1<h1 align="center">Conversations</h1>
2
3<p align="center">Conversations: the very last word in instant messaging</p>
4
5<p align="center">
6 <a href="https://conversations.im/j/conversations@conference.siacs.eu">
7 <img src="https://camo.githubusercontent.com/a839cc0a3d4dac7ec82237381b165dd144365b6d/68747470733a2f2f74696e7975726c2e636f6d2f6a6f696e7468656d7563"
8 alt="chat on our conference room">
9 </a>
10 <a href="https://travis-ci.org/siacs/Conversations">
11 <img src="https://travis-ci.org/siacs/Conversations.svg?branch=development"
12 alt="build status">
13 </a>
14 <a href="https://bountysource.com/teams/siacs">
15 <img src="https://api.bountysource.com/badge/tracker?tracker_id=519483" alt="Bountysource">
16 </a>
17</p>
18
19<p align="center">
20 <a href="https://play.google.com/store/apps/details?id=eu.siacs.conversations&referrer=utm_source%3Dgithub">
21 <img src="https://conversations.im/images/en-play-badge.png"
22 alt="Google Play">
23 </a>
24 <a href="http://www.amazon.com/dp/B00WD35AAC/">
25 <img src="https://images-na.ssl-images-amazon.com/images/G/01/AmazonMobileApps/amazon-apps-store-us-black.png"
26 alt="Amazon App Store">
27 </a>
28</p>
29
30
31
32## Design principles
33
34* Be as beautiful and easy to use as possible without sacrificing security or
35 privacy
36* Rely on existing, well established protocols (XMPP)
37* Do not require a Google Account or specifically Google Cloud Messaging (GCM)
38* Require as few permissions as possible
39
40## Features
41
42* End-to-end encryption with [OMEMO](http://conversations.im/omemo/), [OTR](https://otr.cypherpunks.ca/), or [OpenPGP](http://openpgp.org/about/)
43* Send and receive images as well as other kind of files
44* Share your location via an external [plug-in](https://play.google.com/store/apps/details?id=eu.siacs.conversations.sharelocation&referrer=utm_source%3Dgithub)
45* Indication when your contact has read your message
46* Intuitive UI that follows Android Design guidelines
47* Pictures / Avatars for your Contacts
48* Syncs with desktop client
49* Conferences (with support for bookmarks)
50* Address book integration
51* Multiple accounts / unified inbox
52* Very low impact on battery life
53
54
55### XMPP Features
56
57Conversations works with every XMPP server out there. However XMPP is an
58extensible protocol. These extensions are standardized as well in so called
59XEP's. Conversations supports a couple of these to make the overall user
60experience better. There is a chance that your current XMPP server does not
61support these extensions; therefore to get the most out of Conversations you
62should consider either switching to an XMPP server that does or — even better —
63run your own XMPP server for you and your friends. These XEP's are:
64
65* [XEP-0065: SOCKS5 Bytestreams](http://xmpp.org/extensions/xep-0065.html) (or mod_proxy65). Will be used to transfer
66 files if both parties are behind a firewall (NAT).
67* [XEP-0163: Personal Eventing Protocol](http://xmpp.org/extensions/xep-0163.html) for avatars and OMEMO.
68* [XEP-0191: Blocking command](http://xmpp.org/extensions/xep-0191.html) lets you blacklist spammers or block contacts
69 without removing them from your roster.
70* [XEP-0198: Stream Management](http://xmpp.org/extensions/xep-0198.html) allows XMPP to survive small network outages and
71 changes of the underlying TCP connection.
72* [XEP-0280: Message Carbons](http://xmpp.org/extensions/xep-0280.html) which automatically syncs the messages you send to
73 your desktop client and thus allows you to switch seamlessly from your mobile
74 client to your desktop client and back within one conversation.
