I am a firm believer that there are many privacy techniques you should focus on before encrypted messaging because they will offer you much more “bang for your buck,” things like good passwords, two-factor authentication, and even encrypted email. That said, I still believe that encrypted messaging is a critical part of a well-rounded privacy and security strategy. While the vast majority of our day-to-day conversations may be benign, it can still offer a lot of insight into who we are as people – our routines, likes, and personal thoughts. This information – mundane or not – is worth protecting.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
What about Briar? I know its android only but it looks promising for what it can do.
Good for large groups such as a protest
It’s listed as a honorable mention in the article.
As always, the problem isnt using a new service or super secure app, the problem is making everyone else I talk to use said app, not happening anytime soon sadly.
As a long time user of Session, it is hard to believe someone would describe it as “user-friendly”.
XMPP and Matrix
Matrix is the worst option when it comes to avoiding metadata. A group chat with users on 10 different servers will create ten different places to store the metadata with no way for any user to delete or edit this metadata. Its a privacy nightmare.
How does xmpp handle it?
All decentralized protocols have this issue. The servers need to handle metadata for chat groups, like who is part of which group. If the servers are under individual control, nobody can force them to delete this data. The question is, do you trust a non profit organisation like signal to minimize and delete metadata (which court orders have proven they do) or do you trust all individuals of a group chat to do the same when you manually ask them to.
We’ve been on simplex for a few months, I like it quite a bit. We made diff accounts for each device and added them all to a group.
Notifications arrive reliably on graphene (no google services), and KDE connect.
I don’t love the desktop client and wish I could change text size and scaling. I was able to message the dev about it in simplex and got replies which was cool
I like Signal, but I really miss multi device support. Same issue with Threema.
It is not like they couldn’t support it. Simplex Chat has early support and Session has supported it for a long time.
the fact that you like it doesn’t make best or even decent in terms of privacy
But in practical usability
Yeah that’s a bummer. Signal has multi device support but only for desktop and iPad (yeah, not Android tablets), but you always need to have a master phone device.
It’s been an issue for so long, but this is Signal, they do whatever the f they want.
A workaround to have android has secondary device : https://programming.dev/post/5281504
Ah right, Molly. Have yet to tried it, but looks interesting.
I think I’m too afraid of moving my main stuff to Molly, lest I lose something :P But the UnifiedPush and multiple mobile clients is enticing.
I noticed this in the article and figured I’d throw my 2 cents in. This might be a spicy take, but I actually can’t stand apps that do this.
When I was in school I had someone harass me online with threats of violence (they spent a couple of hours insulting and threatening me) then lie to the staff that I was harassing them with even more extreme shit. The staff and other students all took their side until I logged in and showed the conversation. If the messages had disappeared I wouldn’t have been able to prove my innocence.
I very firmly want encrypted communications for privacy (I use Signal and Matrix), but I am quite wary of purging communications automatically. That said, it’s anyone’s right to use services that auto delete and my right not to.
I’m curious what other people’s take on this would be.
For disappearing messages to work, your conversation partner has to promise they won’t take photos of their screen, and they have to promise to use an app that actually implements the feature instead of just pretending to, and the app developers have to promise to have implemented the code to delete a message when the service says it should
Is there actually a cryptographically-sound and physically-complete method for ensuring that a message is only legible for a temporary duration once it leaves your own device and is delivered to someone elses?
Nope, it is impossible to have messages deleted after a specific time. There is simply no way to do it.
Deleting messages is still a thing. If there is a message you need to preserve, take a screenshot. If you are worried that someone might think that the screenshot is fake, take a screen recording, or even better, use your phones camera to physically record your screen.
Couldn’t you have blocked them?
This was almost a decade ago but it was a real life issue extending online, blocking might have made the in person stuff worse. Hard to say, teenagers are awful.
These days I simply don’t keep company I don’t enjoy so it doesn’t become an issue. I also stepped away from posting on social media at all until I recently joined Lemmy and Mastodon.
I fail to see how that would’ve helped in that situation, it had extended to real life.
That’s why I asked, I need to get his take before I assume anything.
Sad that Wire wasn’t mentioned. I think its the only one that encrypts everything, allows anonymous accounts (no phone number needed!), and has independent clients on all platforms (no mobile app install required, but they have one) that seamlessly syncs messages on all clients
Oh, and its free and open-source.
Last update on F-Droid was 2 years ago tho
Yeah, its getting pretty crusty. I think they laid off like 80% of their staff and made a hard fork of the app and never put the new version in f-droid.
They really need to fix that…
Check out Session, built on Lokinet, no signups
Getsession.org
It has all the features I mentioned?
Is there a desktop client that doesn’t require you to signup with a mobile app?
Edit: just tried to download it, but I couldn’t find any release signature file. Thats not a good sign.
Yeah their signatures and shasums are hosted on github. They’re a small team, which is probably why they rely on it
Here’s their android one at least https://github.com/oxen-io/session-android/releases
Yes, but I think the only clients are from Session themselves currently. All platforms, all independent and can have multiple accounts. Everything encrypted by default (and no way to send clear text)
I loved it but had to let go because too many times messages didn’t deliver using different devices, different networks, different recipients. This is over years of trying. I really wanted it to work but sadly that was a big reason to stop trying.
