A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 3.14K Posts
- 78.7K Comments
- Modlog
XMPP clients are fine albeit it all, as many as they are, slightly different as is the nature of the protocol. This just means there is value in contributing to existing clients, creating new clients, or embracing progressive enhancement (which most do for example with emoji reactions just being a quoted text reply & so on) & complete feature parity is a fool’s errand if you want an exensible protocol with diversity & experimentation in the community. With the broad exception of the Conversations Compliance, there isn’t a flagship client & instead the best ideas come to the most used or most innovative clients. I use Cheogram, Profanity, Gajim, Dino, Movim at different times (& would love to create my own). The protocol is stable, healthy, & ready for proposals for improvement.
If I compare this to the more-expensive-by-all-metrics-to-run Matrix, if it ain’t Element, you gotta problem since a vast majority of users are on it & using all of its features & no other client has anything near parity but are expected to have parity instead of allowing things to sometimes be gracefully missed or shown in a less than ideal manner as acceptable. This hurts experimentation. Good luck trying anything similar to GDPR when all nodes are design & required to duplicate all messages & attachments for all users to every server anyone in it comes from.
The only real gotcha is the same gotcha as Matrix when using multiple clients with double-ratchet encryption (ala Signal) is that clients will expire keys that haven’t been seen in a while & is hard to get both devices retrusting one another. Turning it off & on again rarely works & requires fiddling on both ends sometimes. I really should just use PGP for encryption more often…
The problem is that iPhone has some weird shit about push notifications and none of the high security XMPP clients I have tried seem to support them.
XMPP doesn’t need notifications per se since it already has a connection to the client. Since it works for all other OSs to hook into this & display a notification, I don’t even want to know what restrictions Apple has on iOS that prevent such basic behavior. Apple digs its own grave here. What’s worse is I want to say “go get a Android phone, dummy” to a ‘normie’ but the stock OS on any Android phone is going to be on aggregate a worse privacy situation unless you would have to be ready to teach how to unGoogle it to the extent they would tolerate.
Linux phone when?
You will always find problems associated with every thing but here’s some recommandations :
For a good start, Signal and his forks (molly…)
For daily basis and better than Signal, choose SimpleX (SimpleX is only feature incomplete for the mainstream app, but in it you can send texts, voices, photos, videos, live messages, have a PP, a alias for your contacts…)
Important stuff and activism, use Briar
Briar is really interesting but it doesn’t work as well for a casual messager. It is a bit complex to setup and very hard to understand unless you have strong knowledge on the subject. I think it is very powerful but breaks the standard convention most messaging applications follow.
Kind of limited due to there not being an iOS version, but Briar is pretty decent. It was made to be usable in repressive areas by press and other groups, as well as in areas where bad weather has taken out cell and regular wifi. Can be used with phone data, but also offline via ad-hoc wifi and bluetooth. But stuff like Signal and SimpleX are more overall useful to more people (and I think SimpleX also supports offline local immediate area of each other like wifi and bluetooth but I don’t remember atm).
I don’t think Briar could be on iOS due to Apple TOS.
If you really need it to be secure and private, and are communicating mostly with known acquaintances within a reasonable radius, with low bandwidth requirements, LoRA with encryption is the best bet.
It is a higher bar of entry but at least you can be confident your messages won’t be intercepted in any useful form.
Meshtastic can do this, and leverage other nodes as relays.
Have you used it before? I’m curious about how it works. I don’t personally have a use case but it seems very cool.
I have 2 heltec v3 nodes, I setup an encrypted channel between them… I can get good distance but I have a very good network run by others in the area that I piggy back on.
If you have line of sight you can go pretty far
I don’t really have much of a use case though, it’s just playing around with the tech for fun.
I have been interested in trying out LoRA and just need to get some devices built. Though I am not as concerned about the super privacy part (thought that is nice). I am thinking that it would be good for emergency situations like shit that has happened with the south-east. Even if the communications would be limited to text, shit is good as long as I can use simple solar panels and battery banks.
Conversations for android is an example of a good XMPP client.
Any iOS equivalent?
Monal comes close.
Motal is participating in GSoC this year to get some new features too.
But this is a wider issue that developing free software for Apple products is way too expensive (time & money) to be feasible while also going against the general free software ethos. It should be no surprise the walled garden of a proprietary OS that charges you to publish to their store has a severe lack of free or otherwise ethical software (which is important for security for something as important as a messaging app full of private data).
Just out of curiosity: why is nobody recommending Tox?
It lacks a security audit
This comment is a great start for what you’re looking for.
https://feddit.org/comment/2362732
The German technology blog Kuketz has a comprehensive overview and comparison of all major messenger services.
Thanks for sharing. Very useful.
Use Signal or Simplex.
Signal does require a phone number. However, as long as you understand what that means you are fine.
