1# Conversations
2
3Conversations: the very last word in instant messaging
4
5[](https://play.google.com/store/apps/details?id=eu.siacs.conversations&referrer=utm_source%3Dgithub) [](http://www.amazon.com/dp/B00WD35AAC/)
6
7
8
9## Design principles
10
11* Be as beautiful and easy to use as possible without sacrificing security or
12 privacy
13* Rely on existing, well established protocols (XMPP)
14* Do not require a Google Account or specifically Google Cloud Messaging (GCM)
15* Require as few permissions as possible
16
17## Features
18
19* End-to-end encryption with [OMEMO](http://conversations.im/omemo/), [OTR](https://otr.cypherpunks.ca/), or [OpenPGP](http://openpgp.org/about/)
20* Send and receive images as well as other kind of files
21* Share your location via an external [plug-in](https://play.google.com/store/apps/details?id=eu.siacs.conversations.sharelocation&referrer=utm_source%3Dgithub)
22* Indication when your contact has read your message
23* Intuitive UI that follows Android Design guidelines
24* Pictures / Avatars for your Contacts
25* Syncs with desktop client
26* Conferences (with support for bookmarks)
27* Address book integration
28* Multiple accounts / unified inbox
29* Very low impact on battery life
30
31
32### XMPP Features
33
34Conversations works with every XMPP server out there. However XMPP is an
35extensible protocol. These extensions are standardized as well in so called
36XEP's. Conversations supports a couple of these to make the overall user
37experience better. There is a chance that your current XMPP server does not
38support these extensions; therefore to get the most out of Conversations you
39should consider either switching to an XMPP server that does or — even better —
40run your own XMPP server for you and your friends. These XEP's are:
41
42* [XEP-0065: SOCKS5 Bytestreams](http://xmpp.org/extensions/xep-0065.html) (or mod_proxy65). Will be used to transfer
43 files if both parties are behind a firewall (NAT).
44* [XEP-0163: Personal Eventing Protocol](http://xmpp.org/extensions/xep-0163.html) for avatars and OMEMO.
45* [XEP-0191: Blocking command](http://xmpp.org/extensions/xep-0191.html) lets you blacklist spammers or block contacts
46 without removing them from your roster.
47* [XEP-0198: Stream Management](http://xmpp.org/extensions/xep-0198.html) allows XMPP to survive small network outages and
48 changes of the underlying TCP connection.
49* [XEP-0280: Message Carbons](http://xmpp.org/extensions/xep-0280.html) which automatically syncs the messages you send to
50 your desktop client and thus allows you to switch seamlessly from your mobile
51 client to your desktop client and back within one conversation.
52* [XEP-0237: Roster Versioning](http://xmpp.org/extensions/xep-0237.html) mainly to save bandwidth on poor mobile connections
53* [XEP-0313: Message Archive Management](http://xmpp.org/extensions/xep-0313.html) synchronize message history with the
54 server. Catch up with messages that were sent while Conversations was
55 offline.
56* [XEP-0352: Client State Indication](http://xmpp.org/extensions/xep-0352.html) lets the server know whether or not
57 Conversations is in the background. Allows the server to save bandwidth by
58 withholding unimportant packages.
59* [XEP-0363: HTTP File Upload](http://xmpp.org/extensions/xep-0363.html) allows you to share files in conferences
60 and with offline contacts.
61
62## Team
63
64#### Head of Development
65
66* [Daniel Gultsch](https://github.com/inputmice)
67
68#### Code Contributions
69
70(In order of appearance)
71
72* [Rene Treffer](https://github.com/rtreffer) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3Artreffer+is%3Amerged))
73* [Andreas Straub](https://github.com/strb) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3Astrb+is%3Amerged))
74* [Alethea Butler](https://github.com/alethea) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3Aalethea+is%3Amerged))
75* [M. Dietrich](https://github.com/emdete) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3Aemdete+is%3Amerged))
76* [betheg](https://github.com/betheg) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3Abetheg+is%3Amerged))
77* [Sam Whited](https://github.com/SamWhited) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3ASamWhited+is%3Amerged))
78* [BrianBlade](https://github.com/BrianBlade) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3ABrianBlade+is%3Amerged))
79
80#### Logo
81* [Ilia Rostovtsev](https://github.com/qooob) (Progress)
82* [Diego Turtulici](http://efesto.eigenlab.org/~diesys) (Original)
83* [fiaxh](https://github.com/fiaxh) (OMEMO)
84
85#### Translations
86Translations are managed on [Transifex](https://www.transifex.com/projects/p/conversations/)
87
88## FAQ
89
90### General
91
92#### How do I install Conversations?
