Difference between revisions of "Secure messengers"

Template:Short description

A secure messenger is a means of communication, which maintains the privacy and security of the communicated information.

There's a million "private" or "secure" messengers out there. They can vary in imporant ways including features, encryption protocol, information storage, privacy policy, over all trustfullness.

The closest app to security, privacy and usability/simplicity is Signal. The closest protocol to privacy, security and freedom (federation) is Matrix (with Element being the reference implementation and most-developed client). XMPP+OMEMO is another messenger which should be considered, but lacks in terms of usability or completeness of implementation. Session - a Signal fork - seems to be a very new messenger, which might meet all the requirements of security, privacy, usability/simplicity - but not freedom (of federation).

Briar is very secure and anonymous, but lacks a lot in completeness (no usable desktop client).

Please do some reading and add to this page. As of now, it seems there is no single perfect messenger in terms of security, privacy, completeness, freedom (of self-hosting) and usability/simplicity, but it seems that the said messengers are close.

Signal

Summary

It's pretty much free and open-source WhatsApp, even your tech-illiterate grand-/parents should have no problems using it (assuming they can use WhatsApp). It's reliable and very secure. So secure that the US senate recommends it for sensitive communications. Signal is endorsed by and associated with the EFF. With an endownment of like 80 million dollars, institutional support, and a large user base. One can be confident that Signal is here to stay.

Protocol

Signal uses the Signal protocol, which is extremely secure (one of the best available as of now), but not anonymous. For group chat rooms a combination of a pairwise double ratchet and multicast encryption is used. Signals servers DO NOT store your contacts unlike WhatsApp. Signal has also proved (with the transparency of the source code audits) that the only metadata that is stored on their servers is the last time each user connected to the server, and the precision of this information is reduced to the day, rather than the hour, minute, and second. Contrary to popular belief, the Signal servers do not know the sender and receiver of every message, since the data revealing this information is encrypted and can only be decrypted by a private key of the receiver - since the "sealed sender" update in October 2018. See how Signal handled to case of 2016.

GSF Dependency Controversy

Signal - if downloaded from Google Play Store - has dependencies on proprietary Google libraries (to provide push-notifications). As a result, the FSF is considering removing their endorsement. Furthermore, Signal is not available on F-Droid because of this reason; though the .apk file may be downloaded directly from their website, but the website warns that downloading .apks from the browser is a security risk with "Danger Zone". The .apk from the website is free of proprietary Google dependencies.

Privacy issues

Signal requires a phone number to sign up. Mobile clients only work on a single device at a given time. You cannot setup the Signal-desktop client without a smartphone, however once you've scanned the QR-code from the Desktop client, you can uninstall the Signal mobile app and never touch the smartphone again - the Desktop client will work independently.

Others complain that Signal does not allow for federation of their servers. You can't set up your own server, if you did, it wouldn't be able to work with Signal's main server (or the Signal client app). The necessity is arguable, since the encryption and several audits have proven Signals security.

Features

What it's got

- End-to-end encryption (but no enforcement of verification)
- Voice and Video calls, (mobile clients only)
- Group chats
- Cross-platform
- Simplicity (for your ancestors)
- Community-funded

What it's missing

- Federation of servers 
- Or Serverless communication
- Voice and Video calls on desktop clients
- Complete independence from telephone numbers
- Chat-backups on iOS (Who actually cares, but meh, it's missing)

Matrix

Protocol

Matrix is a completely free and open source protocol for decentralised and encrypted communication. It provides HTTP APIs and a lightweight implementation (Synapse) for securely distributing and persisting messages in JSON format over an open federation of servers. It can integrate with standard web services via WebRTC, facilitating browser-to-browser applications. Encryption is done using Matrix Megolm cryptographic ratchet.

This means - in case you have your own server and a domain - you can host your own instance of Synapse and use any Matrix client to talk to other Matrix users. Perhaps you don't just want to talk to users of your own server, say you want to talk to users of the public matrix.org server too (because this server has the most users) - that's exactly what federation means.