Huh, been using it for years and never had that issue. I do have some people complain about notifications, but not lack of delivery
Besides being a form of messaging (so the text somewhat contradicts itself), typical email is a deeply insecure protocol.
In my opinion, it’s probably impossible to secure without making a new protocol or making such drastic changes that it might as well be considered one.
Here are some key concerns regarding the usual PGP-powered encrypted email:
This isn’t to say people should definitely stop using and promoting encrypted email, since it can be useful.
It’s just it gives, more often than not, a false sense of security and can lead less proficient users to send sensitive data through this medium which isn’t nearly secure enough for such use cases. Preferably, people with such threat models should opt for better alternatives, most suggested in that article (such as, but definitely not limited to, Signal, SimpleX, Matrix+Olm, XMPP+OTR/OMEMO, sharing files via MagicWormhole, encrypting with tools like age).
On a slightly tangential note, I think someone should make a Matrix client with an email client interface. I started working on a new traditional chat client (completely nonfunctional still, very much in-dev), but I’ve been honestly thinking more and more about making one looking like an e-mail client, where there isn’t much focus on instant room-based chats, but rather on longer-lived 1-to-1 and list-like exchange of messages.
Thoughts on using TeleGuard?
I wish Molly was brought up. It is way better than Signal
In what way? I thought it was just an alternative client for Signal.
Only big difference I noticed is it allowed me to log in on 2 phones simultaneously
It is. It’s just a bit hardened
Why do people like Matrix? It’s really slow. Even most of the non-Electron clients consume a ton of resources (even more than Electron apps usually do).
Especially Gomuks, by far the worst offender. It consumes nearly a gigabyte of memory and it’s a TUI.
Also doesn’t force e2ee
Matrix sucks but emojis :3
The issue has historically been with the server. (It was buggy as hell) These days it is much more stable and less prone to collapse.
I don’t like Matrix because it gives a option to not encrypt communications. Encryption should be enforced and transparent
I think it more comes down to it not being Discord than people liking it.
Well, it’s not privacy-focused… but I do like Revolt for this purpose. It’s performant, looks very similar to Discord, and I think they’re adding E2EE eventually.
It is centralized and the moderation suck. They banned people for being homophobic because they said they were Christian. You can find more information online.
I attempted to find evidence to support this.
I found one reddit post claiming this, but they themselves did not provide any evidence.
Not exactly the most compelling piece of evidence, and this was all I could find.
I can’t find it now but there was a person who was banned for saying the were Christian. They didn’t say anything more and the could as well been LGBQ+. There were a few other instances that I am forgetting of bad moderation.
Anyway the centralized nature of Revolt Chat makes it no very appealing for me.
I agree with this. I will probably stick with either matrix or xmpp due, to their federated nature, and strong E2EE. Matrix is a better discord replacement, as it has more features, is more standardized, has a better web client, and has “spaces”, which are somewhat analogous to discord servers.
Xmpp however, is much more lightweight on both servers and clients than matrix, and it’s E2EE works more reliably (none of that "failed to decrypt nonsense), and makes a better E2EE messenger.
It is selfhostable though, so moderation would be an issue of individual servers rather than the whole thing.
The problem is that no one will use your server
deleted by creator
SimpleX is currently my favourite. Yeah, there are some small concerns, but where aren’t they? I hope SimpleX can grow more popular and I’m also waiting for a full-featured desktop client, so it’ll be easier to convince people to switch.
Simplex=battery eater!
A desktop client that syncs with the mobile client is a must before I can make that switch
I just have a profile on each that are always both in the same groups. IDK about private messaging though.
The missing unifiedpush feature. I don’t need another battery burning messenger.
I hate that simplex is like this.
That is my one and only issue with Simplex. It drinks battery lika a Puerto Rican drinks rum on weekends.
There is a full-featured desktop client now! What I am waiting for are third-party lighter clients, because the official one is obscenely heavy.
Oh, I didn’t know it has a flatpak now. That’s cool!
Why always these false myths? The most popular XMPP mobile clients do enable it by default.
I immediately had my suspicions this article might contain some bullshit when I saw it was published by the new oil…
Why are we still pushing XMPP? It isn’t the 90s and I don’t feel like learning IRC 2.0.
XMPP is so bad it was the baseline for Whatsapp. You know: that minor platform that feels like IRC and never took off. A lot of the techno around you are old stuff that evolved, “new” techno usually comes with new unexpected issues. Then they mature, get better and… old?
Maybe because it works, is easy to set up, light on resources and still is evolving?
It isn’t easy to setup and the core protocol is dated. You can add all sorts of extensions but at the end of the day the core system is old. It feels weird to push it over Matrix. If you want something simple use IRC as you can setup encryption.
Encryption support in IRC clients is WAY behind XMPP. The one I have seen consistently is OTR in form of an add-on, and even that people rarely install. Although IRC is indeed what I prefer for public groupchats.