75* [XEP-0237: Roster Versioning](http://xmpp.org/extensions/xep-0237.html) mainly to save bandwidth on poor mobile connections
76* [XEP-0313: Message Archive Management](http://xmpp.org/extensions/xep-0313.html) synchronize message history with the
77 server. Catch up with messages that were sent while Conversations was
78 offline.
79* [XEP-0352: Client State Indication](http://xmpp.org/extensions/xep-0352.html) lets the server know whether or not
80 Conversations is in the background. Allows the server to save bandwidth by
81 withholding unimportant packages.
82* [XEP-0363: HTTP File Upload](http://xmpp.org/extensions/xep-0363.html) allows you to share files in conferences
83 and with offline contacts.
84
85## Team
86
87#### Head of Development
88
89* [Daniel Gultsch](https://github.com/inputmice)
90
91#### Code Contributions
92
93(In order of appearance)
94
95* [Rene Treffer](https://github.com/rtreffer) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3Artreffer+is%3Amerged))
96* [Andreas Straub](https://github.com/strb) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3Astrb+is%3Amerged))
97* [Alethea Butler](https://github.com/alethea) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3Aalethea+is%3Amerged))
98* [M. Dietrich](https://github.com/emdete) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3Aemdete+is%3Amerged))
99* [betheg](https://github.com/betheg) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3Abetheg+is%3Amerged))
100* [Sam Whited](https://github.com/SamWhited) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3ASamWhited+is%3Amerged))
101* [BrianBlade](https://github.com/BrianBlade) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3ABrianBlade+is%3Amerged))
102
103#### Logo
104* [Ilia Rostovtsev](https://github.com/qooob) (Progress)
105* [Diego Turtulici](http://efesto.eigenlab.org/~diesys) (Original)
106* [fiaxh](https://github.com/fiaxh) (OMEMO)
107
108#### Translations
109Translations are managed on [Transifex](https://www.transifex.com/projects/p/conversations/)
110
111## FAQ
112
113### General
114
115#### How do I install Conversations?
116
117Conversations is entirely open source and licensed under GPLv3. So if you are a
118software developer you can check out the sources from GitHub and use Gradle to
119build your apk file.
120
121The more convenient way — which not only gives you automatic updates but also
122supports the further development of Conversations — is to buy the App in the
123Google [Play Store](https://play.google.com/store/apps/details?id=eu.siacs.conversations&referrer=utm_source%3Dgithub).
124
125Buying the App from the Play Store will also give you access to our [beta test](#beta).
126
127#### I don't have a Google Account but I would still like to make a contribution
128
129I accept donations over PayPal, Bitcoin and Flattr. For donations via PayPal you
130can use the email address `donate@siacs.eu` or the button below.
131
132[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CW3SYT3KG5PDL)
133
134**Disclaimer:** I'm not a huge fan of PayPal and their business policies. For
135larger contributions please get in touch with me beforehand and we can talk
136about bank transfer (SEPA).
137
138My Bitcoin Address is: `1NxSU1YxYzJVDpX1rcESAA3NJki7kRgeeu`
139
140
141[](https://flattr.com/submit/auto?user_id=inputmice&url=http%3A%2F%2Fconversations.siacs.eu&title=Conversations&tags=github&category=software)
142
143#### How do I create an account?
144XMPP, like email, is a federated protocol, which means that there is not one company you can create an *official XMPP account* with. Instead there are hundreds, or even thousands, of providers out there. One of those providers is our very own [conversations.im](https://account.conversations.im). If you don’t like to use *conversations.im* use a web search engine of your choice to find another provider. Or maybe your university has one. Or you can run your own. Or ask a friend to run one. Once you've found one, you can use Conversations to create an account. Just select *register new account* on server within the create account dialog.
145
146##### Domain hosting
147Using your own domain not only gives you a more recognizable Jabber ID, it also gives you the flexibility to migrate your account between different XMPP providers. This is a good compromise between the responsibilities of having to operate your own server and the downsides of being dependent on a single provider.
148
149Learn more about [conversations.im Jabber/XMPP domain hosting](https://account.conversations.im/domain/).
