December 14, 2021

A list of free public XMPP servers to use for your secure messaging. Get the best anonymity, privacy, and security servers researched by me.

What is Jabber/XMPP?:

Jabber/XMPP is a decentralised instant messenger using the open source XMPP protocol, there is no central server that could be compromised, the multiple nodes construct a resilient and hard to monitor infrastructure. Dozens of XMPP servers, encryption and its open source nature make XMPP much harder to wiretap or shut down than cloud based Google Hangouts, Yahoo Messenger or Skype, all USA companies known to have a NSA backdoor.

One of Jabber/XMPP main vulnerabilities is that the server you are connected to is not trustworthy, this is a list of XMPP servers with the best privacy policies:

• 5th July XMPP: Swedish privacy foundation promoting free speech worldwide, in between other services they provide an open XMPP server with Off-The-Record Messaging (OTR) support, hosted in Sweden and with logs tuned off. They warn you that file transfers are not encrypted, only text conversations are.
• Calyx Institute: A not for profit privacy and cyber-security foundation running a public Jabber/XMPP server that does not create any records of who you communicate with or keep logs of the content of any communications, this server forces you to use OTR, Off-the-Record Messaging, a cryptographic plugin that stops the server administrator from accessing plain text of your communications.
• Dismail.de: Free public server located in Germany, you can register for an account using the web interface or your Jabber client. The privacy policy is very clear about how long for each one of your details are stored, metadata has to be saved for Jabber to work, it would be impossible to communicate with your contacts without saving who they are and your Jabber ID is of course also saved. Personal details like the IP address used to create the account and the files you upload are erased after a month.
• Jabber.at: This XMPP server does keep logs, but I am adding them to the list because they are very clear about this, indicating how many days logs are kept for and what the content. For example the IP used to register an account, chat messages and file uploads are all kept for 31 days. The administrator indicates that they are based in Austria and according to local laws he must and will hand over logs for any crime that carries more than 1 year in prison. A transparency report with the number or court orders received to hand over logs is posted yearly, to be found in the privacy section of the website.
• Neko IM: Running a public XMPP server located in Norway, they claim that no more information is collected and stored than what is absolutely necessary, TLS everywhere is enforced and Jabber clients need to support a strong cipher or they will not be able to connect to the network. Being a free volunteer run project, this server uptime comes accordingly to this and no guarantees are made about uptime other than “as much as possible“.
• Countermail: This is a paid for service from a Sweden based email privacy company that provides the XMPP server xmpp.counternet.com with TLS and SSL encryption only available to email account holders. The username and password are randomly generated, you can not create your own, however, all XMPP clients supports “alias” or “display name” that you can manually set up and this is what other Jabber users will see.

XMPP servers in Tor:

• OTR.im: Free anonymous Jabber service with a Tor hidden node, connections are encrypted with a Let’s encrypt certificate. This XMPP server is fully encrypted and logs are disabled, except error logs, all that the administrator can see is your hashed password, IP address if you don’t use Tor, offline messages and destination address if your contact is not online. A detailed explanation about the logs and configuration settings are posted on the site.
• SystemLi: Jabber server managed by an anti-capitalist tech collective. They do not retain any kind of data and a .onion link is available for those using Tor. To avoid spam accounts registration is only possible with an Internet browser.
• Kode.im: A public USA based Jabber server with a Tor address and multi-user chat support. The server only allows ciphers with forward secrecy enabled. Logs are kept to a minimum and they do not include IP address history of any users. Accounts are removed after six months of inactivity.
• OnionMessenger: Free Android and web based Jabber messenger that uses Tor to communicate with others. it can be used in conjunction with OMEMO and OpenPGP to encrypt the data stored in your device.

