1# Conversations
2
3Conversations: the very last word in instant messaging
4
5[](https://play.google.com/store/apps/details?id=eu.siacs.conversations&referrer=utm_source%3Dgithub) [](http://www.amazon.com/dp/B00WD35AAC/)
6
7
8
9## Design principles
10
11* Be as beautiful and easy to use as possible without sacrificing security or
12 privacy
13* Rely on existing, well established protocols (XMPP)
14* Do not require a Google Account or specifically Google Cloud Messaging (GCM)
15* Require as few permissions as possible
16
17## Features
18
19* End-to-end encryption with [OMEMO](http://conversations.im/omemo/), [OTR](https://otr.cypherpunks.ca/), or [OpenPGP](http://openpgp.org/about/)
20* Send and receive images as well as other kind of files
21* Share your location via an external [plug-in](https://play.google.com/store/apps/details?id=eu.siacs.conversations.sharelocation&referrer=utm_source%3Dgithub)
22* Indication when your contact has read your message
23* Intuitive UI that follows Android Design guidelines
24* Pictures / Avatars for your Contacts
25* Syncs with desktop client
26* Conferences (with support for bookmarks)
27* Address book integration
28* Multiple accounts / unified inbox
29* Very low impact on battery life
30
31
32### XMPP Features
33
34Conversations works with every XMPP server out there. However XMPP is an
35extensible protocol. These extensions are standardized as well in so called
36XEP's. Conversations supports a couple of these to make the overall user
37experience better. There is a chance that your current XMPP server does not
38support these extensions; therefore to get the most out of Conversations you
39should consider either switching to an XMPP server that does or — even better —
40run your own XMPP server for you and your friends. These XEP's are:
41
42* [XEP-0065: SOCKS5 Bytestreams](http://xmpp.org/extensions/xep-0065.html) (or mod_proxy65). Will be used to transfer
43 files if both parties are behind a firewall (NAT).
44* [XEP-0163: Personal Eventing Protocol](http://xmpp.org/extensions/xep-0163.html) for avatars and OMEMO.
45* [XEP-0191: Blocking command](http://xmpp.org/extensions/xep-0191.html) lets you blacklist spammers or block contacts
46 without removing them from your roster.
47* [XEP-0198: Stream Management](http://xmpp.org/extensions/xep-0198.html) allows XMPP to survive small network outages and
48 changes of the underlying TCP connection.
49* [XEP-0280: Message Carbons](http://xmpp.org/extensions/xep-0280.html) which automatically syncs the messages you send to
50 your desktop client and thus allows you to switch seamlessly from your mobile
51 client to your desktop client and back within one conversation.
52* [XEP-0237: Roster Versioning](http://xmpp.org/extensions/xep-0237.html) mainly to save bandwidth on poor mobile connections
53* [XEP-0313: Message Archive Management](http://xmpp.org/extensions/xep-0313.html) synchronize message history with the
54 server. Catch up with messages that were sent while Conversations was
55 offline.
56* [XEP-0352: Client State Indication](http://xmpp.org/extensions/xep-0352.html) lets the server know whether or not
57 Conversations is in the background. Allows the server to save bandwidth by
58 withholding unimportant packages.
59* [XEP-0363: HTTP File Upload](http://xmpp.org/extensions/xep-0363.html) allows you to share files in conferences
60 and with offline contacts.
61
62## Team
63
64#### Head of Development
65
66* [Daniel Gultsch](https://github.com/inputmice)
67
68#### Code Contributions
69
70(In order of appearance)
71
72* [Rene Treffer](https://github.com/rtreffer) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3Artreffer+is%3Amerged))
73* [Andreas Straub](https://github.com/strb) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3Astrb+is%3Amerged))
74* [Alethea Butler](https://github.com/alethea) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3Aalethea+is%3Amerged))
75* [M. Dietrich](https://github.com/emdete) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3Aemdete+is%3Amerged))
76* [betheg](https://github.com/betheg) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3Abetheg+is%3Amerged))
77* [Sam Whited](https://github.com/SamWhited) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3ASamWhited+is%3Amerged))
78* [BrianBlade](https://github.com/BrianBlade) ([PRs](https://github.com/siacs/Conversations/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3ABrianBlade+is%3Amerged))
79
80#### Logo
81* [Ilia Rostovtsev](https://github.com/qooob) (Progress)
82* [Diego Turtulici](http://efesto.eigenlab.org/~diesys) (Original)
83* [fiaxh](https://github.com/fiaxh) (OMEMO)
84
85#### Translations
86Translations are managed on [Transifex](https://www.transifex.com/projects/p/conversations/)
87
88## FAQ
89
90### General
91
92#### How do I install Conversations?
