free servers, an open messaging spec, and some of that "open source" positive attitude. I like it, but it still suffers from the abusability flaw that AOL has given in to. By running the service from servers, someone at the server could collect and use information from the chats.

First, "Jabber" is not a service like AIM or MSN, it is a technology like email or the web. Second, the solution to the untrusted server problem is, naturally, to run your own server or set up an account on a server you trust (Dreamhost and others make it easy). Third, it is true that while the Jabber community does have an older PGP-based protocol for end-to-end message encryption, developing a more modern e2e encryption protocol is something we need to make a priority since it seems that RFC 3923 is unlikely to take off anytime soon.

The_Tick (didn't he have his own TV show a few years ago?) has provided his perspective on some of the reasons that jabber isn't where it should be, including:

• The Jabber Software Foundation doesn't produce software, instead it's something like the W3C of the messaging world. Yes, this is a problem -- originally the JSF was supposed to be the "Jabber Foundation" but the state of Delaware said that was too close to "Jabber Inc." and so someone put the word "Software" in there on the model of the Apache and Python software foundations.
• People don't want to switch because all their friends are on one of the consumer IM services rather than the Jabber network. This was true in 1999 when the Jabber developers started out, and it hasn't changed all that much, except now there are perhaps 15 million people using Jabber instead of the 15 people who were using it in 1999. It's a long road to world domination when you're fighting against AOL/TimeWarner, Microsoft, and Yahoo!
• Existing Jabber clients are not as easy to use as the AIM, MSN, and Yahoo clients. For example, The_Tick wonders "Why is the user forced to set the server in every single client out there?" For the same reason the user is forced to enter a server address when setting up an email client: we don't have one big address space and monolithic service, but a distributed network of servers (in fact you can run your own, just like you can run your own email server). I'd agree that many of the Jabber clients out there are not intuitive, although they are getting better (and more intuitive clients are on the way for some platforms). Developers like bug reports and feature requests, so feel free to help out (or write docs etc.). I disagree that forcing the user to enter a server name implies that "Jabber is designed for the uber geeks." Most people understand that their email address is user@domain and can understand that their IM address also looks like that. Perhaps it would help if more ISPs offered a Jabber service?

Bill de Hóra says that it's time to ditch the Jabber name and focus on XMPP. This is at odds with The_Tick's assertion that the "Jabber" name is too geeky -- do we seriously think "XMPP" will help? That said, Bill is right that we (mostly) need to stop publishing JEPs and focus on code. (The main exception is, as I said, some security improvements so that we really can say with full confidence that Jabber technologies are a completely secure solution.)

Following up on an earlier post of his, Phil Wilson writes more on Jabber non-adoption. Phil makes several points:

• There are lots of open-source server implementations. I am not quite convinced that this is a problem. E.g., for email I count Sendmail, postfix, qmail, exim, and others, so the situation is not unique to the Jabber/XMPP world (where there are really only four major open-source implementations: jabberd1, jabberd2, ejabberd, and Jive Messenger). Each server meets different needs. Over time they will sort themselves out (yes, that's a hands-off approach to the market), and more options is not necessarily evil (too many people get confused because for web servers there is one true codebase).
• There are even more clients than servers. Again, true. However, the client list provides suggested implementations, which over time we'll probably cull even further (e.g., remove Gabber from the Linux suggestions, Nitro from the Mac suggestions, JAJC from the Windows suggestions). The fact that these lists are getting shorter indicates that the market is working.

There is much to agree with in the concerns expressed by people who want to adopt Jabber technologies for IM: we need friendlier clients, more reliable servers, stronger security, better identity management (vCard++), easier ways to find people on the network, and more straightforward user-registration features. We need to focus on these priorities and deliver software that solves the problems with existing codebases. So as always that means rolling up our sleeves and getting back to work.

Peter Saint-Andre > Journal