I suggest something that lets you use any client/platform you want, uses the same crypto primitives, and lets you choose what server/country your data is hosted in and change your mind any time, e.g Matrix.
How many times do centralized services like VK, WhatsApp, Instagram, Apple, etc need to get co-opted into enforcing the will of private entities or governments before we learn our lesson?
The only network services this won't become true of at some point in the future are those with decentralized clients and servers obeying a common documented protocol.
The most mature app is Signal. It has the best usability to privacy trade-off.
Threema is the better choice if you don't mind not having a usable desktop client. For me that's a total deal breaker. It costs a one-time 5 bucks and it's totally worth that, if only it had so much as a usable web client (you need to open your phone and navigate two menus to enable the web client every time your phone changes WiFi or anything).
Wire is the better choice if you can sacrifice a tiny bit of usability for better privacy. It's sluggish is all, and (like Signal and most other services) uses AWS. Full disclosure: I was involved in a paid audit of Wire so I know more about the encryption protocol than I do about the other clients'.
Element/Matrix is the better choice if you'd rather make a trade-off towards privacy. Presumably the clients will mature, and between two years ago and one year ago they've made good progress. It's going less fast today but I still see things getting slowly better, and the decentralization works very well and fairly easy to setup.
If all you really want is a better privacy policy and want to ensure people stick around and don't uninstall it, Telegram is by far the usability winner and has a large network effect already. But it's a trade-off with the devil because there is zero encryption. They could ransom or sell our chat logs any time.
Briar and Jami have limitations that make it unusable for general purposes use with your mom. Facebook and Google's messengers I didn't look at for obvious reasons. Keybase was never end to end encrypted to begin with and now Zoom bought them so they'll probably shut down soon (also, bugs).
Rocket.chat seems only aimed at business users.
You can also do OTR over any platform you like, and I still have to try this overlay encryption system on Android (I forgot its name).
Pick your poison...
Seeing as you mentioned Threema in the same post, I think I ought to step in here.
The encryption protocol for Threema is open source, using standard algorithms, not something they invented.
You, like I did for $my_org, can write your own software to send messages to devices running Threema using the Threema API.
Message contents are, of course, encrypted before submission to the API. Threema provide a number of SDKs to help you, but you are under no obligation to use it, you can write your own API submission client from scratch.
P.S. Not saying Wire is bad here. Wire is good. I use it alongside Threema myself for $other_uses. But I'm saying don't write off Threema under a false understanding that their encryption protocols are closed source.
Afaik Signal doesn't have an API or SDK, there only seem to be third party implementations for bots.
China can move fast for this reason too.
You have to decide if the long term consequences of a fast moving dictatorship are worth giving up the freedom of a sometimes messy democracy.
The internet is too important to herd all our services into control of dictators, no matter how benevolent.
We survived the dialup days for all the UX hell of many providers without giving AOL exclusive control in spite of them having the best UX.
I hope we can do the same with something as critically important as worldwide internet communications, but the marketing of dictators and their ability to move quickly is sometimes too hard to resist until it all backfires spectacularly.
I'm not buying it. Look at Matrix and tell me it's holding them back.
What's holding them back, perhaps, is not having a shitton of money in the bank like Signal, and they're actively supportive of decentralization which costs developer resources. Signal (or Matrix, for that matter) could not spend dev time on decentralization and just let the open source community do its thing. But that's not what Signal is doing, they're instead actively hostile towards it.
Or look at Telegram, they have an open network and third party clients. There also are unofficial clients that some people use. But what does the 99% use? The official clients. Signal's argument is that people might use insecure, unofficial clients. In practice, that's not what your average mom will do. (And it's not as if the official Signal app was audited either.)
I'm also not buying the "China can move faster" thing. They can be more oppressive without consequences, but is that really better? Does that "centralized dictatorship" allow them to be "more stable"? It's easy to say, and easy to see how indeed an oppressive government's decree can change things from one day to the next, but on that scale I think you need to consider more things than I am qualified to do before you can really say whether that is a superior system in a given situation.
I guess we conclude the same thing in the end, though, as you say "The internet is too important to herd all our services into control of dictators, no matter how benevolent."
Do you mean better privacy than Signal? I was under the impression that Signal was significantly ahead of Wire in this regard with features like private groups and private contact discovery.