93
94Conversations is entirely open source and licensed under GPLv3. So if you are a
95software developer you can check out the sources from GitHub and use Gradle to
96build your apk file.
97
98The more convenient way — which not only gives you automatic updates but also
99supports the further development of Conversations — is to buy the App in the
100Google [Play Store](https://play.google.com/store/apps/details?id=eu.siacs.conversations&referrer=utm_source%3Dgithub).
101
102Buying the App from the Play Store will also give you access to our [beta test](#beta).
103
104#### I don't have a Google Account but I would still like to make a contribution
105
106I accept donations over PayPal, Bitcoin and Flattr. For donations via PayPal you
107can use the email address `donate@siacs.eu` or the button below.
108
109[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CW3SYT3KG5PDL)
110
111**Disclaimer:** I'm not a huge fan of PayPal and their business policies. For
112larger contributions please get in touch with me beforehand and we can talk
113about bank transfer (SEPA).
114
115My Bitcoin Address is: `1NxSU1YxYzJVDpX1rcESAA3NJki7kRgeeu`
116
117
118[](https://flattr.com/submit/auto?user_id=inputmice&url=http%3A%2F%2Fconversations.siacs.eu&title=Conversations&tags=github&category=software)
119
120#### How do I create an account?
121XMPP, like email, is a federated protocol, which means that there is not one company you can create an *official XMPP account* with. Instead there are hundreds, or even thousands, of providers out there. One of those providers is our very own [conversations.im](https://account.conversations.im). If you don’t like to use *conversations.im* use a web search engine of your choice to find another provider. Or maybe your university has one. Or you can run your own. Or ask a friend to run one. Once you've found one, you can use Conversations to create an account. Just select *register new account* on server within the create account dialog.
122
123##### Domain hosting
124Using your own domain not only gives you a more recognizable Jabber ID, it also gives you the flexibility to migrate your account between different XMPP providers. This is a good compromise between the responsibilities of having to operate your own server and the downsides of being dependent on a single provider.
125
126Learn more about [conversations.im Jabber/XMPP domain hosting](https://account.conversations.im/domain/).
127
128##### Running your own
129If you already have a server somewhere and are willing and able to put the necessary work in, one alternative-in the spirit of federation-is to run your own. We recommend either [Prosody](https://prosody.im/) or [ejabberd](https://www.ejabberd.im/). Both of which have their own strengths. Ejabberd is slightly more mature nowadays but Prosody is arguably easier to set up.
130
131For Prosody you need a couple of so called [community modules](https://modules.prosody.im/) most of which are maintained by the same people that develop Prosody.
132
133If you pick ejabberd make sure you use the latest version. Linux Distributions might bundle some very old versions of it.
134
135#### Where can I set up a custom hostname / port
136Conversations will automatically look up the SRV records for your domain name
137which can point to any hostname port combination. If your server doesn’t provide
138those please contact your admin and have them read
139[this](http://prosody.im/doc/dns#srv_records). If your server operator is unwilling
140to fix this you can enable advanced server settings in the expert settings of
141Conversations.
142
143#### I get 'Incompatible Server'
144
145As regular user you should be picking a different server. The server you selected
146is probably insecure and/or very old.
147
148If you are a server administrator you should make sure that your server provides
149STARTTLS. XMPP over TLS (on a different port) is not sufficient.
150
151On rare occasions this error message might also be caused by a server not providing
152a login (SASL) mechanism that Conversations is able to handle. Conversations supports
153SCRAM-SHA1, PLAIN, EXTERNAL (client certs) and DIGEST-MD5.
154
155#### How do XEP-0357: Push Notifications work?
156You need to be running the Play Store version of Conversations and your server needs to support push notifications.¹ Because *Google Cloud Notifications (GCM)* are tied with an API key to a specific app your server can not initiate the push message directly. Instead your server will send the push notification to the Conversations App server (operated by us) which then acts as a proxy and initiates the push message for you. The push message sent from our App server through GCM doesn’t contain any personal information. It is just an empty message which will wake up your device and tell Conversations to reconnect to your server. The information send from your server to our App server depends on the configuration of your server but can be limited to your account name. (In any case the Conversations App server won't redirect any information through GCM even if your server sends this information.)