150
151##### Running your own
152If you already have a server somewhere and are willing and able to put the necessary work in, one alternative-in the spirit of federation-is to run your own. We recommend either [Prosody](https://prosody.im/) or [ejabberd](https://www.ejabberd.im/). Both of which have their own strengths. Ejabberd is slightly more mature nowadays but Prosody is arguably easier to set up.
153
154For Prosody you need a couple of so called [community modules](https://modules.prosody.im/) most of which are maintained by the same people that develop Prosody.
155
156If you pick ejabberd make sure you use the latest version. Linux Distributions might bundle some very old versions of it.
157
158#### Where can I set up a custom hostname / port
159Conversations will automatically look up the SRV records for your domain name
160which can point to any hostname port combination. If your server doesn’t provide
161those please contact your admin and have them read
162[this](http://prosody.im/doc/dns#srv_records). If your server operator is unwilling
163to fix this you can enable advanced server settings in the expert settings of
164Conversations.
165
166#### I get 'Incompatible Server'
167
168As regular user you should be picking a different server. The server you selected
169is probably insecure and/or very old.
170
171If you are a server administrator you should make sure that your server provides
172STARTTLS. XMPP over TLS (on a different port) is not sufficient.
173
174On rare occasions this error message might also be caused by a server not providing
175a login (SASL) mechanism that Conversations is able to handle. Conversations supports
176SCRAM-SHA1, PLAIN, EXTERNAL (client certs) and DIGEST-MD5.
177
178#### How do XEP-0357: Push Notifications work?
179You need to be running the Play Store version of Conversations and your server needs to support push notifications.¹ Because *Google Cloud Notifications (GCM)* are tied with an API key to a specific app your server can not initiate the push message directly. Instead your server will send the push notification to the Conversations App server (operated by us) which then acts as a proxy and initiates the push message for you. The push message sent from our App server through GCM doesn’t contain any personal information. It is just an empty message which will wake up your device and tell Conversations to reconnect to your server. The information send from your server to our App server depends on the configuration of your server but can be limited to your account name. (In any case the Conversations App server won't redirect any information through GCM even if your server sends this information.)
180
181In summary Google will never get hold of any personal information besides that *something* happened. (Which doesn’t even have to be a message but can be some automated event as well.) We - as the operator of the App server - will just get hold of your account name (without being able to tie this to your specific device).
182
183If you don’t want this simply pick a server which does not offer Push Notifications or build Conversations yourself without support for push notifications. (This is available via a gradle build flavor.) Non-play store source of Conversations like the Amazon App store will also offer a version without push notifications. Conversations will just work as before and maintain its own TCP connection in the background.
184
185 ¹ Your server only needs to support the server side of [XEP-0357: Push Notifications](http://xmpp.org/extensions/xep-0357.html). If you use the Play Store version you do **not** need to run your own app server. The server modules are called *mod_cloud_notify* on Prosody and *mod_push* on ejabberd.
186
187#### Conversations doesn't work for me. Where can I get help?
188
189You can join our conference room on `conversations@conference.siacs.eu`.
190A lot of people in there are able to answer basic questions about the usage of
191Conversations or can provide you with tips on running your own XMPP server. If
192you found a bug or your app crashes please read the Developer / Report Bugs
193section of this document.
194
195#### I need professional support with Conversations or setting up my server
196
197I'm available for hire. Contact me at `inputmice@siacs.eu`.
198
199#### How does the address book integration work?
200
201The address book integration was designed to protect your privacy. Conversations
202neither uploads contacts from your address book to your server nor fills your
203address book with unnecessary contacts from your online roster. If you manually
204add a Jabber ID to your phones address book Conversations will use the name and
205the profile picture of this contact. To make the process of adding Jabber IDs to
206your address book easier you can click on the profile picture in the contact
207details within Conversations. This will start an "add to address book" intent
208with the JID as the payload. This doesn't require Conversations to have write
209permissions on your address book but also doesn't require you to copy/paste a
210JID from one app to another.