They pinky swear they always patch and never dump keys when they have the chance though.
Usability is slightly different, yes, and you might also trust Signal more because they do better PR (they say outright that they're from the USA and get money from Facebook, while Wire has devs in Berlin and claims to be a German company, while taking money from USA investors... which imo comes down to the same thing), or you might trust Wire more because they were actually audited at all.
I do use Signal and Telegram with some friends, I really find the difference between WA and Signal to be small. Telegram though is a lot nicer as a platform, it has some channels I'm part of and the desktop client is much better. But this comes with privacy/security trade-offs as mentioned in this thread.
I also use Element.io for some channels and groups. I find it surprisingly nice. I may set up a server myself soon.
I ended up adding a paragraph about it anyhow but that's why, when starting to write the post, I didn't add Telegram to the list. There is also rocket.chat further down that I didn't mention on top, fwiw.
+ It usually just works
+ Reasonable desktop experience (needs to re-link once a month or so, but otherwise independent and not terrible UX), good mobile experience
- Metadata handled by Amazon
- Phone number is a hard requirement, and changing your phone number means re-connecting to everyone
- Funding comes from Facebook from what I recall, and even with large amounts of their $100M invested, their expenses are 8 times larger than their income.
+ At least it's a foundation and their finances are not a black box!
~ With a build from an untrusted third party, you can make it work on Androids where Google Play Services are intentionally firewalled off.
~ No audit of the clients. The protocol, sure, but most bugs aren't introduced on a protocol level.
These are only things they could solve, i.e. that others do better. That their contact discovery solution (where you upload your phone book) is broken isn't a downside because nobody else has that figured out either.
That's rather broad, which metadata are you thinking about? Especially given the sealed sender feature. Assuming you have access to everything at Amazon, what can you deduce about Signal users?
I can think of:
- IP address (you can tell that this IP address sent some Signal message)
- size of messages
- timestamps of messages (when they were received by an Amazon server)
IP address leaks a lot of information but there are still workarounds, and it seems reasonable if you're in a no-trust model (meaning Signal's servers wouldn't be any better than Amazon's). In any case, that's way less information than other mainstream messengers.
On the other hand, one distinguishing feature regarding metadata is groups: group membership is not known by anyone outside of the group if I understand correctly, contrary to WhatsApp (and others).
Not really. Original funding came from NGO sources such as the Open Tech Fund.
Once users are in an ecosystem it takes years to convince them to change and only after they hit a high discomfort tipping point.
If Signal ran short on funding and got bought by Google or Facebook all the tracking would kick in and most users would stay.
We must stop herding people into walled gardens. It is unethical and always backfires.
It is one BGP attack or compromised CDN admin way from compromising the masses.
This is one of the few points I agree with moxie on.
The only safe way to install software on an Android device requires you bootstrap trust via a system supplied package manager that enforces signature verification.
Lineage grabs unsigned binary blobs from a separate account with little accountability ( https://GitHub.com/themuppets ) to limit the blast radius of illegally distributing them and does not ship a package manager at all.
They expect degoogled users to do disable system signature verification to use an alternative app store like F-droid. Lineage is great if you want to turn an old device into a game system or something, but it should not be used on a device you need to be able to trust.
The only Google-free option to have a signed system-verified app supply chain on Android is use a ROM that bundles F-droid as a system trusted app manager like CalyxOS, RattlesnakeOS, or my projects, aosp-build, and #!os.
While F-Droid is far from perfect it is the only alternative path and Moxie refuses to allow apps to be distributed there because he openly admits he wants the usage metrics that come from Google/Apple distribution.
In effect, you either use Apple/Google ecosystems to run verified binaries, or compile yourself every week or two.
That's nice, but why should Moxie decide whether the Google Play Store is a trusted source for me?
APKs do not bypass signature verification. Android still requires all apks to be signed, and only installs updates to apks that were signed by the same original key.
As for BGP attacks, the apk is distributed using TLS, so it needs more than that. That being said, CDN hacks are definitely an issue. But so is someone hacking their play store account or Google play itself.
So he admits he cares about usage metrics more than privacy. which makes trusting signal a bit hard
Is it technically prevented or just frowned upon? The former would be strange, because fixing a bug in your own private fork would also exclude you from the network.