Other XMPP Servers:

• list.jabber.at - This is a list of public XMPP servers, free for everyone to use. XMPP is a open, free and decentralized instant messaging network. Due to its decentralized nature, there are thousands of XMPP servers available from which to choose from. You may choose any of the listed servers or a different server altogether, you can always communicate with users on other servers. This list is kindly brought to you by jabber.at, which is run by the Fachschaft Informatik.
• 404.city - Server in France. 404.city is a virtual city of the future. The cipher-punk community in the federation XMPP. Their mission is to promote new technologies, protect privacy and protection of human rights. When you yourself encrypt your messages and using XMPP, They can not know what you and the other user are talking about. Protect freedom of speech using the best e2e encryption algorithms: PGP, OMEMO, OTR.
• xmpp.dk - Server in France. XMPP.dk runs a public, free and secure Jabber / XMPP server that allows account registration. In addition, the server requires OTR to be enabled in your chat client. You can connect to xmpp.dk using your favourite Jabber client. There’s a long list of clients available over at xmpp.org. You can connect to xmpp.dk using your favourite Jabber client. There’s a long list of clients available over at xmpp.org. To create a @xmpp.dk account: Registration is handled in-band by your Jabber/XMPP client. This is the only way to create an account on xmpp.dk. Simply add username@xmpp.dk in your client and click “register” or check the box to “create this account on the server” to sign up.
• protonxmpp.ch - Server in the Netherlands. ProtonXMPP, secure messaging for all. ProtonXMPP.ch is a Jabber/XMPP service that enables real-time communication with your friends and family. Like XMPP, our public messaging server is free and open for everyone. ProtonXMPP runs on an open source, community-driven software, focused on performance and security. Sign up today! ProtonXMPP fills the gap between usability and rock-solid security on XMPP services. It is based on open source software built by a community composed of end-users, developers and service providers around the world. ProtonXMPP features “In Band Registration”, which means that you can register an account directly from your client. ProtonXMPP recommends using Pidgin as your IM client. Download pidgin here. If your client does not support “In Band Registration”, They offer a web-based registration option here.

jabber.at - Server in Austria. All measures to ensure security and anonymity are also stated (see on the website).

• jab.im - Server in Switzerland. Secured, Logless, Support 24/7, Fault tolerant, Сompatible with all global xmpp servers, Monitoring 24/7, No ads, Free charge.

GENERAL RULES:

• They don't store any data, ip addresses, etc..
• Passwords are stored hashed.
• They don't store any archives of messages.
• Sent files are automatically deleted after 60 day.
• Inactive for more than 360 day accounts are automatically deleted.
• Server located in Switzerland is guarantee of safety.

TRANSFER OF DATA:

• They respect privacy of their users and don't transfer any data to anyone.
• They don't cooperate with anyone.

More XMPP Servers:

• https://xmpp.net/directory.php
• https://xmpp.is/
• https://creep.im/
• https://www.ejabberd.im/
• https://tigase.net/xmpp-server/
• https://prosody.im/
• https://github.com/igniterealtime/Openfire
• https://github.com/esl/MongooseIM
• https://snikket.org/
• https://jix.im/en/
• https://www.xmpp.jp/
• https://jabberx.net/
• https://juliedoesprivacy.wordpress.com/2021/04/03/list-of-xmpp-servers/
• https://calyxinstitute.org/projects/digital-services/xmpp
• https://xmpp.gg/
• https://xmpp.fi/
• https://yourdata.forsale/

XMPP Spam Servers to not get in contact with or use:

⚠️ If you use Pi-Hole or NextDNS, You might want to block these spam servers in your denylist as well.

• netlab.cz
• sj.ms
• safetyjabber.com
• jabbim.pl
• jabster.pl
• chatwith.xyz
• crime.io

A list of free public matrix homeservers to use for your secure messaging. Get the best anonymity, privacy, and security servers researched by me.

Why you need to choose wisely of which home servers to use?:

By default, matrix.org is used as a login to the clients, but an alternative server is better because you are de-central. Choose your Homeserver Provider wisely, as they will be the party that has access to your unencrypted data.

