It seems like I constantly see “X secure messaging option is actually bullshit because it was purchased by Dr. Evil and Y is actually just e-mailing your messages directly to Xi Jinping.”
Is there an authoritatively “best” one I can just…download and setup easily? Is Signal good? Or do I need to solder a Raspberry Pi to the flux modulator of my home Linux NAS GUI, etc…?
Its best not to use a phone at all if you can help it.
The keyboard app on most phones that are default still gives info to apple/google. So even if you use signal, the data goes over.
You can side-load apps that take phone keyboards over (even better if you don’t use base android OS at all). But I dont know your situation.
I know your joking but the most secure that is still usable is probably an encrypted home server and using something like irc/XMPP. A pi with yunohost can do wonders. You can use the converse app on the phone to hook into that. It’s auto encrypted if you go that route.
Security is a spectrum so you have to chose how much inconvenience is best for your situation.
The question says “for my phone”.
Also by your logic why use a PC, just don’t use the internet at all.
All of my suggestions are for the phone? I don’t understand the confusion.
There is no best, each has their merits and drawbacks.
If you were to pick a messaging app I would go with Singal because they give good transparency to users, while giving frustrations to governments wanting data.
Also Elin Musk has blocked signal links on Twitter.
Signal works the best for me, and I think its the best option out there for common people who wants the best privacy
Signal is the best balance between secure and convenience. There are more private options out there (i.e. don’t require a phone number), but they are harder to adapt especially if you want to get non-techy family and friends to switch over.
deleted by creator
Only downsides of Signal are 1. It’s centralized 2. You have to sign up with a phone number.
It’s secure, cross platform, and easy to set up and use.
Probably most importantly, it’s a similar experience to using other popular texting apps and the set-up experience is familiar to anyone singing into any big-brand-name app, making it a relatively easy sell to non-techies.
To add to this:
It’s also owned and operator by a non-profit in the United States (unlike Telegram and Whatsapp which are operated from the UAE and a for-profit company respectively).
WhatsApp is owned by Meta (FaceBook), which is notorious for stooping to the level of borderline malware to steal data.
Look at openAI trying to switch to a forprofit. It’s hard to imagine signal surviving for longer especially that it is hemorrhaging a shit load of money and donations aren’t enough to keep it afloat
Am I the only one here who has heard of Olvid?
Signal using the Molly fork is good. Besides that, there’s stuff like Session and Simplex for nerds out there. Matrix exists but it doesn’t encrypt all metadata iirc.
Signal via Molly seems like the best option at the moment. Molly is a third party client that allows for even more protections like database encryption and getting rid of Google firebase notifications, for example.
Signal has good encryption etc, is centralized, afaik needs Google Play Services except if you use Molly; but I think it’s a bit more mainstream and simple to use for end-users
SimpleX also seems to have good encryption, post-quantum etc, and is anonymous and doesn’t even use user identifiers (they explain why that’s good on their website), so it could be good for occasional more sensitive conversations or sth (but I see people struggling with onboarding when installing it, and I still get confused by the UX sometimes). It’s kind of not even decentralized, more like peer-to-peer, with servers to just cache messages when you’re offline, I think.
Personally for day-to-day I prefer to use Matrix with Element: decentralized (which I really value for competition and user choice), e2e, and has good support for creating communities etc, so I’m lucky to have it as our main chat platform for work, and I’ve been using it for years in our hackerspace and personal chats etc. I see end-users still struggling sometimes with onboarding, but if they’re close friends/family I usually need to set it up for them anyway
Signal runs just fine without play services for me. It does drain quite a bit of battery without cloud messaging, but that is to be excepted since it needs to keep its own connection up in that case
Molly is fantastic. Maybe someday I’ll be able to convince people to get on Matrix, but we’re not there yet. Plus there’s all of the metadata that comes along with using Matrix.
Doesn’t most of Element route through Matrix.org?
If self-hosting and “Warning, some assembly required” isnt an issue, Matrix - Synapse. I spooled that up in my home lab recently and im slowly moving my group chats over to it.
Signal or XMPP
For everyone suggesting signal, have a read here and then decide for yourself.
https://github.com/signalapp/Signal-Android/issues/8974
ETA: when I say “decide for yourself” I mean exactly that. I don’t think all the stuff written in there is true, but some is. You should make a decision based on what you think about those comments, not trust them blindly. But at least you can make an informed decision.
Claims require evidence in proportion to their extremity. There is no evidence of a backdoor in that issue. If a security researcher made a post saying “Signal is CIA backdoored, here is exactly how it works,” then I would read it and use my relevant domain knowledge as a software dev to make a decision. No explanation is provided, so I have nothing to use to decide. Therefore, my viewpoint is unchanged.
