Private Messengers (plus XMPP over Tor & I2P)

22 May, 2025

Messengers and Metadata

A lot of modern messengers people use masquerade as privacy-respecting.
These supposedly “privacy-respecting” messengers commonly exhibit opposite behaviors,
selling their users’ data to private companies, governments, or even publicly due to a database hack.

Privacy is not the same thing as anonymity.
Knowing ‘Jane Doe’ talked to ‘John Smith’ at a certain time, even if information of the conversation may be private, has a lot of inferable information attached;
This Metadata is used constantly for invasions of privacy and human rights.

“We Kill People Based On Metadata” - Former CIA and NSA Director Michael Hayden

The opposite is also true: anonymous isn’t always private (e.g. Imageboards, Protests, etc).

It’s important to be mindful of how you communicate with others.
Encryption algorithms aren’t safe forever, and previously secure information can later be decrypted (e.g. harvest now, decrypt later).
The ideal solution would incorporate both anonymity and privacy.

The importance of encryption and it’s image problems.

In a now deleted post, staff of the popular messaging platform “Discord” used disinformation and stretch arguments to paint the people who want encryption as criminals; Implying “privacy doesn’t matter if you have nothing to hide”.

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” - Edward Snowden

Morality is not legality; many places exist where doing the right thing, or anything is a crime. For some people in some places, even existing is a crime.
Complicity with having your privacy invaded is only acceptable until it isn’t, when you have a reason to criticize or hide from those in power.
Separately from government surveillance, many examples of security failures and unencrypted messages getting leaked publicly due to the service getting hacked.
Even if I have nothing to hide, it’s an undesirable outcome.

What can we do about it?

Many encrypted messengers exist for many different types of people.
My choice for an encrypted messenger won’t be the best for another user.
Of course some messengers should never be used, but a lot have unique advantages that make them worth using over another.
You should make your own choice based on your threat model and the type of people you need to communicate with.

Some current standout options are Session, Jami, SimpleX, and Briar.
A few comparison lists are in the “Resources” section of this page.

XMPP

XMPP by default isn’t the best choice for anonymity or privacy.
Despite this, XMPP is one of my favorite options due to the control it gives end users.
Using XMPP you don’t need a phone number to sign up, you don’t have to use a certain encryption protocol, you can even host your own server.
It’s decentralized, similar to email. (e.g. A Gmail account can send email to someone using an Outlook account and vice versa (applied to nearly any server)).

Self hosting XMPP (Free, Privately, and Anonymously)

Making your own XMPP server has a relatively low barrier to entry; all you need is a spare computer/server.
No clearnet domain name is required with a caveat: If you want to communicate with others who are using a Clearnet domain (e.g. conversations.im), you will* need a domain name, but this won’t cover Clearnet hosting.
The most privacy-respecting way to use XMPP (Tor & I2P) doesn’t have any associated costs besides a spare computer/server and electricity.
Using Tor or I2P hides both the location of the user and server, and self-hosting gives you complete control over data.

Prerequisites

It is assumed to have a moderate degree of technical knowledge and the ability to read manuals (this is not an exhaustive tutorial).
You can use both Tor, I2P, and Clearnet in the same setup; You don’t need to choose both but you can.

The software you’ll need is:

Tor (daemon)
I2Pd
Prosody

Enable and start Tor and/or I2pd as startup service via your init system.

prosodyctl about will show information about prosody:

# Prosody directories
Data directory:     /var/lib/prosody
Config directory:   /etc/prosody
Source directory:   /usr/lib/prosody
Plugin directories:
  /var/lib/prosody/custom_plugins
  /usr/lib/prosody/modules/

If no custom_plugins directory exists, create one in your prosody “Data directory”.

Once in the “Custom Plguins” folder:
git clone https://github.com/majestrate/mod_darknet

It’s also required to have the mod_onions module installed for tor.

Tor (Onion)

You’ll need an Onion Address, to do so edit the torrc file (usually located in /etc/tor/).

Add the following lines (Changing “/path/to/tor_xmpp_hidden_service/”):

HiddenServiceDir /path/to/tor_xmpp_hidden_service/
HiddenServicePort 5222 127.0.0.1:5222
HiddenServicePort 5269 127.0.0.1:5269
HiddenServicePort 5280 127.0.0.1:5280
HiddenServicePort 5281 127.0.0.1:5281

The Tor daemon will need to be restarted which will then generate a Tor address.
You can use the automatically generated address, or you could generate a vanity address using mkp224o.

To find our onion address:
cat /path/to/tor_xmpp_hidden_service/hostname

It should give a long output similar to this: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.onion.
We’ll then need to add the below lines to prosody.cfg.lua file in the prosody “Config directory”.
Replacing all mentions of “onionaddress.onion” with that address without removing subdomains (e.g. upload.onionaddress.onion).

My prosody.cfg.lua for reference (Could be outdated in the future).