If you are just an average user without much knowledge about server administration, just use the public matrix.org server or use a server from the list of public servers or fall for their shilled service. They actually want you to selfhost your own instance, instead of relying on a central authority.

Client: Element

Since pretty much all clients use the matrix reference implementation, Synapse, to communication to the server, it's noteworthy to say that as of November 2020, only the Element client uses end-to-end encryption enabled by default. Meaning that this section will focus on the Element client only. You can use any client you'd like to, but not all have end-to-end encryption support.

The element client fully featured with pretty much everything, thus it's also extremely bloated. Also yeah, it's an Electron app (like Discuck), which sucks ass, because you're essentially installing a browser when using an Electron app - you can, however, always just open app.element.io in your browser and use it from there. On the other hand, the chromium sandbox is not bad at all and might even improve your security overall.

Features

What it's got

- End-to-end encryption with cross-signed device verification by default
- Support for nice extra chat features (like Jitsi, Etherpad, bots, etc.)
- Voice and Video calls (all platforms, with and without the Jitsi app)
- Group chats
- Key-based chat-backups
- Cross-platform
- Decentralised and federated protocol
- Lot's of settings, very customizable
- Very active community

Reasons to not use Element

- Electron-based (a fucking browser) 
- Extremely bloated (but it will get better, eventually)
- Shitty interface, not user-friendly enough (that's more of a problem for tech-illiterate people)
- Main public server (matrix.org) is painfully slow sometimes
- Not really serverless, but nonetheless secure

A list of other available Matrix clients is on their homepage. Please add subsubsections if you have experience with other clients.

Session

Session is a fork of Signal, which does not require a telephone number, reduces the sent metadata even more than Signal and uses the Lokinet - a network similiar to the Tor network, but not as obscurely anonymous - to hide all sent (meta-)data. This messenger needs more attention and source code audits - it's seems promising, but is very much in early state of development.

Features

What it's got

- End-to-end encryption
- Voice and Video calls, (mobile clients only)
- Group chats
- Onion routing through Lokinet 
- Cross-platform
- Simplicity
- Signal fork
- NO Phone number requirement
- Completely independent desktop client

What it's missing

- Same things like Signal, except phone number
- Attention and audits

Jami

Jami is a high-prioriety project of the FSF and is a part of the GNU project. It's developed in Montreal, Quebec, Canada by Savoir-Fair Linux. Jami is included in the FSF repository and is available on Fdroid. Jami is a has solid institutional support, doesn't even request donation, but has a small user base.

Protocol

Jami's communications are serverless, and therefore peer-to-peer. This provides additional security (or peace of mind) that your communications are not being stored beyond your control. However, being entirely peer-to-peer requires Jami to continuously run in the background, looking to receive messages from your contacts. Trying to lock down Jami, minimize its background behaviour, or revoke it's priviledges will pretty reliably result in missed messages. If a message is missed, it's pretty much gone forever. There's the rare message that arrives late, but it's unlikely and doesn't happen on a useful timeline.

Jami's protocol doesn't `seem` to be as secure as Signal's. Jami uses SIP for communication and TLS1.3 for encryption. This is not nearly as secure as Signal, Matrix Megolm or XMPP+OMEMO.

Troubleshooting/Tips on making Jami more reliable

- Allow Jami to run in the background
- Have Jami start up with device boot
- Allow Jami unlimited network access
- If you've downloaded your version from FDroid, uninstall and reinstall from Google Play store
- (Maybe?) Turn off VPN. Doesn't seem to play nice with Jami's need to keep track of static IPs..(idk)

Features

What it's got

- End-to-end Encryption
- Serveless and Peer-to-Peer
- Group Voice and Video calls
- FULL clients for all platforms.

What it's missing

- Group chats (HOW??)
- 100% reliability (without configuration)

Briar

Briar is at the top of all messengers when it comes to only security and privacy (in Briars case, anonymity). But definitely not for usability and completeness (see "What's missing?"). Briar is not mode for every use-case.

