Cerulean Studios Releases Trillian IM Protocol Specifications

Runefox writes "Cerulean Studios, the company behind the long-lived Trillian instant messaging client, has released preliminary specifications to their proprietary "Astra" protocol, now named IMPP (Instant Messaging and Presence Protocol), which provides continuous client functionality as well as mandatory TLS encryption for clients. According to their blog, Cerulean Studios' motivation for the release is to promote interoperability among the throngs of IM services and clients available by allowing others to also use the protocol. Future concepts include federation with XMPP. While the documentation is in an early state and the protocol is claimed to still be in development, it is hoped that it will help decentralize the very heavily fragmented messaging ecosystem. It's implied that, in turn, greater options for privacy may become available in the wake of the PRISM scandal via privately-run federated servers, unaffiliated with major networks, yet still able to communicate with them."

Too little too late

[Jonah+Hex]

Seriously, the last time I heard about someone using Trillian was years ago. They are a victim of their own business choices and no longer relevant, I've recommended Pidgin for those who want a all-in-one program instead of separate chat programs, but frankly most people seem to want to stick with whatever the separate companies provide. - HEX

Re:Too little too late

Ironic really, their "business choices" included enabling access to IM networks whose protocols weren't open...now they're making a big deal out of their own proprietary protocol's "specifications" (i.e. useless advertising material) available.

And the captcha word of the day is "surreal," no less.

Re:Too little too late

[jonwil]

I used to use Trillian for a while but then I switched to the open-source Miranda IM client. Talks to most of the networks I need (IRC, ICQ, MSN, AIM) and has all the features I need (even more so with extra plugins). 100% open source so I can hack on it if I wanted to.

Only thing it doesn't do is Skype but you can thank Microsoft for that, not Trillian.

Re:Too little too late

[dkuntz]

I actually still use Trillian, expressly for the continuous client functionality. As there is also the iPhone app, OS X, Windows, etc, not every IM service allows you to log in in multiple locations simultaneously, and allow you to start a conversation on a mobile device, continue on a Windows box, then finish it on a Mac, and have the IM logs and history available on each one. And since a lot of my friends, coworkers, etc, don't rely only on Facebook chat, and I occasionally will send something important to someone, or they to me via IM, being able to look at 1 unified history for that person, and not needing to look on system A, B and C to find the logs, is quite beneficial.

I've seen some other clients that will do similar things, though mainly on the mobile side only (IM+). Pidgin also does not have a released binary for OS X. You can use one of the ports (Fink/MacPorts), or compile from source (people here may not have issues with that, average desktop types will), or use Adium, which uses the core of pidgin, but, so far, the only decent, and frequently updated, all in one IM program with persistence over multiple clients is Trillian.

I'm Not OK With This

I'm concerned that if this encryption is unbreakable to the authorities, this could be problematic in thwarting terrorists and other evildoers.
  I'm not sure its so good that communications is completely unbreakable, there should be some mechanism whereby the government and agencies trying to keep us safe can intercept and decode them.

Unimpressed

[cronot]

There has been a lot of backlash on their blog about this: Why didn't they just go with XMPP? What their protocol have that XMPP doesn't, or couldn't be extended to support?

Personally - just a guess (also, btw, disclaimer: I'm a subscriber) - I think they're dying. Their client haven't been getting any significant development for the past year, current issues with some protocols have been going unaddressed, and new features like Lync protocol support (which there are working OSS implementations) have been going completely ignored despite many people clamoring for it.

So, they have been silent for a long time, and now this. It's fishy.

Re:Unimpressed

[LordKronos]

Why didn't they just go with XMPP? What their protocol have that XMPP doesn't, or couldn't be extended to support?

http://xkcd.com/927/

Re:Unimpressed

[icebike]

XMPP doesn't provide for much in the way of security unless you are using strictly private single servers.

Once your contacts are scattered across multiple jabber servers all bets are off as far as security.
Your server will almost surely end up forwarding your message to other servers insecurely.

XMPP also struggles with binary blobs (images) etc.

Re:Unimpressed

[hobarrera]

XMPP doesn't provide for much in the way of security unless you are using strictly private single servers.

Once your contacts are scattered across multiple jabber servers all bets are off as far as security.
Your server will almost surely end up forwarding your message to other servers insecurely.

XMPP also struggles with binary blobs (images) etc.

a) There's GPG for XMPP, which is not so uncommon.
b) They intend to federate to XMPP, so, all this applies to IMPP.
c) SSL isn't end-to-end.

As for binary blobs, there's jingle.

Good... but questionable.

[UltraZelda64]

On the one hand, yes, in a way it is dumb to "open it up" after all this time when XMPP is there. On the other hand, with Google having lost its Federation support and soon enough to lose XMPP support altogether; with MSN Messenger being eliminated in favor of the Outlook.com site or the Skype with a totally closed protocol, and who knows what else, it seemed that XMPP was the only choice. Well, still, for now at least it is probably the best choice--let's see how IMPP takes off--but at least it's no longer the only "open" choice. The promise of Federation with XMPP servers is also good. Overall, I think the extra choice prevails in importance over everyone just jumping blindly to XMPP (simply because it's all that there is left).

I mean nothing against XMPP--I will be using it unless IMPP proves itself and offers something superior, but I appreciate the choice and the opportunity for the two to compete on a level (open) playing field for the best features. This just means there will be more choice when using multi-protocol clients like Pidgin, and will likely spawn special IMPP "native" instant messaging clients, similarly to what Psy is to XMPP. In the end, I would say this is a welcome change, and with the recent turn of events the timing really isn't too late.

