Skip to main content
BusinessPrivate
LoginRegister now

Answers for private customers

The Knowledge Base for private customers is already largely up to date. A few individual articles are currently being revised and will be updated shortly. We thank you for your understanding and look forward to providing you with the latest information on using mailbox.

Please note: The Knowledge Base has changed slightly. Categories have been adjusted and any URLs stored in the old Knowledge Base are no longer valid.

Encrypted Chats

Note: The features mentioned in this article are available in all packages except the Light package.

Chat for encrypted and anonymous chats

True end-to-end encryption protects your communications from third parties reading your messages on the communication path between the end devices (so-called “man-in-the-middle” attacks). This includes us at mailbox; even we have no insight into your communications if you encrypt them. Three methods are available for Jabber/XMPP: OTR, OMEMO, and OpenPGP. In addition, the Tor network helps to encrypt the metadata of the communication, i.e., who communicated with whom, from where, and to where.

Encryption with OTR

Off-the-Record encryption (OTR) in Jabber clients is the oldest end-to-end encryption available in Jabber/XMPP. If you activate it, clients will immediately encrypt communications if a communication partner also supports OTR. The clients exchange the necessary cryptographic keys transparently in the background. To ensure the authenticity of OTR encryption and protect against man-in-the-middle attacks, it is necessary to verify these keys via an independent, secure channel. This can be done using a shared password, a combination of question and answer, or by comparing the fingerprints of the keys.

OMEMO

OMEMO Multi-End Message and Object Encryption (OMEMO) is a newer encryption method for Jabber/XMPP. It is based on the same encryption method used in the Signal instant messenger and recommended by NSA whistleblower Edward Snowden. Just like OTR, it offers automatic key exchange and Perfect Forward Secrecy (PFS), a method that ensures that the encryption cannot be compromised even after the fact. Unlike OTR, OMEMO also encrypts group chats, offline messages, and file exchanges.

OpenPGP

Pretty Good Privacy (PGP), known from email encryption, can also be used for end-to-end encryption with Jabber/XMPP. To do this, you must first exchange public PGP keys with your communication partners. The authenticity of the other party is then already guaranteed by the trust in the PGP keys and does not need to be verified separately for use with Jabber/XMPP.

Anonymization with TOR

Those who combine Jabber/XMPP with anonymization services such as “The Onion Routing” (TOR), which is widely used in the darknet, in addition to end-to-end encryption, also make it more difficult for intelligence services to access and assign the (meta) data of the communication. End-to-end encryption protects the content of communications, while strong anonymization prevents the metadata of communications from being identified – thus also protecting the communication partners.

Unfortunately, most Jabber clients are not suitable for use with TOR by default or do not guarantee full technical security. Nevertheless, mailbox already provides its chat service as a Tor Hidden Service at the following address: kqiafglit242fygz.onion.

  • LinkedIn icon
  • Mastodon icon
  • Bluesky icon
  • RSS icon

Heinlein Gruppe