Would recommended SimpleX over Signal if you want the “best”, but for users that are pretty new to this maybe Signal
People say this over and over “depends on your threat model” and yet people seem to have a hard time understanding that. Your threat model is “who is your adversary and what he is willing/able to do”. Your security goal is what do you want to keep from your adversary.
As others said, if you are an activist or sth important, perhaps you might want to build a working knowledge of cryptography yourself. If you just want META not being able to see your NSFW chat with your romantic partner Signal might be more than enough. In fact, people way more relevant than me also suggest that Signal is good even for bounty hunter vulnerability reporting.
Having said that, what bugs me most is that people think the instant messaging format as suitable for everything: activism, jobs, crimes, broadcasting 1970’s prog rock for extraterestrials , whatever lmao. Do you really want to use your phone for all that? Like, just carrying the phone around in the first place nullifies your other precautions, for all advanced threat models beyond privacy of non-critical social messaging.
Persistent/resourceful adversaries can eventually get to you, using a set of penetration and intelligence techniques, which means, if you are involved, the convenience of messaging your partners in crime from the phone in your pocket while waiting for a bus is a convenience you probably can’t afford.
It’s impossible to escape the surveillance of those three letter agencies. We only got a brief glimpse into the other side of the curtain back in 2013, and there is no idea how advanced their surveillance technologies are, so why bother for a normie?
It’s also painstaking if not impossible to wipe all your metadata from the internet, which can later be mined to infer personal data and sold by data brokers. Not to mention that people have jobs and use their credit cards, no way even to hide the most important personal identifying information.
So using Signal, despite being centralized, is not too bad at all. Very few people can totally sacrifice convenience for privacy.
Exactly, this is a lost cause. If you participate in society your essential data are simply out there. For most people the task is to minimize their footprint. If we are talking about evading mass surveillance, then we should take for granted that the person will be to one or another degree marginalized, or lead a fringe lifestyle.
Has this been updated in awhile?
Wire is the best for security (it literally won’t let you send messages unencrypted), cost (its free), privacy (no phone number required), and usability for the masses (Foss client on all the platforms, messages sync between each client like you’d expect)
I haven’t found anything that checks all those boxes other than Wire (though I do wish we had other options that came close)
https://Wire.com
Simplex Chat is better in many ways. The biggest reason is that you can self host the server.
And it is worse in many ways
deleted by creator
There are a few that do a good job of protecting our messages with end-to-end encryption, but no single one fits all use cases beyond that, so we have to prioritize our needs.
Signal is pretty okayish at meta-data protection (at the application level), but has a single point of failure/monitoring, requires linking a phone number to your account, can’t be self-hosted in any useful way, and is (practically speaking) bound to services run by privacy invaders like Google.
Matrix is decentralized, self-hostable, anonymous, and has good multi-device support, but hasn’t yet moved certain meta-data into the encrypted channel.
SimpleX makes it relatively easy to avoid revealing a single user ID to multiple contacts (queue IDs are user IDs despite the misleading marketing) and plans to implement multi-hop routing to protect meta-data better than Signal can (is this implemented yet?), but lacks multi-device support, lacks group calls, drops messages if they’re not retrieved within 3 weeks, and has an unclear future because it depends on venture capital to operate and to continue development.
I use Matrix because it has the features that I and my contacts expect, and can route around system failures, attacks, and government interference. This means it will still operate even if political and financial landscapes change, so I can count on at least some of my social network remaining intact for a long time to come, rather than having to ask everyone to adopt a new messenger again at some point. For my use case, these things are more important than hiding which accounts are talking to each other, so it’s a tradeoff that makes sense for me. (Also, Matrix has acknowledged the meta-data problem and indicated that they want to fix it eventually.)
Some people have different use cases, though. Notably, whistleblowers and journalists whose safety depends on hiding who they’re talking to should prioritize meta-data protection over things like multi-device support and long-term network resilience, and should avoid linking identifying info like a phone number to their account.
yet? do they have plans? I’m (relatively) a fan of their platform because of federation, but I thought that it’s not really possible, or at least a very much lot of hard work and even more to change that
I think the hardest part is the DNS and federation
I don’t understand, could you reword it?
DNS requires public records and the federation meets sharing information between lots of servers.
I don’t remember the statement in the bug report verbatim, but it indicated that they intend to fix it, which is about what I had previously seen on other issues that they did subsequently fix. I expect it’s mainly a matter of prioritizing a long to-do list.
I can’t think of a reason why it wouldn’t be possible. The protocol is continually evolving, after all, and they already moved message content to an encrypted channel that didn’t originally exist. Moving other events into it seems like a perfectly sensible next step in that direction.
I was in the impression that the protocol was designed with that in mind that the server can do certain things in response to certain other things happening. I think the room membership management part of the client spec writes about this.
But yeah, this can probably change, especially that they are now doing versioning
Worth mentioning just in case you’re not aware: versioning is present not just on the protocol spec, but on individual rooms. That ought to ease any semantics changes that might be needed.
Conversations?
Not as great of choice from a security perspective