157
158In summary Google will never get hold of any personal information besides that *something* happened. (Which doesn’t even have to be a message but can be some automated event as well.) We - as the operator of the App server - will just get hold of your account name (without being able to tie this to your specific device).
159
160If you don’t want this simply pick a server which does not offer Push Notifications or build Conversations yourself without support for push notifications. (This is available via a gradle build flavor.) Non-play store source of Conversations like the Amazon App store will also offer a version without push notifications. Conversations will just work as before and maintain its own TCP connection in the background.
161
162 ¹ Your server only needs to support the server side of [XEP-0357: Push Notifications](http://xmpp.org/extensions/xep-0357.html). If you use the Play Store version you do **not** need to run your own app server. The server modules are called *mod_cloud_notify* on Prosody and *mod_push* on ejabberd.
163
164#### Conversations doesn't work for me. Where can I get help?
165
166You can join our conference room on `conversations@conference.siacs.eu`.
167A lot of people in there are able to answer basic questions about the usage of
168Conversations or can provide you with tips on running your own XMPP server. If
169you found a bug or your app crashes please read the Developer / Report Bugs
170section of this document.
171
172#### I need professional support with Conversations or setting up my server
173
174I'm available for hire. Contact me at `inputmice@siacs.eu`.
175
176#### How does the address book integration work?
177
178The address book integration was designed to protect your privacy. Conversations
179neither uploads contacts from your address book to your server nor fills your
180address book with unnecessary contacts from your online roster. If you manually
181add a Jabber ID to your phones address book Conversations will use the name and
182the profile picture of this contact. To make the process of adding Jabber IDs to
183your address book easier you can click on the profile picture in the contact
184details within Conversations. This will start an "add to address book" intent
185with the JID as the payload. This doesn't require Conversations to have write
186permissions on your address book but also doesn't require you to copy/paste a
187JID from one app to another.
188
189#### I get 'delivery failed' on my messages
190
191If you get delivery failed on images it's probably because the recipient lost
192network connectivity during reception. In that case you can try it again at a
193later time.
194
195For text messages the answer to your question is a little bit more complex.
196When you see 'delivery failed' on text messages, it is always something that is
197being reported by the server. The most common reason for this is that the
198recipient failed to resume a connection. When a client loses connectivity for a
199short time the client usually has a five minute window to pick up that
200connection again. When the client fails to do so because the network
201connectivity is out for longer than that all messages sent to that client will
202be returned to the sender resulting in a delivery failed.
203
204Instead of returning a message to the sender both ejabberd and prosody have the
205ability to store messages in offline storage when the disconnecting client is
206the only client. In prosody this is available via an extra module called
207```mod_smacks_offline```. In ejabberd this is available via some configuration
208settings.
209
210Other less common reasons are that the message you sent didn't meet some
211criteria enforced by the server (too large, too many). Another reason could be
212that the recipient is offline and the server doesn't provide offline storage.
213
214Usually you are able to distinguish between these two groups in the fact that
215the first one happens always after some time and the second one happens almost
216instantly.
217
218#### Where can I see the status of my contacts? How can I set a status or priority?
219
220Statuses are a horrible metric. Setting them manually to a proper value rarely
221works because users are either lazy or just forget about them. Setting them
222automatically does not provide quality results either. Keyboard or mouse
223activity as indicator for example fails when the user is just looking at
224something (reading an article, watching a movie). Furthermore automatic setting
225of status always implies an impact on your privacy (are you sure you want
226everybody in your contact list to know that you have been using your computer at
2274am‽).
228
229In the past status has been used to judge the likelihood of whether or not your
230messages are being read. This is no longer necessary. With Chat Markers
231(XEP-0333, supported by Conversations since 0.4) we have the ability to **know**
232whether or not your messages are being read. Similar things can be said for
233priorities. In the past priorities have been used (by servers, not by clients!)
234to route your messages to one specific client. With carbon messages (XEP-0280,
235supported by Conversations since 0.1) this is no longer necessary. Using
236priorities to route OTR messages isn't practical either because they are not
237changeable on the fly. Metrics like last active client (the client which sent
238the last message) are much better.
239
240Unfortunately these modern replacements for legacy XMPP features are not widely
241adopted. However Conversations should be an instant messenger for the future and
242instead of making Conversations compatible with the past we should work on
243implementing new, improved technologies and getting them into other XMPP clients
244as well.
245
246Making these status and priority optional isn't a solution either because
247Conversations is trying to get rid of old behaviours and set an example for
248other clients.
