Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
i've just seen a comment in a post, in this very community, saying people trust signal because of missinformation (from what i could undertand).
if this is true, then i have a few questions:
-what menssaging app should i use for secure communications? i need an app that balances simplicity and security.
-how to explain it to my friends who use signal because i recomended?
-what this means for other apps in general?
PRODUCT PITCH: Hey everyone, I have a great idea for a secure / private messaging service.
It's hosted in the US, subject to its pervasive spying laws including national security letters.
Also I need all your phone numbers.
Also no you can't host this yourself, I run the only server.
Everyone who uses signal and supports it, is falling for this pitch.
I am under the impression that Signal encrypts metadata so that is useless to sell. The only thing they can turn over to law enforcement after a lawful warrant is the phone number an account was opened with (and maybe the date that happened) and the date of the last time the account was used. That is all.
Don't they also need to store who to send your messages? From a technical point of view?
Like many said, signal is centralised and requires a phone number.
Meaning it's not anonymous and the server owners can technically sell your metadata, not the content of the messages but who talks to who, what time, the length of the chat/call etc.
Either-way having to use a phone number to register an account, for me is not acceptable for several reasons besides privacy and metadata.
On top of that, the server side of signal isn't free software (as in freedom), which means that the whole program requires non-free (as in freedom not beer) network services in order to work. Which isn't acceptable for free software advocates.
Alternatives:
Simplex: If you don't require voice calls there are more options available there are many text messages, but very few support calls, which for me is a critical feature.
In theory Simplex is the best, it's e2ee, quantum resistant, each chat (message queue) is it's own "account", each "account" is just a private key, and you can switch servers with the tap of a bottom, it also supports private routing, which from what I understand is like some sort of onion routing between simplex servers.
Hosting your own server is also extremely easy, (tho note that running your own server can actually be detrimental to privacy depending on your threat model), supports calls, group chats and all the features I would ever need.
Unfortunately at least for me and my contacts, SimpleX it's terribly buggy, specially on phone, literally tonight I missed the opportunity to be with a friend because I only saw the message one hour late.
Very often messages just stop being received until the app is restarted, usually I have my friend send me a message via other (centralised) app in order to warn me that he messaged me, I also do the same for him. After restarting the app it usually works fine for a while until it does it again. And needs restarting again.
On top of it, it's taking more and more time to get the first message when in background even during normal operation, tho I blame Samsung for this one and not Simplex, and understand that Simplex doesn't use push notifications for improved privacy, but it has become a real problem, what used to take 5 minutes now sometimes takes more than half an hour. Maybe my phone is overloaded, idk.
Calls could be improved too, takes several tries for it to actually work, and it doesn't help when the other person calls me back and I call them at the same time.
On top of it, the volume of a call seems very quiet compared to a normal phone call and it's very hard to hear the other person, I'm guessing a simple compressor DSP could fix this.
Unfortunately also has been news of Simplex planning to enshittify the app with cryptocurrency, something that I politically and morally oppose.
Session:
I've used it for a month years ago, before I knew about SimpleX, whatever technical merits it may or may not have, (and from what I understand it's privacy is still below SimpleX) it relies on some cryptocurrency network in the background, so I won't use it. Self-hosting it also seemed to me no easy task, but I could be wrong.
Jami:
Never got it to work.
Matrix:
I haven't tried Matrix yet, I think I read long ago that calls aren't e2ee tho that may have changed now. I also read that Matrix leaks a lot of metadata which can be a problem. Maybe not if you self-host, but self-hosting comes with it's own privacy problems. Maybe I should research it again and try to self-host it and see how it goes.
So as bad as Signal is, I can't give you a working alternative, I put all with Simplex despite all the bugs but I don't think most people are willing to go though it, however if you (and your contacts) have a high end phones maybe it works better. But it's not something I can recommend.
In regards to Signal, this is largely not true. Sealed sender has been signal's metadata hiding protection for like 6 years or something. The only information signal has is your phone number, your account creation time, and the last time you contacted their servers.
They also have a server implementation on github, so it seems to be open source to me. (I could be missing something though)
You are right though, that it uses centralized servers and requires a phone number, which are sticking points for a lot of people.
