Best privacy chat apps
-
Chatting with @humptydumpty about alternatives to Discord, so thought I'd share my conclusions:
- Signal seems the easiest for people used to Whatsapp, Discord, Messenger, Whatever
- Telegram seems good but Signal being open-source seems better.
- Matrix / Element / Mattermost - too quirky and poor mobile experience.
- Rocket.Chat the best of our current Cloudron options but higher RAM needs.
- Jitsi & Jami look like the best of the App Wishlist alternatives.
- Tox looks OKish for desktop but no mobile.
Hope that helps some - anything better than the above I've missed?
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
Just been looking at Signal on Desktop. Not so good, doesn't seem to do everything the mobile app does. Telegram wins in this comparison.
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
@marcusquinn said in Best privacy chat apps:
Telegram seems good but Signal being open-source seems better.
Security professional opinion : Telegram is
. It's no better than facebook messenger. No encryption by default. I don't know how they managed to create the public perception that they are privacy-focused. -
@marcusquinn Yeah Signal's UI is crap, but it's supposedly one of the "best" for privacy, so I hear. Been using it with a few friends for a couple of years and it's worked well. Just not a fan of the interface.
--
Dustin Dauncey
www.d19.ca -
@d19dotca My problem with Signal and most other apps is that you need a phone number or email address associated with the account which can be mined from the metadata.
Signal removed the "from" in the metadata but for an app that touts "secure communications", you'd think they would have done that since the app's inception.
You might say, "I don't have anything to hide" or "I don't care if they know some things about me" but all this info is being collected and they're building a profile about you so they can profit from it. That's the best case scenario. Now imagine dictators having that kind of power in their hands. What's stopping corporations, governments, organizations from abusing this power? Nada. We have to protect ourselves by denying them every bit of data no matter of irrelevant it may seem. Ask yourself, if it's that irrelevant, why do they want it so bad? Why does big brother want a backdoor into encryption?
I rest my case.
-
Privacy is my new favourite subject, to the point I'm writing blog posts as I learn more, this being the first I got around to:
-
@mehdi Damn, fooled me, and I thought I was good at spotting the cracks but information-overload is a great marketing tool eh. Any other recommendations then?
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
@marcusquinn I think Signal has the best privacy and security. But yeah, I've never used the desktop app, just the mobile app.
-
@marcusquinn From a security and privacy standpoint, I would only consider Signal and Matrix. Both are pretty usable in my opinion.
I also heard good things, from a security perspective, about Olvid. No idea how good is the interface though.
-
@mehdi said in Best privacy chat apps:
Olvid
Hadn't heard of that before, sounds good:
https://www.olvid.io/en/I note it doesn't have the phone number/ email address issue Signal and other apps have that @humptydumpty mentions above.
I also note that Olvid isn't (yet) open source:
https://olvid.io/faq/is-olvid-code-open-source/But the technology it's powered by is:
https://olvid.io/faq/is-olvid-technology-open-source/ -
@jdaviescoates it seems they are limiting voice calls with a subscription.
-
@mehdi what do you think of Wire compared to Telegram ?
-
@rmdes End-to-End encryption, not re-implementing their own crypto primitives, using a well known protocol, open-source ... On first glance, looks good.
-
@mehdi I Also like that it allow people to get in touch and use the entire feature set without ever exchanging phone numbers
-
Matrix + Element is probably the best privacy focused app if I am being honest. Next is XMPP (With OMEMO or PGP).
Client side, each have multiple apps for Windows, Linux, Mac, iOS, and Android (Not to even mention Web Apps).
Matrix is probably the best option of the two as by default it can federate with other servers securely.
-
Thoughts on Rocket.Chat security?
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
@marcusquinn It's self hosted. So, on that point, better than most ^^ Otherwise, there is no special security feature, no end-to-end encryption, ...
-
@humptydumpty Not sure if that was really meant to be directed at me or not
haha because yeah, I agree with your points on the "I don't have anything to hide" part, that's been something I've argued for years with people and fully support that it should never be about if someone has something to hide or not.What do you prefer to use over Signal though in that case if it doesn't quite past muster for you? Always open to alternatives.
--
Dustin Dauncey
www.d19.ca -
@mehdi Cool, thanks, the scope of this post is for all chat apps, not just CLoudron ones, but insight into the Cloudron ones is always handy.
I guess the hope is to find what works best for family & friends to try and get them moving to that doesn't involve self-hosting or cost because frankly that's the benchmark from the no-so-private competition.
