Asklemmy

45334 readers

666 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
!lemmy411@lemmy.ca: a community for finding communities

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago

MODERATORS

Do you prefer Threema, Signal or Matrix? Why? (gregtech.eu)

submitted 1 day ago by lena@gregtech.eu to c/asklemmy@lemmy.ml

24 comments fedilink hide all child comments

So, I have a Threema license, but from what I've seen its encryption isn't post-quantum. Signal's encryption seems the strongest. I host my own matrix server.

Also, I kind of don't care where the servers are or which provider it is. Everything is encrypted anyway.

you are viewing a single comment's thread
view the rest of the comments

[–] semperverus@lemmy.world 24 points 1 day ago* (last edited 1 day ago) (1 children)

citation

EVERYTHING in Signal follows an encryption or tokenization chain. Not like crypto coins but real actual chain-of-custody type encryption workflows. It uses elliptical curve cryptography where the key for each message moves forward along an elliptic curve, which are excessively difficult to guess the factors for once it is selected if you are not the key holder. This means that even if someone cracks the key for a single message you sent, they are going to have to crack the key for every other message still as each one is different. Even the metadata is encrypted by the user's keys.

Signal doesnt have usernames in the traditional sense. It's phone number+6 digit pin hashed into an encrypted signature.

The signal company can't see anything you do besides account create date and last login date, even if they wanted to due to how their platform is set up.

Meanwhile, Matrix literally clones the metadata between servers when a user connects to and starts talking to users on another server, in plaintext (maybe encrypted at rest but not E2EE).

[+] sanpo@sopuli.xyz -6 points 1 day ago (1 children)

OK, and how is that different from the other chats?

You do know that at least Signal and Matrix use pretty much the same crypto, right?

And Matrix can be self-hosted, so I don't need to worry about what they can see anyway.
On this point alone Matrix appears more secure than Signal...

And Threema is Switzerland-based, so by default it's more trustful than a USA-based company.

[–] revv@lemmy.blahaj.zone 13 points 1 day ago (1 children)

The metadata is really important especially if you or anyone you talk to ends up being targeted. 95% of intelligence work is mapping out adversaries' communications networks..if you have that, you don't need to decrypt the contents because you already know who is talking to who. The federation of metadata alone is reason to avoid matrix for anything important.

[–] sanpo@sopuli.xyz 2 points 1 day ago (1 children)

Thank you for being one person in this thread that actually read and understood my comment.

A bunch of comments repeating "Signal is the most secure because I said so" was not helpful.

[–] semperverus@lemmy.world 3 points 1 day ago

I just saw your reply to me and was about to say the same thing, but they worded it perfectly. And I did mention metadata as a key point in my original post.