We at jabber.at take security seriously. Of course the same also counts for our other hosted domains, jabber.zone and xmpp.zone.
This page contains a lot of buzzwords!Security is a complex matter, talking about it inevitably includes lots of technical terms. If you do not understand these terms, please do not despair. We try to give an easy explanation of what they mean for you, and include Wikipedia links if you want to dig deeper.
Transport Layer Security (TLS)
Transport Layer Security (TLS) (formerly known as SSL) encrypts the connections between parts of the Jabber network, the same method that is used to encrypt website traffic (HTTPS). We always require encryption and use only the strongest available encryption methods. This means 4096 bit TLS certificates and no insecure encryption methods ("TLS ciphers").
A tool that verifies our strong encryption standards can be found on xmpp.net:
DNSSec and DANE
Our domains are secured with DNSSec. This means that Domain lookups (which let your computer know what IP address is used for our domain) are cryptographically signed and cannot be altered by an intermediary party.
We further use DANE. It allows your client to verify that the TLS certificate it sees is indeed the one we use.
Unlike many other Jabber/XMPP servers, we no longer store passwords in plain text but hash them using SCRAM-SHA1. This means that even in the event of a data breach, passwords cannot be easily retrieved by the attacker.
If we send you emails (e.g. when registering or if you lost your password), our emails are secured with DKIM and SPF. This ensures that any emails you receive really do come from us.
If you configure a GPG key, all emails to you will also be encrypted with GPG.
To minimize the risk of a security breach, our Jabber server really does nothing else. All other related tasks (including this homepage) run on different servers. Several people watch our servers closely to apply security updates as fast as possible and detect any attempt to break into our servers.
Improve the Jabber/XMPP network
We are proud that we have repeatedly lead the way towards stronger encryption on the Jabber network. In mid 2013, we were literally the only server that required server-to-server encryption, by now this situation has improved quite a bit.
By providing up-to-date ejabberd Debian/Ubuntu packages to the community (see APT repositories), not only our but also dozens of other servers profit from security updates - including some critical ones we push in between releases.