Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Communications

Cerulean Studios Releases Trillian IM Protocol Specifications 95

Runefox writes "Cerulean Studios, the company behind the long-lived Trillian instant messaging client, has released preliminary specifications to their proprietary "Astra" protocol, now named IMPP (Instant Messaging and Presence Protocol), which provides continuous client functionality as well as mandatory TLS encryption for clients. According to their blog, Cerulean Studios' motivation for the release is to promote interoperability among the throngs of IM services and clients available by allowing others to also use the protocol. Future concepts include federation with XMPP. While the documentation is in an early state and the protocol is claimed to still be in development, it is hoped that it will help decentralize the very heavily fragmented messaging ecosystem. It's implied that, in turn, greater options for privacy may become available in the wake of the PRISM scandal via privately-run federated servers, unaffiliated with major networks, yet still able to communicate with them."
This discussion has been archived. No new comments can be posted.

Cerulean Studios Releases Trillian IM Protocol Specifications

Comments Filter:
  • by Jonah Hex ( 651948 ) <[moc.liamg] [ta] [smtodxeh]> on Monday June 17, 2013 @07:26PM (#44035257) Homepage Journal
    Seriously, the last time I heard about someone using Trillian was years ago. They are a victim of their own business choices and no longer relevant, I've recommended Pidgin for those who want a all-in-one program instead of separate chat programs, but frankly most people seem to want to stick with whatever the separate companies provide. - HEX
    • by Anonymous Coward on Monday June 17, 2013 @07:47PM (#44035383)

      Ironic really, their "business choices" included enabling access to IM networks whose protocols weren't open...now they're making a big deal out of their own proprietary protocol's "specifications" (i.e. useless advertising material) available.

      And the captcha word of the day is "surreal," no less.

    • by jonwil ( 467024 )

      I used to use Trillian for a while but then I switched to the open-source Miranda IM client. Talks to most of the networks I need (IRC, ICQ, MSN, AIM) and has all the features I need (even more so with extra plugins). 100% open source so I can hack on it if I wanted to.

      Only thing it doesn't do is Skype but you can thank Microsoft for that, not Trillian.

      • pidgin is open source and does skype
        • No. Not on its own it doesn't. It still requires the binary blob from Skype.

        • It kind of does skype. You need to keep skype running, and I've found it often does not display incoming messages. More than once I've had to open up the skype chat window to see what someone's said.
    • by dkuntz ( 220364 ) <douglas DOT kunt ... networks DOT com> on Monday June 17, 2013 @09:44PM (#44036077) Homepage

      I actually still use Trillian, expressly for the continuous client functionality. As there is also the iPhone app, OS X, Windows, etc, not every IM service allows you to log in in multiple locations simultaneously, and allow you to start a conversation on a mobile device, continue on a Windows box, then finish it on a Mac, and have the IM logs and history available on each one. And since a lot of my friends, coworkers, etc, don't rely only on Facebook chat, and I occasionally will send something important to someone, or they to me via IM, being able to look at 1 unified history for that person, and not needing to look on system A, B and C to find the logs, is quite beneficial.

      I've seen some other clients that will do similar things, though mainly on the mobile side only (IM+). Pidgin also does not have a released binary for OS X. You can use one of the ports (Fink/MacPorts), or compile from source (people here may not have issues with that, average desktop types will), or use Adium, which uses the core of pidgin, but, so far, the only decent, and frequently updated, all in one IM program with persistence over multiple clients is Trillian.

    • I think its fairer to say Trillian did not fail because of their own efforts, but because the whole Instant Messaging scene was overtaken by mobile. Trillian is not the only IM service hurting today. Users have been quitting ICQ, AIM, MSN and other services for a while now.

      Most people if they want to broadcast would send out a tweet. If they want to message a smaller circle of friends, mobile apps such as Whatsapp, LINE, Kakao etc. work nicely.

      If Trillian could figure out a way to tap into the networks of W

    • by Weezul ( 52464 )

      TLS is useless against PRISM which simply takes records from the server.

      You need end-to-end encryption like OTR over XMPP. Afaik all the good XMPP clients like Adium and Jitsi include OTR be default. Of course OTR does nothing against traffic analysis. Worse, OTR is not a mandatory part of the protocol.

