Yeah me too, I'm using Conversations[0] on Android and it's pretty awesome actually. Pretty actively developed with a smooth UI and no Play services or phone number requirement.
Running a really light prosody[1] instance on my server to host my own XMPP connection, although since it's all E2E, I could have used a public one.
I've run this, and I also found it easy to set up and use. However, my understanding is that you only get end-to-end encryption with OTR, and that OTR can only be used with both parties online at the same time. Am I mistaken about this?
I think offline encryption works fine if your XMPP server implementes XEP-0198[0]. Prosody doesn't out of the box, but there's a community plugin available[1] for it. The plugins are really easy to install if you're running prosody already, if you're not then ask your XMPP name host. Stream management requires client and server to support this, which Conversations does so I'd assume your server is lacking.
If you're in an OTR converation already, I think the server would just get encrypted garbage, hold it until the other party comes on the network and then pass it off and their client would decrypt it. I haven't read the protocol though TBH.
Just some more information if anyone else is curious.
I have this setup and it works well enough when you have one device, but when you have multiple, I get garbage on one device and decrypted messages on the other. So if I keep my computer on, but switch to my phone I have to explicitly tell the sender to send messages to my phone instance instead of my computer instance, otherwise I get garbage. This is obviously because of e2e. It doesn't seem like there's an easy way to enable OTR multi-end e2e encryption/decryption sofar as I know.
OMEMO[0] does this though, conversations supports it and Gajim has a plugin for it[1]. It's experimental and the plugin author warns to not use it for sensitive information FYI. Haven't tried it out as I'm using Pidgin atm, but plan to sometime soon.
I'm not familiar with this but it looks like an interesting project. My problem however is that I mainly do not like that GPL'd software isn't allowed to be redistributed. I might not be properly informed on this issue (and please correct me if I'm wrong) but from what I've read that seems to be the case.
Another thing to remember is that (IIRC) -for approximately forever- Red Hat Enterprise Linux has been a Linux distro that's composed almost entirely of Open Source software, but prohibits folks who receive the binaries from redistributing them.
It's the branding that allows Red Hat to effectively restrict distribution of binaries, due to trademarks. Since the source is still available, GPL is fulfilled.
My memory of the mechanism was a little different but the trademark component is obviously a part. Something in the EULA like "If you distribute RHEL binaries without our consent, we'll cut off your access to security updates and patches ASAP.".
Regardless, people seem to forget (or perhaps never bothered to learn in the first place?) that the GPL doesn't care to speak to binary distribution, just source code (and -sometimes- build instructions) distribution.
