Best privacy chat apps
-
@jdaviescoates there's no real coding involved.. it's mostly stitching things together and adjusting configs. You'll have help too.
-
Looks like Signal App's addition of payments using MobileCoin ($MOB) has struck a raw nerve with many.
Another alternative that seems to come up regularly on the comments underneath their Tweets is this Session App:
YMMV but another one for the list and your esteemed critique.
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
@marcusquinn see also Snikket which seems like a great option too (and gets my vote for the XMPP that ought to be first added to Cloudron).
-
I'd still take Matrix over all of those for its decentralized and federated nature. It is incredibly secure and their Element client has truly come a long way. I would love to see Snikket and Oragono though. I tried packaging Oragono but lost the motivation part way through as I usually do.
But my vote for matrix comes in here: Me and a friend could both have our own homeservers and still chat in a secure manner. If we're talking privacy, I'd say its at the top for sure.
-
@atrilahiji true, although I find Matrix to still be somewhat of a UX nightmare. It's often very confusing, even for geeky people.
-
@jdaviescoates I mean, I wouldn't say I'm an expert in UX so I can't speak to that but I can say that for me I found it fairly intuitive. I know that this may not be everyone's experience though.
I also am wary of UX issues or incredibly pretty apps sometimes because I find that a lot of apps seem to go 110% in on beautiful and intuitive UI while compromising on core functionality.
-
I think any app requiring a central server will remain niche.
Signal took a long time to persuade people to switch with very low signup friction.
User experience is as fundamental to security as shoes are on gravel.
If the experience doesn’t factor-in user onboarding time & friction, then it becomes a security issue in itself, by discouraging critical-mass adoption to be more useful than the ad-tech alternatives.
-
@marcusquinn said in Best privacy chat apps:
I think any app requiring a central server will remain niche.
Did you mean apps not requiring a central server? Looking at the current abysmal state of the internet, apps requiring central servers dominate.
Signal took a long time to persuade people to switch with very low signup friction.
User experience is as fundamental to security as shoes are on gravel.
If the experience doesn’t factor in user onboard IG time and friction, the it becomes a security issue in discouraging critical mass adoption to be more useful than the ad-tech alternatives.
I think this is a good ol' agree to disagree situation. I'm of the opinion that if someone needs to be coerced into caring about security they may as well stick with selling their soul to Sundar Pichai and Zucc. As far as I'm concerned the best privacy chat app is the one that best protects privacy. Simple as that.
-
@atrilahiji The family reeeeeeallly resisted the push to Signal for months, these are people that care, and I care about, but the "why should I?" brainwashing runs deeper than personal and relationships nowadays.
That's the power of user experience and trust in exchanging effort for that.
For business and professionals, sure, we have some influence, but for personal, I'm afraid the user statistics speak for themselves.
-
@atrilahiji Moral hypothetical; mental health is an issue, I think we can agree on that?
How do we reconcile having capabilities to improve user experience and adoption, against having people we care about unnecessarily unhealthy in mind because they "sold their soul", or more likely it was bought and sold for them?
-
@marcusquinn I mean yeah, for a number of people the security aspect is something of a non-issue. What moves them is the UX. But I'd argue that most, if not all, open-source chat apps that allow for self hosting simply cannot compete with Signal because people move to the shiny thing. You and I know that there are better options if privacy is the concern, but for the majority of people privacy truly is not a concern. If it was, we wouldn't even be having this discussion and everyone would use Matrix.
But where I'm coming from here is solving the core issue of the best privacy chat app, which I still argue is Matrix. I would not say it is the best chat app. But again its a matter of what one prioritizes.
-
@atrilahiji Well, you also don't really need to compete with Signal if you can use it as a trojan horse using e.g. https://docs.mau.fi/bridges/python/signal/index.html. Of course, this comes with its own set of challenges: making a good experience with many moving parts is not easy - and bridges are inevitably another moving part, often of questionable quality since they aren't a primary focus.
-
@atrilahiji Yeah, it's a compromise step I feel. Secure enough to be better than ad-tech's conflicts of interest, but still aware that the metadata for who's chatting with whom and when still has some potential value that one wouldn't want to share if given an assured choice.
Matrix I love the ideals and successes of. Element seems the best of the bunch. So for this audience, certainly the best we have.
For my entire social circle, well I can't see it happening but would be happy to see otherwise.
I guess the original point of the post was non-Cloudron specific, and potential for mass-market.
