Security Practice Suggestions
- We HIGHLY recommend that you use a strong password, and make sure that you store it somewhere safe. If your password is not strong, it is possible that someone could guess it.
- For added security/privacy we recommend you route your connection through Tor and use OTR and/or OMEMO.
Security & Privacy Server-Side
- The entire hypervisor is full disk encrypted with LUKS and only one person has access to the key. Meaning that if a bad actor has physical access to the server, they couldn’t get sensitive data from the disks.
- The logs kept only contain information about info, warnings and errors. The info log does not contain user’s IP addresses, however, it does log when a user authenticates. We don’t store anything else besides the user’s hashed password, offline messages, vcards and rosters (data wise).
- Our server forces TLS for clients + supports PFS and DNSSEC. S2S (server-to-server) connections are encrypted when the other server has a valid certificate but not forced for compatibility reasons. When you register, your password is stored as a hash.
- Our XMPP daemon, Prosody only interacts with flat-files on the filesystem level. No databases. All data is stored in flat-files. This significantly lowers the potential of user data being stolen.