Port 5222: XMPP — The Language the Internet Almost Spoke

Port 5222 carries XMPP client connections. Every message sent through Jabber, every presence update from a federated chat server, every XML stanza exchanged between humans or machines flows through this port. It is the default TCP port for XMPP client-to-server communication, registered with IANA and defined in RFC 6120.¹

XMPP stands for Extensible Messaging and Presence Protocol. The name is accurate but clinical. What it actually does is let anyone run a messaging server, and let users on different servers talk to each other, the same way email works. Your address looks like alice@example.com. Alice can message bob@different-server.org. No central authority controls who can participate.

This is what the Internet was supposed to be.

The Protocol

XMPP works by opening persistent TCP connections and streaming XML between client and server.² When you connect on port 5222, you begin a negotiation:

1. Open an XML stream to the server
2. Negotiate TLS encryption (mandatory in modern implementations)
3. Authenticate using SASL
4. Bind a resource to your session
5. Exchange XML stanzas until you disconnect

The protocol has three fundamental stanza types:³

Message stanzas carry chat messages. They are fire-and-forget pushes of content from one entity to another.

Presence stanzas broadcast availability. When you set yourself to "away" or "busy," that status propagates to everyone subscribed to your presence.

IQ stanzas (Info/Query) handle request-response patterns. They work like HTTP GET and POST, with every request carrying an ID that the response must match.

The key insight is that XMPP maintains a persistent, bidirectional XML stream. Either side can push data at any time. There is no polling. When someone messages you, the server immediately pushes that stanza down your open stream. Real-time communication without the overhead of constantly asking "anything new?"

The History

In 1998, Jeremie Miller was working at an ISP in Iowa and getting frustrated.⁴ His office was using IRC, ICQ, and Excite chat. Three different protocols. Three different clients. Three different contact lists. None of them could talk to each other.

Miller had grown up on a farm in Cascade, Iowa, started coding as a teenager, and attended Iowa State University for computer and electrical engineering before dropping out in 1995 to join a startup.⁵ He understood both the power of open protocols and the pain of proprietary silos.

In January 1999, he announced Jabber to the world and released jabberd, the first open-source XMPP server.⁶ The name "Jabber" captured what the protocol enabled: endless, decentralized conversation. Anyone could join. Anyone could run a server. Messages would find their way.

By May 2000, jabberd 1.0 was released. Development moved fast. Open-source clients proliferated. The wire protocol for real-time XML streaming stabilized.⁷

In November 2002, the IETF chartered the XMPP Working Group to formalize the protocol as an Internet standard.⁸ Jeremie Miller himself presented at IETF 55. Two years later, in October 2004, RFC 3920 and RFC 3921 were published, defining XMPP Core and XMPP Instant Messaging.⁹

The protocol had gone from a frustrated developer's side project to an IETF Proposed Standard in five years. Port 5222 was officially registered. The open messaging future had arrived.

The Golden Age

Around 2008, XMPP hit its peak.¹⁰ Google Talk was an XMPP client that federated with the broader Jabber network. You could message someone on a Google Talk account from Pidgin or any other Jabber client. Facebook opened its chat to XMPP in February 2010.¹¹ For a brief, shining moment, you could use one client to talk to friends on Google, Facebook, and any public Jabber server.

This was interoperability in practice. Normal people knew what XMPP was. Trillian and Pidgin were common programs. AIM, MSN, and Yahoo were all accessible through XMPP bridges. The protocol was winning.

The Betrayal

In 2013, Google decided that most Google Talk conversations were between Google users anyway.¹² They did not care about respecting a protocol they could not fully control. Federation was disabled. Google Talk became Hangouts, then Allo, then Duo, then Google Chat. Each iteration more proprietary than the last.

Facebook followed in April 2014, quietly dropping XMPP support.¹³ The official reason was unstated. The actual reason was strategic: pushing users into Meta's proprietary ecosystem was more valuable than interoperability.

The companies that had adopted XMPP when it helped them grow abandoned it once they had captured their users. The federated future collapsed into walled gardens.

The Irony

Here is the part that hurts:

WhatsApp was originally built using an open-source XMPP server.¹⁴ The protocol used by WhatsApp today is a direct derivative of XMPP. They converted the XML tags to a binary format for efficiency, but the fundamental design and semantics remain identical. WhatsApp is XMPP, compressed and defederated.

WhatsApp is the most popular messenger in the world. It runs on XMPP's bones. And it cannot talk to any other XMPP server on Earth.

Meta embraces open protocols when they benefit from network effects (Threads federating with Bluesky and the Fediverse) and resists them when they threaten market control (refusing XMPP interoperability under the EU's Digital Markets Act).¹⁵

The Protocol Today

XMPP never died. It became niche. The XMPP Standards Foundation continues developing extensions. New clients emerge. The protocol powers IoT devices, smart home systems, and enterprise deployments where federation and extensibility matter.¹⁶

XMPP is used in healthcare systems in Germany, military communications for the Bundeswehr, and countless private deployments where "someone else controls the server" is not acceptable.¹⁷

Jeremie Miller now sits on the board of directors for Bluesky, another attempt at decentralized social communication.¹⁸ The dream persists, wearing different clothes.

Security

XMPP on port 5222 uses STARTTLS to upgrade connections to TLS encryption.¹⁹ This is mandatory in modern implementations per RFC 6120 and RFC 7590.

However, STARTTLS has known vulnerabilities:²⁰

Downgrade attacks: A man-in-the-middle can strip the STARTTLS advertisement, convincing clients that encryption is unavailable.

Command injection: Implementation bugs have allowed attackers to inject commands during the TLS negotiation phase.

Certificate validation: If clients do not properly verify server certificates, encryption provides false confidence.

The older approach used port 5223 for "legacy SSL," where connections were encrypted from the first byte.²¹ This was deprecated in 2004 but is sometimes still used because direct TLS avoids STARTTLS vulnerabilities.

Modern recommendations:²²

• TLS 1.2 or higher is mandatory
• TLS 1.0 and 1.1 should not be negotiated
• SSL versions must never be used
• Certificate verification must be enforced

Related Ports

What Flows Through

Every XML stanza on port 5222 carries something human. A message to a colleague. A presence update saying "I'm here." An IQ query checking if a friend is online.

In the golden age, port 5222 carried conversations across organizational boundaries. A Google user chatting with a Facebook user through a Pidgin window. That federation was real. It worked. It was killed not because it failed technically, but because it succeeded too well at letting users escape proprietary silos.

Port 5222 still carries that possibility. Any XMPP server listening on this port can federate with any other. The protocol does not require permission from Google or Meta or anyone else. The addressing works. The streams flow. The stanzas arrive.

The infrastructure for an open messaging Internet exists. It has existed since 1999. It is waiting on port 5222 for the moment when enough people decide that talking to each other matters more than being captured by platforms.