I’ve been inspecting this topic quite a lot and I’m a little confused now. So, we have reasons not to use Signal, reasons not to use Matrix, there were also some claims about Session being a fraught. Briar is mostly activists related (not very suitable for daily use), XMPP lacks good clients and suffers from fragmentation of protocol standards implementation, SimpleX is too feature-incomplete (no UnifiedPush support, big battery drain on Android, very decent desktop client without any message sync). I can’t say a lot about Threema or Wire, as I’m not very familiar with them.
So, my question is — is there any good private messenger at all? What do you think is the most acceptable option?
EDIT: In addition to my post:
All messengers have their flaws, I’m well aware of that. I was interested in hearing users’ opinions regarding these shortcomings, not in finding the perfect messenger. I may have worded my thoughts incorrectly, sorry for that.
You must log in or register to comment.
Use Signal or Simplex.
Signal does require a phone number. However, as long as you understand what that means you are fine.
Would recommended SimpleX over Signal if you want the “best”, but for users that are pretty new to this maybe Signal
Conversations for android is an example of a good XMPP client.
Any iOS equivalent?
Monal comes close.
The German technology blog Kuketz has a comprehensive overview and comparison of all major messenger services.
Thanks for sharing. Very useful.
If you really need it to be secure and private, and are communicating mostly with known acquaintances within a reasonable radius, with low bandwidth requirements, LoRA with encryption is the best bet.
It is a higher bar of entry but at least you can be confident your messages won’t be intercepted in any useful form.
Meshtastic can do this, and leverage other nodes as relays.
I have been interested in trying out LoRA and just need to get some devices built. Though I am not as concerned about the super privacy part (thought that is nice). I am thinking that it would be good for emergency situations like shit that has happened with the south-east. Even if the communications would be limited to text, shit is good as long as I can use simple solar panels and battery banks.
There are a few that do a good job of protecting our messages with end-to-end encryption, but no single one fits all use cases beyond that, so we have to prioritize our needs.
Signal is pretty okayish at meta-data protection (at the application level), but has a single point of failure/monitoring, requires linking a phone number to your account, can’t be self-hosted in any useful way, and is (practically speaking) bound to services run by privacy invaders like Google.
Matrix is decentralized, self-hostable, anonymous, and has good multi-device support, but hasn’t yet moved certain meta-data into the encrypted channel.
SimpleX makes it relatively easy to avoid revealing a single user ID to multiple contacts (queue IDs are user IDs despite the misleading marketing) and plans to implement multi-hop routing to protect meta-data better than Signal can (is this implemented yet?), but lacks multi-device support, lacks group calls, drops messages if they’re not retrieved within 3 weeks, and has an unclear future because it depends on venture capital to operate and to continue development.
I use Matrix because it has the features that I and my contacts expect, and can route around system failures, attacks, and government interference. This means it will still operate even if political and financial landscapes change, so I can count on at least some of my social network remaining intact for a long time to come, rather than having to ask everyone to adopt a new messenger again at some point. For my use case, these things are more important than hiding which accounts are talking to each other, so it’s a tradeoff that makes sense for me. (Also, Matrix has acknowledged the meta-data problem and indicated that they want to fix it eventually.)
Some people have different use cases, though. Notably, whistleblowers and journalists whose safety depends on hiding who they’re talking to should prioritize meta-data protection over things like multi-device support and long-term network resilience, and should avoid linking identifying info like a phone number to their account.
Matrix is decentralized, self-hostable, anonymous, and has good multi-device support, but hasn’t yet moved certain meta-data into the encrypted channel.
yet? do they have plans? I’m (relatively) a fan of their platform because of federation, but I thought that it’s not really possible, or at least a very much lot of hard work and even more to change that
I don’t remember the statement in the bug report verbatim, but it indicated that they intend to fix it, which is about what I had previously seen on other issues that they did subsequently fix. I expect it’s mainly a matter of prioritizing a long to-do list.
I can’t think of a reason why it wouldn’t be possible. The protocol is continually evolving, after all, and they already moved message content to an encrypted channel that didn’t originally exist. Moving other events into it seems like a perfectly sensible next step in that direction.
Wire is the best for security (it literally won’t let you send messages unencrypted), cost (its free), privacy (no phone number required), and usability for the masses (Foss client on all the platforms, messages sync between each client like you’d expect)
I haven’t found anything that checks all those boxes other than Wire (though I do wish we had other options that came close)
Just out of curiosity: why is nobody recommending Tox?
XMPP lacks good clients and suffers from fragmentation of protocol standards implementation
- For Android: Conversations is excellent, also on F-Droid if you don’t want to use the Google store.
- For iOS/MacOS: Siskin or iOS/MacOS: Monal.
- For Linux/Windows: Gajim or Linux: Dino.
“Protocol fragmentation” is not a valid complaint about XMPP – it’s like complaining that ActivityPub is fragmented; but that’s not a problem: you use the services (Mastodon, Lemmy, Kbin, etc) built with it which suit your needs, mostly interacting with that sector of the federation (eg, Lemmy+Kbin), but get a little interoperability with other sectors as a bonus (eg, Lemmy+Mastodon).
I fucking love gajim (but I call it Gaijin because it’s funny to me.)
Depends a lot on who you’re talking to, and your, and their threat models. For many, signal provides pretty good protection, which brings us to a salient point, anything that actually provides good security will attract plenty of negativity, often from state level actors who feel (are) threatened. If you’re playing at that level, adam_y is right, dead drops and one time pads. Presuming lesser threat, signal beats telegram and FB etc. Email is plaintext unless proton to proton, encrypted email is fine (look at PGP) and indeed if you encrypt at home before sending it’s pretty much a dead drop anyway, as long as the other party has a key, and I’m wandering off the beaten path.
Seems you want a secure messenger that works and are scared by random crap because you don’t have the relevant knowledge to decide (spoiler, very few do, and it’s insider knowledge, the world is imperfect), fair enough, but don’t let perfect be the enemy of good. As long as you’re willing to give up your phone number, Signal is well regarded (exchange privacy for security, you decide). But yeah, no perfects, world imperfect, trust hard, deal ;)
So, we have reasons not to use Signal, reasons not to use Matrix
yes, nearly all possible things in the world have been argued by someone somewhere already
From what I’ve seen there’s a lot of very bad security advice out there with even tech journalists and such just straight up repeating stuff they don’t understand
These reasons are serious and valid. That’s why I provided links, so as not to be unsubstantiated.
This whole subject is such a chestnut here. No messaging option is perfect, you will need to compromise. If a perfect option existed you would have heard of it already. And if you haven’t heard of it, then by definition it must be small with few users and even fewer maintainers to keep an eye on its codebase and security, which is risky in itself.
All messengers have their flaws, I’m well aware of that. I was interested in hearing users’ opinions regarding these shortcomings, not in finding the perfect messenger. I may have worded my thoughts incorrectly though, sorry for that.
reasons not to use signal
Has this been updated in awhile?
Simplex.chat
No identifiers, pfp, FOSS, can route through tor.
Or host your own matrix or xmpp server.
For me SimpleX does everything I need. Unified push would be nice, and would address battery usage. I don’t need or want message sync, so that’s not an issue.
They all have tradeoffs, so it’s just a matter of your priorities. For instance I’m OK with the higher battery drain because it’s not using Google.
The SimpleX battery drain issue does not affect everyone. At least for me, it has been perfectly fine.
deleted by creator