211
212#### I get 'delivery failed' on my messages
213
214If you get delivery failed on images it's probably because the recipient lost
215network connectivity during reception. In that case you can try it again at a
216later time.
217
218For text messages the answer to your question is a little bit more complex.
219When you see 'delivery failed' on text messages, it is always something that is
220being reported by the server. The most common reason for this is that the
221recipient failed to resume a connection. When a client loses connectivity for a
222short time the client usually has a five minute window to pick up that
223connection again. When the client fails to do so because the network
224connectivity is out for longer than that all messages sent to that client will
225be returned to the sender resulting in a delivery failed.
226
227Instead of returning a message to the sender both ejabberd and prosody have the
228ability to store messages in offline storage when the disconnecting client is
229the only client. In prosody this is available via an extra module called
230```mod_smacks_offline```. In ejabberd this is available via some configuration
231settings.
232
233Other less common reasons are that the message you sent didn't meet some
234criteria enforced by the server (too large, too many). Another reason could be
235that the recipient is offline and the server doesn't provide offline storage.
236
237Usually you are able to distinguish between these two groups in the fact that
238the first one happens always after some time and the second one happens almost
239instantly.
240
241#### Where can I see the status of my contacts? How can I set a status or priority?
242
243Statuses are a horrible metric. Setting them manually to a proper value rarely
244works because users are either lazy or just forget about them. Setting them
245automatically does not provide quality results either. Keyboard or mouse
246activity as indicator for example fails when the user is just looking at
247something (reading an article, watching a movie). Furthermore automatic setting
248of status always implies an impact on your privacy (are you sure you want
249everybody in your contact list to know that you have been using your computer at
2504am‽).
251
252In the past status has been used to judge the likelihood of whether or not your
253messages are being read. This is no longer necessary. With Chat Markers
254(XEP-0333, supported by Conversations since 0.4) we have the ability to **know**
255whether or not your messages are being read. Similar things can be said for
256priorities. In the past priorities have been used (by servers, not by clients!)
257to route your messages to one specific client. With carbon messages (XEP-0280,
258supported by Conversations since 0.1) this is no longer necessary. Using
259priorities to route OTR messages isn't practical either because they are not
260changeable on the fly. Metrics like last active client (the client which sent
261the last message) are much better.
262
263Unfortunately these modern replacements for legacy XMPP features are not widely
264adopted. However Conversations should be an instant messenger for the future and
265instead of making Conversations compatible with the past we should work on
266implementing new, improved technologies and getting them into other XMPP clients
267as well.
268
269Making these status and priority optional isn't a solution either because
270Conversations is trying to get rid of old behaviours and set an example for
271other clients.
272
273#### How do I backup / move Conversations to a new device?
274On the one hand Conversations supports Message Archive Management to keep a server side history of your messages so when migrating to a new device that device can display your entire history. However that does not work if you enable OMEMO due to its forward secrecy. (Read [The State of Mobile XMPP in 2016](https://gultsch.de/xmpp_2016.html) especially the section on encryption.)
275
276If you migrate to a new device and would still like to keep your history please use a third party backup tool like [oandbackup](https://github.com/jensstein/oandbackup) (needs root access on the device) or ```adb backup``` (no root access needed) from your computer. It is important that you deactivate your account before backup and activate it only after a successful restore, otherwise OMEMO might not work afterwards. Also, remember that you can **only** transfer the backup to either the same version of Android or to a newer one (eg. 5.1.1 -> 5.1.1 or 5.1.1 -> 6.0.1).
277
278#### Conversations is missing a certain feature
279
280I'm open for new feature suggestions. You can use the [issue tracker][issues] on
281GitHub. Please take some time to browse through the issues to see if someone
282else already suggested it. Be assured that I read each and every ticket. If I
283like it I will leave it open until it's implemented. If I don't like it I will
284close it (usually with a short comment). If I don't comment on an feature
285request that's probably a good sign because this means I agree with you.
