Starting today, yaxim is switching its protocol foundation from the deprecated exchange of clumsy and inefficient XML streams to the modern and elegant combination of HTTP and JSON/REST, the Matrix protocol.
As users of a service, you have a right to know which data the service is storing about you and how it is using that data. Starting tomorrow, this right will become law in the European Union as the General Data Protection Regulation (GDPR).
In the last months, we have worked out how this affects the Jabber ecosystem. This work has resulted in the creation of new service policies for the yax.im service, which become effective today.
Jabber spam has become a huge problem over the last one or two years. Spammers register thousands of accounts on hundreds of public servers, and then send masses of messages to real and guessed Jabber addresses. The yax.im server operators are committed to fighting XMPP spam and helping others do so as well. In the last two weeks, yax.im automatically blocked 46996 messages from 14293 different accounts registered on 282 different servers.
There is a new yaxim release, fixing the CVE-2017-5589 security vulnerability. PLEASE UPGRADE NOW!. The vulnerability allowed attackers to make messages appear as if they were sent by somebody else:
The release also provides a number of long-awaited improvements like Easy XMPP, Group chats, Android Auto, a new design and much much more.
In the last three months, it was not possible to register new accounts on yax.im. This issue has been resolved now.
Currently, the yax.im service is experiencing connectivity problems (“remote-server-not-found” or “connection-timeout” on server-to-server links, “Unable to resolve yax.im” on clients) due to a DNS problem.
To support DNSSEC, we are moving the yax.im and yaxim.org domains to a different set of nameservers. It looks like the old nameservers for yax.im stopped resolving the domain before the 72h transition period was over; a support ticked has been opened for this. Please bear with us (or flush your resolver cache) until the issue has been fixed.
yaxim’s stated first goal is security. Unfortunately, there are days when you realize you failed hard at reaching that goal. All versions of yaxim before 0.8.8 are vulnerable to a Man-in-the-Middle attack, where an active attacker can redirect and read all your traffic by using a valid SSL certificate for his own server.
Update: the following text was posted on April Fools’ day, 2014. yaxim (as well as yax.im) remain a little private project of its administrators, and there are no plans to get acquired, especially not by the military-industrial complex. Nevertheless, we encourage everyone with the respective capability to run their own servers for themselves and their friends!
In the last months, several big takeovers happened in the Instant Messaging world. Facebook bought Instagram and WhatsApp (but failed to get Snapchat), Rakuten got Viber, and Tango was bought by China’s Alibaba. We at yaxim used the exciting growth that followed the start of the yax.im service to unite with Booz Allen Hamilton, a strong partner that greatly values our assets.