It seems like I constantly see “X secure messaging option is actually bullshit because it was purchased by Dr. Evil and Y is actually just e-mailing your messages directly to Xi Jinping.”
Is there an authoritatively “best” one I can just…download and setup easily? Is Signal good? Or do I need to solder a Raspberry Pi to the flux modulator of my home Linux NAS GUI, etc…?
Signal is actually good. More people should be using it.
There is no best, each has their merits and drawbacks.
If you were to pick a messaging app I would go with Singal because they give good transparency to users, while giving frustrations to governments wanting data.
Also Elin Musk has blocked signal links on Twitter.
Signal works the best for me, and I think its the best option out there for common people who wants the best privacy
Signal is known as the gold standard right now but there are new ones popping up all the time. SimpleX chat is good too (despite the “Nazi-haven” smears).
You say it’s a “smear” but is it based in truth?
I’m certain that any worthwhile encrypted communication will be used by evil people to do evil.
That doesn’t really answer the question lol
it’s a nazi haven in the same way a public library computer is a nazi haven if nazis come in and use it. the library doesn’t check your ideology when you log on, and neither does simplex.
I suppose I was commenting on the question, not trying to answer it. I’m out of the loop, so I can’t answer it. Checked some articles and it looks like a bunch of neo-nazis switched to it.
They are also using Google, Windows, Apple, etc. so I’m not sure the question actually pertains, but I guess that’s not my concern.
Don’t need the whole SimpleX to find Nazis everywhere. X is plenty enough.
I wouldn’t be surprised to find out its true.
The problem is it shouldn’t be a blight because its impossible to prevent bad actors from using an actually private and secure messaging app.
So the act of reporting on it is a smear because most don’t understand or acknowledge the impossibility of preventing those bad actors.
Signal has good encryption etc, is centralized, afaik needs Google Play Services except if you use Molly; but I think it’s a bit more mainstream and simple to use for end-users
SimpleX also seems to have good encryption, post-quantum etc, and is anonymous and doesn’t even use user identifiers (they explain why that’s good on their website), so it could be good for occasional more sensitive conversations or sth (but I see people struggling with onboarding when installing it, and I still get confused by the UX sometimes). It’s kind of not even decentralized, more like peer-to-peer, with servers to just cache messages when you’re offline, I think.
Personally for day-to-day I prefer to use Matrix with Element: decentralized (which I really value for competition and user choice), e2e, and has good support for creating communities etc, so I’m lucky to have it as our main chat platform for work, and I’ve been using it for years in our hackerspace and personal chats etc. I see end-users still struggling sometimes with onboarding, but if they’re close friends/family I usually need to set it up for them anyway
Molly is fantastic. Maybe someday I’ll be able to convince people to get on Matrix, but we’re not there yet. Plus there’s all of the metadata that comes along with using Matrix.
Doesn’t most of Element route through Matrix.org?
My understanding is that Briar is ethically the best, but no one uses it. Signal is the best if you actually want to use it to communicate. Telegram is where the pirates and drugs are.
Here’s the long version: when a dev is making a messaging app, they eventually have to make a choice: do I integrate SMS/MMS? If they want to make this app a daily driver messaging platform to help you ungoogle your android phone, they have to integrate SMS/MMS, which has security vulnerabilities and limits how secure they can make their app. More importantly, people do not tolerate ads on their messaging app, so they flat-out cannot monetize it without losing their entire userbase. If they don’t integrate SMS/MMS, they are creating a closed ecosystem, and a closed ecosystem can be profitable. If leadership changes, the new leaders might decide to turn their users into either cutomers or products.
Telegram is not a secure messaging app.
Is that the one Amazon purchased?
No, Telegram is a Russia controlled service not using encryption at all unless you specifically turn it on - and never for groups.
Being Russia controlled they put out a lot of disinfo and so way too many people and news outlets still include it in the “secure messaging” category.
My understanding is that Briar is ethically the best
I’m out of the loop, what does this mean?
Meaning they haven’t had any big scandals and seem like a good company
I thought Russia owned it
Ethic pertains to the morality of ones action. Think of murder, as a generally agreed unmoral act, or sharing freely as a generally moral act.