93
94Conversations is entirely open source and licensed under GPLv3. So if you are a
95software developer you can check out the sources from GitHub and use Gradle to
96build your apk file.
97
98The more convenient way — which not only gives you automatic updates but also
99supports the further development of Conversations — is to buy the App in the
100Google [Play Store](https://play.google.com/store/apps/details?id=eu.siacs.conversations&referrer=utm_source%3Dgithub).
101
102Buying the App from the Play Store will also give you access to our [beta test](#beta).
103
104#### I don't have a Google Account but I would still like to make a contribution
105
106I accept donations over PayPal, Bitcoin and Flattr. For donations via PayPal you
107can use the email address `donate@siacs.eu` or the button below.
108
109[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CW3SYT3KG5PDL)
110
111**Disclaimer:** I'm not a huge fan of PayPal and their business policies. For
112larger contributions please get in touch with me beforehand and we can talk
113about bank transfer (SEPA).
114
115My Bitcoin Address is: `1NxSU1YxYzJVDpX1rcESAA3NJki7kRgeeu`
116
117
118[](https://flattr.com/submit/auto?user_id=inputmice&url=http%3A%2F%2Fconversations.siacs.eu&title=Conversations&tags=github&category=software)
119
120#### How do I create an account?
121XMPP, like email, is a federated protocol, which means that there is not one company you can create an *official XMPP account* with. Instead there are hundreds, or even thousands, of providers out there. One of those providers is our very own [conversations.im](https://account.conversations.im). If you don’t like to use *conversations.im* use a web search engine of your choice to find another provider. Or maybe your university has one. Or you can run your own. Or ask a friend to run one. Once you've found one, you can use Conversations to create an account. Just select *register new account* on server within the create account dialog.
122
123##### Running your own
124If you have a server somewhere and are willing to put some work in, the best alternative-in the spirit of federation-is to run your own. We recommend either [Prosody](https://prosody.im/) or [ejabberd](https://www.ejabberd.im/). Both of which have their own strengths. Ejabberd is slightly more mature nowadays but Prosody is arguably easier to set up.
125
126For Prosody you need a couple of so called [community modules](https://modules.prosody.im/) most of which are maintained by the same people that develop Prosody.
127
128If you pick ejabberd make sure you use the latest version. Linux Distributions might bundle some very old versions of it.
129
130#### Where can I set up a custom hostname / port
131Conversations will automatically look up the SRV records for your domain name
132which can point to any hostname port combination. If your server doesn’t provide
133those please contact your admin and have them read
134[this](http://prosody.im/doc/dns#srv_records). If your server operator is unwilling
135to fix this you can enable advanced server settings in the expert settings of
136Conversations.
137
138#### I get 'Incompatible Server'
139
140As regular user you should be picking a different server. The server you selected
141is probably insecure and/or very old.
142
143If you are a server administrator you should make sure that your server provides
144STARTTLS. XMPP over TLS (on a different port) is not sufficient.
145
146On rare occasions this error message might also be caused by a server not providing
147a login (SASL) mechanism that Conversations is able to handle. Conversations supports
148SCRAM-SHA1, PLAIN, EXTERNAL (client certs) and DIGEST-MD5.
149
150#### How do XEP-0357: Push Notifications work?
151You need to be running the Play Store version of Conversations and your server needs to support push notifications.¹ Because *Google Cloud Notifications (GCM)* are tied with an API key to a specific app your server can not initiate the push message directly. Instead your server will send the push notification to the Conversations App server (operated by us) which then acts as a proxy and initiates the push message for you. The push message sent from our App server through GCM doesn’t contain any personal information. It is just an empty message which will wake up your device and tell Conversations to reconnect to your server. The information send from your server to our App server depends on the configuration of your server but can be limited to your account name. (In any case the Conversations App server won't redirect any information through GCM even if your server sends this information.)
152
153In summary Google will never get hold of any personal information besides that *something* happened. (Which doesn’t even have to be a message but can be some automated event as well.) We - as the operator of the App server - will just get hold of your account name (without being able to tie this to your specific device).