Matrix seems to be doing the same thing but consumes more resources. And as for setup - I have done that, it is indeed pretty easy, easier than Matrix.
And fully open-source and relying on standards from the get go.
Gee i guess it ain’t cool, that’s why…
Right? It is a generic protocol for all sorts of communications, some of which don’t require encryption. Yet every modern chat client for human-to-human communication has OMEMO, OTR, & PGP encryption options.
It was a conscious decision for them not to enforce E2EE by default. https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/
XMPP clients have like 10 different implementations because of that and are not always consistent with each other or even function universally across platforms.
But I’m not an author. That would be @nateb@mastodon.thenewoil.org.
The article you linked is a highly misleading nothing burger. And enforcing e2ee at protocol level is a bad idea for many reasons.
That’s what encrypted messagers are…
Messengers are not protocols. They use protocols. Most XMPP clients use the same encryption scheme Signal does only without being dependent on a single specific server, allowing users to spread out. I recommend reading about the differences between targeting developing a platform and developing protocols. Once you do, you’ll see XMPP+Encryption in a better light than anything like Signal. The main problem in the current moment with XMPP+Encryption us that it isn’t where the people are. Us tech weirdos can start the push into that space a little bit, but we need “Normies” to adopt to, and for that we need to be clear on what were talking about. Comparing XMPP to signal doesn’t make sense. Comparing Cheogram to Signal does. And in the latter, cheogram frankly blows Signal out of the water for real privacy and security considerations
🙄 you have obviously no idea what you are talking about.
Another basic thing – If your messenger is throwing your messages in a notification; it’s being logged. Google was found to be logging almost all notification content. Make sure your message app isn’t putting the content of messages into notifications.
Messages can be encrypted
If you put the notification in unencrypted form, across google’s push notification system, it is logged in puretext. I, and everyone else knows, that messages can be encrypted. This was a warning about a very specific thing.
Law enforcement has been doing this to signal users for a while now. The default is to not show the message in a notification, but users keep turning it on, and it uses Google’s notification servers. So law enforcement, got access to people’s signal messages, by going through Google to get the notification history/logs.
The push notifications can be encrypted. Threema encrypts them, for one.
Or you can uninstall/disable google services and inatall something like ntfy. Molly-UP (signal fork) supports that.
deleted by creator
Molly uses UnifiedPush, so definitely try that. Also, Google may log notifications but they can’t read the messages iirc. Maybe they get some metadata idk.
That’s if they use Google’s push notification backend on firebase. FOSS apps from F-droid usually don’t.
Tl;Dr install F-droid damnit
Do they also log everything that comes through a private ntfy server? Or just what goes through their notifications?
NTFY uses the same mechanic that they do for push notifications; it keeps an open socket and then just communicates across the socket. So they shouldn’t be keeping track of that, so far as I understand the AOSP codebase.
Cool, that’s what I was hoping. I’m perpetually in the “knows enough to be dangerous” category.
Unless you don’t have Google or Apple services.
Also I don’t think they log the normal Android notification mechanism. (Not push)
Yeah, if it’s a local notification, they’re not logging that – so far as I’m aware at this point in time.
If the app implements their own notification system and doesn’t rely on GCM then Google isn’t able to log them as far as I know.
UnifiedPush instead of their own implantation would be better for power consumption ig.
Overall a choice between which Notifier you want to choose would be nice.
Between the apps own notifier and UnifiedPush (also has a Fallback to GCM if wanted)
Sure – but how many of them actually do?
I can throw a few examples:
So, the answer is — almost every of them.
deleted by creator
Briar just says x private messages
But not Signal? I use Signal but I’m not sure I can get my chat groups to use something else.
Signal has a ton of the dependence on proprietary software. You won’t find Signal on F-droid.
Best option is Molly foss
I mentioned Molly — Signal fork. It can show notifications via UnifiedPush or websocket.
I just run it in the background. It pulls almost no battery so it is a non issue.
Also getting it to work with Unified push requires extra effort.
I would do the same but it uses too much battery for me so I had to figure out how to self-host ntfy and mollysocket.
Yeah, configuring a mollysocket requires at least a little self-hosting knowledge.
Element X (Matrix client). Basically anything that offers F-Droid or open source release will have builds without built-in notifications. Play Store/App Store builds requires using native notification systems.
You can also just use a degoogled os which won’t be logging your notification content. But in any case you shouldn’t have notifications as notifications are exclusive with at-rest encryption (or I guess you could have at-rest encryption but just have the db constantly decrypted whenever your phone is on? Seems to defeat the point then)
Which DeGoogled OS do you know of that uses their own notification backend?
https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/
Presumably any degoogled OS would remove that kind of telemetry—it seems like quite an obvious oversight if they continue to send notification contents to Google’s servers? If the suggestion is that it’s through a backdoor, then that’s the responsibility of the open source community to spot the backdoor in the AOSP.
You don’t need one. Just use any degoogled ROM with UnifindPush, as almost every secure messenger support it. If not, notifications can still show up via websocket.
Now this is why I read comments. You’re absolutely right and I knew this info and just hadn’t put the two together. Thank you. Settings changed.