Think of it as the market growing or falling, but in a context where this does not really benefit you personally.
I know it sounds really convoluted but believe or not, that’s what humanity used to run on.
(Also Briar can make a completely decentralyzed network relying on connecting phoner directly and boucing the messadge around, It’s almost a must have if you are, like, trying to organyze when the government shut down the internet and stuff.)
I think that the person you’re responding to is asking for the specifics of why Briar is ethically superior. Do the other options have ethical issues? Or does Briar have a specific characteristic that makes it ethically superior (e.g. its p2p nature)?
I’d also like to know. It’s never occurred to me to look at the technical nature of secure messaging systems through the lens ethics so I find the idea intriguing.
I know it was a great attempt at humour on my part.
From an ethical standoint any earnst attempt at upholding privacy is equally valid. Past the technical necessity, you should probably look at those tools from any ulterior motives standpoint, or path toward a potential future monetization.
On this front, Telegram is clearly shit, Signal is centralized and nothing prevent it from turning “evil” and starting to charge money.
Ideally you’d need complete open sourceness to start getting your feet into ethics, possibly also some political statement beyond some bland “free speech” stance.
Ahh, gotcha. Apologies, I haven’t had enough caffeine yet, so it went completely over my head.
That makes sense to me. I also prefer Briar on that basis, although I currently don’t use it at all. I’ve had a hard enough time getting folks to switch to Signal, so I don’t want to try to push them to move once again. If Signal starts enshittifying then I’ll probably start the Sisyphean push to switch again.
edit: ugh it’s Sisyphean not Sisyphusian
I’m 100% pushing nothing but Signal. It’s the easiest one that brings with it a genuine mental switch. I like to assume that after such a transition it will be easier to look at anything else down the line, say if Meta buys it or some other dystopian shit.
Briar seems like meshtastic but with no additional hardware at the expense of significantly less range when offline.
Signal if you trust them to not leak your identifier and because its gotten the most mass adoption.
Simplex if you can convince your circle to use it because it has no identifiers and is user friendly.
@ParetoOptimalDev @ivanafterall i did read that #simplex wasn’t as reliable as some alternatives. happy to be told that’s garbage though
What do u mean leak ur identifier. Isn’t that just like your phone number
Whoever built that website really needs to fix the hitbox on the ‘X’ when you’re done reading the popups. Or instead of trying to show off with JavaScript they can just have a separate page like most websites
Signal is the best balance between secure and convenience. There are more private options out there (i.e. don’t require a phone number), but they are harder to adapt especially if you want to get non-techy family and friends to switch over.
Signal using the Molly fork is good. Besides that, there’s stuff like Session and Simplex for nerds out there. Matrix exists but it doesn’t encrypt all metadata iirc.
Signal or XMPP
Signal via Molly seems like the best option at the moment. Molly is a third party client that allows for even more protections like database encryption and getting rid of Google firebase notifications, for example.
Signal
Matrix
Those are your two choices. Signal is centralized, Matrix is federated.
If self-hosting and “Warning, some assembly required” isnt an issue, Matrix - Synapse. I spooled that up in my home lab recently and im slowly moving my group chats over to it.
Its best not to use a phone at all if you can help it.
The keyboard app on most phones that are default still gives info to apple/google. So even if you use signal, the data goes over.
You can side-load apps that take phone keyboards over (even better if you don’t use base android OS at all). But I dont know your situation.
I know your joking but the most secure that is still usable is probably an encrypted home server and using something like irc/XMPP. A pi with yunohost can do wonders. You can use the converse app on the phone to hook into that. It’s auto encrypted if you go that route.
Security is a spectrum so you have to chose how much inconvenience is best for your situation.
The question says “for my phone”.
Also by your logic why use a PC, just don’t use the internet at all.
All of my suggestions are for the phone? I don’t understand the confusion.
I use signal but if I could convince everyone I knew to use a messenger for security it would be Threema. No chance of that happening it’s hard enough convincing people to use signal.
