I’ve been inspecting this topic quite a lot and I’m a little confused now. So, we have reasons not to use Signal, reasons not to use Matrix, there were also some claims about Session being a fraught. Briar is mostly activists related (not very suitable for daily use), XMPP lacks good clients and suffers from fragmentation of protocol standards implementation, SimpleX is too feature-incomplete (no UnifiedPush support, big battery drain on Android, very decent desktop client without any message sync). I can’t say a lot about Threema or Wire, as I’m not very familiar with them.
So, my question is — is there any good private messenger at all? What do you think is the most acceptable option?
EDIT: In addition to my post:
All messengers have their flaws, I’m well aware of that. I was interested in hearing users’ opinions regarding these shortcomings, not in finding the perfect messenger. I may have worded my thoughts incorrectly, sorry for that.
You must log in or register to comment.
good messenger for what?
if you want a solution for you and a bunch of your henchmen to coordinate and discuss totally-not-crimes with ephemeral comms, practically any E2EE solution will work; once the not-crimen is done, burn your accounts and toss the devices for good measure and you’re scot free.
if you want a secure messenger that’s part of a widely used communication platform where you can also do normal people shit and also convert normal people to actually use it (think getting contact deets from cute boy/girl at a bar or giving yours to a business correspondent without an elaborate powerpoint presentation on how to use it) and you want to enjoy the fruits of 20+ years of continuous IM development, like having top-notch UX, battery efficiency, network resiliency, quality voice/video calls, etc., without being spied on then such a thing doesn’t exist.
how come? meredith baxter recently stated that it costs signal $50MM/yr to run their infra. that money has to come from somewhere. if there are no advertising dolts dumping cash on spying on your social graph and convos, the remaining avenues for financing are few and far between.
in closing, there aren’t any super awesome messengers you weren’t aware of, everything is shit.
The SimpleX battery drain issue does not affect everyone. At least for me, it has been perfectly fine.
@JustMarkov “Good” by what standard?
How anonymous do you really need to be? How much convenience are you willing to sacrifice in the name of secrecy?
I’m not an activist or journalist, I don’t live in a very authoritarian country (although I’m a bit cautious about sharing my political views)
So, for me sharing a phone number is not a big deal. But for others it might mean more.That article in Signal is bogus. It is entirely based on speculation from how funding comes in, and also either ignores, or misunderstands how Signal fundamentally works.
The EFF recommends Signal, and it’s one of the most secure ways to communicate.
https://ssd.eff.org/module/how-to-use-signal
You can make your own decisions, but if you just grab any random arguments, you’ll find a reason to doubt everything.
Lemmy has some sort of slander campaign going against Signal. Can’t tell if it’s just misinformed idiots or a paid shill smear campaign being run here (likely the former, Lemmy is too small for companies to give a shit about.) It’s really annoying. Same with Mozilla and Firefox. Not sure Lemmy likes anything?
Give me your phone number so I can chat with you on signal about this.
Signal has usernames (must be enabled) and you can have your phone number hidden from public view & prevent it from being used to search up your acc
That got added recently, but you still need a phone number to sign up. A phone number is tied to your identity, meaning that signal’s database has the names and addresses of everyone who uses it. And since signal is US-based, its subject to US national security letters, meaning its illegal for signal to tell anyone that the US government has requested information about who they’re talking to.
Under the Obama administration, an average of 60 NSLs were issued every single day.
You can make your own decisions, but if you just grab any random arguments, you’ll find a reason to doubt everything.
Agreed. Especially if your source is Dessalines. 🙄
The US-state-department funding is important sure, but you also ignored every other point in that article.
Almost all those can be self-hosted, and built from source, so matrix, xmpp, simplex, are fine. Don’t use anything that’s uses a centralized server in a five eyes country, like signal or threema.
I don’t consider those comments regarding Matrix as problematic. Don’t use someone else’s server if you don’t trust them - including a third party lookup server.
/selfhosting Matrix
The article he linked specifically mentioned that the data is sent to matrix’s servers even when using a self hosted server though
XMPP lacks good clients and suffers from fragmentation of protocol standards implementation
- For Android: Conversations is excellent, also on F-Droid if you don’t want to use the Google store.