      TorChat is resistant to traffic analysis, but nobody uses it. Also, it's badly designed so that, if many people did use it, then it'd be hard on the Tor network.

      Pond is a new attempt traffic analysis resi

  • by Anonymous Coward on Monday June 17, 2013 @07:30PM (#44035267)

    I'm concerned that if this encryption is unbreakable to the authorities, this could be problematic in thwarting terrorists and other evildoers.
      I'm not sure its so good that communications is completely unbreakable, there should be some mechanism whereby the government and agencies trying to keep us safe can intercept and decode them.

    • by Anonymous Coward

      Yeah, wouldn't want any tea partiers to start a nonprofit without the IRS knowing about it.

    • by Anonymous Coward

      Ha ha ha ha ha! Good one! ....oh, wait. You're serious, aren't you?

    • like the anti-nuclear acvitists phil zimmerman was trying to protect.

      How dare someone critize government or corporate intrests. They might as well be blowing up buildings.
  • Unimpressed (Score:3, Informative)

    by cronot ( 530669 ) on Monday June 17, 2013 @07:31PM (#44035283)

    There has been a lot of backlash on their blog about this: Why didn't they just go with XMPP? What their protocol have that XMPP doesn't, or couldn't be extended to support?

    Personally - just a guess (also, btw, disclaimer: I'm a subscriber) - I think they're dying. Their client haven't been getting any significant development for the past year, current issues with some protocols have been going unaddressed, and new features like Lync protocol support (which there are working OSS implementations) have been going completely ignored despite many people clamoring for it.

    So, they have been silent for a long time, and now this. It's fishy.

    • Re:Unimpressed (Score:4, Insightful)

      by LordKronos ( 470910 ) on Monday June 17, 2013 @07:56PM (#44035459)

      Why didn't they just go with XMPP? What their protocol have that XMPP doesn't, or couldn't be extended to support?

      http://xkcd.com/927/ [xkcd.com]

    • Re: (Score:3, Informative)

      by icebike ( 68054 )

      XMPP doesn't provide for much in the way of security unless you are using strictly private single servers.

      Once your contacts are scattered across multiple jabber servers all bets are off as far as security.
      Your server will almost surely end up forwarding your message to other servers insecurely.

      XMPP also struggles with binary blobs (images) etc.

      • by Anonymous Coward

        Disclaimer: I run a small ejabberd server.

        > Your server will almost surely end up forwarding your message to other servers insecurely

        Eh? Require your server to only federate using SSL/TLS. (Granted, what other servers do with your bits is beyond your control, but *any* communication over the internet has this problem.)

        > Once your contacts are scattered across multiple jabber servers...

        AFAIK, this doesn't happen. [citation needed]

      • XMPP doesn't provide for much in the way of security unless you are using strictly private single servers.

        Once your contacts are scattered across multiple jabber servers all bets are off as far as security.
        Your server will almost surely end up forwarding your message to other servers insecurely.

        XMPP also struggles with binary blobs (images) etc.

        a) There's GPG for XMPP, which is not so uncommon.
        b) They intend to federate to XMPP, so, all this applies to IMPP.
        c) SSL isn't end-to-end.

        As for binary blobs, there's jingle.

    • What their protocol have that XMPP doesn't, or couldn't be extended to support?

      It has TLS, which is a bad idea for chat. Unless you're taking a deposition, or something, where you want provable identity, most chat is expected to be ephemeral and reputable. Picture two people sitting quietly chatting in a secure room. That's the goal for most online chat.

      You want to use OTR [cypherpunks.ca] for most chat, not TLS. It offers repudiation as well as authentication, security, and perfect forward secrecy. It's even obnoxious

      • You can deal with Authentication using GPG.

        • You can deal with Authentication using GPG.

          Certainly. GPG offers authentication, like TLS, and of course security through encryption, but neither offer repudiation or perfect forward secrecy, which are essential features of OTR and ought to be for any protocol implementing causal chat protocols. They'd be inappropriate features for the problems GPG and TLS are solving.

          In general, you don't want to be able to prove that Alice or Bob said something in an online chat at some point in the future - that's not

          • And if Mallory captures their computing devices, you don't want him to be able to forge messages using their private keys that make it look like they said something they didn't.

