I am a firm believer that there are many privacy techniques you should focus on before encrypted messaging because they will offer you much more “bang for your buck,” things like good passwords, two-factor authentication, and even encrypted email. That said, I still believe that encrypted messaging is a critical part of a well-rounded privacy and security strategy. While the vast majority of our day-to-day conversations may be benign, it can still offer a lot of insight into who we are as people – our routines, likes, and personal thoughts. This information – mundane or not – is worth protecting.
SimpleX is currently my favourite. Yeah, there are some small concerns, but where aren't they? I hope SimpleX can grow more popular and I'm also waiting for a full-featured desktop client, so it'll be easier to convince people to switch.
The missing unifiedpush feature. I don't need another battery burning messenger.
I hate that simplex is like this.
*removed externally hosted image*
That is my one and only issue with Simplex. It drinks battery lika a Puerto Rican drinks rum on weekends.
There is a full-featured desktop client now! What I am waiting for are third-party lighter clients, because the official one is obscenely heavy.
A desktop client that syncs with the mobile client is a must before I can make that switch
I just have a profile on each that are always both in the same groups. IDK about private messaging though.
I like Signal, but I really miss multi device support. Same issue with Threema.
Yeah that's a bummer. Signal has multi device support but only for desktop and iPad (yeah, not Android tablets), but you always need to have a master phone device.
It's been an issue for so long, but this is Signal, they do whatever the f they want.
Why do people like Matrix? It's really slow. Even most of the non-Electron clients consume a ton of resources (even more than Electron apps usually do).
Especially Gomuks, by far the worst offender. It consumes nearly a gigabyte of memory and it's a TUI.
I think it more comes down to it not being Discord than people liking it.
Well, it's not privacy-focused.. but I do like Revolt for this purpose. It's performant, looks very similar to Discord, and I think they're adding E2EE eventually.
encrypted email
Besides being a form of messaging (so the text somewhat contradicts itself), typical email is a deeply insecure protocol.
In my opinion, it's probably impossible to secure without making a new protocol or making such drastic changes that it might as well be considered one.Here are some key concerns regarding the usual PGP-powered encrypted email:
- Email, at a simple level, works much akin to physical email — there's an "envelope" containing important info regarding the communicating parties, which can't be encrypted, otherwise the mailing servers wouldn't know where to forward the messages. This essentially leaks a lot of metadata that can be almost as valuable as the message body itself.
- There's no forward secrecy — one of the best cryptography features that has become pretty much a commodity in modern systems is forward secrecy, which prevents attackers from decrypting older messages after gaining access to one of the keys.
- While not an issue with the protocol itself, it's the sad reality and we need to consider — most people use GMail, Outlook and the like, which ultimately need to read your emails in plaintext, for better or worse reasons (search is incredibly useful, but some big players don't stop there of course :p).
- Another thing is the fact that it's incredibly easy to have an imbalance of encryption, i.e. someone is encrypting their messages, but others aren't. With the very popular email culture of quoting (be it top or bottom posting), an unencrypted party in the the conversation can leak important information.
- PGP is... peculiar, so to speak. I has a lot of issues, mostly stemming from its age (which could also be a source of robustness and security, due to being very battle-tested, but I don't think that's quite the case with PGP/GPG), tries to do too much and typically has a clunky UI, which impedes wider and proper adoption by less technically people.
This isn't to say people should definitely stop using and promoting encrypted email, since it can be useful.
It's just it gives, more often than not, a false sense of security and can lead less proficient users to send sensitive data through this medium which isn't nearly secure enough for such use cases. Preferably, people with such threat models should opt for better alternatives, most suggested in that article (such as, but definitely not limited to, Signal, SimpleX, Matrix+Olm, XMPP+OTR/OMEMO, sharing files via MagicWormhole, encrypting with tools like age).On a slightly tangential note, I think someone should make a Matrix client with an email client interface. I started working on a new traditional chat client (completely nonfunctional still, very much in-dev), but I've been honestly thinking more and more about making one looking like an e-mail client, where there isn't much focus on instant room-based chats, but rather on longer-lived 1-to-1 and list-like exchange of messages.
Sad that Wire wasn't mentioned. I think its the only one that encrypts everything, allows anonymous accounts (no phone number needed!), and has independent clients on all platforms (no mobile app install required, but they have one) that seamlessly syncs messages on all clients
Oh, and its free and open-source.
Yeah, its getting pretty crusty. I think they laid off like 80% of their staff and made a hard fork of the app and never put the new version in f-droid.
They really need to fix that..
Check out Session, built on Lokinet, no signups
Getsession.org
It has all the features I mentioned?
Is there a desktop client that doesn't require you to signup with a mobile app?
Edit: just tried to download it, but I couldn't find any release signature file. Thats not a good sign.
Yes, but I think the only clients are from Session themselves currently. All platforms, all independent and can have multiple accounts. Everything encrypted by default (and no way to send clear text)
Yeah their signatures and shasums are hosted on github. They're a small team, which is probably why they rely on it
Here's their android one at least https://github.com/oxen-io/session-android/releases
I loved it but had to let go because too many times messages didn't deliver using different devices, different networks, different recipients. This is over years of trying. I really wanted it to work but sadly that was a big reason to stop trying.
Huh, been using it for years and never had that issue. I do have some people complain about notifications, but not lack of delivery
We've been on simplex for a few months, I like it quite a bit. We made diff accounts for each device and added them all to a group.
Notifications arrive reliably on graphene (no google services), and KDE connect.
I don't love the desktop client and wish I could change text size and scaling. I was able to message the dev about it in simplex and got replies which was cool
What about Briar? I know its android only but it looks promising for what it can do.