286Commenting with +1 on either open or closed issues won't change my mind, nor
287will it accelerate the development.
288
289#### You closed my feature request but I want it really really badly
290
291Just write it yourself and send me a pull request. If I like it I will happily
292merge it if I don't at least you and like minded people get to enjoy it.
293
294#### I need a feature and I need it now!
295
296I am available for hire. Contact me via XMPP: `inputmice@siacs.eu`
297
298### Security
299
300#### Why are there three end-to-end encryption methods and which one should I choose?
301
302* OTR is a legacy encryption method. It works out of the box with most contacts as long as they are online.
303* OMEMO works even when a contact is offline, and works with multiple devices. It also allows asynchronous file-transfer when the server has [HTTP File Upload](http://xmpp.org/extensions/xep-0363.html). However, OMEMO is not as widely supported as OTR and is currently implemented only by Conversations and Gajim. OMEMO should be preferred over OTR for contacts who use Conversations.
304* OpenPGP (XEP-0027) is a very old encryption method that has some advantages over OTR but should only be used by experts who know what they are doing.
305
306#### How do I use OpenPGP
307
308Before you continue reading you should note that the OpenPGP support in
309Conversations is experimental. This is not because it will make the app unstable
310but because the fundamental concepts of PGP aren't ready for widespread use.
311The way PGP works is that you trust Key IDs instead of JID's or email addresses.
312So in theory your contact list should consist of Public-Key-IDs instead of
313JID's. But of course no email or XMPP client out there implements these
314concepts. Plus PGP in the context of instant messaging has a couple of
315downsides: It is vulnerable to replay attacks, it is rather verbose, and
316decrypting and encrypting takes longer than OTR. It is however asynchronous and
317works well with message carbons.
318
319To use OpenPGP you have to install the open source app
320[OpenKeychain](http://www.openkeychain.org) and then long press on the account in
321manage accounts and choose renew PGP announcement from the contextual menu.
322
323#### OMEMO is grayed out. What do I do?
324OMEMO has two requirements: Your server and the server of your contact need to support PEP. Both of you can verify that individually by opening your account details and selecting ```Server info``` from the menu. The appearing table should list PEP as available. The second requirement is mutual presence subscription. You can verify that by opening the contact details and see if both check boxes *Send presence updates* and *Receive presence updates* are checked.
325
326#### How does the encryption for conferences work?
327
328For conferences only OMEMO and OpenPGP are supported as encryption method. (OTR
329does not work with multiple participants).
330
331##### OMEMO
332
333OMEMO encryption works only in private (members only) conferences that are non-anonymous.
334You need to have presence subscription with every member of the conference.
335You can verify that by going into the conference details, long press every member and start
336a conversation with them. (Or select 'contact details' if they are already in your contact
337list)
338
339The owner of a conference can make a public conference private by going into the conference
340details and hit the settings button (the one with the gears) and select both *private* and
341*members only*.
342
343If OMEMO is grayed out long pressing the lock icon will reveal some quick hints on why OMEMO
344is disabled.
345
346##### OpenPGP
347
348Every participant has to announce their OpenPGP key (see answer above).
349If you would like to send encrypted messages to a conference you have to make
350sure that you have every participant's public key in your OpenKeychain.
351Right now there is no check in Conversations to ensure that.
352You have to take care of that yourself. Go to the conference details and
353touch every key id (The hexadecimal number below a contact). This will send you
354to OpenKeychain which will assist you on adding the key. This works best in
355very small conferences with contacts you are already using OpenPGP with. This
356feature is regarded experimental. Conversations is the only client that uses
357XEP-0027 with conferences. (The XEP neither specifically allows nor disallows
358this.)
359
360#### Why is Conversations not end-to-end encrypted by default
361We briefly had OMEMO as the default E2EE but it turned out to be a usability nightmare and thus we reverted that. You can find more information in [the commit message](https://github.com/siacs/Conversations/commit/035d0c79572d5981c53d1bff7f30b484c6542f17) of that change.
