I’d go either with a Fairphone 5 (or maybe wait for the 6 to release) with CalyxOS or a Google Pixel with GrapheneOS.

Python: Gajim Doesn’t support Windows: Dino Outdated: PSI+

Yeah, XMPP has changed a loooott since then.

XMPP’s main problems at the moment are clients, in my opinion. There’s 3 main clients for PC; one is 100% python (including frontend) and breaks semi-regularly, one does not officially support Windows and thus cuts out a large portion of the community + doesn’t have as many features as others, and one lacks features and looks extremely outdated. The state on iOS is even worse as well, and Android is fine but could be better.

If you’re considering XMPP again, I’d recommend waiting a few months for Prose https://prose.org/ to fully release, it looks like it’ll improve the experience a lot.

To add to this, XMPP is much cheaper to host and offers basically the same features when it comes to what OP needs. I host Prosody and it uses so little resources you could probably get it running on the cheapest server you could find.

Probably far from the best option; but you could use 7zip? Put a 7zip portable exe & linux binary on the usb, put the regular contents in an encrypted .zip file, anyone with the password can decrypt. I assume there are much more secure options though.

Even then, you’re jumping to the conclusion that

a) Signal sends this data to the NSA and b) Signal doesn’t protect phone numbers in somr way

Neither of these do I care about enough to keep entertaining this conversation. Goodbye.

I mean, Signal has over 100 million downloads on the Play Store alone. Even on the odd chance those phone numbers do somehow end up in the hands of the NSA or whatever the chances of it actually relaying any real information about you is second to none.

Even then, you can’t assume everyone who uses Signal wants to use e2ee explicitly. Some might just like the app’s style, some might have family members who only use Signal, some might have an ethical problem with corporate apps but aren’t computer-brained enough to know how SimpleX or Jabber or some other obscure alternative works.

Is the phone number requirement bad? Yes, absolutely. Does that instantly rule out all opportunity for it being a good app, privacy wise? Definitely not.

Further; privacy should be simple. Signal is designed to be as close to perfect as it can be without compromising too much privacy. They have decided that a phone number is necessary to prevent spam, and to combat the privacy implications of that they have chosen not to block temporary numbers for those who are more concerned.

Private chat apps are useless if noone knows how to use them. Signal tries to fix that, and I think they’re doing a pretty good job even if it does have it’s pitfalls.

Isn’t Signal’s whole thing that they reduce metadata as much as they can? What do you recommend? Matrix and XMPP certainly aren’t options if you value metadata protection.

But in signal you crypto for chat rooms with multiple clients

Signal doesn’t backfill your messages though, it just sends the new messages to both devices. I don’t see how this makes it less secure than Telegram.

Telegram’s servers are not open source. Telegram’s client is. If you make a back door in a messaging software, you’d want to do it server-side which means the users can’t tell if it’s backdoored as Telegram’s server’s source code is not available.

Alternatively; Signal’s server code is open source, so if they put a back door in it they’d either have to lie to their users, or publish the back door in their code.