- For iOS/MacOS: Siskin or iOS/MacOS: Monal.
- For Linux/Windows: Gajim or Linux: Dino.
“Protocol fragmentation” is not a valid complaint about XMPP – it’s like complaining that ActivityPub is fragmented; but that’s not a problem: you use the services (Mastodon, Lemmy, Kbin, etc) built with it which suit your needs, mostly interacting with that sector of the federation (eg, Lemmy+Kbin), but get a little interoperability with other sectors as a bonus (eg, Lemmy+Mastodon).
I fucking love gajim (but I call it Gaijin because it’s funny to me.)
It really just depends on your threat model.
Think it in this way: What is the most secure way to walk in the city? You’ll need a team of armed bodyguards and wear a full bulletproof vest. Do you REALLY need this level of security? Who are you protecting from? If the answer is a criminal organization or law enforcement, then yes, probably. But if the answer is a random thief, then you’ll probably need to just carry a gun, pepper spray, knife etc.
Same goes for privacy online and messenger in this case. Are you an activist or a drug dealer? Then you’ll probably need Tails + something like SimpleX via TOR. Otherwise, if you are just concerned of typical surveillance capitalism (and don’t want the government to scan your chats like it probably will in the EU after Chat Control), in my opinion, Signal is the best compromise of privacy, security and convenience.
What is the most secure way to walk in the city?
Way ahead of you.
Step 1: stay in the basement
Step 2: hire a representative to wear your face and livestream IRL back at you
After looking at the article about why not to use Signal it sounds like you’re looking for any excuse no matter how small to not use something. If that’s the case you might as well not communicate with anyone at all.
Depends a lot on who you’re talking to, and your, and their threat models. For many, signal provides pretty good protection, which brings us to a salient point, anything that actually provides good security will attract plenty of negativity, often from state level actors who feel (are) threatened. If you’re playing at that level, adam_y is right, dead drops and one time pads. Presuming lesser threat, signal beats telegram and FB etc. Email is plaintext unless proton to proton, encrypted email is fine (look at PGP) and indeed if you encrypt at home before sending it’s pretty much a dead drop anyway, as long as the other party has a key, and I’m wandering off the beaten path.
Seems you want a secure messenger that works and are scared by random crap because you don’t have the relevant knowledge to decide (spoiler, very few do, and it’s insider knowledge, the world is imperfect), fair enough, but don’t let perfect be the enemy of good. As long as you’re willing to give up your phone number, Signal is well regarded (exchange privacy for security, you decide). But yeah, no perfects, world imperfect, trust hard, deal ;)
You could try Molly if you don’t like Signal
I didn’t say I don’t like Signal, Matrix or anything else. I just provided links to accompany my question.
So, we have reasons not to use Signal, reasons not to use Matrix
yes, nearly all possible things in the world have been argued by someone somewhere already
From what I’ve seen there’s a lot of very bad security advice out there with even tech journalists and such just straight up repeating stuff they don’t understand
These reasons are serious and valid. That’s why I provided links, so as not to be unsubstantiated.
This whole subject is such a chestnut here. No messaging option is perfect, you will need to compromise. If a perfect option existed you would have heard of it already. And if you haven’t heard of it, then by definition it must be small with few users and even fewer maintainers to keep an eye on its codebase and security, which is risky in itself.
All messengers have their flaws, I’m well aware of that. I was interested in hearing users’ opinions regarding these shortcomings, not in finding the perfect messenger. I may have worded my thoughts incorrectly though, sorry for that.
Snikket is an attempt to solve the XMPP issues, or at least to reduce them, single all-in-one XMPP server distro and clients across platforms, and since it’s self-hosted no one should get their hands on your data (in normal circumstances).
That said, the saying goes “Perfect is the enemy of Good”. Just because a solution is not perfect doesn’t make it unusable, any of those options you mention full of problems are a helluva better than FB Messenger or plain SMS for example. Depending on your threat model they might be more than enough.
What level of attacker do you realistically need protection from?
his mom?
Dead drops and one time pads.
Set up a numbers station if you can afford it.