I guess we have to wait and see what Elon Musk shills next
if Signal's MOB payments sour the new kid capturing mindshare. -
The Very Best Encrypted Messaging Apps:-
- Signal
- Wickr Me
- Dust
- Telegram
- Apple iMessage
- Facebook Messenger
App to avoid: Google Hangouts. Despite being available for free on both iOS and Android, Google Hangouts is riddled with privacy and security concerns. Though it does encrypt hangout conversations, it doesn’t use end-to-end encryption — instead, messages are encrypted “in transit”.
-
@atupuxi Good to see Signal on there but WhatsApp and FB Messenger are suspect. I'd probably put something like Matrix (Element) on there. Probably even above Signal since you can't quite self host Signal.
-
@atupuxi said in Best privacy chat apps:
The Very Best Encrypted Messaging Apps:-
- Signal
- Wickr Me
- Dust
- Telegram
- Apple iMessage
- Facebook Messenger
Wickr was just acquired by Amazon (!) of all companies: https://www.theverge.com/2021/6/25/22550361/amazon-wickr-aws-secure-messaging-encryption
-
@necrevistonnezr IMO I'd remove anything that is owned by big tech OR is closed source from that list. How can we ever ensure a closed source application is secure?
-
@atridad said in Best privacy chat apps:
@necrevistonnezr IMO I'd remove anything that is owned by big tech OR is closed source from that list. How can we ever ensure a closed source application is secure?
Or in other words, just refer to the great infographic I posted earlier.
-
@jdaviescoates This is perfect.
IMO with the Spaces beta Matrix (using Element as the client) is very good in terms of usability. I use it with family and friends now and its been effortless.
Now we just need Dendrite packaged for a server... unfortunately I know next to nothing about packaging federated apps so I'm hoping someone else will try before I hack something awful together.
-
@atridad The example package is there with Matrix server no?
-
@robi Oh I mean we do have the Matrix Synapse server written in python. The team behind Matrix is working on another server called Dendrite written in go.
-
@atridad right, other than the language difference, the 'federation' packaging should be the same, yes?
-
This post is deleted! -
@atridad said in Best privacy chat apps:
@necrevistonnezr IMO I'd remove anything that is owned by big tech OR is closed source from that list. How can we ever ensure a closed source application is secure?
Personally, I don't like Signal, for it is just another WhatsApp were you could be tracked by GPS/Beacon and meta-data. I saw too much anti-government group using Signal and being intercepted simply by correlating the high level of exchange in Signal (metadata) and movement tracking (GPS).
For the fact, saying Close Source is not secure by default, it is simply a point of view. Few companies with whom I work do business with the military and don't want to use anything Open Source because for them Open Source sound full of flaws and weaken their defence.
-
@jodumont I read somewhere that the biggest user group of linux is the US military. I'll try to find a source for you. Open source is seen as a positive, not a negative. The military from other nations also use Linux like China and Turkey...
https://arstechnica.com/information-technology/2013/10/the-navys-newest-warship-is-powered-by-linux/
https://www.zdnet.com/article/the-air-forces-secure-linux-distribution/
-
@jodumont SIgnal is by far the most secure digital messaging app usable by normal people at this point and this isn't a controversial point among security folks. No matter app what you use, law enforcement can subpoena your phone's cell tower connection records, among other things(at least in the US).
-
Yeah... I'd never be inclined to believe that a chat application is secure unless they are willing to reveal all of the source code. I still use some, like discord for instance simply because I have friends I cannot get off of there. Element with their new Spaces feature has made it usable enough for me to recommend to anyone. Maybe I just don't see the issues because I am used to janky UIs? But I think it is very slick and easy to use at this point. But regardless, I don't want to confuse the conversation about what is easy to use with what someone is used to.
-
There's another element to choice of communications apps, and that's the democratic vote that it represents as to whether you endorse a company and its ethics or not.
Facebook raises it's value from the number of users and interactions, reduce that and you reduce their value to advertisers and shareholding investors.
Full privacy is almost impossible - but portability and freedom of choice should be encouraged, and even one movement away from a tech giant is a small win against their mindshare domination aspirations the seem to presume in trying to become an essential utility for most.
-
Thanks; this caused me to think of Mike Masnik's paper emphasizing endorsement of protocols instead of platforms, might perhaps be relevant / interesting.
https://knightcolumbia.org/content/protocols-not-platforms-a-technological-approach-to-free-speech
-
@martin Yup, also reminds me of the quote to paraphrase; "Bad things happen when good people do nothing."
-
@humptydumpty said in Best privacy chat apps:
@jodumont I read somewhere that the biggest user group of linux is the US military. I'll try to find a source for you. Open source is seen as a positive, not a negative. The military from other nations also use Linux like China and Turkey...
