📱 XMPP Clients

What clients are, how they work with the server, and why you might want to use something other than this web page.

🌐 What is XMPP, and what is federation?

XMPP is an open messaging standard — a common language that chat servers and clients use to talk to each other. Because it's an open standard, anyone can run their own server, and servers automatically know how to talk to each other. This is called federation.

It works a lot like email. You have an address — yourname@undeadcavity.com — and you can send messages to anyone with an XMPP address on any server, whether that's friend@jabber.org or someone@conversations.im. You don't need to be on the same server to chat.

This also means undeadcavity.com is just one small part of a much larger network of XMPP servers around the world, all communicating with each other.

🖥️ What does the server do, and what does the client do?

The server handles the things that need to happen even when you're not online:

• Routing messages to the right person and server
• Storing messages you missed while you were offline (message archive)
• Managing your contact list and group chat rooms
• Storing your public encryption keys so other users can find them
• Handling push notification delivery to mobile apps

The client is the app or web page you use to interact with all of that. Clients handle:

• The interface — how messages look, how you navigate conversations
• Generating and storing your private encryption keys
• Encrypting outgoing messages and decrypting incoming ones
• Features like voice and video calls, which may be built entirely into the client

Some features need both sides to cooperate. Encryption, for example, requires the client to support it and the server to be able to store and distribute public keys. Other features — like certain call implementations — are handled entirely between clients, with the server playing no role beyond connecting you initially.

📞 Voice and video calls

XMPP has an open standard for calls called Jingle, and many clients support it. In practice, whether a call works between two people often depends on which clients they're both using — compatibility varies, and some clients use their own call implementation that only works with the same app on the other end.

This web client has a Jitsi video call integration — a button to start a call that opens a shared room on this server's Jitsi Meet instance. It often works, but is currently in testing: it can occasionally stop working and require the server to be restarted. The person you're calling will need to be using this web client, or possibly the Jitsi Meet app, to join — though the Jitsi app path hasn't been fully tested yet. Treat the whole thing as experimental for now.

🔔 Push notifications

Push notifications — alerts that arrive when you're not actively looking at the app — require the client, the server, and sometimes the device's operating system to all work together.

Dedicated mobile apps (like Conversations on Android or Monal on iOS) are designed to receive push notifications reliably, even when the app is in the background or closed. The server sends a push to a notification service, which wakes the app up.

This web client does not support push notifications on iOS. On Android, browser-based notifications may work while the browser is open, but you won't get alerts when the browser is closed. If staying on top of messages on your phone matters to you, a dedicated mobile app is the better choice.

🔐 Encryption across clients — how it works and what to expect

The encryption used here — OMEMO — is derived from the same technology that powers Signal. Each device (or client) generates its own private key, which never leaves that device, and a public key, which gets uploaded to your server. When someone wants to send you an encrypted message, their client fetches your public keys from the server and uses them to encrypt the message for each of your devices separately.

This means a few things worth knowing:

• When you add a new client, it generates a new keypair and uploads the public key to the server. The next time a contact checks your keys — usually when they next open a chat with you — they'll download the new one and start encrypting to it. Until that happens, messages sent to you may not be readable on the new client.
• Messages sent before your new client's key was known to your contacts cannot be decrypted on that new client. Encryption is one-way in time — there's no catching up on old messages with new keys.
• Most clients trust new keys automatically to keep things seamless. More security-focused clients may prompt you to verify a new key before trusting it, or require manual trust by default. Either approach is valid depending on your threat model.

🔓 Turning encryption off in this web client

When you log in, there's a checkbox that says This is a trusted device. Checking it enables OMEMO encryption. Unchecking it disables encryption for your session — useful if you're experimenting with a new client and want to test things without dealing with key exchange.

A few things to be aware of if you do this:

• If you've previously chatted with someone using encryption, they will need to also disable encryption on their end before you can read each other's messages in an unencrypted session.
• If you log out and log back in as a trusted device, you may need to refresh the page before encrypted messages start appearing correctly again.
• If you want to experiment with an untrusted session without affecting your normal setup, use a different browser than the one you normally use.

🌍 Public rooms and the wider XMPP network

Because XMPP is federated, public group chat rooms exist across hundreds of servers — not just this one. You can join rooms on any server from any XMPP client. To find them, most clients have a room search or directory feature where you can browse by server.

Fair warning: a large number of public XMPP rooms are about XMPP itself. The community is enthusiastic. That said, there are rooms for all kinds of topics if you go looking. A couple of good ones to start with:

• dungeons-and-dragons@muc.xmpp.earth
• boardgames@muc.xmpp.earth

To join a room not on your own server, you typically enter the full room address directly in your client rather than browsing a local directory.

💡 Why use a dedicated client instead of this web page?

The web client works well and is the easiest way to get started. But there are some good reasons you might want to try something else — or use both:

• Push notifications. A dedicated mobile app will alert you to new messages even when you're not looking at your phone. The web client cannot do this reliably on mobile.
• You prefer a different interface. XMPP clients vary a lot in how they look and feel. Some are minimal, some are feature-rich. It's worth trying a few to see what fits.
• Better multi-device handling. Dedicated clients tend to manage encryption keys across devices more smoothly.
• Staying logged in. A native app stays connected in the background. The web client only runs when the browser tab is open.
• Reducing the risk of losing messages. Dedicated clients store messages in the app's own storage, separate from browser data that might be cleared accidentally.

You can also run this web client as an app on iOS by using Add to Home Screen in Safari — but push notifications will not work, and it behaves like a browser tab rather than a native app.

While you're exploring, you might find it easier to temporarily disable encryption (uncheck This is a trusted device at login) so you're not dealing with key exchange issues while you figure out what you like. Just be aware that if you do this in this web client, the people you chat with will need to do the same on their end for the conversation to work.