VirtualHost "onionaddress.onion"
      modules_enabled = { "onions" };
      onions_only = true;
      disco_items = {
          { "muc.onionaddress.onion", "Public Chatrooms" };
          { "upload.onionaddress.onion", "Upload Files" };
      }

Component "muc.onionaddress.onion" "muc"
        modules_enabled = { "onions" };
        onions_only = true;

Component "upload.onionaddress.onion" "http_file_share"
        modules_enabled = { "onions" };
        onions_only = true;
        http_file_share_daily_quota = 200*1024*1024; -- 200 MiB
        http_file_share_expires_after = 7 * 86400; -- one week in seconds
        http_file_share_size_limit = 100*1024*1024; -- 100 MiB

I2P

You’ll need I2P addresses to host XMPP, to do so we’ll add the following lines to I2P’s tunnels.conf file. (usually in /etc/i2pd/)

[prosody-s2s]
type=server
host=127.0.0.1
port=5269
inport=5269
inbound.quantity = 2
outbound.quantity = 2
keys=prosody.dat

[prosody-c2s]
type=server
host=127.0.0.1
port=5222
inport=5222
inbound.quantity = 2
outbound.quantity = 2
keys=prosody.dat

[prosody-s2s-muc]
type=server
host=127.0.0.1
port=5269
inport=5269
inbound.quantity = 2
outbound.quantity = 2
keys=prosodymuc.dat

[prosody-c2s-muc]
type=server
host=127.0.0.1
port=5222
inport=5222
inbound.quantity = 2
outbound.quantity = 2
keys=prosodymuc.dat

[prosody-http]
type=server
host=127.0.0.1
port=5280
inport=5280
keys=prosodyfile.dat

[prosody-https]
type=server
host=127.0.0.1
port=5281
inport=5281
keys=prosodyfile.dat

Prosody s2s & c2s handle ‘server - server’ and ‘client - server’ connections.
Prosody MUC is Multi User Chat.
Prosody HTTP & HTTPS will be file upload.

These separate domains need to be allocated properly in the prosody.cfg.lua file in the prosody “Config directory”.

In this example we would replace
“address1.b32.i2p” = [prosody-s2s/prosody-c2s]
“address2.b32.i2p” = [prosody-s2s-muc/prosody-c2s-muc]
“address3.b32.i2p” = [prosody-http/prosody-https]

The respective addresses will show up in your I2Pd webconsole (You can generate a vanity address using i2pd-tools).

My prosody.cfg.lua for reference (Could be outdated in the future).

VirtualHost "address1.b32.i2p"
 modules_enabled = { "darknet" };
      darknet_only = true;
      disco_items = {
          { "address2.b32.i2p", "Public Chatrooms" };
          { "address3.b32.i2p", "Upload Files" };
      }


Component "Address2.b32.i2p" "muc"
        modules_enabled = { "darknet" };
        darknet_only = true;

Component "Address3.b32.i2p" "http_file_share"
        modules_enabled = { "darknet" };
        darknet_only = true;
        http_file_share_daily_quota = 200*1024*1024; -- 200 MiB
        http_file_share_expires_after = 7 * 86400; -- one week in seconds
        http_file_share_size_limit = 100*1024*1024; -- 100 MiB

Finishing

You’ll need to generate certificates for the Tor and/or I2P addresses.

For Tor:
prosodyctl cert generate onionaddress.onion

For I2P:
prosodyctl cert generate address1.b32.i2p
prosodyctl cert generate address2.b32.i2p
prosodyctl cert generate address3.b32.i2p

You may also use OpenSSL to generate certificates (Example from i2pd.readthedocs.io).

openssl genrsa -out /etc/prosody/certs/xxx.b32.i2p.key 2048
openssl req -new -x509 -key /etc/prosody/certs/xxx.b32.i2p.key -out /etc/prosody/certs/xxx.b32.i2p.crt -days 3650
chown root:prosody /etc/prosody/certs/*.b32.i2p.{key,crt}
chmod 640 /etc/prosody/certs/*.b32.i2p.{key,crt}

Move the certificates from the “Data directory” into the “certs” folder in your “Config directory”.

cd /prosody/data/directory
mv *.onion.* prosody/config/directory/certs
mv *.b32.i2p.* prosody/config/directory/certs

You can check your prosody setup and certs with:
prosodyctl check

You can start prosodyctl with:
prosodyctl start or by using your OS init system.

You can add users with:

prosodyctl adduser admin@onionaddress.onion

prosodyctl adduser admin@address1.b32.i2p

If the server has the proper modules enabled you can create one time use invites with:
prosodyctl mod_invites generate onionaddress.onion
prosodyctl mod_invites generate address1.b32.i2p

Registrations can be public, but this should be done with extreme caution.

Done!

Connecting with clients

Connecting with XMPP clients must be done through proxies when using Tor or I2P.

Tor
Type : SOCKS5
Host : localhost
Port : 9050

I2P
Type : SOCKS5
Host : 127.0.0.1
Port : 4447

You must have I2P / Tor daemon running client side as well as server side.

Limitations

XMPP client issues:
File sharing through Tor / I2P has some support issues.
‘Conversations’ doesn’t have issues file sharing with self signed certificates but ‘Gajim’ currently does.
Some clients don’t even support using proxies.
Tor - Tor / I2P - I2P only:
With exception XMPP over these protocols can only communicate to each other.
I can’t send a message from a Tor address to someone using I2P or Clearnet address and vice versa.
Technical Knowledge:
While not extremely hard there is a learning curve with getting this set up and maintaining it.
Niche:
Not a lot of people use XMPP over Tor, let alone I2P.

This paired with XMPP’s already user choice first design makes trying to onboard someone less technical harder.
This and other issues can be aided by sharing/using this setup.

Resources

Instant Messenger Comparisons:

eylenburg.github.io
securemessagingapps.com
privacyspreadsheet.com
Digital Communications Protocols Spreadsheet
Wikipedia Comparison of cross-platform instant messaging clients

Tor/I2P XMPP :

AT’s Blog
Onion link
I2P link

jerrynya.fun
i2pd.readthedocs.io