I'm sure your right, and I'm fully for OpenSource and choose OpenSource by Default, simply, sometimes, some irrational thought are hard to destroy
@ianhyzy said in Best privacy chat apps:
@jodumont SIgnal is by far the most secure digital messaging app usable by normal people at this point and this isn't a controversial point among security folks. No matter app what you use, law enforcement can subpoena your phone's cell tower connection records, among other things(at least in the US).
So Imagine in a country run by a King who decided nobody could say anything bad about him, his family and his government
-
@humptydumpty said in Best privacy chat apps:
other nations also use Linux like China and Turkey...
French Police also use Linux
https://en.wikipedia.org/wiki/Free_software_movement#Legislation_and_government -
Just randomly found this via GitHub: https://berty.tech
a privacy-first distributed messaging app. -
@jodumont sounds very promising
-
"Berty is still under active development and should not be used to exchange important data.
The current Berty Messenger implementation is not using the Berty Protocol yet, but OrbitDB directly. Which means the encryption is not safe, but the good news is that the current Berty Messenger app is already a P2P one!"
-
Just stumbled across this, maybe interesting, well reviewed too:
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
yall should also check out Session (getsession.org) it's pretty sweet - a fork of Signal protocol with the backend using the Loki/Oxen network and in the table above, requires zero of the 19 permissions that Signal requires. I personally REALLY enjoy it.
The downsides are obvious here in the usability department. In order to get to chatting with someone, you HAVE to exchange keys. Signal makes that easier cause they generate QR codes but also integrate with your contacts.
One thing to note, however, as a plus to Signal, is they use confidential computing on Azure to hide all the contacts processing, which is a really great use of that particular tech.
-
@doodlemania2 I did give Session a try, kinda felt primitive and like persuading anyone to switch from Signal would be at the expense of losing features for marginal additional privacy.
get that the metadata with Signal isn't private, and that's annoying, but the main thing for me is avoiding using Facebook/Google products.
I'm sure Session will continue to evolve, so hopefully they don't lose momentum and have the capability to reach feature parity with the current most popular apps.
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
@marcusquinn yeah, a lot of alternatives to signal look neat but fail at being cross platform or easy for normal people to use
-
I've had to ditch Signal. It has been a nightmare to use. Notifications on Android and iOS are both spotty. My mom had missed calls several times because it just never rung for her (I verified this). Also for video calls it occasionally decides speakerphone is not needed, and won't work.
0/10 somehow Element + Matrix is more usable.
-
The frequent disconnections from Telegram and Signal are problematic.
It's like someone is deliberately disconnecting all sessions they can't intercept. Making it a lot less reliable.
Sometimes video calls are better, and you can always stop video sharing, keeping the voice channel open.
Same with GVoice calls, frequent drops, despite good networking on both sides.
One of the better things for longer lasting voice comms is Team Speak. But the lack of availability of free clients on mobile puts that in the 'only at home' category.
-
I'v been testing https://cwtch.im/ it's quite interesting, since you can host the server home
and join other chats/servers or one-to-one over tor -
@rmdes Nice! Looks like the list here has been updated since I last posted it:
-
@rmdes sounds like a good app request?
-
Session
https://getsession.org
Session will soon support video over Lokinet.Berty
https://berty.tech/
Berty is based on IPFS (Inter Planetary File System), and near release. Keep an eye on it.Cwtch
https://cwtch.im/ -
@LoudLemur Thanks. Session I like, worth a follow: twitter.com/session_app Anyone can DM me for an ID to connect if you want to test anything.
Video calls will be the game-changer for that, at least if they can have a comparable quality to FaceTime/Zoom, which are currently the best-of-(non-open-source)-breed in my experience.
Berty & Cwtch I need to try, both also sounds very cool.
The original point of this post being "Off-topic", was for non self-hosted, or not being dependent on self-hosting. The kinda thing you could give your folks to use and they'd have a low friction experience, and it would work well enough for them to also like and recommend to friends once they were also onboard. (something I still even struggle to convince people that really ought to trust me on, because lazyness & what's the point inertia is a very real thing targeted by the spyware that has become ubiquitous with "social media" and "big tech".
-
Have created a "Cloudron" Group in Session, for both testing, and off-the-record chat (well, as much as all other members have a record). DM me for my Session ID. It's probably safe to post publicly, but no hurry to find out otherwise from haste
-
Anyone tried this "Status" app to the above aims? Looks intriguing at least:
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
@marcusquinn while there are few good interesting ideas floating around in the web 3 space, and loads of money sloshing around to help experiment with such ideas, personally I find it mostly to be a big turn off for being a slow, expensive, and environmental nightmare.