Signal has been audited, and I believe it’s been audited multiple times. If you’re worried about your 4th amendment rights in the US, don’t turn on backups. If you have something serious to hide and your threat model includes state actors, send messages that delete themselves after a certain time period and enforce that discipline amongst your peers. The poster’s concerns sound like a skill issue to me.
They might have valid concerns, but when the writeup includes stuff like
the developer of Signal wants us all to beLIEve
it’s hard not to imagine the whole thing hand-painted on the side of a van.
I agree, that’s why I specified “make your own decision”. It’s better to have an informed opinion than just trust it.
deleted by creator
deleted by creator
I’m certain that any worthwhile encrypted communication will be used by evil people to do evil.
deleted by creator
Don’t need the whole SimpleX to find Nazis everywhere. X is plenty enough.
it’s a nazi haven in the same way a public library computer is a nazi haven if nazis come in and use it. the library doesn’t check your ideology when you log on, and neither does simplex.
I suppose I was commenting on the question, not trying to answer it. I’m out of the loop, so I can’t answer it. Checked some articles and it looks like a bunch of neo-nazis switched to it.
They are also using Google, Windows, Apple, etc. so I’m not sure the question actually pertains, but I guess that’s not my concern.
deleted by creator
deleted by creator
deleted by creator
I wouldn’t be surprised to find out its true.
The problem is it shouldn’t be a blight because its impossible to prevent bad actors from using an actually private and secure messaging app.
So the act of reporting on it is a smear because most don’t understand or acknowledge the impossibility of preventing those bad actors.
My understanding is that Briar is ethically the best, but no one uses it. Signal is the best if you actually want to use it to communicate. Telegram is where the pirates and drugs are.
Here’s the long version: when a dev is making a messaging app, they eventually have to make a choice: do I integrate SMS/MMS? If they want to make this app a daily driver messaging platform to help you ungoogle your android phone, they have to integrate SMS/MMS, which has security vulnerabilities and limits how secure they can make their app. More importantly, people do not tolerate ads on their messaging app, so they flat-out cannot monetize it without losing their entire userbase. If they don’t integrate SMS/MMS, they are creating a closed ecosystem, and a closed ecosystem can be profitable. If leadership changes, the new leaders might decide to turn their users into either cutomers or products.
Telegram is not a secure messaging app.
Is that the one Amazon purchased?
No, Telegram is a Russia controlled service not using encryption at all unless you specifically turn it on - and never for groups.
Being Russia controlled they put out a lot of disinfo and so way too many people and news outlets still include it in the “secure messaging” category.
Briar seems like meshtastic but with no additional hardware at the expense of significantly less range when offline.
My understanding is that Briar is ethically the best
I’m out of the loop, what does this mean?
Ethic pertains to the morality of ones action. Think of murder, as a generally agreed unmoral act, or sharing freely as a generally moral act.
Think of it as the market growing or falling, but in a context where this does not really benefit you personally.
I know it sounds really convoluted but believe or not, that’s what humanity used to run on.
(Also Briar can make a completely decentralyzed network relying on connecting phoner directly and boucing the messadge around, It’s almost a must have if you are, like, trying to organyze when the government shut down the internet and stuff.)
I think that the person you’re responding to is asking for the specifics of why Briar is ethically superior. Do the other options have ethical issues? Or does Briar have a specific characteristic that makes it ethically superior (e.g. its p2p nature)?
I’d also like to know. It’s never occurred to me to look at the technical nature of secure messaging systems through the lens ethics so I find the idea intriguing.
I know it was a great attempt at humour on my part.
From an ethical standoint any earnst attempt at upholding privacy is equally valid. Past the technical necessity, you should probably look at those tools from any ulterior motives standpoint, or path toward a potential future monetization.
On this front, Telegram is clearly shit, Signal is centralized and nothing prevent it from turning “evil” and starting to charge money.
Ideally you’d need complete open sourceness to start getting your feet into ethics, possibly also some political statement beyond some bland “free speech” stance.
Ahh, gotcha. Apologies, I haven’t had enough caffeine yet, so it went completely over my head.
That makes sense to me. I also prefer Briar on that basis, although I currently don’t use it at all. I’ve had a hard enough time getting folks to switch to Signal, so I don’t want to try to push them to move once again. If Signal starts enshittifying then I’ll probably start the Sisyphean push to switch again.
edit: ugh it’s Sisyphean not Sisyphusian
I’m 100% pushing nothing but Signal. It’s the easiest one that brings with it a genuine mental switch. I like to assume that after such a transition it will be easier to look at anything else down the line, say if Meta buys it or some other dystopian shit.
Meaning they haven’t had any big scandals and seem like a good company
I thought Russia owned it
