Security Practice Suggestions
- We HIGHLY recommend that you use a strong password, and make sure that you store it somewhere safe. If your password is not strong, it is possible that someone could guess it.
- For added security/privacy we recommend you route your connection through Tor and use OTR and/or OMEMO.
- Always verify the certificate fingerprints of our server. The certificates are used for everything but our status page. If you see anything but these, please contact us and provide details.
- The entire hypervisor is full disk encrypted with LUKS and only one person has access to the key. Meaning that if a bad actor has physical access to the server, it would make it much harder for them to clone, copy, or retrieve any data from the hard drives.
- Our server forces TLS for C2S (client-to-server) + supports PFS and DNSSEC. S2S (server-to-server) connections are forcefully encrypted as well.
Security & Privacy Server-Side
- The logs kept only contain information about info, warnings and errors. The info log does not contain user’s IP addresses, however, it does log when a user authenticates. We don’t store anything else besides the user’s hashed password, mod_offline messages, mod_mam archives, vcards, rosters and other module data based on our configuration.
- Our XMPP daemon, Prosody only interacts with flat-files on the filesystem level. No databases. All data is stored in flat-files. This significantly lowers the potential of user data being stolen.
- Our configuration is fully open source, if you’re wondering how it all runs you can view it here.