[1]: https://github.com/tw-hx/Signal-Android
[2]: https://forum.f-droid.org/t/we-can-include-signal-in-f-droid...
I'll bite.
Who's paying for my johnchristopher@whatever.tld and for the data (avatar pictures, transfered files, chat logs) associated with it ?
Will the Matrix foundation let me use their services forever and for free ?
Will there be discussion on HN in ten years about getting your own custom domain and own federated server ? For one account only ? Like we have for mail regularly ?
Maybe you started on AOL and later realized AOL is terrible. You could export your address book and move to a client/server you trust more and notify all your contacts from the new location.
This is the same story on Matrix and what I mean when I say it is a freedom respecting decentralized service.
You are also free to run your own DNS to a dedicated EMS instance then later point to your own self hosted server later much like the freedom you have using your own domain and MX records on Google Apps allowing you to later move to a new email provider without having to update your social graph to change your address.
On Signal, there is no such option. You use their clients and servers forever, or GTFO.
The whole point is in avoiding starting with an AOL like service. So far only big matrix provider are reliable and performant enough to be usable. This is @gmail.com all over again but with @matrix.org tld.
Except you won't be able to carry your messages from a tld to another when you decide to rely on another domain name (your own or someone else's).
How long before Matrix foundation send messages telling users they are going to delete their rooms and messages if they don't log in once a year ? Or that they are now restricted your account to matrix.org rooms to "save operating costs" ?
The whole tech stack is free but operating costs are not.
You mean like SMS?
A better example would be HTTP/HTML/JS. Sure it is not perfect and protocol updates are hard and slow due to endless implementations but we got a working decentralized internet out of the deal that is very hard for any single party to take over now, so I call that worth it over a single party enforcing proprietary protocols like AOL having a total monopoly.
I lost about half of my contacts when migrating to Signal, do you really think I can make them install some random app that may or may not work?
They already complain that Signal isn't as polished as Whatsapp.
I lost many of my contacts moving to Matrix but earned a lot of new high value ones that share my worldview to continue building a decentralized censorship resistant internet.
This is kind of an unreasonable, one sided, stance. You exact everyone to simply follow you and your preferences with no regard for their preferences. Maybe you not respecting them and their worldview makes you the bad friend, not the other way around.
> I lost many of my contacts moving to Matrix but earned a lot of new high value ones that share my worldview
I don’t know if isolating yourself from anyone that doesn’t’ think and act the exact same way is a good thing.
Not worth the trouble for me and I don't even want to have accounts in these platforms or let them collect my conversations, but the path at least exists.
Yeah right. I am not RMS, with lock-downs, curfews, social distancing etc I'm already isolated enough so I'm not losing my remaining contacts for some moral high-ground.
Ideally we'd have a polished, decentralized app. Signal is a compromise. I don't think the drawbacks are identical:
Facebook's business model depends on violatings the privacy of the users. The Signal Foundation has no such need.
The client is open source. I see no reason to call Signal "privacy hostile".
* You can't use signal on minority market share platforms even if they offer higher assurances of freedom, privacy, and security (RISC-V, OpenPOWER, etc.)
* Getting a phone number requires KYC in over 200 countries and carriers will happily sell you out as extensively documented and demonstrated by journalists buying owner info and GPS coordinates for any given phone numbers. Any service that hard requires a phone number is not prioritizing privacy.
* All metadata and TCP/IP metadata flows to a SPOF where signal employees, the ISP, or another entity inline could use network heuristics to deanonymize users, of dump the weak keys in SGX and get actual contact lists directly.
* If you want to use a privacy respecting signature verifying app store solution like F-Droid you are SOL. Moxie threatened to fight F-Droid or any other parties compiling/signing binaries from source code or doing forks or alternative implementations. He wishes to have complete control and the ability to rapidly push updates to all users quickly, be they benign or malicious. If someone coerces the signing key out of them, all signal conversations globally could be decrypted likely before anyone noticed.
I call all of this behaviour very privacy hostile. Published source code is moot if you are not allowed to use it or empower third parties like f-droid to hold it accountable.
Signal works on platforms such as GrapheneOS without the Google ecosystem.
You're right regarding the phone number. I consider it a necessary compromise. Look at the spam problem that email has.
