this post was submitted on 04 Aug 2024

1 points (100.0% liked)

Privacy

31628 readers

268 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

The Best Encrypted Messengers in 2024 (blog.thenewoil.org)

submitted 2 months ago by BrikoX@lemmy.zip to c/privacy@lemmy.ml

19 comments fedilink hide all child comments

I am a firm believer that there are many privacy techniques you should focus on before encrypted messaging because they will offer you much more “bang for your buck,” things like good passwords, two-factor authentication, and even encrypted email. That said, I still believe that encrypted messaging is a critical part of a well-rounded privacy and security strategy. While the vast majority of our day-to-day conversations may be benign, it can still offer a lot of insight into who we are as people – our routines, likes, and personal thoughts. This information – mundane or not – is worth protecting.

top 19 comments

sorted by: hot top controversial new old

[–] DiabolicalBird@lemmy.ca 1 points 2 months ago (1 children)

Matrix doesn’t offer disappearing messages (which I consider important for digital minimalism and cybersecurity.

I noticed this in the article and figured I'd throw my 2 cents in. This might be a spicy take, but I actually can't stand apps that do this.

When I was in school I had someone harass me online with threats of violence (they spent a couple of hours insulting and threatening me) then lie to the staff that I was harassing them with even more extreme shit. The staff and other students all took their side until I logged in and showed the conversation. If the messages had disappeared I wouldn't have been able to prove my innocence.

I very firmly want encrypted communications for privacy (I use Signal and Matrix), but I am quite wary of purging communications automatically. That said, it's anyone's right to use services that auto delete and my right not to.

I'm curious what other people's take on this would be.

[–] electricprism@lemmy.ml 0 points 2 months ago (1 children)

Couldn't you have blocked them?

[–] Daxtron2@startrek.website 1 points 2 months ago

I fail to see how that would've helped in that situation, it had extended to real life.

[–] jeena@piefed.jeena.net 1 points 2 months ago (1 children)

What I like about Matrix so much is that it can be run fully on your own infrastructure, even the TURN server for VOIP, and you can build the clients from source yourself too.

But I agree that it's quite difficult to use. And until now only my dad and my spouse use it with me because they love me and trust me. But they both always have problems with their clients. It randomly logs out and then they have to login with the password and with the encryption key again. For a long time calling didn't work because I misconfigured the server. Then videos were for the longest time uploaded in full size and anything longer than a few seconds would be rejected. The whole spaces thing is implemented very weirdly so it confuses them. And then the threads are even worse so we can't use them because nobody gets how to do it.

[–] ryannathans@aussie.zone 0 points 2 months ago* (last edited 2 months ago) (1 children)

Signal ux is much better fyi, though I accept it's hard to roll your own. Trade offs are generally worth

[–] jeena@piefed.jeena.net 1 points 2 months ago

As far as I know you can't host your own signal server which connects to their servers.

I'm using Signal with the rest of the family and most friends.

[–] kitnaht@lemmy.world 0 points 2 months ago (2 children)

Another basic thing -- If your messenger is throwing your messages in a notification; it's being logged. Google was found to be logging almost all notification content. Make sure your message app isn't putting the content of messages into notifications.

[–] communism@lemmy.ml 0 points 2 months ago (1 children)

You can also just use a degoogled os which won't be logging your notification content. But in any case you shouldn't have notifications as notifications are exclusive with at-rest encryption (or I guess you could have at-rest encryption but just have the db constantly decrypted whenever your phone is on? Seems to defeat the point then)

[–] kitnaht@lemmy.world 0 points 2 months ago* (last edited 2 months ago) (1 children)

Which DeGoogled OS do you know of that uses their own notification backend?

https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/

[–] JustMarkov@lemmy.ml 0 points 2 months ago* (last edited 2 months ago)

Which DeGoogled OS do you know of that uses their own notification backend?

You don't need one. Just use any degoogled ROM with UnifindPush, as almost every secure messenger support it. If not, notifications can still show up via websocket.

[–] GustavoFring@lemmy.world 0 points 2 months ago (1 children)

If the app implements their own notification system and doesn't rely on GCM then Google isn't able to log them as far as I know.

[–] kitnaht@lemmy.world 0 points 2 months ago (1 children)

Sure -- but how many of them actually do?

[–] JustMarkov@lemmy.ml 0 points 2 months ago* (last edited 2 months ago) (1 children)

I can throw a few examples:

SimpleX
Threema Libre
Briar (afaik)
Conversations (XMPP client)
FluffyChat (matrix client), probably some others too
Telegram FOSS (Telegram fork), Mercurygram (Telegram FOSS fork)
Molly (Signal fork)
Session F-Droid (Session fork)

So, the answer is — almost every of them.

[–] BrikoX@lemmy.zip 0 points 2 months ago

Element X (Matrix client). Basically anything that offers F-Droid or open source release will have builds without built-in notifications. Play Store/App Store builds requires using native notification systems.

[–] poVoq@slrpnk.net 0 points 2 months ago (1 children)

XMPP, for example, does not enable end-to-end encryption by default

Why always these false myths? The most popular XMPP mobile clients do enable it by default.

[–] BrikoX@lemmy.zip 0 points 2 months ago (1 children)

It was a conscious decision for them not to enforce E2EE by default. https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/

XMPP clients have like 10 different implementations because of that and are not always consistent with each other or even function universally across platforms.

But I'm not an author. That would be @nateb@mastodon.thenewoil.org.

[–] poVoq@slrpnk.net 0 points 2 months ago

The article you linked is a highly misleading nothing burger. And enforcing e2ee at protocol level is a bad idea for many reasons.

[–] treasure@feddit.org 0 points 2 months ago (1 children)

TLDR: Avoid Telegram and WhatsApp. Recommended messengers are Session, Signal, SimpleX and Threema. Honorable mention: Briar.

[–] CaptainSpaceman@lemmy.world 1 points 2 months ago

Honorable mention to Matrix as well