Quote from: sentience on August 09, 2012, 04:37 amQuote from: LouisCyphre on August 09, 2012, 12:27 amQuote from: sentience on August 08, 2012, 11:34 pmHi. I don't like GPGAny particular reason?GPG does not afford perfect forward secrecy or deniability.The former depends more on the message delivery method and can be obtained through remailers. The decrypted data is just as open to abuse or poor security procedures as XMPP.As for deniability:--hidden-recipient (-R) instead of --recipient (-r)hidden-encrypt-to instead of encrypt-to in the gpg.confAlternatively:--throw-keyids in any encryption command will conceal all keys the message is encrypted with.Quote from: sentience on August 09, 2012, 04:37 amQuote from: LouisCyphre on August 09, 2012, 12:27 amQuote from: sentience on August 08, 2012, 11:34 pmand would like to use XMPP and OTR instead.GPG and XMPP/OTR address different needs and they're both good at what they do. XMPP and OTR are only a viable option if both parties are online at the same time, which definitely can't be guaranteed.XMPP has support for offline messages. I haven't tested that with OTR yet, but as long as you have a secure session established, I don't see why it can't work.Yeah, that's worth testing.Quote from: sentience on August 09, 2012, 04:37 amNot to mention, I leave my computer on 24/7 anyway so if the seller tries to establish a connection when I'm not around it will succeed.Fair enough. Probably a good idea to run your own Jabber server if you're going to do that. Setting up ejabberd is dead simple normally, but I'm not sure about getting it to play with a Tor hidden service.Quote from: sentience on August 09, 2012, 04:37 amQuote from: LouisCyphre on August 09, 2012, 12:27 amQuote from: sentience on August 08, 2012, 11:34 pmAre there any good hidden service XMPP servers around, or should I host my own?I don't know of any existing hidden Jabber services, but even if there are you would be better off running your own and so would everyone using one (which also isn't a viable option for many people).It is worth mentioning that DuckDuckGo runs a Jabber service and a Tor exit node (their search engine is also available as a hidden service). I do not know if the Jabber service is available via Tor as well.https://duck.co/topic/duckduckgo-s-new-public-xmpp-jabber-service-on-dukgo-comCool, I'll check it out.Plus the one Shannon posted earlier from Riseup. I'd lean more towards running your own server, though, and leaving third party services for people who can't run their own servers.