            Then I guess you don't want to be using OTR then, because this is one of its features.

            From the OTR site:

            The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you.

            This is actually what gives you deniability. After the chat is completed, anyone can forge additional content. This means that no particular piece of content can be proven to be a part of the original conversation.

      • It has TLS, which is a bad idea for chat.

        Wait, what? All you need to know with chat is that this message came from the same guy as the last message. TLS is fine for that.

    • As far as I understand it, XMPP doesn't allow direct client-to-client communication, you have to go through one or several third-party servers, which will get the content of your messages even if you use encryption.
      It would have certainly been better to build this as an extension to file-transfer or audio/video chat rather than making a new protocol however. (I don't know XMPP that much, but I suppose those three things are direct client-to-client for efficiency reasons)

      • by Bert64 ( 520050 )

        You don't have to use a third party server, you can run your own server for this purpose...
        You can also use end to end encryption tools such as OTR so that the server never has any unencrypted data.

  • by UltraZelda64 ( 2309504 ) on Monday June 17, 2013 @08:15PM (#44035599)

    On the one hand, yes, in a way it is dumb to "open it up" after all this time when XMPP is there. On the other hand, with Google having lost its Federation support and soon enough to lose XMPP support altogether; with MSN Messenger being eliminated in favor of the Outlook.com site or the Skype with a totally closed protocol, and who knows what else, it seemed that XMPP was the only choice. Well, still, for now at least it is probably the best choice--let's see how IMPP takes off--but at least it's no longer the only "open" choice. The promise of Federation with XMPP servers is also good. Overall, I think the extra choice prevails in importance over everyone just jumping blindly to XMPP (simply because it's all that there is left).

    I mean nothing against XMPP--I will be using it unless IMPP proves itself and offers something superior, but I appreciate the choice and the opportunity for the two to compete on a level (open) playing field for the best features. This just means there will be more choice when using multi-protocol clients like Pidgin, and will likely spawn special IMPP "native" instant messaging clients, similarly to what Psy is to XMPP. In the end, I would say this is a welcome change, and with the recent turn of events the timing really isn't too late.

  • by Anonymous Coward

    Why don't we yet have a truly distributed and encrypted chatting protocol, sorta like email except with much lower latency? Have both feature to talk to individual persons, keep the list of it on your local machine (or synced to actual trusted servers, whatever works for you), and as well as joining a "chatroom" within the entire network (which is just a string or whatever), rather than having to rely on having specific servers.

    I'm sure people can work out the smilies plugin and random misc things later o

    • by Anonymous Coward

      If I'm not mistaken, Retroshare does what you ask for.

      http://retroshare.sourceforge.net/

    • by Lehk228 ( 705449 )
      We do, it's called xmpp
  • by arielCo ( 995647 ) on Monday June 17, 2013 @09:31PM (#44036013)

    We have XMPP+Jingle, SIP+SIMPLE, OMA IMPS [wikipedia.org], and now this IMPP joins the club. Guess why people stick to Live Messenger, Skype, Google Talk, Facebook and (gasp) ICQ? These have providers and a pre-existing audience, and people don't care about the inner workings. You can have the best-thought-out, most efficient, open and extensible gem of a protocol, but how many people are going to download a (likely clunky) client and nag their relatives, friends and coworkers into installing it too? Yes, there are a few and we all know one; just wait until said project goes belly-up.

    • Re: (Score:3, Insightful)

      You can have the best-thought-out, most efficient, open and extensible gem of a protocol, but how many people are going to download a (likely clunky) client and nag their relatives, friends and coworkers into installing it too?

      That's why you try to educate people on why they should use that "open" service instead of the increasingly-closed crap, offer to set it up for them (bonus: to register an XMPP account, typically no e-mail address or additional "personal" information is needed), install a good client, and just go on from there. If they like it and want to use it, great--if not, they can go back to whatever increasingly-closed service they were on to begin with. But from now on, they'll most likely only be able to find me

      • by arielCo ( 995647 ) on Monday June 17, 2013 @11:20PM (#44036453)

        You can have the best-thought-out, most efficient, open and extensible gem of a protocol, but how many people are going to download a (likely clunky) client and nag their relatives, friends and coworkers into installing it too?

