Skip to main content

70+ IM services switch on mandatory encryption

Various instant messaging service are on the verge of blocking unencrypted chat messages thanks to the roll out of a XMPP upgrade that has been in the pipeline for some time.

Related: Google developing unified chat service called Babble, according to report

The XMPP Standard Foundation confirmed that the 70 services that are part of the public XMPP network turned on mandatory encryption for client-to-server and server-to-server connections.

"Today, a large number of services on the public XMPP network permanently turned on mandatory encryption for client-to-server and server-to-server connections. This is the first step toward making the XMPP network more secure for all users,” Peter Saint-Andre, the technologist behind the initiative, told The Register.

XMPP was first used by the Jabber instant messaging service and is now implemented, in part, by almost all of the world’s popular IM services, and one signatory company, Prosodical, admitted that the pledge was a prerequisite for other security changes to take place.

"While XMPP is an open distributed network, obviously no single entity can mandate encryption for the whole network – but as a group we are moving in the right direction," stated a company blog post. "This commitment to encrypted connections is only the first step toward more secure communication using XMPP, and does not obviate the need for technologies supporting end-to-end encryption such as Off-the-Record Messaging, strong authentication, channel binding, secure DNS, server identity checking, and secure service delegation."

A similar initiative entitled Reset the Net is also moving in a similar direction as the coalition of privacy groups looks to persuade further implementation of SSL, HTTP Strict Transport Security [HSTS], Perfect Forward Secrecy [PFS] and end-to-end encryption.

Related: Cryptocat finally launches encrypted messaging service on iOS three months after it was rejected

The movement in the direction of mandatory encryption has been rolling along ever since widespread National Security Agency [NSA] snooping and spying was revealed by renowned whistleblower Edward Snowden.