The Briar app creates a Tor hidden service in the client device, which essentially makes the client device into a server at the same time. This makes all connections to peers anonymous and peer-to-peer (serverless, no central authority). All connections which the Briar app is required to make over the internet is done over the Tor network.

The second layer of security is end-to-end encryption. Though sending information over the Tor networking is already encrypted, the layer of addition end-to-end encryption makes it impossible for compromised relays to read the message. The Tor network also protects users from government authorities. The possibility of a MITM attack is also not there, since adding another user in to your Briar contacts list requires you to verify your peers key by meeting them in real life and scanning the QR code from their phone screen. This is some pretty enforced verification.

When a client does not have internet connection available, Briar can make use of Wifi and Bluetooth to send messages (think of a case where a third world shithole shutdowns the internet in case of a civil war). The messages are still end-to-encrypted.

All messages are stored in a locally encrypted database in your client device. This also means that the moment you uninstall the app, your database including your private keys are gone and since you are your own server, there is no way to recover your messages from your device (your "account" is gone).

Unfortunately, there is currently only an Android application and an ugly desktop client available.

Features

What it's got

- End-to-end Encryption with enforced verification
- Tor-only network routing
- Anonymous messaging using hidden services (Serverless, peer-to-peer)
- Offline modes (with Bluetooth and Wifi)
- You can create your own /blog/ for some reason KEK
- Notification handling using background services

What it's missing

- A cross-platform Desktop-Client (that's not fucking GTK)
- An iOS app (yes, I mean it)
- Possibility to send files (images, videos, etc.)
- Maybe even audio, video chat (VERY unlikely, because Tor is slow)
- An easier way to verify peer - by not meeting them in person for example, maybe sending them a link?

Others

XMPP et al.

Well established end-to-end encrypted messaging software. The encryption of XMPP (OMEMMO) is likely better in terms of metadata encryption, than the Megolm encryption Matrix uses. You can setup your own server, but the VAST majority of people don't, can't figure it out, or fuck it up. Some extensions allow for Peer-to-peer, likely with the same problems.

Telegram

Telegram is a popular messaging app, especially in Russia and eastern Europe. They have an open-source client-side app, available on Fdroid. Their server-side software is not free. Also they have the ridiculous practice of keeping decryption keys directly next to the encrypted media. Telegram is basically an encrypted middle finger from the UK to Russia. Telegram has no encryption enabled by default.

Riochet

Broadcasts a Tor hidden service, on which individuals will "meet" and exchange messages. Seems like over kill. Tor is bloat.

Jitsi

Not a messenger. Provides end-to-end encrypted voice and video calls over WebRTC (browser to browser). Is also peer-to-peer for two party calls. You can also host your own Jitsi service. It's a MUCH more appropriate service than Zoom and so deserves an honourable mention.

IRC

I'm a dumb millienial who doesn't understand IRC. You can run your own server. Pidgin has plugins for voice and video calls. There's plugins to make the service end-to-end encrypted. Appearently.

Delta Chat

Cute little app idea. It's a messaging wrapper around an email client. Email servers are used to host the end-to-end encrypted messages.

Tox

Tox is a serverless end-to-end encrypted protocol, and has been fostered by the /g/ community. Tox has several clients, none of which work all that well. The most popular likely being qtox and it's less bloated sister utox (desktop only). There's an old Android app on Fdroid called AnTox, which does not work. There's more recent development on an Android app called TriFa.. but it doesn't work either.

There's been some drama among the tox organization, appearently due to the misuse of donation funds. The tox foundation is no longer associated with tox developers..

Tox does seem like the best overall protocol, having a more rigourous and secure protocol (like Signal) while being serverless (like Jami). Furthermore, being a protocol rather than an app, Tox clients have the benefit of interoperability. However, the clients are not developed yet. There's some interesting project that have been done with Tox. Developments recently (2013/2015) have been clever if not a bit hacky. imho.

WhatsApp

Proprietary botnet. Facebook's AI lives on the app, behind the end-to-end encryption wall. It scans your conversations, converts it into marketing information and sends it to Facebook. This paired with the conversation metadata collected make WhatsApp a profitable endevour for Facebook.