It seems like I constantly see “X secure messaging option is actually bullshit because it was purchased by Dr. Evil and Y is actually just e-mailing your messages directly to Xi Jinping.”
Is there an authoritatively “best” one I can just…download and setup easily? Is Signal good? Or do I need to solder a Raspberry Pi to the flux modulator of my home Linux NAS GUI, etc…?
Signal is actually good. More people should be using it.
There is no best, each has their merits and drawbacks.
If you were to pick a messaging app I would go with Singal because they give good transparency to users, while giving frustrations to governments wanting data.
Also Elin Musk has blocked signal links on Twitter.
Only downsides of Signal are 1. It’s centralized 2. You have to sign up with a phone number.
It’s secure, cross platform, and easy to set up and use.
Probably most importantly, it’s a similar experience to using other popular texting apps and the set-up experience is familiar to anyone singing into any big-brand-name app, making it a relatively easy sell to non-techies.
Signal is known as the gold standard right now but there are new ones popping up all the time. SimpleX chat is good too (despite the “Nazi-haven” smears).
You say it’s a “smear” but is it based in truth?
I’m certain that any worthwhile encrypted communication will be used by evil people to do evil.
That doesn’t really answer the question lol
it’s a nazi haven in the same way a public library computer is a nazi haven if nazis come in and use it. the library doesn’t check your ideology when you log on, and neither does simplex.
I suppose I was commenting on the question, not trying to answer it. I’m out of the loop, so I can’t answer it. Checked some articles and it looks like a bunch of neo-nazis switched to it.
They are also using Google, Windows, Apple, etc. so I’m not sure the question actually pertains, but I guess that’s not my concern.
Don’t need the whole SimpleX to find Nazis everywhere. X is plenty enough.
Nazi’s are going to go wherever they can be safe from tracking and doxxing. So obviously they’d be there.
If you think just because they are there, it is a bad platform, you may also be the same type of person that would allow law enforcement to look at your most private messages because “if you’re not breaking the law, you shouldn’t have anything to hide!”
I didn’t say or think any of that. I was asking.
you may also be the same type of person …
Signal works the best for me, and I think its the best option out there for common people who wants the best privacy
Signal.
Wired had an interview with Signal’s President last year that I found enlightening and provided an entry point for me to self educate further. Here’s an archive.org snapshot of it: https://web.archive.org/web/20240828100224/https://www.wired.com/story/meredith-whittaker-signal/
For the click-averse here’s an excerpt I find compelling:
Going back to your sense of Signal’s new phase: What is going to be different at this point in its life? Are you focused on truly bringing it to a billion people, the way that most Silicon Valley firms are?
I mean, I … Yes. But not for the same reasons. For almost opposite reasons.
Yeah. I don’t think anyone else at Signal has ever tried, at least so vocally, to emphasize this definition of Signal as the opposite of everything else in the tech industry, the only major communications platform that is not a for-profit business.
Yeah, I mean, we don’t have a party line at Signal. But I think we should be proud of who we are and let people know that there are clear differences that matter to them. It’s not for nothing that WhatsApp is spending millions of dollars on billboards calling itself private, with the load-bearing privacy infrastructure having been created by the Signal protocol that WhatsApp uses.
Now, we’re happy that WhatsApp integrated that, but let’s be real. It’s not by accident that WhatsApp and Apple are spending billions of dollars defining themselves as private. Because privacy is incredibly valuable. And who’s the gold standard for privacy? It’s Signal.
I think people need to reframe their understanding of the tech industry, understanding how surveillance is so critical to its business model. And then understand how Signal stands apart, and recognize that we need to expand the space for that model to grow. Because having 70 percent of the global market for cloud in the hands of three companies globally is simply not safe. It’s Microsoft and CrowdStrike taking down half of the critical infrastructure in the world, because CrowdStrike cut corners on QA for a fucking kernel update. Are you kidding me? That’s totally insane, if you think about it, in terms of actually stewarding these infrastructures.
Signal has good encryption etc, is centralized, afaik needs Google Play Services except if you use Molly; but I think it’s a bit more mainstream and simple to use for end-users
SimpleX also seems to have good encryption, post-quantum etc, and is anonymous and doesn’t even use user identifiers (they explain why that’s good on their website), so it could be good for occasional more sensitive conversations or sth (but I see people struggling with onboarding when installing it, and I still get confused by the UX sometimes). It’s kind of not even decentralized, more like peer-to-peer, with servers to just cache messages when you’re offline, I think.
Personally for day-to-day I prefer to use Matrix with Element: decentralized (which I really value for competition and user choice), e2e, and has good support for creating communities etc, so I’m lucky to have it as our main chat platform for work, and I’ve been using it for years in our hackerspace and personal chats etc. I see end-users still struggling sometimes with onboarding, but if they’re close friends/family I usually need to set it up for them anyway
Signal runs just fine without play services for me. It does drain quite a bit of battery without cloud messaging, but that is to be excepted since it needs to keep its own connection up in that case
Doesn’t most of Element route through Matrix.org?
My understanding is that Briar is ethically the best, but no one uses it. Signal is the best if you actually want to use it to communicate. Telegram is where the pirates and drugs are.