        That's why you try to educate people on why they should use that "open" service instead of the increasingly-closed crap, offer to set it up for them (bonus: to register an XMPP account, typically no e-mail address or additional "personal" information is needed), install a good client, and just go on from there. If they like it and want to use it, great--if not, they can go back to whatever increasingly-closed service they were on to begin with. But from now on, they'll most likely only be able to find me on XMPP.

        This is precisely what WON'T work, except to alienate your acquaintances. They don't want to be lectured on the importance of openness - at most they'll acknowledge it's a neat idea but in the end what they care about is: Does it work (reliably)? Does it have nice features (voice, video, and possibly file transfers and emoticons)? Can I use it across my devices? For example, Skype mostly fits the bill here.

        I once had a guy ("we all know one" in GPP) pull that hard-sell on me and some other friends, in the early days of Google Talk; he'd keep his Messenger account logged in only to tell us that any further chats would be over XMPP or not at all. Guess what happened.

        Unfortunately, the chances of people actually choosing to use it (or even wiling to try it) is relatively slim. Not because of anything inherently wrong with XMPP itself, but primarily the extreme foothold shitty text messaging and Facebook has these days.

        I'll give you one downside: *nobody* outside of us techies has heard of XMPP. So *their* acquaintances are not on XMPP either and they would let you install that client only to chat with you.

        People for whatever reason these days love bending over with their pants down, paying ridiculous amounts for text messages (bragging "unlimited" this, "unlimited" that), and anything better (cheaper, not tied to one phone/system, security with TLS and OTR, etc.) is automatically shunned when the word "registration" pops up. Not to mention most people I talk to end up with a blank stare and do not care one bit when I bring up "security" and "privacy" in the conversation.

        For a lot of people it really is an already-determined lost cause.

        Not everybody has shitty SMS plans (mine is unlimited for all purposes). Not all people care about secure communications, especially when they're about dinner plans and random chit-chat. They also don't perceive eavesdropping as a significant risk (they trust Google and Microsoft, especially the latter since they made his O/S), much less their gov't snooping in ("Pfft... my emails would bore them sick"). No cause of theirs is lost.

        Those people, I just won't "chat" with.

        Do you have non-techy relatives and friends, who can't be arsed to install Pidgin in their Macs? And you make it harder for them to contact you because you can't be arsed to register a perfunctory email account (with a silly fake name and behind a proxy if you're so keen on protecting UltraZelda64's identity) and use the client (inside a virtual machine if you fear malware/rootkits) it to say "Hi, grab a coffee?" ? People before causes, bro.

        • by Anonymous Coward

          People before causes, bro.

          I don't agree with this. At some point you have to stick to your principles.

          I totally agree that the networking phenomenon makes it difficult it to use solid communication protocols, and you do have to think honestly about how the average person will react. I've gone back and forth over time over where to draw that line.

          However, corporations and the government manipulate this to their benefit. It's precisely because of this "people before causes" idea that they pull this, because people aren't willing to sa

          • I remember a time when people were willing to try different programs to communicate, and it was no big deal. It seems like over time, people have become more and more wedded to frameworks provided by big companies like Google, Microsoft, and Apple, rather than tools.

            I noticed the same thing. I have also noticed that with the explosion of text messaging, people tend to just use that and avoid *anything* that requires any amount of setting up whatsoever. While people used to be more willing to change, it seems that these days they are far more resistant to stray from text messaging and Facebook. They tend to use the claims "I'm on Facebook" or "everyone I know is on Facebook," or for text messaging "I'm paying for it so I use it" or "I have unlimited text messaging."

            B

        • They don't want to be lectured on the importance of openness

          Which is why I'd go over the unique features above all else, and only briefly touch on the "openness" details... such as Federation and the freedom to even host your own server if you want. The way I see it, the "openness" (specifically, the Federation) is just a bonus.

          at most they'll acknowledge it's a neat idea but in the end what they care about is: Does it work (reliably)? Does it have nice features (voice, video, and possibly file transfers and emoticons)? Can I use it across my devices? For example, Skype mostly fits the bill here.