-
Oh gosh they incorporate “web3”
-
@jdaviescoates Wait until you see how much energy humans consume to do the things the miners are replacing
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
@marcusquinn like what? What are they/ have they replaced. Nothing as far as I'm aware.
A single Bitcoin transaction uses more energy than an average U.S. household uses in 2 months!
I mean, perhaps you're referring to how much banks still invest in fossil fuels? But if you think web3 is going to replace banks any time soon you are wrong
A 10-year old iPhone could process more transactions per second than the entirety of the Bitcoin network it's so insanely slow.
-
@jdaviescoates Think that's one for the rest of the internet to debate. Personally, I see the incentives for more progress in energy production, efficiency, distribution and security as a good thing.
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
@marcusquinn said in Best privacy chat apps:
I see the incentives for more progress in energy production, efficiency, distribution and security as a good thing.
OK, but Web 3 does that how?
It's really not very distributed at all and pretty much the whole ecosystem relies on a tiny handful of privately owned and controled entities, just like Web 2
See eg this nice critique by Signal's creator:
https://moxie.org/2022/01/07/web3-first-impressions.html
Also, what are these high energy "things the miners are replacing"?
-
Also, what are these high energy "things the miners are replacing"?
Bankers.
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
@marcusquinn said in Best privacy chat apps:
Bankers
Yeah. Thankfully, whilst most banks are still investing in climate catastrophe, not all are.
I do personal banking with Nationwide and business banking with Starling, neither of which invest in any fossil fuel companies nor projects.
https://bank.green is a useful website for checking how much your bank has invested in fossil fuels since the Paris Agreement.
The worst offender in UK/ Europe are Barclay's
See also:
The Banking on Climate Chaos report:
https://www.ran.org/publications/banking-on-climate-chaos-2022/Recent issue of Ethical Consumer magazine on banking:
https://www.ethicalconsumer.org/sites/default/files/flipbook/Issue186/I'd suggest moving money to more ethical banks (and pensions if you have one, see eg https://makemymoneymatter.co.uk/ ) is a far more effective action than using all the insanely wasteful web3 stuff
Probably also worth mentioning:
https://www.ethex.org.uk/
https://www.abundanceinvestment.com/
https://www.wearemoneymovers.com/Happy ethical banking everyone!
-
@jdaviescoates This we agree on.
I wouldn't worry about the "energy costs" of PoW blockchains, a large amount of the excess heat can be reclaimed and re-used, and it is motivating and diverting more funds to renewable energy investment, because ultimately, cleaner energy is also cheaper energy for all.
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
@marcusquinn I highly doubt that the average miner running 100 AMD cards re-uses any of the excessive heat.
It‘s just a stupid system under which numbers are crunched that don’t need crunching and which gave rise to money laundering and cybercrime at an unprecedented level. There’s not one ransomware attack without cryptocurrency involved.
I don’t know why less oversight in finance matters would benefit anyone. And is there one aspect of cryptocurrency that has benefited society as a whole?
-
This is off topic...
But I will say that crypto tends to be defended by those who make abnormal amounts of money off of it. Also miners can have a special corner of hell for the GPU shortage. Web3 is not needed. Its just a way to ram "bLoCkChAiN" into everything. Decentralization does not and will never need blockchain. Source: activitypub.
-
@necrevistonnezr I heated my whole house with GPU mining this winter, so self-proclaiming my own confirmation-bias.
I like learning, and I like primary source information. I could have taken any bunch of opinions, regurgitated them and moved on, but I just like to know — and I'm satisfied that I can make my home-heating consistently profitable to fund other hosting and research projects.
I guess a significant part of the developing world, that now has an alternative currency to trade with, might be voting with their usage, and good for them.
If there were no utility, I'm sure the costs in chips & power would not be funded indefinitely, get here we are, 10-years in and mining, trading, and all sorts of other applications both exist and grow.
Like most things, none of us truly knows the future, and in many ways how the present works either, but I do like the idea that self-determination can survive and thrive in the face of accelerating AI capabilities — for which, soon enough, these public words are merely food for their modelling, and the utility of anything online will only be as good as the trust of either the few or the many that control the network we've taken for granted as being secure enough to rely on.
Maybe we're just being tricked into generating the computing power that an artificial hive-mind craves, who knows?
The Sun, 1991
Daily Mail, December 5, 2000