362
363Quick reminder that Conversations **always** uses TLS to connect to your server. It won‘t even connect to a server without TLS.
364
365#### What is Blind Trust Before Verification / why are messages marked with a red lock?
366
367Read more about the concept on https://gultsch.de/trust.html
368
369### What clients do I use on other platforms
370There are XMPP Clients available for all major platforms.
371#### Windows / Linux
372For your desktop computer we recommend that you use [Gajim](https://gajim.org). You need to install the plugins `OMEMO`, `HTTP Upload` and `URL image preview` to get the best compatibility with Conversations. Plugins can be installed from within the app.
373#### iOS
374Unfortunately we don‘t have a recommendation for iPhones right now. There are two clients available [ChatSecure](https://chatsecure.org/) and [Monal](https://monal.im/). Both with their own pros and cons.
375
376
377### Development
378
379<a name="beta"></a>
380#### Beta testing
381If you bought the App on [Google Play](https://play.google.com/store/apps/details?id=eu.siacs.conversations)
382you can get access to the latest beta version by joining the
383[Conversations Beta Testers](https://plus.google.com/communities/107649347599361240873)
384community on Google+ and then using [this link](https://play.google.com/apps/testing/eu.siacs.conversations)
385to sign up for the beta test.
386
387#### How do I build Conversations
388
389Make sure to have ANDROID_HOME point to your Android SDK. Use the Android SDK Manager to install missing dependencies.
390
391 git clone https://github.com/siacs/Conversations.git
392 cd Conversations
393 ./gradlew assembleFreeDebug
394
395There are two build flavors available. *free* and *playstore*. Unless you know what you are doing you only need *free*.
396
397
398[](https://travis-ci.org/siacs/Conversations)
399
400#### How do I update/add external libraries?
401
402If the library you want to update is in Maven Central or JCenter (or has its own
403Maven repo), add it or update its version in `build.gradle`. If the library is
404in the `libs/` directory, you can update it using a subtree merge by doing the
405following (using `minidns` as an example):
406
407 git remote add minidns https://github.com/rtreffer/minidns.git
408 git fetch minidns
409 git merge -s subtree minidns master
410
411To add a new dependency to the `libs/` directory (replacing "name", "branch" and
412"url" as necessary):
413
414 git remote add name url
415 git merge -s ours --no-commit name/branch
416 git read-tree --prefix=libs/name -u name/branch
417 git commit -m "Subtree merged in name"
418
419#### How do I debug Conversations
420
421If something goes wrong Conversations usually exposes very little information in
422the UI (other than the fact that something didn't work). However with adb
423(android debug bridge) you can squeeze some more information out of Conversations.
424These information are especially useful if you are experiencing trouble with
425your connection or with file transfer.
426
427To use adb you have to connect your mobile phone to your computer with an USB cable
428and install `adb`. Most Linux systems have prebuilt packages for that tool. On
429Debian/Ubuntu for example it is called `android-tools-adb`.
430
431Furthermore you might have to enable 'USB debugging' in the Developer options of your
432phone. After that you can just execute the following on your computer:
433
434 adb -d logcat -v time -s conversations
435
436If need be there are also some Apps on the PlayStore that can be used to show the logcat
437directly on your rooted phone. (Search for logcat). However in regards to further processing
438(for example to create an issue here on Github) it is more convenient to just use your PC.
439
440#### I found a bug
441
442Please report it to our [issue tracker][issues]. If your app crashes please
443provide a stack trace. If you are experiencing misbehavior please provide
444detailed steps to reproduce. Always mention whether you are running the latest
445Play Store version or the current HEAD. If you are having problems connecting to
446your XMPP server your file transfer doesn’t work as expected please always
447include a logcat debug output with your issue (see above).
448
449[issues]: https://github.com/siacs/Conversations/issues