          Reliability--yeah, people care about that, but it's not something most people consider when choosing a service. Most people I know just get pissed when the service doesn't work, but as soon as it works again they forget all about it. Most

          • I no longer no anyone who uses AIM

            WTF... did I seriously just type that? Wow, I really need to get new glasses... know, I obviously meant...
            Where is the edit function when you need it?

      • There is an XMPP interface to Facebook chat which works pretty well. Works even better than GMail on some aspects.

        • Unfortunately, it:
          1) Requires a Facebook account, and I would never trust that company enough to create an account there.
          2) Is not really XMPP from what I understand, just an interface for compatibility purposes.
          3) Does not support Federation with all the other XMPP servers out there.

          But yeah--I agree that if you've already given your information to Facebook, then their "chat" service might not be too bad. Certainly it's got users out the ass.

    • We have XMPP+Jingle, SIP+SIMPLE, OMA IMPS [wikipedia.org], and now this IMPP joins the club. Guess why people stick to Live Messenger, Skype, Google Talk, Facebook and (gasp) ICQ? These have providers and a pre-existing audience, and people don't care about the inner workings. You can have the best-thought-out, most efficient, open and extensible gem of a protocol, but how many people are going to download a (likely clunky) client and nag their relatives, friends and coworkers into installing it too? Yes, there are a few and we all know one; just wait until said project goes belly-up.

      People started caring about gtalk's inner workings when they realized they could not longer see a lot of their contacts (the non-google ones) in the new "hangouts" clients.

      Jabber precedes Skype. XMPP precedes Gtalk.

      Seems like most of your claims are invalid.

      Also, there's a new XMPP<->SIP federation standards in the works (it's still a IETF draft though).

      • by arielCo ( 995647 )

        STANDARDS vs SERVICES. I can plan my life with Summer Glau from courtship to the kids to be had and retirement, and refine it until my fingertips bleed, but it's not getting me any closer to a material reality. Or rewrite the English language into perfect consistency. Hmm... a Dr. Esperanto came to mind.

        • It's not a service, it's a standard being drafted by the IETF, which would allow any xmpp or sip server to federate to the other protocol.

    • Guess why people stick to Live Messenger[...]?

      No, they don't. Microsoft shut down Live Messenger in April. You're expected to use Skype instead.

      My friends aren't exactly happy about that; Skype doesn't exactly have a great user interface. There's a reason why most of them have standardized on Jabber for IMs: You can use third-party clients with a reasonable user interface without running into compatibility issues. Additionally, most people also know someone who doesn't use their IM of choice and don't want to have multiple IM clients open at the same

      • No, they don't. Microsoft shut down Live Messenger in April. You're expected to use Skype instead.

        So the news articles claimed but at least for me pidgin still seems to connect sucessfully to it and get the buddy list (though it's a while since i've actually tried to talk to anyone on it, been using irc more laterly)

        • Might be that they kept the protocol alive for now. I can't really tell either given the fact that nobody I know uses the official client.
  • by Eravnrekaree ( 467752 ) on Monday June 17, 2013 @11:12PM (#44036429)

    The IMPP name has already been used by the IETF for its own standard IM protocol. Its really something that they would have accidentally chosen the same name of an already existing protocol.

  • I was a huge proponent of Trillian (and a paying customer) for quite some time. I used it to connect my AIM, ICQ, MSN, and Yahoo accounts.

    At about the time I ditched ICQ, it seemed that Trillian was getting bigger and more bloated with features I didn't care about, and had frequent connection problems. And so I tried Digsby and loved it.

    Then I believe I got a new computer, and for about a week I forgot to install Disgby. Turned out that nearly everyone I wanted to chat with was either on Facebook or SMS, an

  • Lets deal with protocol fragmentation by introducing another protocol.

  • I rarely login to facebook, but I do have pidgin connected via XMPP and that works fine for chatting with non-technical friends on facebook. Facebook switching to a private protocol would be a shame, but I'm not sure I would bother installing a separate client.
  • Easy for the NSA to get a false cert from the CA

    Self signed certs are worthless too. Most people will accept any ould cert without wondering why a new one was issued

You know you've landed gear-up when it takes full power to taxi.

Working...