Got Jabber?

by Peter Saint-Andre

2005-03-14

Over the weekend, a story broke on Slashdot that AOL's "terms of service" for the AOL Instant Messenger service specify that AOL has the right to use any messages you send in any way it wants. Although it turns out that this "new" TOS was first posted in February 2004 and in any case applies to AOL's web forums rather than their IM service (or so they say -- probably the lawyers got confused), lots of folks are uncomfortable with the implications and have started to switch to Jabber as the open, secure, privacy-respecting alternative. To which we naturally say: welcome!

Ted Leung thinks that this is the time to push for greater adoption of Jabber technologies. I agree, except that it's always the time to push for greater Jabber adoption. :-) The fundamental reasons why it's a bad idea to depend on AOL, MSN, and Yahoo for your instant messaging needs have not changed in the 5+ years that Jabber technologies have been available. But this recent fiasco (whether public relations or real) is a great reminder why Jabber is better.

I'd like to address some misconceptions and misunderstandings in the many blog posts out there (good background information is available in a previous post of mine). For instance, Troy Brumley writes:

Brian Rice suggested that I look at Jabber. It isn't exactly what I was looking for, but the service looks interesting. Free servers, an open messaging spec, and some of that "open source" positive attitude. I like it, but it still suffers from the abusability flaw that AOL has given in to. By running the service from servers, someone at the server could collect and use information from the chats.

First, "Jabber" is not a service like AIM or MSN, it is a technology like email or the web. Second, the solution to the untrusted server problem is, naturally, to run your own server or set up an account on a server you trust (Dreamhost and others make it easy). Third, it is true that while the Jabber community does have an older PGP-based protocol for end-to-end message encryption, developing a more modern e2e encryption protocol is something we need to make a priority since it seems that RFC 3923 is unlikely to take off anytime soon.

The_Tick (didn't he have his own TV show a few years ago?) has provided his perspective on some of the reasons that jabber isn't where it should be, including:

Bill de Hóra says that it's time to ditch the Jabber name and focus on XMPP. This is at odds with The_Tick's assertion that the "Jabber" name is too geeky -- do we seriously think "XMPP" will help? That said, Bill is right that we (mostly) need to stop publishing JEPs and focus on code. (The main exception is, as I said, some security improvements so that we really can say with full confidence that Jabber technologies are a completely secure solution.)

Following up on an earlier post of his, Phil Wilson writes more on Jabber non-adoption. Phil makes several points:

There is much to agree with in the concerns expressed by people who want to adopt Jabber technologies for IM: we need friendlier clients, more reliable servers, stronger security, better identity management (vCard++), easier ways to find people on the network, and more straightforward user-registration features. We need to focus on these priorities and deliver software that solves the problems with existing codebases. So as always that means rolling up our sleeves and getting back to work.


Peter Saint-Andre > Journal