I'd say you take IM far too seriously if you actually worry about stuff like that, but I can understand your concern.

Secondly, if you don't think there's already a "man in the middle" when you're connected to AIM, MSN, and others "directly", you're just fooling yourself... unless your packets take only one hop to reach their servers. If you're that worried about something like a man in the middle attack on an IM session, well, you'd better turn off your PC.

I can't offer you much else here except for my word, which is most likely worthless to you, but I'll give it to you anyways.

Yes, your IM passwords are stored on the server so that the gateways can connect you to your IM services. No, they are not stored in plain-text, but as an encrypted hash in a private MySQL database. As the admin, I can change the password you told the IM gateway to use to connect to your service, but I cannot retrieve the original unencrypted password. We offer encrypted connections to the Jabber server.

As far as sniffing your traffic is concerned, the Jabber server offers (as most others do) various levels of logging. Warning, errors and general info (so and so connected) are logged by default by the Jabber server. Another level, debug, is also available, which shows (as far as I know) all traffic being sent in and out of the Jabber server in plain text.

Yes, this includes any and all messages that happen to be flying by (and is the only logging level to do so).

Because of the huge volume of data that's generated by debug logging, it is off by default and remains off unless I need to figure out why something isn't working, during which times I turn it on for small bursts while I test (such as the possible Yahoo message problem we might currently be having). With 138 users, around a third of which are active at any given time, it's pretty much the only way I can do any debugging on our side. (I'm not going to totally shutter the service while I do that.)

I assure you, I'm really not interested in what you ate for dinner, what your mom thinks was the reason the Raiders lost on Monday night or if you think Bush is an ******* and I'm certainly not interested enough to sit there reading debug logs all day to find out. (And if you're sending anything more sensitive than that over IM, you might as well not worry about me intercepting anything because it's clear that you just don't care about what you're sending anyways.)

(In the interest of being open with you, the Jabber server that Jablet runs on is Openfire 3.4.1 with IM Gateway 1.2.0. Take a look at the code if you're interested.)

But, of course, I'm just another nameless faceless internet user that you don't know swearing to never do anything bad with your data. I don't blame you if you feel you can't trust me and that's fine. I can't promise you that your traffic could never be sniffed once it leaves my servers either. All I can give you is the choice to use it or not.

If you have any other questions or concerns, feel free to ask me at any time, either here or by e-mail and I'll be happy to answer.

(And just so that I'm not quite as nameless and faceless, that's my face used as my profile picture here, and let's sign this with my real name too.)

- Jason Carter

I use google talk quite a bit. I was browsing around in it today and noticed something interesting.

If you click on contacts, then pick a contact and edit it, you can specify (among other) MSN and Yahoo addresses for people to chat with.

I know gtalk is jabber-ish. Is this option new? I don't recall being able to do it before. The implication is that the n8x0 talk client should be able to connect to other services without using jablet.

I'll bet they do!
Then all I got to say, is, man, it's about time! Come on down! I know, it's a 'red' state, but there's a few of us here, esp in Austin, that have had the 'blues' for a while. Speaking of which, if you love music, the ATX is the place to be (see South by Southwest).

Anyway, I love the new service, thanks again!

GTalk *is* Jabber. It's possible that they're adding the gateways themselves, I don't know.

EDIT: You're talking about the PC Google Talk client, I assume.

I lived in a red state for five years, so visiting Texas wouldn't kill me (just the wallet). I'd love to come down, but the logistics don't look like they'll work themselves out anytime soon.

But if I'm ever in the area, you know I'll take you up on your offer.

awesome job guys. absolutely fantastic, just set up my jabber account on the good ole 770 and imported my icq-contacts. everything worked perfectly fine.
if i would believe in god i would include you in my evening prayer. but i don´t (believe in god) so i just say THANKS A LOT!!

I'm talking about the web based client (being a long term linux guy)

EDIT: I checked the gtalk option when I got home. Turns out that the gmail/gtalk contacts editing screen allows you to add information about services for the contacts, but there is no actual gateway to connect them.

I'm sitting here at my desk at work and right in the middle of an important work discussion said aloud "Eric Foreman is using my server."

They all probably think I'm nuts.

We come down at least once every spring. Count on it.

Xlnt! I will. I'll send you my email in a PM so you can let me know when you're coming.