I have looked at several solutions, however, there doesn't seem to be a clear leader amongst them. There has been talk about Telegram's crypto protocol being broken, while TextSecure seems to only be available for Android. Desktop client is a must for me.
A few solutions fulfill all requirements (e.g. Telegrams code hasn't been publically reviewed while TextSecure was).
One problem is though, that many open source solutions aren't available for iOS due to issues between Apple's ToS and the GPL.
* CryptoCat got a perfect rating, despite it's long history of insecurity, attack vectors, and questionable audits.
* Skype got rated more favorably then is likely the truth. It has since been corrected though.
* PGP got buried as a recommendation.
* A good number of tools were missing on initial release.
The big issue with the scorecard is the lack of rigid definitions, such as code audits. Developers will audit and review each other's code all the time. But most won't qualify that as a "security audit". So, does a security audit require a cryptographer to audit the code? A third party security agency? How in depth do audits go? Are there any standards or "best practices" to go by when auditing crypto code, or is it just a rubber stamp?
With that said, it does list (incompletely) a good set of tools that you can investigate, that you may not have heard of.
There will have to be a more thorough follow-up at some point.
https://core.telegram.org/techfaq#man-in-the-middle-attacks
After that, if both clients trust the server software,
Telegram has a $300K reward for anyone able to break it and demostrate it.
Privacy against whom?
Privacy against all parties not participating in an exchange. Also, I will not use an app that uploads my contacts. This suggests that contacts are added manually, probably using an email address as an identifier, with mutual authorisation.
What is your threat model?
Information disclosure, spoofing, tampering and non-repudiation. The threat tree might include elevation of privilege. Denial of service is also important, in that I want it to use decentralised servers - if one goes down (or is taken down) another server picks up the load. New servers should be easy to add by anyone.
Side note - servers are preferable to me, so that messages get through when one or more parties in an exchange are offline.
What platforms must be supported?
All the platforms my contacts use, so Windows, Windows RT, and Windows Phone; OSX and iOS; Android; Linux. A nice-to-have fall-back is a browser-based client.
What level of technical knowledge do your contacts have?
Enough to install the app, register and log in.
It has been included in Mac OS X's Adium client for many years, which probably means that it has the largest installed base of any end-to-end encrypted chat client, other than Skype. (Although I don't know if Adium automatically enables it, but at least it doesn't require another download and a clunky plugin enablement.)
Now, take this all with a grain of salt since this is all just HN celebrity-worship / appeal to authority, but I don't really know what else to go on, not being a security researcher myself...
That said, as far as I know TextSecure is Android only, as you say, but I believe I read that both a desktop and iOS version are under active development and nearing release.
Wasn't it recently partnered with WhatsApp? Does that mean if you use WhatsApp between two recent android clients it's encrypted? If so, WhatsApp might be an option for you.
But it doesn't seem like that's the case, though, since I've used TextSecure and there's some (necessary) complexity in the interface to generate and share a key, as well as notifications about whether your messages are loaded in memory unencrypted. I haven't noticed any of this with WhatsApp.
I'm waiting on TextSecure to gets it own desktop version (hopefully with video support as well), but I haven't seen any updates on that for half a year, so it's probably going to take at least another 6-12 months to be done.
Second, for an email-like replacement, you may want to look into Bitmessage. It's decentralized, trustless, and end-to-end encrypted. Unfortunately, it may be vulnerable to some attacks: https://bitmessage.org/forum/index.php?topic=1666.15
For a live chat-like replacement, you may want to look into Tox. It is also decentralized, trustless, and end-to-end encrypted. It is designed to be a Skype replacement. However, this thread regarding a security audit and the software it uses is slightly concerning: https://github.com/irungentoo/toxcore/issues/121
Both Bitmessage and Tox are wet behind the ears, so-to-speak. PyBitmessage, the main client, is written in Python. As such, the proof of work needed to calculate for each message is not optimized. Attackers have written clients in C to take advantage of Python's weakness to flood the network. Until the main client is also written in C, and the PoW algorithm is designed to take advantage of it, I'm sure there will be other network flooding problems on the Bitmessage network.
uTox and Venom seem to be the most used Tox clients, but I have had trouble getting uTox and Venom to actually work with video. Further, when both parties are using uTox, in some situations, while my video and audio testing work fine, the other party cannot see me or cannot hear me. I use uTox for signing PGP keys, so I've used it a number of times, and it's probably 50% at this point when it Just Works.
Both Bitmessage and Tox, however, have not had a security audit of the code.
Also, OTR and PGP have proven to be reliable, stable, secure, and enjoy large communities. With PGP, you can end-to-end encrypt your email, and with OTR, you can end-to-end encrypt your live chat, although video and audio are not supported. It doesn't matter about your email or chat provider either, and software exists for Windows, Mac OS X, GNU/Linux, and BSD for both.
Freenode also offers TLS-supported IRC servers, including hidden servers on Tor. Although Tor has been getting some press lately of the FBI successfully taking down pedophiles and drug markets, these are all due to mistakes by the end users, and not insecurities with Tor itself. So, Freenode on Tor might be a good one-off solution, where you just need to chat quickly, without registering for accounts, and staying hidden. See https://freenode.net/irc_servers.shtml#tor
Finally, if you're not familiar with the EFF Secure Messaging Scorecard, you might want to take a look at it: https://www.eff.org/secure-messaging-scorecard. There are a lot of clients there, including the various security margins of each, so that might be of interest.