-
Everyone here has A LOT to hide. If you're a Sys Admin, all those keys to kingdoms you have could yield great value or damage in the wrong hands.
Doesn't matter how secure we are if social-engineering can get to our stuff through our peers.
Aside from that, hopefully my blog post above explains a lot of other things to think about for how all our peers devices can gather data on us no matter how secure we are personally, so it will only be a whole society movement that plugs those holes, and I'm sure many here are happy to help friends and family do that if it is the seeds for a greater migration.
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
@marcusquinn Agreed. Everyone who says they have nothing to hide doesn't quite realize the potential that can come from companies having even just basic details on you.
--
Dustin Dauncey
www.d19.ca -
@d19dotca The most obvious one now is censorship, since your view of the curated online world is tailored to show you what you are most likely to engage with, and we're all seeing a different view. Add to that the profiling on how influential you are, so targeting the most influential people then turns them into propaganda gophers. We're all in database tables somewhere now as a statistically significant type of some kind or another.
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
The most perverse is that if you know you're watched, then you change your behaviour instead of behaving like yourself.
-
@d19dotca lol no, it wasn't directed at you but that argument is what I'm used to hear when I try to educate my family and friends about data privacy. My first choice would be Matrix and Signal would be my second. But, I don't use my phone except for calling, 2FA TOTP, and email (Mail iOS app) so I never really bothered to look into it that much. I practically live on my PC so securing Windows (MS is probably the worst offender of them all) is my main concern. I'm forced to use Windows because of the CAD/CAM software that I have. I had no luck running them with Wine but I do have Pop!_OS on different drive and a stack of raspberry pi 4's for NAS (OMV5), PiVPN, PiHole, and one dedicated for fooling around with
-
@d19dotca Yes! I scared the living **** out of my family when I asked them to search their full name to see what they come up with. Every few months, I do this and go through the removal process on all these sites for my whole family. It's a PITA since they try to hide the opt-out form but you learn their tricks and the process becomes easier. I wouldn't be surprised if these sites were all operated by the same scummy group because their websites have a lot of similarities with each other.
-
@humptydumpty said in Best privacy chat apps:
I'm forced to use Windows because of the CAD/CAM software that I have
Hope this helps!
https://alternativeto.net/tag/cad/?license=opensource&platform=linux -
I would encourage you to give matrix another shot - it's gotten a lot better on mobile. My only remaining two gripes are the lack of multi-account support and the way threading works (I prefer Slack's method)
-
@hillside502 Thank you but I wish it was as simple as finding an alternative CAD program. I have multiple plugins that are specific to the industry and software I'm using. Without these plugins, my work would take x10 as long to complete.
-
@humptydumpty that's what VMs and containers are for. Containers run in Windows just fine.
-
Wow - Elon Musk celebrated his newly found ranking with a nice kick in the Zuckerburgs!
Follow my tweets on Signal here if you care: https://twitter.com/marcuswquinn
-
I reckon the fediverse is gonna get more interest following recent FB & Twitter self-determination as censors.
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
@marcusquinn said in Best privacy chat apps:
following recent FB & Twitter self-determination as censors.
?
They are private companies and under no obligation to uphold the First Amendment (US). They are protected by Section 230 of the Communications Decency Act, which exempts them from being treated as publishers and both protects them from liability and allows them to regulate content as they see fit.We can certainly have a discussion if (i) these platforms have reached a monopoly - and hence have an undue influence on public speech - that needs regulation and / or (ii) they should indeed be treated like publishers or the press with all the freedoms and obligations - such as fact checking - attached to it.
Don't get me wrong, I hate these platforms and what they stand for with a passion and am certain that we would all be better off if Twitter, Facebook, Instagram, etc. were turned off and deleted at once. Giving people and their opinions an unfettered platform has not improved the quality of opinion-forming and discussion but made it so much worse.
In any event, the "freedom of speech" is not an absolute right, neither in the US nor in most countries in the Western hemisphere. Like most constitutional rights they are - as a general rule - limited by the rights of your fellow citizen.
-
Telegram seems to be upholding their censorship free platform so far..
-
@robi said in Best privacy chat apps:
Telegram seems to be upholding their censorship free platform so far..
... and thus has attracted extremist, neo-nazis and covid deniers...
-
@necrevistonnezr ... and thus law enforcement can learn, find and handle as-is their role.
I don't fancy law enforcement that also has a stock ticker to please.
-
After watching a video of the Privacy Guy I started (WIP) a comparative of Android Chat/Call Application, my focus was privacy and anonymity.
