I’ve been inspecting this topic quite a lot and I’m a little confused now. So, we have reasons not to use Signal, reasons not to use Matrix, there were also some claims about Session being a fraught. Briar is mostly activists related (not very suitable for daily use), XMPP lacks good clients and suffers from fragmentation of protocol standards implementation, SimpleX is too feature-incomplete (no UnifiedPush support, big battery drain on Android, very decent desktop client without any message sync). I can’t say a lot about Threema or Wire, as I’m not very familiar with them.
So, my question is — is there any good private messenger at all? What do you think is the most acceptable option?
EDIT: In addition to my post:
All messengers have their flaws, I’m well aware of that. I was interested in hearing users’ opinions regarding these shortcomings, not in finding the perfect messenger. I may have worded my thoughts incorrectly, sorry for that.
You must log in or register to comment.
That article in Signal is bogus. It is entirely based on speculation from how funding comes in, and also either ignores, or misunderstands how Signal fundamentally works.
The EFF recommends Signal, and it’s one of the most secure ways to communicate.
https://ssd.eff.org/module/how-to-use-signal
You can make your own decisions, but if you just grab any random arguments, you’ll find a reason to doubt everything.
The US-state-department funding is important sure, but you also ignored every other point in that article.
Do you make the same criticism of TOR?
That rabbit hole goes very deep, but I’m not knowledgeable enough to speak on it. It could very well be a crypto AG style honey-pot, or already cracked tech, that we might not know about for years to come.
Lemmy has some sort of slander campaign going against Signal. Can’t tell if it’s just misinformed idiots or a paid shill smear campaign being run here (likely the former, Lemmy is too small for companies to give a shit about.) It’s really annoying. Same with Mozilla and Firefox. Not sure Lemmy likes anything?
Give me your phone number so I can chat with you on signal about this.
Signal has usernames (must be enabled) and you can have your phone number hidden from public view & prevent it from being used to search up your acc
That got added recently, but you still need a phone number to sign up. A phone number is tied to your identity, meaning that signal’s database has the names and addresses of everyone who uses it. And since signal is US-based, its subject to US national security letters, meaning its illegal for signal to tell anyone that the US government has requested information about who they’re talking to.
Under the Obama administration, an average of 60 NSLs were issued every single day.
It’s not too difficult to establish a Signal account from a burner number from a prepaid sim card. I currently have a Signal account tied to a sim not in my name. Getting a burner with cash is an option. Or, if you’re lucky enough to live near a payphone and can gain access to the number, you can activate a signal with a phone call.
There is no reason to do any of that. No one forced signal to use phone numbers as their primary identifier, and plenty of privacy oriented chat programs don’t require that.
I’m sot trusting anything from signal themselves, just like I wouldn’t trust anything apple, microsoft, google, or any other US-based company with centralized services says about themselves.
Let me message you without having an Android or iOS primary device then. Can’t do it.
XMPP clients are fine albeit it all, as many as they are, slightly different as is the nature of the protocol. This just means there is value in contributing to existing clients, creating new clients, or embracing progressive enhancement (which most do for example with emoji reactions just being a quoted text reply & so on) & complete feature parity is a fool’s errand if you want an exensible protocol with diversity & experimentation in the community. With the broad exception of the Conversations Compliance, there isn’t a flagship client & instead the best ideas come to the most used or most innovative clients. I use Cheogram, Profanity, Gajim, Dino, Movim at different times (& would love to create my own). The protocol is stable, healthy, & ready for proposals for improvement.
If I compare this to the more-expensive-by-all-metrics-to-run Matrix, if it ain’t Element, you gotta problem since a vast majority of users are on it & using all of its features & no other client has anything near parity but are expected to have parity instead of allowing things to sometimes be gracefully missed or shown in a less than ideal manner as acceptable. This hurts experimentation. Good luck trying anything similar to GDPR when all nodes are design & required to duplicate all messages & attachments for all users to every server anyone in it comes from.
The only real gotcha is the same gotcha as Matrix when using multiple clients with double-ratchet encryption (ala Signal) is that clients will expire keys that haven’t been seen in a while & is hard to get both devices retrusting one another. Turning it off & on again rarely works & requires fiddling on both ends sometimes. I really should just use PGP for encryption more often…
The problem is that iPhone has some weird shit about push notifications and none of the high security XMPP clients I have tried seem to support them.
XMPP doesn’t need notifications per se since it already has a connection to the client. Since it works for all other OSs to hook into this & display a notification, I don’t even want to know what restrictions Apple has on iOS that prevent such basic behavior. Apple digs its own grave here. What’s worse is I want to say “go get a Android phone, dummy” to a ‘normie’ but the stock OS on any Android phone is going to be on aggregate a worse privacy situation unless you would have to be ready to teach how to unGoogle it to the extent they would tolerate.
Linux phone when?
The German technology blog Kuketz has a comprehensive overview and comparison of all major messenger services.
Thanks for sharing. Very useful.
Almost all those can be self-hosted, and built from source, so matrix, xmpp, simplex, are fine. Don’t use anything that’s uses a centralized server in a five eyes country, like signal or threema.
For me SimpleX does everything I need. Unified push would be nice, and would address battery usage. I don’t need or want message sync, so that’s not an issue.
They all have tradeoffs, so it’s just a matter of your priorities. For instance I’m OK with the higher battery drain because it’s not using Google.