Here’s the long version: when a dev is making a messaging app, they eventually have to make a choice: do I integrate SMS/MMS? If they want to make this app a daily driver messaging platform to help you ungoogle your android phone, they have to integrate SMS/MMS, which has security vulnerabilities and limits how secure they can make their app. More importantly, people do not tolerate ads on their messaging app, so they flat-out cannot monetize it without losing their entire userbase. If they don’t integrate SMS/MMS, they are creating a closed ecosystem, and a closed ecosystem can be profitable. If leadership changes, the new leaders might decide to turn their users into either cutomers or products.
Telegram is not a secure messaging app.
Is that the one Amazon purchased?
No, Telegram is a Russia controlled service not using encryption at all unless you specifically turn it on - and never for groups.
Being Russia controlled they put out a lot of disinfo and so way too many people and news outlets still include it in the “secure messaging” category.
My understanding is that Briar is ethically the best
I’m out of the loop, what does this mean?
Meaning they haven’t had any big scandals and seem like a good company
I thought Russia owned it
Ethic pertains to the morality of ones action. Think of murder, as a generally agreed unmoral act, or sharing freely as a generally moral act.
Think of it as the market growing or falling, but in a context where this does not really benefit you personally.
I know it sounds really convoluted but believe or not, that’s what humanity used to run on.
(Also Briar can make a completely decentralyzed network relying on connecting phoner directly and boucing the messadge around, It’s almost a must have if you are, like, trying to organyze when the government shut down the internet and stuff.)
I think that the person you’re responding to is asking for the specifics of why Briar is ethically superior. Do the other options have ethical issues? Or does Briar have a specific characteristic that makes it ethically superior (e.g. its p2p nature)?
I’d also like to know. It’s never occurred to me to look at the technical nature of secure messaging systems through the lens ethics so I find the idea intriguing.
I know it was a great attempt at humour on my part.
From an ethical standoint any earnst attempt at upholding privacy is equally valid. Past the technical necessity, you should probably look at those tools from any ulterior motives standpoint, or path toward a potential future monetization.
On this front, Telegram is clearly shit, Signal is centralized and nothing prevent it from turning “evil” and starting to charge money.
Ideally you’d need complete open sourceness to start getting your feet into ethics, possibly also some political statement beyond some bland “free speech” stance.
Ahh, gotcha. Apologies, I haven’t had enough caffeine yet, so it went completely over my head.
That makes sense to me. I also prefer Briar on that basis, although I currently don’t use it at all. I’ve had a hard enough time getting folks to switch to Signal, so I don’t want to try to push them to move once again. If Signal starts enshittifying then I’ll probably start the Sisyphean push to switch again.
edit: ugh it’s Sisyphean not Sisyphusian
I’m 100% pushing nothing but Signal. It’s the easiest one that brings with it a genuine mental switch. I like to assume that after such a transition it will be easier to look at anything else down the line, say if Meta buys it or some other dystopian shit.
Briar seems like meshtastic but with no additional hardware at the expense of significantly less range when offline.
Signal
Matrix
Those are your two choices. Signal is centralized, Matrix is federated.
Signal is the best balance between secure and convenience. There are more private options out there (i.e. don’t require a phone number), but they are harder to adapt especially if you want to get non-techy family and friends to switch over.
For everyone suggesting signal, have a read here and then decide for yourself.
https://github.com/signalapp/Signal-Android/issues/8974
ETA: when I say “decide for yourself” I mean exactly that. I don’t think all the stuff written in there is true, but some is. You should make a decision based on what you think about those comments, not trust them blindly. But at least you can make an informed decision.
They might have valid concerns, but when the writeup includes stuff like
the developer of Signal wants us all to beLIEve
it’s hard not to imagine the whole thing hand-painted on the side of a van.
I agree, that’s why I specified “make your own decision”. It’s better to have an informed opinion than just trust it.
Claims require evidence in proportion to their extremity. There is no evidence of a backdoor in that issue. If a security researcher made a post saying “Signal is CIA backdoored, here is exactly how it works,” then I would read it and use my relevant domain knowledge as a software dev to make a decision. No explanation is provided, so I have nothing to use to decide. Therefore, my viewpoint is unchanged.
Signal has been audited, and I believe it’s been audited multiple times. If you’re worried about your 4th amendment rights in the US, don’t turn on backups. If you have something serious to hide and your threat model includes state actors, send messages that delete themselves after a certain time period and enforce that discipline amongst your peers. The poster’s concerns sound like a skill issue to me.
Its best not to use a phone at all if you can help it.
The keyboard app on most phones that are default still gives info to apple/google. So even if you use signal, the data goes over.
You can side-load apps that take phone keyboards over (even better if you don’t use base android OS at all). But I dont know your situation.
I know your joking but the most secure that is still usable is probably an encrypted home server and using something like irc/XMPP. A pi with yunohost can do wonders. You can use the converse app on the phone to hook into that. It’s auto encrypted if you go that route.
Security is a spectrum so you have to chose how much inconvenience is best for your situation.
The question says “for my phone”.
Also by your logic why use a PC, just don’t use the internet at all.
All of my suggestions are for the phone? I don’t understand the confusion.
I use signal but if I could convince everyone I knew to use a messenger for security it would be Threema. No chance of that happening it’s hard enough convincing people to use signal.
If self-hosting and “Warning, some assembly required” isnt an issue, Matrix - Synapse. I spooled that up in my home lab recently and im slowly moving my group chats over to it.
Signal or XMPP