- Potentially Dangerous Persmissions numbers comes from the project Exodus
- Pii: means you need to use a Personal identifiable information such as a phone number and/or an email
Proprietary Apps
Apps Trackers Potentially Dangerous Permissions Require Pii Note Facebook Messenger 4 4 yes (email/phone number) It don't just use Facebook tracker, but also Google Analytics Line Lite 1 6 yes (phone number) Use Google Firebase Analytics Facebook Messenger Lite 1 7 yes (email/phone number) Use Google Analytics Google Duo 1 9 yes (email) Use Google Analytics Snapchat 3 10 Google AdMob WhatsApp 1 13 yes (phone number) Use Google Analytics and it is own by Facebook WeChat 5 13 Use Google Firebase Analytics, Facebook Analytics, Facebook Login and Facebook Share Skype 5 13 Use Google Firebase Analytics and Microsoft VS App Center Crashes, Microsoft VS App Center Analytics Line 4 14 yes (phone number) Use Google Analytics, Google AdMob, Facebook Login and Facebook Share Telegram 2 15 yes (phone number) Use Google Firebase Analytics and Microsoft VS App Center Crashes Skype Lite 4 16 Use Google Firebase Analytics and Microsoft VS App Center Crashes, Microsoft VS App Center Analytics Viber 10 16 yes (phone number) Use Google Firebase Analytics, Google AdMob, Google CrashLytics, Twitter MoPub and Yandex Ad Telegram X 3 17 yes (phone number) Use Google Firebase Analytics and Google AdMob Open Source Project to consider
Apps Trackers Potentially Dangerous Permissions Require Pii Note Briar 0 2 no Probably the best one for pseudo-anonymity. Jitsi Meet 0 4 optional Great alternative to Zoom Nextcloud Talk 0 4 require login (username, email) + server side could be self-hosted Jami 0 5 optional Element 0 8 require login (username) + server side could be self-hosted Linphone 0 9 yes (phone number) Signal 0 19 yes (phone number) Mattermost 1 3 require login (username) + server side could be self-hosted + could be use as a gateway to others services. Wire 1 7 yes (email) At the end, the best is to host your own Nextcloud and convince your friend to come on your Nextcloud Talk
-
Someone just pinged me this link on Twitter, seems to be reasonable info:
I saw someone saying the old "I have nothing to hide", although the obviously creep-ware that all these things do help hide is targeted advertising.
Who wants to be "targeted" and have others pay to directly target them with a calculation that makes it more probable to profit from that targeting?
Admittedly, I used to see this as legitimate business but the balance of cost and value to society doesn't seem to be in-line with efficiency and balance in relationships, so I'm personally backing away from all business that is dependent on paid advertising in preference for focusing on editorial value and self-challenging communities with a common interest in value over sales.
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
@jodumont you comparison does not take into account whether or not the messages are encrypted. I personally think it's the most important feature to take into account.
Also, take a look at Olvid. I don't use it personally, but I heard good things.
-
@jodumont thanks for the table!
for Mattermost, what is meant by 'gateway to other services' ? API integrations?
-
@marcusquinn said in Best privacy chat apps:
Admittedly, I used to see this as legitimate business but the balance of cost and value to society doesn't seem to be in-line with efficiency and balance in relationships, so I'm personally backing away from all business that is dependent on paid advertising in preference for focusing on editorial value and self-challenging communities with a common interest in value over sales.
In another project we've come up with a business model that preserves privacy yet allows for getting paid for receiving advertising that is relevant to ones interests, if so desired.
If everyone participated, it would be akin to a UBI with abundance.
-
@marcusquinn said in Best privacy chat apps:
Who wants to be "targeted" and have others pay to directly target them with a calculation that makes it more probable to profit from that targeting?
As must as I hate any kind of privacy-invading workflows, I must confess that (specifically) targeted advertising doesn't really bother me much at all. The fact is those ads are going to be present in that spot on a webpage regardless of whether it's targeted or not. So why not at least show me relevant ads based on search keywords in the tool being used?
To me, the only time I get creeped out and think they've crossed a line for me at least is when they start getting overly sensitive to the ads (such as Facebook) where you're not just being targeted based on a couple of data points and instead you're being targeted based on like a 100+ different data points on data they ideally shouldn't even really have in the first place.
I think it's all a balancing act. Everyone's comfort level is a little different. Just my opinion anyways. But I totally hear ya on the "I have nothing to hide" point, those statements always irritate me when I hear them from people, shows they're completely missing the point when they say that, IMO.