Snikket is an attempt to solve the XMPP issues, or at least to reduce them, single all-in-one XMPP server distro and clients across platforms, and since it’s self-hosted no one should get their hands on your data (in normal circumstances).
That said, the saying goes “Perfect is the enemy of Good”. Just because a solution is not perfect doesn’t make it unusable, any of those options you mention full of problems are a helluva better than FB Messenger or plain SMS for example. Depending on your threat model they might be more than enough.
Simplex.chat
No identifiers, pfp, FOSS, can route through tor.
Or host your own matrix or xmpp server.
You could try Molly if you don’t like Signal
I didn’t say I don’t like Signal, Matrix or anything else. I just provided links to accompany my question.
XMPP lacks good clients and suffers from fragmentation of protocol standards implementation
- For Android: Conversations is excellent, also on F-Droid if you don’t want to use the Google store.
- For iOS/MacOS: Siskin or iOS/MacOS: Monal.
- For Linux/Windows: Gajim or Linux: Dino.
“Protocol fragmentation” is not a valid complaint about XMPP – it’s like complaining that ActivityPub is fragmented; but that’s not a problem: you use the services (Mastodon, Lemmy, Kbin, etc) built with it which suit your needs, mostly interacting with that sector of the federation (eg, Lemmy+Kbin), but get a little interoperability with other sectors as a bonus (eg, Lemmy+Mastodon).
Do those ios clients support push notifications?
So, we have reasons not to use Signal, reasons not to use Matrix
yes, nearly all possible things in the world have been argued by someone somewhere already
Wire is the best for security (it literally won’t let you send messages unencrypted), cost (its free), privacy (no phone number required), and usability for the masses (Foss client on all the platforms, messages sync between each client like you’d expect)
I haven’t found anything that checks all those boxes other than Wire (though I do wish we had other options that came close)
Simplex Chat is better in many ways. The biggest reason is that you can self host the server.
And it is worse in many ways
People say this over and over “depends on your threat model” and yet people seem to have a hard time understanding that. Your threat model is “who is your adversary and what he is willing/able to do”. Your security goal is what do you want to keep from your adversary.
As others said, if you are an activist or sth important, perhaps you might want to build a working knowledge of cryptography yourself. If you just want META not being able to see your NSFW chat with your romantic partner Signal might be more than enough. In fact, people way more relevant than me also suggest that Signal is good even for bounty hunter vulnerability reporting.
Having said that, what bugs me most is that people think the instant messaging format as suitable for everything: activism, jobs, crimes, broadcasting 1970’s prog rock for extraterestrials , whatever lmao. Do you really want to use your phone for all that? Like, just carrying the phone around in the first place nullifies your other precautions, for all advanced threat models beyond privacy of non-critical social messaging.
Persistent/resourceful adversaries can eventually get to you, using a set of penetration and intelligence techniques, which means, if you are involved, the convenience of messaging your partners in crime from the phone in your pocket while waiting for a bus is a convenience you probably can’t afford.
It’s impossible to escape the surveillance of those three letter agencies. We only got a brief glimpse into the other side of the curtain back in 2013, and there is no idea how advanced their surveillance technologies are, so why bother for a normie?
It’s also painstaking if not impossible to wipe all your metadata from the internet, which can later be mined to infer personal data and sold by data brokers. Not to mention that people have jobs and use their credit cards, no way even to hide the most important personal identifying information.
So using Signal, despite being centralized, is not too bad at all. Very few people can totally sacrifice convenience for privacy.
Not to mention that people have jobs and use their credit cards, no way even to hide the most important personal identifying information.
Exactly, this is a lost cause. If you participate in society your essential data are simply out there. For most people the task is to minimize their footprint. If we are talking about evading mass surveillance, then we should take for granted that the person will be to one or another degree marginalized, or lead a fringe lifestyle.
Conversations for android is an example of a good XMPP client.
Any iOS equivalent?
Monal comes close.
Motal is participating in GSoC this year to get some new features too.
But this is a wider issue that developing free software for Apple products is way too expensive (time & money) to be feasible while also going against the general free software ethos. It should be no surprise the walled garden of a proprietary OS that charges you to publish to their store has a severe lack of free or otherwise ethical software (which is important for security for something as important as a messaging app full of private data).
DeltaChat. I don’t use it myself because it’s built on electron (which basically excludes 99% of modern chat clients); but as it’s technically an email client turned into a chat client, we can assume you’re protected by PGP when writing to most users, and with the added effect of not needing to convince anyone to install anything since from their end it’s just an email.
protected by PGP
Someone here recently linked to this gem https://www.latacora.com/blog/2019/07/16/the-pgp-problem/
The article warns PGP over Email is a safety concern. They suggest Signal instead. (And several other tools to replace PGP)
PGP is unfortunately one of the only reliable ways to get encrypted messages into and out of China. Most of that article is kind of nitpicking IMO. The only major cryptographic issue is lack of forward security. The rest can be dealt with if you have a bit of know how.
Sure, I see where you are coming from. I used to be in favor of PGP as well, but I think I just was conditioned to it because it was everywhere, eg Linux repositories. The argument I found more convincing in this article is that PGP is a swiss-army knife. You might want to use it in an emergency, but professionals have special tools for each different task. In fact, the article suggests very nice alternatives for each task: Encrypt with age , sign with minisign. Two different tasks, two different tools, no need for a web of trust. Just for the arguments sake why do you think that PGP is worth it given the burden of entry?