154
155If you don’t want this simply pick a server which does not offer Push Notifications or build Conversations yourself without support for push notifications. (This is available via a gradle build flavor.) Non-play store source of Conversations like the Amazon App store will also offer a version without push notifications. Conversations will just work as before and maintain its own TCP connection in the background.
156
157 ¹ Your server only needs to support the server side of [XEP-0357: Push Notifications](http://xmpp.org/extensions/xep-0357.html). If you use the Play Store version you do **not** need to run your own app server. The server modules are called *mod_cloud_notify* on Prosody and *mod_push* on ejabberd.
158
159#### Conversations doesn't work for me. Where can I get help?
160
161You can join our conference room on `conversations@conference.siacs.eu`.
162A lot of people in there are able to answer basic questions about the usage of
163Conversations or can provide you with tips on running your own XMPP server. If
164you found a bug or your app crashes please read the Developer / Report Bugs
165section of this document.
166
167#### I need professional support with Conversations or setting up my server
168
169I'm available for hire. Contact me at `inputmice@siacs.eu`.
170
171#### How does the address book integration work?
172
173The address book integration was designed to protect your privacy. Conversations
174neither uploads contacts from your address book to your server nor fills your
175address book with unnecessary contacts from your online roster. If you manually
176add a Jabber ID to your phones address book Conversations will use the name and
177the profile picture of this contact. To make the process of adding Jabber IDs to
178your address book easier you can click on the profile picture in the contact
179details within Conversations. This will start an "add to address book" intent
180with the JID as the payload. This doesn't require Conversations to have write
181permissions on your address book but also doesn't require you to copy/paste a
182JID from one app to another.
183
184#### I get 'delivery failed' on my messages
185
186If you get delivery failed on images it's probably because the recipient lost
187network connectivity during reception. In that case you can try it again at a
188later time.
189
190For text messages the answer to your question is a little bit more complex.
191When you see 'delivery failed' on text messages, it is always something that is
192being reported by the server. The most common reason for this is that the
193recipient failed to resume a connection. When a client loses connectivity for a
194short time the client usually has a five minute window to pick up that
195connection again. When the client fails to do so because the network
196connectivity is out for longer than that all messages sent to that client will
197be returned to the sender resulting in a delivery failed.
198
199Instead of returning a message to the sender both ejabberd and prosody have the
200ability to store messages in offline storage when the disconnecting client is
201the only client. In prosody this is available via an extra module called
202```mod_smacks_offline```. In ejabberd this is available via some configuration
203settings.
204
205Other less common reasons are that the message you sent didn't meet some
206criteria enforced by the server (too large, too many). Another reason could be
207that the recipient is offline and the server doesn't provide offline storage.
208
209Usually you are able to distinguish between these two groups in the fact that
210the first one happens always after some time and the second one happens almost
211instantly.
212
213#### Where can I see the status of my contacts? How can I set a status or priority?
214
215Statuses are a horrible metric. Setting them manually to a proper value rarely
216works because users are either lazy or just forget about them. Setting them
217automatically does not provide quality results either. Keyboard or mouse
218activity as indicator for example fails when the user is just looking at
219something (reading an article, watching a movie). Furthermore automatic setting
220of status always implies an impact on your privacy (are you sure you want
221everybody in your contact list to know that you have been using your computer at
2224am‽).
223
224In the past status has been used to judge the likelihood of whether or not your
225messages are being read. This is no longer necessary. With Chat Markers
226(XEP-0333, supported by Conversations since 0.4) we have the ability to **know**
227whether or not your messages are being read. Similar things can be said for
228priorities. In the past priorities have been used (by servers, not by clients!)
229to route your messages to one specific client. With carbon messages (XEP-0280,
230supported by Conversations since 0.1) this is no longer necessary. Using
231priorities to route OTR messages isn't practical either because they are not
232changeable on the fly. Metrics like last active client (the client which sent
233the last message) are much better.
234
235Unfortunately these modern replacements for legacy XMPP features are not widely
236adopted. However Conversations should be an instant messenger for the future and
237instead of making Conversations compatible with the past we should work on
238implementing new, improved technologies and getting them into other XMPP clients
239as well.
240
241Making these status and priority optional isn't a solution either because
242Conversations is trying to get rid of old behaviours and set an example for
243other clients.
244
245#### How do I backup / move Conversations to a new device?
