I’ve been inspecting this topic quite a lot and I’m a little confused now. So, we have reasons not to use Signal, reasons not to use Matrix, there were also some claims about Session being a fraught. Briar is mostly activists related (not very suitable for daily use), XMPP lacks good clients and suffers from fragmentation of protocol standards implementation, SimpleX is too feature-incomplete (no UnifiedPush support, big battery drain on Android, very decent desktop client without any message sync). I can’t say a lot about Threema or Wire, as I’m not very familiar with them.
So, my question is — is there any good private messenger at all? What do you think is the most acceptable option?
EDIT: In addition to my post:
All messengers have their flaws, I’m well aware of that. I was interested in hearing users’ opinions regarding these shortcomings, not in finding the perfect messenger. I may have worded my thoughts incorrectly, sorry for that.
You must log in or register to comment.
jami has so much potential. just wish it ran a bit more reliable
I’m using simplex without problems. I get all notifications and didn’t notice an increased battery drain.
Dead drops and one time pads.
Set up a numbers station if you can afford it.
So, we have reasons not to use Signal, reasons not to use Matrix
yes, nearly all possible things in the world have been argued by someone somewhere already
These reasons are serious and valid. That’s why I provided links, so as not to be unsubstantiated.
This whole subject is such a chestnut here. No messaging option is perfect, you will need to compromise. If a perfect option existed you would have heard of it already. And if you haven’t heard of it, then by definition it must be small with few users and even fewer maintainers to keep an eye on its codebase and security, which is risky in itself.
All messengers have their flaws, I’m well aware of that. I was interested in hearing users’ opinions regarding these shortcomings, not in finding the perfect messenger. I may have worded my thoughts incorrectly though, sorry for that.
From what I’ve seen there’s a lot of very bad security advice out there with even tech journalists and such just straight up repeating stuff they don’t understand
For me SimpleX does everything I need. Unified push would be nice, and would address battery usage. I don’t need or want message sync, so that’s not an issue.
They all have tradeoffs, so it’s just a matter of your priorities. For instance I’m OK with the higher battery drain because it’s not using Google.
Signal, Threema, SimpleX.
Your source is ridiculous. Please educate yourself about more how Signal works.
That article in Signal is bogus. It is entirely based on speculation from how funding comes in, and also either ignores, or misunderstands how Signal fundamentally works.
The EFF recommends Signal, and it’s one of the most secure ways to communicate.
https://ssd.eff.org/module/how-to-use-signal
You can make your own decisions, but if you just grab any random arguments, you’ll find a reason to doubt everything.
The US-state-department funding is important sure, but you also ignored every other point in that article.
Do you make the same criticism of TOR?
Lemmy has some sort of slander campaign going against Signal. Can’t tell if it’s just misinformed idiots or a paid shill smear campaign being run here (likely the former, Lemmy is too small for companies to give a shit about.) It’s really annoying. Same with Mozilla and Firefox. Not sure Lemmy likes anything?
Give me your phone number so I can chat with you on signal about this.
Signal has usernames (must be enabled) and you can have your phone number hidden from public view & prevent it from being used to search up your acc
Let me message you without having an Android or iOS primary device then. Can’t do it.
That got added recently, but you still need a phone number to sign up. A phone number is tied to your identity, meaning that signal’s database has the names and addresses of everyone who uses it. And since signal is US-based, its subject to US national security letters, meaning its illegal for signal to tell anyone that the US government has requested information about who they’re talking to.
Under the Obama administration, an average of 60 NSLs were issued every single day.
I’m sot trusting anything from signal themselves, just like I wouldn’t trust anything apple, microsoft, google, or any other US-based company with centralized services says about themselves.
It’s not too difficult to establish a Signal account from a burner number from a prepaid sim card. I currently have a Signal account tied to a sim not in my name. Getting a burner with cash is an option. Or, if you’re lucky enough to live near a payphone and can gain access to the number, you can activate a signal with a phone call.
There is no reason to do any of that. No one forced signal to use phone numbers as their primary identifier, and plenty of privacy oriented chat programs don’t require that.
You can make your own decisions, but if you just grab any random arguments, you’ll find a reason to doubt everything.
Agreed. Especially if your source is Dessalines. 🙄
What level of attacker do you realistically need protection from?
his mom?
Simplex.chat
No identifiers, pfp, FOSS, can route through tor.
Or host your own matrix or xmpp server.
There’s no such thing as private on the internet. Sometime after the nineties everyone forgot that.
You’re confusing privacy with anonymity.
No I’m not. Google up police cracking criminal crypto wallets. These kinds of responses are exactly why this question got asked.
There is no such thing as a binary choice between “absolutely private” and “absolutely non-private”.
This is not binary like this either. There are a TON of variables.
- You can have the IPs you communicate with visible to your ISP directly, or hidden from an ISP but visible to a VPN, or hidden from ISP but visible to the Tor network, the safety of which depends on “against whom”.
- You can have your messages encrypted in transit but visible to the messaging server, or encrypted end-to-end and thus useless to the messaging server too.
- You can have the identity you post under bound to an identity outright, or you could obfuscate that.
- You can use a centralized messenger that has your whole communication graph and all metadata, or you can use a federated one with multiple identities and thus metadata scattered across multiple places. Or Briar that doesn’t have servers at all.
All depends on whom you want to be private against, as well as how much effort they want to put into getting your information. There is no “absolute privacy”… But there is “requiring more effort from the chosen adversary than you’re worth”.
You’re either connected or disconnected. There is no in between. All you can do is toggle between them and hope no one is paying attention.
Cynicism is a self-fulfilling prophesy.
Do you need links to police cracking people crypto wallets. That’s about as secure as you’re going to get now and it’s still not enough. So what else have you got.
Snikket is an attempt to solve the XMPP issues, or at least to reduce them, single all-in-one XMPP server distro and clients across platforms, and since it’s self-hosted no one should get their hands on your data (in normal circumstances).
That said, the saying goes “Perfect is the enemy of Good”. Just because a solution is not perfect doesn’t make it unusable, any of those options you mention full of problems are a helluva better than FB Messenger or plain SMS for example. Depending on your threat model they might be more than enough.
I don’t consider those comments regarding Matrix as problematic. Don’t use someone else’s server if you don’t trust them - including a third party lookup server.
/selfhosting Matrix
The article he linked specifically mentioned that the data is sent to matrix’s servers even when using a self hosted server though
… if you configure to use their lookup server.
Depends a lot on who you’re talking to, and your, and their threat models. For many, signal provides pretty good protection, which brings us to a salient point, anything that actually provides good security will attract plenty of negativity, often from state level actors who feel (are) threatened. If you’re playing at that level, adam_y is right, dead drops and one time pads. Presuming lesser threat, signal beats telegram and FB etc. Email is plaintext unless proton to proton, encrypted email is fine (look at PGP) and indeed if you encrypt at home before sending it’s pretty much a dead drop anyway, as long as the other party has a key, and I’m wandering off the beaten path.
Seems you want a secure messenger that works and are scared by random crap because you don’t have the relevant knowledge to decide (spoiler, very few do, and it’s insider knowledge, the world is imperfect), fair enough, but don’t let perfect be the enemy of good. As long as you’re willing to give up your phone number, Signal is well regarded (exchange privacy for security, you decide). But yeah, no perfects, world imperfect, trust hard, deal ;)
Personally using Threema and happy with it.
