Breaching location privacy in XMPP based messaging

Privacy is an increasingly important theme in communications. With increasing mobile users, previously neglected aspects as location privacy become important in our social life. Currently, Instant Messaging applications are considered to have a strong privacy model between users, because all communications are mediated by the service. In this paper, we analyse IM under the light of location privacy. We devise a set of potential attacks, and analyse the behaviour of many systems under these attacks. Our results show that while not all implementations are vulnerable, some popular IMs are breachable by one or more of these location privacy attacks. With browser based and mobile implementations being less vulnerable because they tend to provide a reduced set of features, thus reducing the attack surface.