Aria Network Chatcloud Coffespot Freitrix Halogen City Jonasled KDE Monero Mozilla Nicfab Opentechtalks Perthchat Qunta RU matrix Sibnsk SP-codes Synod Tchncs Tedomum

• Original website - https://www.anchel.nl/matrix-publiclist/
• Backup website - https://web.archive.org/web/20211113204938/https://www.anchel.nl/matrix-publiclist/

List #2

Server name: Nova IM Domain: https://novaim.com Maintainer: @atreatis:novaim.com Founded: 24-05-2019 Web client: nvaim.com Description: Nova IM is a matrix server with the intention to run as long as possible and bring the focus on helping the network on decentralization.

Server name: Perth Chat Domain: https://perthchat.org Maintainer: @PC-Admin:perthchat.org Founded: 11-09-2017 Description: Perths run matrix server, currently hosted in Singapore. It has a 25MB file size limit and no google captcha.

Server name: Beerfactory Domain: https://beerfactory.org/ Maintainer: @nico:beerfactory.org Founded: about a year ago Web client: https://matrix.beerfactory.org/ Description: Self hosted public Matrix server.

Server name: FNA Domain: https://feneas.org Maintainer: @jaywink:federator.dev Founded: 2018 Web client: https://chat.feneas.org Description: Federated Networks Association is a non-profit volunteer organization that aims to spread knowledge about federated web projects and help people and projects involved in this area. The Matrix server we run is funded from the association funds.

Server name: ENCOM Domain: https://encom.eu.org Maintainer: @bhat:encom.eu.org Support: #status:encom.eu.org Founded: May 28, 2018 Web client: None. Riot.im works just fine. Duh. Description: A general purpose Matrix homeserver hosted in Los Angeles, CA. It is intended to be an alternative method for circumventing Internet censorship in certain states and promote the free spread of knowledge. No reCAPTCHA or email verification required.

Server name: Pixietown Domain: https://pixie.town Maintainer: @f0x:pixie.town Founded: May 31st 2019 Web client: https://neo.pixie.town/app Description: Semi-public Matrix server part of the https://pixie.town services. For an account contact f0x or email f at 0x52 dot eu

Domain: https://matrix.org Maintainer: @matthew:matrix.org Founded: Aug 13th 2014 Web client: https://riot.im/app Description: The first ever Matrix server, as run by the matrix.org core dev team. Can get overloaded.

Server name: envs.net Domain: https://matrix.envs.net Maintainer: @creme.envs.net Founded: since 9/2019 Web client: https://element.envs.net Description: envs.net is a minimalist, non-commercial shared linux system and will always be free to use.

## List #3

December 15, 2021

As you know that youtube (Google), Has removed dislikes from all youtube videos due to people complaining it affects their mental health and such. I have found a little github repo that will return the dislikes. It is very much legit and has been tested to work. This will estimate the views of the video, It isn’t a real time view counter, But it just tells you if you should continue watching or not.

Website

Github

December 15, 2021

You might be figuring out what’s the best websites to download torrents and can you trust them?. Well, I am here to give you one of the best websites that i have been using for years. These are well trusted from the communities. Instead of googling about, “torrent download sites” or “best torrent sites”. I give you a list of ones that are the best.

1. https://thepiratebay.org

2. https://yts.mx

3. https://rarbg.to

4. https://www.1337x.tw/

5. https://nyaa.si

6. https://subsplease.org

7. https://skidrowreloaded.com

8. https://eztv.re

9. https://libgen.st

10. https://rutracker.org

You can also check this website for up to 25 top best torrent sites to use: https://www.firesticktricks.com/torrent-sites.html

December 15, 2021

Some people always wondered how people created torrents, And they wanted to create one and share to their friends, family, or just in general to the communities. This is also saves a lot of storage and compresses it into a single .magnet link and using a torrent client like qbittorrent. This client is open-source and updates pretty frequently and has some nice features. As you are going to need a client to download this package i will send to create and share torrents. Make sure to use a VPN when downloading torrents as people can see your home IP address in peers, or You can get a DMCA from your ISP that will warn you before they ban you from their services…

Torrent (.magnet)

December 15, 2021

A hacker known as Pompompurin found a security flaw in a publicly facing form on the FBI's website that allowed sending hundreds of thousands of fraudulent emails.