246On the one hand Conversations supports Message Archive Management to keep a server side history of your messages so when migrating to a new device that device can display your entire history. However that does not work if you enable OMEMO due to its forward secrecy. (Read [The State of Mobile XMPP in 2016](https://gultsch.de/xmpp_2016.html) especially the section on encryption.)
247
248If you migrate to a new device and would still like to keep your history please use a third party backup tool like [oandbackup](https://github.com/jensstein/oandbackup) or ```adb backup``` from your computer. It is important that your deactivate your account before backup and activate it only after a succesful restore. Otherwise OMEMO might not work afterwards.
249
250#### Conversations is missing a certain feature
251
252I'm open for new feature suggestions. You can use the [issue tracker][issues] on
253GitHub. Please take some time to browse through the issues to see if someone
254else already suggested it. Be assured that I read each and every ticket. If I
255like it I will leave it open until it's implemented. If I don't like it I will
256close it (usually with a short comment). If I don't comment on an feature
257request that's probably a good sign because this means I agree with you.
258Commenting with +1 on either open or closed issues won't change my mind, nor
259will it accelerate the development.
260
261#### You closed my feature request but I want it really really badly
262
263Just write it yourself and send me a pull request. If I like it I will happily
264merge it if I don't at least you and like minded people get to enjoy it.
265
266#### I need a feature and I need it now!
267
268I am available for hire. Contact me via XMPP: `inputmice@siacs.eu`
269
270### Security
271
272#### Why are there three end-to-end encryption methods and which one should I choose?
273
274* OTR is a legacy encryption method. It works out of the box with most contacts as long as they are online.
275* OMEMO works even when a contact is offline, and works with multiple devices. It also allows asynchronous file-transfer when the server has [HTTP File Upload](http://xmpp.org/extensions/xep-0363.html). However, OMEMO is not as widely supported as OTR and is currently implemented only by Conversations and Gajim. OMEMO should be preferred over OTR for contacts who use Conversations.
276* OpenPGP (XEP-0027) is a very old encryption method that has some advantages over OTR but should only be used by experts who know what they are doing.
277
278#### How do I use OpenPGP
279
280Before you continue reading you should note that the OpenPGP support in
281Conversations is experimental. This is not because it will make the app unstable
282but because the fundamental concepts of PGP aren't ready for widespread use.
283The way PGP works is that you trust Key IDs instead of JID's or email addresses.
284So in theory your contact list should consist of Public-Key-IDs instead of
285JID's. But of course no email or XMPP client out there implements these
286concepts. Plus PGP in the context of instant messaging has a couple of
287downsides: It is vulnerable to replay attacks, it is rather verbose, and
288decrypting and encrypting takes longer than OTR. It is however asynchronous and
289works well with message carbons.
290
291To use OpenPGP you have to install the open source app
292[OpenKeychain](http://www.openkeychain.org) and then long press on the account in
293manage accounts and choose renew PGP announcement from the contextual menu.
294
295#### OMEMO is grayed out. What do I do?
296OMEMO has two requirments: Your server and the server of your contact need to support PEP. Both of you can verify that indivually by opening your account details and selecting ```Server info``` from the menu. The appearing table should list PEP as available. The second requirement is mutal presence subscription. You can verify that be going into the contact details and see if the both check boxes *Send presence updates* and *Receive presence updates* are checked.
297
298#### How does the encryption for conferences work?
299
300For conferences only OMEMO and OpenPGP are supported as encryption method. (OTR
301does not work with multiple participants).
302
303##### OMEMO
304
305OMEMO encryption works only in private (members only) conferences that are non-anonymous.
306You need to have presence subscription with every member of the conference.
307You can verify that by going into the conference details, long press every member and start
308a conversation with them. (Or select 'contact details' if they are already in your contact
309list)
310
311The owner of a conference can make a public conference private by going into the conference
312details and hit the settings button (the one with the gears) and select both *private* and
313*members only*.
314
315If OMEMO is grayed out long pressing the lock icon will reveal some quick hints on why OMEMO
316is disabled.
317
318##### OpenPGP
319
320Every participant has to announce their OpenPGP key (see answer above).
321If you would like to send encrypted messages to a conference you have to make
322sure that you have every participant's public key in your OpenKeychain.
323Right now there is no check in Conversations to ensurethat.