249
250#### How do I backup / move Conversations to a new device?
251On the one hand Conversations supports Message Archive Management to keep a server side history of your messages so when migrating to a new device that device can display your entire history. However that does not work if you enable OMEMO due to its forward secrecy. (Read [The State of Mobile XMPP in 2016](https://gultsch.de/xmpp_2016.html) especially the section on encryption.)
252
253If you migrate to a new device and would still like to keep your history please use a third party backup tool like [oandbackup](https://github.com/jensstein/oandbackup) or ```adb backup``` from your computer. It is important that your deactivate your account before backup and activate it only after a successful restore. Otherwise OMEMO might not work afterwards.
254
255#### Conversations is missing a certain feature
256
257I'm open for new feature suggestions. You can use the [issue tracker][issues] on
258GitHub. Please take some time to browse through the issues to see if someone
259else already suggested it. Be assured that I read each and every ticket. If I
260like it I will leave it open until it's implemented. If I don't like it I will
261close it (usually with a short comment). If I don't comment on an feature
262request that's probably a good sign because this means I agree with you.
263Commenting with +1 on either open or closed issues won't change my mind, nor
264will it accelerate the development.
265
266#### You closed my feature request but I want it really really badly
267
268Just write it yourself and send me a pull request. If I like it I will happily
269merge it if I don't at least you and like minded people get to enjoy it.
270
271#### I need a feature and I need it now!
272
273I am available for hire. Contact me via XMPP: `inputmice@siacs.eu`
274
275### Security
276
277#### Why are there three end-to-end encryption methods and which one should I choose?
278
279* OTR is a legacy encryption method. It works out of the box with most contacts as long as they are online.
280* OMEMO works even when a contact is offline, and works with multiple devices. It also allows asynchronous file-transfer when the server has [HTTP File Upload](http://xmpp.org/extensions/xep-0363.html). However, OMEMO is not as widely supported as OTR and is currently implemented only by Conversations and Gajim. OMEMO should be preferred over OTR for contacts who use Conversations.
281* OpenPGP (XEP-0027) is a very old encryption method that has some advantages over OTR but should only be used by experts who know what they are doing.
282
283#### How do I use OpenPGP
284
285Before you continue reading you should note that the OpenPGP support in
286Conversations is experimental. This is not because it will make the app unstable
287but because the fundamental concepts of PGP aren't ready for widespread use.
288The way PGP works is that you trust Key IDs instead of JID's or email addresses.
289So in theory your contact list should consist of Public-Key-IDs instead of
290JID's. But of course no email or XMPP client out there implements these
291concepts. Plus PGP in the context of instant messaging has a couple of
292downsides: It is vulnerable to replay attacks, it is rather verbose, and
293decrypting and encrypting takes longer than OTR. It is however asynchronous and
294works well with message carbons.
295
296To use OpenPGP you have to install the open source app
297[OpenKeychain](http://www.openkeychain.org) and then long press on the account in
298manage accounts and choose renew PGP announcement from the contextual menu.
299
300#### OMEMO is grayed out. What do I do?
301OMEMO has two requirements: Your server and the server of your contact need to support PEP. Both of you can verify that individually by opening your account details and selecting ```Server info``` from the menu. The appearing table should list PEP as available. The second requirement is mutual presence subscription. You can verify that by opening the contact details and see if both check boxes *Send presence updates* and *Receive presence updates* are checked.
302
303#### How does the encryption for conferences work?
304
305For conferences only OMEMO and OpenPGP are supported as encryption method. (OTR
306does not work with multiple participants).
307
308##### OMEMO
309
310OMEMO encryption works only in private (members only) conferences that are non-anonymous.
311You need to have presence subscription with every member of the conference.
312You can verify that by going into the conference details, long press every member and start
313a conversation with them. (Or select 'contact details' if they are already in your contact
314list)
315
316The owner of a conference can make a public conference private by going into the conference
317details and hit the settings button (the one with the gears) and select both *private* and
318*members only*.
319
320If OMEMO is grayed out long pressing the lock icon will reveal some quick hints on why OMEMO
321is disabled.
322
323##### OpenPGP
324
325Every participant has to announce their OpenPGP key (see answer above).
326If you would like to send encrypted messages to a conference you have to make
327sure that you have every participant's public key in your OpenKeychain.
328Right now there is no check in Conversations to ensure that.
