We at jabber.at take security seriously. Of course the same also counts for our other hosted domains, jabber.zone and xmpp.zone.
This page contains a lot of buzzwords!Security is a complex matter, talking about it inevitably includes lots of technical terms. If you do not understand these terms, please do not dispair. We try to give an easy explanation of what they mean for you, and include Wikipedia links if you want to dig deeper.
Transport Layer Security (TLS)
Transport Layer Security (TLS) (formerly known as SSL) encrypts the connections between parts of the Jabber network. It's also used with HTTPS vs. HTTP to encrypt website traffic. With Jabber, this doesn't mean that your conversation cannot be read by anybody else: It is available in plain text at our server and, if your buddy is on another server, that server as well. But it's still an important step towards keeping your conversation private, as no one in between can read it. We have made it a fundamental principle that every connection is always encrypted. Try it with our Homepage: Visit http://jabber.at and see how it immediately redirects to HTTPS. With Jabber, we require encryption for both client-to-server connections and server-to-server connections. Further more, we always opt for the strongest choice when configuring encryption. This means 4096 bit TLS certificates, DNSSec, We deactivate encryption methods ("TLS ciphers") no longer considered secure. A tool that verifies our strong encryption standards can be found on xmpp.net:
Unlike many other Jabber/XMPP servers, we no longer store passwords in plain text but hash them using SCRAM-SHA1. This means that even in the event of a data breach, passwords cannot be easily retrieved by the attacker.
If you configure a GPG key, all emails to you will also be encrypted with GPG.
To minimize the risk of a security breach, our Jabber server really does nothing else. All other related tasks (including this homepage) run on different servers. Several people watch our servers closely to apply security updates as fast as possible and detect any attempt to break into our servers.
Improve the Jabber/XMPP network
We are proud that we have repeatedly lead the way towards stronger encryption on the Jabber network. In mid 2013, we were literally the only server that required server-to-server encryption, by now this situation has improved quite a bit.
By providing up-to-date ejabberd Debian/Ubuntu packages to the community (see APT repositories), not only our but also dozens of other servers profit from security updates - including some critical ones we push in between releases.