Best privacy chat apps

marcusquinn

Chatting with @humptydumpty about alternatives to Discord, so thought I'd share my conclusions:

• Signal seems the easiest for people used to Whatsapp, Discord, Messenger, Whatever
• Telegram seems good but Signal being open-source seems better.
• Matrix / Element / Mattermost - too quirky and poor mobile experience.
• Rocket.Chat the best of our current Cloudron options but higher RAM needs.
• Jitsi & Jami look like the best of the App Wishlist alternatives.
• Tox looks OKish for desktop but no mobile.

Hope that helps some - anything better than the above I've missed?

marcusquinn

Just been looking at Signal on Desktop. Not so good, doesn't seem to do everything the mobile app does. Telegram wins in this comparison.

mehdi

@marcusquinn said in Best privacy chat apps:

Telegram seems good but Signal being open-source seems better.

Security professional opinion : Telegram is . It's no better than facebook messenger. No encryption by default. I don't know how they managed to create the public perception that they are privacy-focused.

d19dotca

@marcusquinn Yeah Signal's UI is crap, but it's supposedly one of the "best" for privacy, so I hear. Been using it with a few friends for a couple of years and it's worked well. Just not a fan of the interface.

humptydumpty

@d19dotca My problem with Signal and most other apps is that you need a phone number or email address associated with the account which can be mined from the metadata.

Signal removed the "from" in the metadata but for an app that touts "secure communications", you'd think they would have done that since the app's inception.

You might say, "I don't have anything to hide" or "I don't care if they know some things about me" but all this info is being collected and they're building a profile about you so they can profit from it. That's the best case scenario. Now imagine dictators having that kind of power in their hands. What's stopping corporations, governments, organizations from abusing this power? Nada. We have to protect ourselves by denying them every bit of data no matter of irrelevant it may seem. Ask yourself, if it's that irrelevant, why do they want it so bad? Why does big brother want a backdoor into encryption?

I rest my case.

marcusquinn

Privacy is my new favourite subject, to the point I'm writing blog posts as I learn more, this being the first I got around to:

• https://www.marcusquinn.com/do-you-trust-this-computer/

marcusquinn

@mehdi Damn, fooled me, and I thought I was good at spotting the cracks but information-overload is a great marketing tool eh. Any other recommendations then?

jdaviescoates

@marcusquinn I think Signal has the best privacy and security. But yeah, I've never used the desktop app, just the mobile app.

mehdi

@marcusquinn From a security and privacy standpoint, I would only consider Signal and Matrix. Both are pretty usable in my opinion.

I also heard good things, from a security perspective, about Olvid. No idea how good is the interface though.

jdaviescoates

@mehdi said in Best privacy chat apps:

Olvid

Hadn't heard of that before, sounds good:
https://www.olvid.io/en/

I note it doesn't have the phone number/ email address issue Signal and other apps have that @humptydumpty mentions above.

I also note that Olvid isn't (yet) open source:
https://olvid.io/faq/is-olvid-code-open-source/

But the technology it's powered by is:
https://olvid.io/faq/is-olvid-technology-open-source/

robi

@jdaviescoates it seems they are limiting voice calls with a subscription.

rmdes

@mehdi what do you think of Wire compared to Telegram ?

mehdi

@rmdes End-to-End encryption, not re-implementing their own crypto primitives, using a well known protocol, open-source ... On first glance, looks good.

rmdes

@mehdi I Also like that it allow people to get in touch and use the entire feature set without ever exchanging phone numbers

murgero

Matrix + Element is probably the best privacy focused app if I am being honest. Next is XMPP (With OMEMO or PGP).

Client side, each have multiple apps for Windows, Linux, Mac, iOS, and Android (Not to even mention Web Apps).

Matrix is probably the best option of the two as by default it can federate with other servers securely.

marcusquinn

Thoughts on Rocket.Chat security?

mehdi

@marcusquinn It's self hosted. So, on that point, better than most ^^ Otherwise, there is no special security feature, no end-to-end encryption, ...

d19dotca

@humptydumpty Not sure if that was really meant to be directed at me or not haha because yeah, I agree with your points on the "I don't have anything to hide" part, that's been something I've argued for years with people and fully support that it should never be about if someone has something to hide or not.

What do you prefer to use over Signal though in that case if it doesn't quite past muster for you? Always open to alternatives.

marcusquinn

@mehdi Cool, thanks, the scope of this post is for all chat apps, not just CLoudron ones, but insight into the Cloudron ones is always handy.

I guess the hope is to find what works best for family & friends to try and get them moving to that doesn't involve self-hosting or cost because frankly that's the benchmark from the no-so-private competition.

marcusquinn

Everyone here has A LOT to hide. If you're a Sys Admin, all those keys to kingdoms you have could yield great value or damage in the wrong hands.

Doesn't matter how secure we are if social-engineering can get to our stuff through our peers.

Aside from that, hopefully my blog post above explains a lot of other things to think about for how all our peers devices can gather data on us no matter how secure we are personally, so it will only be a whole society movement that plugs those holes, and I'm sure many here are happy to help friends and family do that if it is the seeds for a greater migration.