As an operator of a data protection-friendly alternative to WhatsApp, I try to offer a “data-saving” server. However, there are a few things to consider:
IP addresses of users are not logged by default. Exception: In case of incorrect login attempts, the IP address is logged to prevent attacks on accounts.
No personal data is required for registration. This unfortunately complicates the proof of account ownership if the password has to be reset by the operator. Tip: Create a fancy contact whose secret XMPP ID only you know. This way you can prove that you are the owner of your account.
To keep messages synchronized across multiple devices and exchange messages even when two subscribers are not online at the same time, messages are cached on the server for up to 4 weeks. This function is called “MAM”. (Message Archive Management) and is activated by default for both individual conversations and MUCs (Multi User Chats, Chatrooms), in order to offer a similar user experience to commercial messengers, especially to inexperienced XMPP users. For your own security, you can use OMEMO encryption / end-to-end encryption to keep your conversations safe even if my server systems are breached. You don’t agree with the logging? This way!.
Contents uploaded via http_upload remain stored on the server for 4 weeks
If I am required to cooperate with law enforcement authorities under any applicable law, information will be disclosed in accordance with the applicable law.
Overview of stored data
- IP addresses for incorrect login attempts
- News history (4 weeks. Optional: Disable message logging.).
- Time of last login (to detect inactive users)
- Profile information and avatar
- Contacts and MUCs added to the account
- Uploaded files (4 weeks)
You can protect your personal messages by enabling end-to-end encryption (e.g. OMEMO).