Give me ssh access to their centralized server so I can verify this "sealed sender" idea is working.
Otherwise this is a "trust me bro" claim.
This doesn't really make sense to me, what do you mean? Client-side you do different computation for sealed sender delivery/receipt. What's your normal standard of trust that a hosted, open source project is running the same code that they've made public?
I think if they store any metadata that we don't know about, the lie runs very very deep, like to conspiracy theory levels that don't really make sense for a registered nonprofit: https://signal.org/bigbrother/
What's your normal standard of trust that a hosted, open source project is running the same code that they've made public?
Its a centralized service, you have no idea what code they're running. You can't host your own.
Also they went a whole year one time without publishing any server code updates until they got a lot of backlash for it. Still, since its centralized, it can't be trusted to be running what they say they are.
What about Delta Chat?
i'm concerned that they require phone numbers and host on AWS, and don't have a clear monetization scheme. but for now it seems reasonably secure.
~~Signal no longer requires phone numbers.~~ you no longer need to share your phone number to chat at least (sorry)
Not true at all, you still need a phone number to sign up.
The signal protocol is end-to-end encrypted, not even signal themselves knows what is being sent to what.
https://en.wikipedia.org/wiki/Signal_%28software%29?wprov=sfla1
As I understand it, while they can't see the contents, the Metadata is still exposed.
Isnt the metadata also encrypted?
phone number, IP, time of connection, duration of the chat, size of the encrypted chatlog, etc. might be useful for feds
Your phone number is the biggest metadata you could possibly give (it means your real identity, including your current address), and signal has it.
not to shit on you specifically but I see this over and over, folks asking how to be "secure". secure against what?
if you're into this, you need to set up a "threat model" i.e. what are your threat vectors and then you build your defenses against that model. a defense against blanket surveillance doesn't handle targeted threats. a successful defense against your government doesn't preclude other nation-state actors getting at you.
like, if your threat vector is e.g. your SO "inspecting" your phone, you set up a passcode and you're safe against that threat. but, if there's a toddler going around smashing stuff, your defense isn't valid. defense against that vector is placing your phone high up. but that defense isn't effective against SO.
I am sure any messenger recommended here can be successfully red-teamed, be it design flaws, operator error, the famous wrench comic, or whathaveyou. but that doesn't mean it's ineffective in your specific case.
It's always gonna be a moving target. Wife and I started using Telegram because it wasn't monitored like Facebook Messenger (which I don't have an account for) or WhatsApp. Now people are saying Telegram isn't good enough, use Signal. It's still good enough for us. I also have Signal. No one I know uses it, but I have it in case they wanna start using it.
Honestly though, iMessage is secure enough for most people. Basically texting through Apple servers.
But any security or privacy expert will tell you that you need to determine your own threat model. No one else can tell you what that is.
telegram doesnt encrypt by default, its a hidden feature. i wouldnt be too sure about iMessage, i believe E2EE is a bare minimum for everyone.
Messages in iCloud are E2EE protected only if iCloud Backup is disabled or if iCloud Backup is enabled with Advanced Data Protection (ADP). Otherwise, Apple stores a copy of the encryption key, allowing Apple (or authorities with a court order) to access your messages.
Probably obvious, but messages sent over SMS (green bubbles) are not E2EE.
Telegram uses a proprietary encryption protocol called MTProto, so who knows if it can be trusted.
using Telegram because it wasn't monitored [...]
That is an interesting statement regarding the fact its centralized and deletes accounts / channel all the time.
Signal is fine for normal/social chatting. It is centralised which makes it much harder to obscure identifying conversation metadata, and I wouldn't recommend it for comms with a state threat model. I like SimpleX for addressing those issues.
If you just want to chat to friends and nothing else, I probably would recommend Signal for the most polished experience and most widely adopted open-source private messenger.
Signal is great, but it is centralized. Session messenger is a great example of decentralizes e2ee messaging.
I used Session for a couple of years, but switched back to Signal because it did a poor job with media sharing.
It's been a while since I switched back, so maybe it's fixed now?