-
this table was for my own personal use
@mehdi said in Best privacy chat apps:
I personally think it's the most important feature to take into account.
this is true this feature should be considered,
but also who own the encryption key, the user or the provider ?because most of these service yes you could encrypt a message but the provider (example Telegram) have the 2 keys so technically they could decrypt the message on the server side before forwarding it to the recipient.
Sometimes a function is just an umbrella to make a shadow theater where we are the puppet.
-
@robi said in Best privacy chat apps:
for Mattermost, what is meant by 'gateway to other services' ? API integrations?
Yes; but I'm not a Mattermost expert
-
@mehdi said in Best privacy chat apps:
Olvid
Olvid sound promessing, we cloud also talk about Threema which is more or less the same but developed in Switzerland. but at the end I took my list from AlternativeTo.net and took the top 10.
Beware most of VOIP use opportunistic encryption mainly because of issues with NAT so trusting a 3rd party for that is a big mistake for your privacy.
These days everything is secure like email aka the authentication use SSL than the message follow in clear text.
It would be interesting to find how/if Olvid encrypt their VOIP and which part ANSSI complement.
for now I only see the text message being encrypted. -
@jodumont I am of course only talking about good end-to-end encryption, like Signal or WhatsApp (yeah, WhatsApp has many flaws, mainly their owner, but they do have good encryption).
I don't know about Telegram's encryption, I never looked into it. I just know they don't use any by default (which, in itself, is bad)
-
@jodumont about Olvid, from what I know, yes their calls are also encrypted, but they are only available for paid users.
-
@mehdi said in Best privacy chat apps:
I don't know about Telegram's encryption, I never looked into it. I just know they don't use any by default (which, in itself, is bad)
we probably don't talk about the same phase of encryption, you seams focusing on the message (which obviously it is important) and I'm talking about the transfer
anyway good thing this forum is encrypted by a SSL
-
@jodumont This table seems to be either outdated severly, or just plain wrong. Whatsapp does use end-to-end encryption, and has been using it for years.
-
-
I came across a couple of nice chat comparisons recently.
First of all there is this nice infographic by niboe.info
Sadly I've been unable to find an English version of the other nice infographic in this accompanying article of theirs in Spanish.
I also came across this handy table from DivestOS (a privacy focused Android distribution):
https://divestos.org/index.php?page=messengers
Both of these make we wish Cloudron had an XMPP server like ejabberd so we could get our friends to try out Conversations and Movim (I mean, both Yunohost and HomeLabsOS have an XMPP server, and they are both fully open source and run by volunteers - whereas Cloudron is the one with a business model and full time paid @staff - and yet they've got XMPP and we don't!
) -
maybe me, but personally I make a difference when you are able to generate or add your own key to encrypt versus the "platform" provide you the public and private key
-
@jodumont The key is always generated on your own device. There is zero reason to allow users to import an external key. If you don't trust the local app to correctly generate a keypair, you have no reason to trust it to correctly perform the encryption. So importing a key brings nothing.
-
@jdaviescoates time to host an event, start packaging and get help finishing it!
-
@robi I've often thought of learning to code. I loved maths as a kid. But now isn't the time.
-
@jdaviescoates there's no real coding involved.. it's mostly stitching things together and adjusting configs. You'll have help too.
-
Looks like Signal App's addition of payments using MobileCoin ($MOB) has struck a raw nerve with many.
Another alternative that seems to come up regularly on the comments underneath their Tweets is this Session App:
YMMV but another one for the list and your esteemed critique.
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
@marcusquinn see also Snikket which seems like a great option too (and gets my vote for the XMPP that ought to be first added to Cloudron).
-
I'd still take Matrix over all of those for its decentralized and federated nature. It is incredibly secure and their Element client has truly come a long way. I would love to see Snikket and Oragono though. I tried packaging Oragono but lost the motivation part way through as I usually do.
But my vote for matrix comes in here: Me and a friend could both have our own homeservers and still chat in a secure manner. If we're talking privacy, I'd say its at the top for sure.
-
@atrilahiji true, although I find Matrix to still be somewhat of a UX nightmare. It's often very confusing, even for geeky people.
-
@jdaviescoates I mean, I wouldn't say I'm an expert in UX so I can't speak to that but I can say that for me I found it fairly intuitive. I know that this may not be everyone's experience though.
I also am wary of UX issues or incredibly pretty apps sometimes because I find that a lot of apps seem to go 110% in on beautiful and intuitive UI while compromising on core functionality.
