-
this table was for my own personal use
@mehdi said in Best privacy chat apps:
I personally think it's the most important feature to take into account.
this is true this feature should be considered,
but also who own the encryption key, the user or the provider ?because most of these service yes you could encrypt a message but the provider (example Telegram) have the 2 keys so technically they could decrypt the message on the server side before forwarding it to the recipient.
Sometimes a function is just an umbrella to make a shadow theater where we are the puppet.
-
@mehdi said in Best privacy chat apps:
Olvid
Olvid sound promessing, we cloud also talk about Threema which is more or less the same but developed in Switzerland. but at the end I took my list from AlternativeTo.net and took the top 10.
Beware most of VOIP use opportunistic encryption mainly because of issues with NAT so trusting a 3rd party for that is a big mistake for your privacy.
These days everything is secure like email aka the authentication use SSL than the message follow in clear text.
It would be interesting to find how/if Olvid encrypt their VOIP and which part ANSSI complement.
for now I only see the text message being encrypted. -
@jodumont I am of course only talking about good end-to-end encryption, like Signal or WhatsApp (yeah, WhatsApp has many flaws, mainly their owner, but they do have good encryption).
I don't know about Telegram's encryption, I never looked into it. I just know they don't use any by default (which, in itself, is bad)
-
@mehdi said in Best privacy chat apps:
I don't know about Telegram's encryption, I never looked into it. I just know they don't use any by default (which, in itself, is bad)
we probably don't talk about the same phase of encryption, you seams focusing on the message (which obviously it is important) and I'm talking about the transfer
anyway good thing this forum is encrypted by a SSL
-
I came across a couple of nice chat comparisons recently.
First of all there is this nice infographic by niboe.info
Sadly I've been unable to find an English version of the other nice infographic in this accompanying article of theirs in Spanish.
I also came across this handy table from DivestOS (a privacy focused Android distribution):
https://divestos.org/index.php?page=messengers
Both of these make we wish Cloudron had an XMPP server like ejabberd so we could get our friends to try out Conversations and Movim (I mean, both Yunohost and HomeLabsOS have an XMPP server, and they are both fully open source and run by volunteers - whereas Cloudron is the one with a business model and full time paid @staff - and yet they've got XMPP and we don't! )
-
maybe me, but personally I make a difference when you are able to generate or add your own key to encrypt versus the "platform" provide you the public and private key
-
@jodumont The key is always generated on your own device. There is zero reason to allow users to import an external key. If you don't trust the local app to correctly generate a keypair, you have no reason to trust it to correctly perform the encryption. So importing a key brings nothing.
-
@jdaviescoates time to host an event, start packaging and get help finishing it!
-
@jdaviescoates there's no real coding involved.. it's mostly stitching things together and adjusting configs. You'll have help too.
-
Looks like Signal App's addition of payments using MobileCoin ($MOB) has struck a raw nerve with many.
Another alternative that seems to come up regularly on the comments underneath their Tweets is this Session App:
YMMV but another one for the list and your esteemed critique.
-
@marcusquinn see also Snikket which seems like a great option too (and gets my vote for the XMPP that ought to be first added to Cloudron).
-
I'd still take Matrix over all of those for its decentralized and federated nature. It is incredibly secure and their Element client has truly come a long way. I would love to see Snikket and Oragono though. I tried packaging Oragono but lost the motivation part way through as I usually do.
But my vote for matrix comes in here: Me and a friend could both have our own homeservers and still chat in a secure manner. If we're talking privacy, I'd say its at the top for sure.
-
@atrilahiji true, although I find Matrix to still be somewhat of a UX nightmare. It's often very confusing, even for geeky people.
-
@jdaviescoates I mean, I wouldn't say I'm an expert in UX so I can't speak to that but I can say that for me I found it fairly intuitive. I know that this may not be everyone's experience though.
I also am wary of UX issues or incredibly pretty apps sometimes because I find that a lot of apps seem to go 110% in on beautiful and intuitive UI while compromising on core functionality.
-
I think any app requiring a central server will remain niche.
Signal took a long time to persuade people to switch with very low signup friction.
User experience is as fundamental to security as shoes are on gravel.
If the experience doesnβt factor-in user onboarding time & friction, then it becomes a security issue in itself, by discouraging critical-mass adoption to be more useful than the ad-tech alternatives.