It's the provider, stupid !

[arielCo]

We have XMPP+Jingle, SIP+SIMPLE, OMA IMPS, and now this IMPP joins the club. Guess why people stick to Live Messenger, Skype, Google Talk, Facebook and (gasp) ICQ? These have providers and a pre-existing audience, and people don't care about the inner workings. You can have the best-thought-out, most efficient, open and extensible gem of a protocol, but how many people are going to download a (likely clunky) client and nag their relatives, friends and coworkers into installing it too? Yes, there are a few and we all know one; just wait until said project goes belly-up.

Re:It's the provider, stupid !

[UltraZelda64]

You can have the best-thought-out, most efficient, open and extensible gem of a protocol, but how many people are going to download a (likely clunky) client and nag their relatives, friends and coworkers into installing it too?

That's why you try to educate people on why they should use that "open" service instead of the increasingly-closed crap, offer to set it up for them (bonus: to register an XMPP account, typically no e-mail address or additional "personal" information is needed), install a good client, and just go on from there. If they like it and want to use it, great--if not, they can go back to whatever increasingly-closed service they were on to begin with. But from now on, they'll most likely only be able to find me on XMPP.

Unfortunately, the chances of people actually choosing to use it (or even wiling to try it) is relatively slim. Not because of anything inherently wrong with XMPP itself, but primarily the extreme foothold shitty text messaging and Facebook has these days. People for whatever reason these days love bending over with their pants down, paying ridiculous amounts for text messages (bragging "unlimited" this, "unlimited" that), and anything better (cheaper, not tied to one phone/system, security with TLS and OTR, etc.) is automatically shunned when the word "registration" pops up. Not to mention most people I talk to end up with a blank stare and do not care one bit when I bring up "security" and "privacy" in the conversation.

For a lot of people it really is an already-determined lost cause. Those people, I just won't "chat" with.

Re:It's the provider, stupid !

[arielCo]

You can have the best-thought-out, most efficient, open and extensible gem of a protocol, but how many people are going to download a (likely clunky) client and nag their relatives, friends and coworkers into installing it too?

That's why you try to educate people on why they should use that "open" service instead of the increasingly-closed crap, offer to set it up for them (bonus: to register an XMPP account, typically no e-mail address or additional "personal" information is needed), install a good client, and just go on from there. If they like it and want to use it, great--if not, they can go back to whatever increasingly-closed service they were on to begin with. But from now on, they'll most likely only be able to find me on XMPP.

This is precisely what WON'T work, except to alienate your acquaintances. They don't want to be lectured on the importance of openness - at most they'll acknowledge it's a neat idea but in the end what they care about is: Does it work (reliably)? Does it have nice features (voice, video, and possibly file transfers and emoticons)? Can I use it across my devices? For example, Skype mostly fits the bill here.

I once had a guy ("we all know one" in GPP) pull that hard-sell on me and some other friends, in the early days of Google Talk; he'd keep his Messenger account logged in only to tell us that any further chats would be over XMPP or not at all. Guess what happened.

Unfortunately, the chances of people actually choosing to use it (or even wiling to try it) is relatively slim. Not because of anything inherently wrong with XMPP itself, but primarily the extreme foothold shitty text messaging and Facebook has these days.

I'll give you one downside: *nobody* outside of us techies has heard of XMPP. So *their* acquaintances are not on XMPP either and they would let you install that client only to chat with you.

People for whatever reason these days love bending over with their pants down, paying ridiculous amounts for text messages (bragging "unlimited" this, "unlimited" that), and anything better (cheaper, not tied to one phone/system, security with TLS and OTR, etc.) is automatically shunned when the word "registration" pops up. Not to mention most people I talk to end up with a blank stare and do not care one bit when I bring up "security" and "privacy" in the conversation.

For a lot of people it really is an already-determined lost cause.

Not everybody has shitty SMS plans (mine is unlimited for all purposes). Not all people care about secure communications, especially when they're about dinner plans and random chit-chat. They also don't perceive eavesdropping as a significant risk (they trust Google and Microsoft, especially the latter since they made his O/S), much less their gov't snooping in ("Pfft... my emails would bore them sick"). No cause of theirs is lost.

Those people, I just won't "chat" with.

Do you have non-techy relatives and friends, who can't be arsed to install Pidgin in their Macs? And you make it harder for them to contact you because you can't be arsed to register a perfunctory email account (with a silly fake name and behind a proxy if you're so keen on protecting UltraZelda64's identity) and use the client (inside a virtual machine if you fear malware/rootkits) it to say "Hi, grab a coffee?" ? People before causes, bro.

Re:Not for long.

[icebike]

Exchanging keys over the inernet?

Why would you do that?

Send me an encrypted email. My public key is easily found via my email address. You don't have to unconditionally trust my key, so don't give me the address and combination to your safe. But you can send me email and build a relationship

IMPP name already taken.

[Eravnrekaree]

The IMPP name has already been used by the IETF for its own standard IM protocol. Its really something that they would have accidentally chosen the same name of an already existing protocol.

TLS

[Weezul]

TLS is useless against PRISM which simply takes records from the server.

You need end-to-end encryption like OTR over XMPP. Afaik all the good XMPP clients like Adium and Jitsi include OTR be default. Of course OTR does nothing against traffic analysis. Worse, OTR is not a mandatory part of the protocol.

TorChat is resistant to traffic analysis, but nobody uses it. Also, it's badly designed so that, if many people did use it, then it'd be hard on the Tor network.

Pond is a new attempt traffic analysis resistant messaging and email over Tor, but Pond is in pretty early stages of development.