XMPP stands for Extensible Messaging and Presence Protocol, and it is an open-source protocol that allows for real-time communication over the internet. Jabber is often used interchangeably with XMPP and is an instant messaging service that utilizes the XMPP protocol for secure and encrypted messaging. However since Jabber is now operated by Cisco, it is typically not a popular choice of software due to its closed source nature. Therefore it is free and open source (FOSS) clients that most users prefer.
One of the main benefits of using XMPP for communications is the level of security and privacy it offers. XMPP supports end-to-end encryption, meaning that only the sender and recipient can read the messages. This ensures that your communications remain private and secure. It can also be used in conjunction with Whonix or Tails to run entirely within a Tor environment. More on that later. First, let's explore 2 of the most popular open source XMPP clients, Gajim and Pidgin.

Our favorite and recommended client is Gajim. This can be downloaded from the official Gajim website for Windows and MacOs, or for Linux users you can install via the command line via your package manager. If using Tails, Whonix or any Debian / Ubuntu based operating system such as Linux Mint, simply type sudo apt install gajim into the terminal and press enter.
Gajim enables end-to-end encrypted chat through the OMEMO plugin which can be easily installed via the Gajim website or package manager. We won't go into all the technical details, but needless to say OMEMO is generally considered the gold standard for encrypted chat via XMPP. More information about the benefits of OMEMO are available here.
Once installed, open Gajim and on the welcome screen, click Sign Up. In this example, we will create a Calyx Institute account, but you can also use a provider such as Creep.im or TheSecure.biz.
Enter jabber.calyxinstitute.org, check the advanced settings box and click signup.

Enter jabber.calyxinstitute.org, check the advanced settings box and click signup.

Enter the following settings:Proxy: TorHostname: jabber.calyxinstitute.orgPort: 5222Type: Start TLS
Create a username and password, click Sign Up. You're now ready to go. You can add new contacts easily within the client if you know their XMPP username. This works just like friend requests in old skool platforms such as MSN Messenger and AOL Instant Messenger.

If you're opting to use OMEMO, ensure you have the plugin installed and activated, then select 'OMEMO' from the padlock icon in the bottom right hand corner of the message box.

This will ensure all conversations are encrypted. Please note however that the person you are communicating with must also have OMEMO installed and activated for this to work. You can still communicate with them without this, but the chat will not be encrypted.

Pidgin is another popular platform, and whilst it's not quite as user friendly as Gajim, and has had some security issues in the past, it is still widely used and is still actively supported. It also supports another type of encrypted messenger protocol called OTR, which stands for 'Off The Record'. This is similar to OMEMO (albeit an older and inferior protocol), but since Gajim doesn't support OTR, you'll need Pidgin if you wish to communicate with another person who is requesting you to use OTR.
Begin by installing Pidgin by downloading from the official website. Pidgin is supported on Windows, MacOS, Linux and even FreeBSD. If you wish to use the OTR plugin, this can be downloaded here if you're a Windows or MacOS user, or for Debian based users, simply enter sudo apt-get install pidgin pidgin-otr into the terminal to install Pidgin with OTR in a single package.
Once installed, open Pidgin. It will ask you to configure your first IM account, so click ‘Add’. Since Pidgin supports other protocols alongside XMPP, ensure you select XMPP, then enter a username, domain and password.

If you wish to use the Calyx Institute server for example, you would enter jabber.calyxinstitute.org as the domain, then select a username and password of your choosing, and enter 'create a new account on the server' is ticked. The local alias in your username. Resource can be left blank.
To enable OTR encryption, ensure it is installed then go to Tools, then Plugins and check Off-the-Record-Messaging. In the plugins window, search for “Off-the-Record Messaging” and check the box on the left to enable the plugin.
You can add new contacts easily if you know their XMPP username. When chatting, you can access OTR settings at the top of the conversation window, and configure accordingly.

Just above the chat box in the top right hand corner, it will tell you whether your chat is private or not, which will indicate whether OTR is activated.

Using Gajim or Pidgin within Whonix or Tails

If you are particularly concerned about anonymity while using XMPP, you can further enhance your security by using a Tor based operating system. By combining XMPP with Tor, you can add an additional layer of security. The operating systems that operating with a Tor environment are Whonix and Tails. See our guide on using Tails or the official Whonix website for more details about these operating systems.
Adding Gajim or Pidgin to either Tails or Whonix is easy and can be done with simple terminal commands:For Gajim: sudo apt install gajimFor Pidgin with OTR: sudo apt-get install pidgin pidgin-otr

Whatever you do, security is key

While XMPP / Jabber are popular ways to communicate, remember there are other encrypted protocols which are also very effective. We recommend Session which is growing in popularity since the discontinuation of Wickr, and this can also run on Windows, MacOS, Linux or mobile platforms such as Android and iOS. It can also be installed within Whonix and Tails.
Never forget the importance of safety and security when online, regardless of your intentions. Here at Torhoo we firmly believe that privacy is a human right which all should have access to.