hello friends! new(ish)!

Secure messengers

From InstallGentoo Wiki v2
Revision as of 02:38, 25 July 2020 by >Et (Secuuure messsangers)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Template:Short description

A secure messenger is a means of communication, which maintains the privacy and security of the communicated information.

There's a million "private" or "secure" messengers out there. They can vary in imporant ways including features, encryption protocol, information storage, privacy policy, over all trustfullness.

Please do some reading and add to this page. I'm still looking for the perfect secure messenger.

Signal

Summary

It's pretty much free/open-source WhatsApp. Reliable and very secure. So secure that the US senate recommends it for sensitive communications. Signal is endorsed by and associated with the EFF. With an endownment of like 80 million dollars, institutional support, and a large user base. One can be confident that Signal is here to stay.

But some people have problems with Signal.

Open Source

Signal has dependancies on proprietary Google libraries. As a results, the FSF is considering removing their endorsement. Furthermore, Signal is not available on Fdroid because of this reason; though the .apk file may be downloaded directly from their website.

Signal requires a phone number to sign up. Mobile clients only work on a single device at a given time.

Others (idk some forum shits) complain that signal does not allow for federation of their servers. I don't know if you can set up your own server, if you did it wouldn't be able to work with Signal's main server.. also it's possible they ban your phone number.

Features

What it's got

- End-to-end encryption
- Voice and Video calls, (mobile clients only)
- Group chats

What it's missing

- Federation of servers, 
- or serverless communication
- Voice and Video calls on desktop clients

Jami

Jami is a high-prioriety project of the FSF and is a part of the GNU project. It's developed in Montreal, Quebec, Canada by Savoir-Fair Linux. Jami is included in the FSF repository and is available on Fdroid. Jami is a has solid institutional support, doesn't even requrest donation, but has a small user base.

Protocol

Jami's communications are serverless, and therefore are all peer-to-peer. This provides additional security (or peace of mind) that your communications are not being stored beyond your control. However, being entirely peer-to-peer requires Jami to continuously run in the background, looking to receive messages from your contacts. Trying to lock down Jami, minimize its background behaviour, or revoke it's priviledges will pretty reliably result in missed messages. If a message is missed, it's pretty much gone forever. There's the rare message that arrives late, but it's unlikely and doesn't happen on a useful timeline.

Jami's protocol doesn't `seem` to be as secure as Signal's. Jami uses SIP for communication and TLS1.3 for encryption. Not exactly industrial strength encryption.

Troubleshooting/Tips on making Jami more reliable:

- Allow Jami to run in the background
- Have Jami start up with device boot
- Allow Jami unlimited network access
- If you've downloaded your version from FDroid, uninstall and reinstall from Google Play store
- (Maybe?) Turn off VPN. Doesn't seem to play nice with Jami's need to keep track of static IPs..(idk)

Features

What it's got

- End-to-end Encryption
- Serveless and Peer-to-Peer
- Group Voice and Video calls
- FULL clients for all platforms.

What it's missing

- Group chats (HOW??)
- 100% reliability (without configuration)

Others

XMPP et al.

Well established end-to-end encryption messaging software. You can setup your own server, but the VAST majority of people don't, can't figure it out, or fuck it up. Some extensions allow for Peer-to-peer, likely with the same problems.

Telegram

Telegram is a popular messaging app, especially in Russia and eastern Europe. They have an open-source client-side app, available on Fdroid. Their server-side software is not free. Also they have the ridiculous practice of keeping decryption keys directly next to the encrypted media. Telegram is basically an encrypted middle finger from the UK to Russia.

Briar

Serverless, checks most boxes. But no voice or video calls.

Riochet

Broadcasts a Tor hidden service, on which individuals will "meet" and exchange messages. Seems like over kill. Tor is bloat.

Jitsi

Not a messenger. Provides end-to-end encrypted voice and video calls over WebRTC (browser to browser). Is also peer-to-peer for two party calls. You can also host your own Jitsi service. It's a MUCH more appropriate service than Zoom and so deserves an honourable mention.

IRC

I'm a dumb millienial who doesn't understand IRC. You can run your own server. Pidgin has plugins for voice and video calls. There's plugins to make the service end-to-end encrypted. Appearently.

Delta Chat

Cute little app idea. It's a messaging wrapper around an email client. Email servers are used to host the end-to-end encrypted messages.

Tox

Tox is a serverless end-to-end encrypted protocol, and has been fostered by the /g/ community. Tox has several clients, none of which work all that well. The most popular likely being qtox and it's less bloated sister utox (desktop only). There's an old Android app on Fdroid called AnTox, which does not work. There's more recent development on an Android app called TriFa.. but it doesn't work either.

There's been some drama among the tox organization, appearently due to the misuse of donation funds. The tox foundation is no longer associated with tox developers..

Tox does seem like the best overall protocol, having a more rigourous and secure protocol (like Signal) while being serverless (like Jami). Furthermore, being a protocol rather than an app, Tox clients have the benefit of interoperability. However, the clients are not developed yet. There's some interesting project that have been done with Tox. Developments recently (2013/2015) have been clever if not a bit hacky. imho.

WhatsApp

Proprietary botnet. Facebook's AI lives on the app, behind the end-to-end encryption wall. It scans your conversations, converts it into marketing information and sends it to Facebook. This paired with the conversation metadata collected make WhatsApp a profitable endevour for Facebook.