Read the full story here: https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/#more-57551

December 15, 2021

Robinhood recently had 7 million customers data exposed in a data breach.

Read more about it here: https://blog.robinhood.com/news/2021/11/8/data-security-incident

December 15, 2021

In this blog, I will show you some very easy to implement ways that will greatly enhance your browsers privacy, stop trackers, spoof your user agent to prevent fingerprinting, and block ads and annoying java script, below you will find links to all of the tools I discussed in this blog.

Requirements:

Firefox

Extensions:

Ublock origin extension

Decentraleyes extension

User Agent switcher

December 15, 2021

In this blog, I will discuss the recent happenings with the Antivirus company Avast. Avast has recently been caught selling user web browsing data via a subsidiary company called Jumpshot.

Some of this Data that Avast has been selling includes:

Google searches

Lookups of locations

GPS coordinates

people visiting companies

particular YouTube videos

people visiting porn websites

Avast should know most users don't want their data being collected and sold, maybe its time to uninstall Avast.

Link to the article:

https://www.cnet.com/tech/services-and-software/antivirus-firm-avast-is-reportedly-selling-users-web-browsing-data/

December 15, 2021

In this blog, I will show you how to maximize your Firefox Browser Privacy and Security with no browser extensions by going into about:config and changing the settings for better privacy and security.

Requirements:

Firefox

about:config tweaks:

Disable WebRTC:

WebRTC can give up your real IP even when using VPN or Tor.

media.peerconnection.enabled = false

Enable fingerprint resistance:

With this alone we pretty much negate the need for canvas defender, or any other fingerprint blocking addon.

privacy.resistfingerprinting = true

3DES Cypher:

3DES has known security flaws.

security.ssl3.rsadesede3_sha = false

Require Safe Negotiation: Optimize SSL

security.ssl.requiresafenegotiation = true

Disable TLS 1.0, 1.1:

security.tls.version.min = 3

Enable TLS 1.3:

tls.version.max = 4

Disable 0: round trip time to better secure your forward secrecy

security.tls.enable0rttdata = false

Disable Automatic Formfill:

browser.formfil.enable = false

Disable disk caching:

browser.cache.disk.enable = false

browser.cache.diskcachessl = false

browser.cache.memory.enable = false

browser.cache.offline.enable = false

browser.cache.insecure.enable = false

Disable geolocation services:

geo.enabled = false

Disable plugin scanning: Can improve functionality, as some sites scan for adblockers and script blockers. Should be used even on non-hardened firefox.

plugin.scan.plid.all = false

Disable ALL telemetery:

browser.newtabpage.activity-stream.feeds.telemetry browser.newtabpage.activity-stream.telemetry = false

browser.pingcentre.telemetry = false

devtools.onboarding.telemetry-logged = false

media.wmf.deblacklisting-for-telemetry-in-gpu-process = false toolkit.telemetry.archive.enabled = false

toolkit.telemetry.bhrping.enabled = false toolkit.telemetry.firstshutdownping.enabled = false toolkit.telemetry.hybridcontent.enabled = false toolkit.telemetry.newprofileping.enabled = false

toolkit.telemetry.unified = false

toolkit.telemetry.updateping.enabled = false toolkit.telemetry.shutdownpingsender.enabled = false

Disable WebGL: Allows direct access to GPU.

webgl.disabled = true

Enable first-party isolation: Prevents browsers from making requests outside of the primary domain of the website. Prevents supercookies. may cause websites that rely on 3rd party scripts and libraries to break, however those are generally only used for tracking so fuck em anyway.

privacy.firstparty.isolate = true

Disable TLS false start:

security.ssl.enablefalsestart = false

Conclusion:

This may be alittle outdated or they changed the names of these, If you find they re-named about:config tweaks, You can email me about them and i will update the blog post.