329You have to take care of that yourself. Go to the conference details and
330touch every key id (The hexadecimal number below a contact). This will send you
331to OpenKeychain which will assist you on adding the key. This works best in
332very small conferences with contacts you are already using OpenPGP with. This
333feature is regarded experimental. Conversations is the only client that uses
334XEP-0027 with conferences. (The XEP neither specifically allows nor disallows
335this.)
336
337#### Why is Conversations not end-to-end encrypted by default
338We briefly had OMEMO as the default E2EE but it turned out to be a usability nightmare and thus we reverted that. You can find more information in [the commit message](https://github.com/siacs/Conversations/commit/035d0c79572d5981c53d1bff7f30b484c6542f17) of that change.
339
340Quick reminder that Conversations **always** uses TLS to connect to your server. It won‘t even connect to a server without TLS.
341
342#### What is Blind Trust Before Verification / why are messages marked with a red lock?
343
344Read more about the concept on https://gultsch.de/trust.html
345
346### What clients do I use on other platforms
347There are XMPP Clients available for all major platforms.
348#### Windows / Linux
349For your desktop computer we recommend that you use [Gajim](https://gajim.org). You need to install the plugins `OMEMO`, `HTTP Upload` and `URL image preview` to get the best compatibility with Conversations. Plugins can be installed from within the app.
350#### iOS
351Unfortunately we don‘t have a recommendation for iPhones right now. There are two clients available [ChatSecure](https://chatsecure.org/) and [Monal](https://monal.im/). Both with their own pros and cons.
352
353
354### Development
355
356<a name="beta"></a>
357#### Beta testing
358If you bought the App on [Google Play](https://play.google.com/store/apps/details?id=eu.siacs.conversations)
359you can get access to the latest beta version by joining the
360[Conversations Beta Testers](https://plus.google.com/communities/107649347599361240873)
361community on Google+ and then using [this link](https://play.google.com/apps/testing/eu.siacs.conversations)
362to sign up for the beta test.
363
364#### How do I build Conversations
365
366Make sure to have ANDROID_HOME point to your Android SDK. Use the Android SDK Manager to install missing dependencies.
367
368 git clone https://github.com/siacs/Conversations.git
369 cd Conversations
370 ./gradlew assembleFreeDebug
371
372There are two build flavors available. *free* and *playstore*. Unless you know what you are doing you only need *free*.
373
374
375[](https://travis-ci.org/siacs/Conversations)
376
377#### How do I update/add external libraries?
378
379If the library you want to update is in Maven Central or JCenter (or has its own
380Maven repo), add it or update its version in `build.gradle`. If the library is
381in the `libs/` directory, you can update it using a subtree merge by doing the
382following (using `minidns` as an example):
383
384 git remote add minidns https://github.com/rtreffer/minidns.git
385 git fetch minidns
386 git merge -s subtree minidns master
387
388To add a new dependency to the `libs/` directory (replacing "name", "branch" and
389"url" as necessary):
390
391 git remote add name url
392 git merge -s ours --no-commit name/branch
393 git read-tree --prefix=libs/name -u name/branch
394 git commit -m "Subtree merged in name"
395
396#### How do I debug Conversations
397
398If something goes wrong Conversations usually exposes very little information in
399the UI (other than the fact that something didn't work). However with adb
400(android debug bridge) you can squeeze some more information out of Conversations.
401These information are especially useful if you are experiencing trouble with
402your connection or with file transfer.
403
404To use adb you have to connect your mobile phone to your computer with an USB cable
405and install `adb`. Most Linux systems have prebuilt packages for that tool. On
406Debian/Ubuntu for example it is called `android-tools-adb`.
407
408Furthermore you might have to enable 'USB debugging' in the Developer options of your
409phone. After that you can just execute the following on your computer:
410
411 adb -d logcat -v time -s conversations
412
413If need be there are also some Apps on the PlayStore that can be used to show the logcat
414directly on your rooted phone. (Search for logcat). However in regards to further processing
415(for example to create an issue here on Github) it is more convenient to just use your PC.
416
417#### I found a bug
418
419Please report it to our [issue tracker][issues]. If your app crashes please
420provide a stack trace. If you are experiencing misbehavior please provide
421detailed steps to reproduce. Always mention whether you are running the latest
422Play Store version or the current HEAD. If you are having problems connecting to
423your XMPP server your file transfer doesn’t work as expected please always
424include a logcat debug output with your issue (see above).
425
426[issues]: https://github.com/siacs/Conversations/issues