324You have to take care of that yourself. Go to the conference details and
325touch every key id (The hexadecimal number below a contact). This will send you
326to OpenKeychain which will assist you on adding the key. This works best in
327very small conferences with contacts you are already using OpenPGP with. This
328feature is regarded experimental. Conversations is the only client that uses
329XEP-0027 with conferences. (The XEP neither specifically allows nor disallows
330this.)
331
332#### Why is Conversations not end-to-end encrypted by default
333We briefly had OMEMO as the default E2EE but it turned out to be a usabilty nightmare and thus we reverted that. You can find more information in [the commit message](https://github.com/siacs/Conversations/commit/035d0c79572d5981c53d1bff7f30b484c6542f17) of that change.
334
335Quick reminder that Conversations **always** uses TLS to connect to your server. It won‘t even connect to a server without TLS.
336
337#### What is Blind Trust Before Verification / why are messages marked with a red lock?
338
339Read more about the concept on https://gultsch.de/trust.html
340
341### What clients do I use on other platforms
342There are XMPP Clients available for all major platforms.
343####Windows / Linux
344For your desktop computer we recommend that you use [Gajim](https://gajim.org). You need to install the plugins `OMEMO`, `HTTP Upload` and `URL image preview` to get the best compatibiltiy with Conversations. Plugins can be installed from within the app.
345####iOS
346Unfortunatly we don‘t have a recommendation for iPhones right now. There are two clients available [ChatSecure](https://chatsecure.org/) and [Monal](https://monal.im/). Both with their own pros and cons.
347
348
349### Development
350
351<a name="beta"></a>
352#### Beta testing
353If you bought the App on [Google Play](https://play.google.com/store/apps/details?id=eu.siacs.conversations)
354you can get access to the latest beta version by joining the
355[Conversations Beta Testers](https://plus.google.com/communities/107649347599361240873)
356community on Google+ and then using [this link](https://play.google.com/apps/testing/eu.siacs.conversations)
357to sign up for the beta test.
358
359#### How do I build Conversations
360
361Make sure to have ANDROID_HOME point to your Android SDK. Use the Android SDK Manager to install missing dependencies.
362
363 git clone https://github.com/siacs/Conversations.git
364 cd Conversations
365 ./gradlew assembleFreeDebug
366
367There are two build flavors available. *free* and *playstore*. Unless you know what you are doing you only need *free*.
368
369
370[](https://travis-ci.org/siacs/Conversations)
371
372#### How do I update/add external libraries?
373
374If the library you want to update is in Maven Central or JCenter (or has its own
375Maven repo), add it or update its version in `build.gradle`. If the library is
376in the `libs/` directory, you can update it using a subtree merge by doing the
377following (using `minidns` as an example):
378
379 git remote add minidns https://github.com/rtreffer/minidns.git
380 git fetch minidns
381 git merge -s subtree minidns master
382
383To add a new dependency to the `libs/` directory (replacing "name", "branch" and
384"url" as necessary):
385
386 git remote add name url
387 git merge -s ours --no-commit name/branch
388 git read-tree --prefix=libs/name -u name/branch
389 git commit -m "Subtree merged in name"
390
391#### How do I debug Conversations
392
393If something goes wrong Conversations usually exposes very little information in
394the UI (other than the fact that something didn't work). However with adb
395(android debug bridge) you can squeeze some more information out of Conversations.
396These information are especially useful if you are experiencing trouble with
397your connection or with file transfer.
398
399To use adb you have to connect your mobile phone to your computer with an USB cable
400and install `adb`. Most Linux systems have prebuilt packages for that tool. On
401Debian/Ubuntu for example it is called `android-tools-adb`.
402
403Furthermore you might have to enable 'USB debugging' in the Developer options of your
404phone. After that you can just execute the following on your computer:
405
406 adb -d logcat -v time -s conversations
407
408If need be there are also some Apps on the PlayStore that can be used to show the logcat
409directly on your rooted phone. (Search for logcat). However in regards to further processing
410(for example to create an issue here on Github) it is more convenient to just use your PC.
411
412#### I found a bug
413
414Please report it to our [issue tracker][issues]. If your app crashes please
415provide a stack trace. If you are experiencing misbehavior please provide
416detailed steps to reproduce. Always mention whether you are running the latest
417Play Store version or the current HEAD. If you are having problems connecting to
418your XMPP server your file transfer doesn’t work as expected please always
419include a logcat debug output with your issue (see above).
420
421[issues]: https://github.com/siacs/Conversations/issues