this post was submitted on 18 Sep 2023
58 points (89.2% liked)

Privacy

32159 readers
342 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

So I'm in a somewhat unfortunate situation. My circle of friends doesn't want to switch to another messenger and we are currently stuck on the worst possible platform for security: Telegram.

The problem is that it is very hard to convince anyone to switch, if they are all perfectly fine and like Telegram. I mean I can get why they like it: The UX and UI of Telegram are amazing and there are well functioning clients available for any platform. It has more features and gimmicks than any other messenger I know BUT it lacks one mayor thing: E2EE. And that's mostly what I care about. The second problem is that I was the person who recommended the switch to Telegram right after WhatsApp was bought by Facebook. I know, that was a bad recommendation, but back then I didn't know shit about privacy or why E2EE mattered. I was just like "Hey, it's not by Facebook, so it must be better". And now everyone I know is there and won't leave.

If - in the hypothetical situation of me setting an ultimatum and deleting my Telegram after that - I wanted to make them switch somewhere else: What messenger would that be? Currently I'm mostly thinking Signal. I know it's not perfect either, it is centralized, and the servers are in the US, but it has a bigger user base already than most of its competitors like Threema or Matrix/Element and it is very easy to set up and use. I'm already a user of Signal, Threema, Matrix, WhatsApp and Telegram (every platform for some contacts, but most of them on Telegram sadly), so having yet another option is not a problem for me, as well as getting rid of one is also no problem. I'd love to delete both Telegram and WhatsApp in this move.

So, in conclusion, what I need is a messenger that has all or most of the following:

  • best possible security (E2EE is minimum)
  • easy to use (no complicated setup, simple UI)
  • already has some users (not too niche)
  • cross-platform and multi-device (should run on Android, iOS and Windows/Web)
  • some flashy dumb features like stickers and so on to keep them entertained

My choice would be Signal. But I am unsure if that is the best choice or if I should just wait a bit and see what all of the new EU laws about messengers and gatekeepers bring to the game and if anything chances with that.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 54 points 1 year ago (1 children)

Gotta go with the crowd here. Signal is what you are looking for.

[–] [email protected] 12 points 1 year ago (2 children)

@shortwavesurfer @MarcRnt Sadly, Signal is just another walled garden. We need to make XMPP apps more popular.

[–] [email protected] 14 points 1 year ago (1 children)

Is it?

You can run and connect to your own signal server, separate from the world if you wanted to…

Interoperability with other messengers Vs privacy are separate requirements and use cases.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)

@ArbiterXero Exactly, if you use any other provider other than the normal Signal server, you're separate from the rest. You have no other choice to agree on all policy decisions (e.g. requirement for a phone number on registration) or loose all your contacts there. This is separate concern from privacy, but to protect against enshittification and the like, interoperability and compliance with internet standards is absolutely crucial. Let's not promote the usage walled garden apps.

[–] [email protected] 2 points 1 year ago (1 children)

I personally dont have much experience with XMPP. From what i understand you have to roll your own encryption or everything is plaintext. Matrix encrypts but has major UI/UX issues around key management that make it a PITA to use.

[–] [email protected] 3 points 1 year ago (1 children)

@shortwavesurfer What do you mean by 'you have to roll your own encryption'? The switcher for encryption looks like this, the default is set to OMEMO which is the XMPP implementation of the Signal encryption protocol.

[–] [email protected] 2 points 1 year ago (1 children)

Isn't there several options besides OMEMO? If everyone sticks with default that would be alright. If there are other options that could get complicated.

[–] [email protected] 3 points 1 year ago (1 children)

@shortwavesurfer In my experience normal users never touch the defaults. My friends all use OMEMO when messaging me, especially since the OpenPGP option would require you to generate a public and private key yada yada...

[–] [email protected] 2 points 1 year ago

Isnt conversations an XMPP client? I feel like i have heard good things about it. My two big gripes with matrix is the key management and i cant auto delete conversations. I make wonderful use of signals "disappearing message" feature.

[–] [email protected] 27 points 1 year ago

The only answer for what you are looking is Signal (user base). The next thing would be Whatsapp, so .... Signal... Just signal.

[–] [email protected] 26 points 1 year ago (11 children)

First Telegram isn't the "worst possible option for privacy" and second, as you pointed out, Telegram is largely superior to others when it comes to usability and cross planform support.

[–] [email protected] 15 points 1 year ago (2 children)

Yeah but... Thet are not E2E encrypted by default. That shows how little they care about privacy.

The worst thing about Telegram is the false sensation of security and privacy it gives to unaware people (most of them).

[–] [email protected] 6 points 1 year ago (1 children)

Not just "by default". It also cannot encrypt group chats and - most importantly - does not allow this on desktop clients.

[–] [email protected] 3 points 1 year ago

Yeah but groups are never private, even with encryption.

load more comments (1 replies)
load more comments (10 replies)
[–] [email protected] 23 points 1 year ago (1 children)

I want the answer to be Matrix. I think decentralization and federation are important to the future of internet services to avoid single points of failure, and Matrix seems to take E2EE seriously. So far, I've found Matrix to be slow and unreliable, with some of my private conversations having as many messages "unable to decrypt" as successfully delivered.

So the answer isn't Matrix yet, though I hope it will be in the future. The answer, as most comments have already said is Signal.

[–] [email protected] 5 points 1 year ago

For me, answer was XMPP. It does the same thing as Matrix, but is far easier to set up and is far less bloated.

[–] [email protected] 18 points 1 year ago* (last edited 1 year ago)

The only answer for what you are looking is Signal. So .... Signal... Just signal.

or Molly, of course :)

[–] [email protected] 13 points 1 year ago (1 children)

Easiest seems to me just enabling E2EE in telegram since it’s there. Asking to use secret chats seems easier than asking to switch plattforms

[–] [email protected] 4 points 1 year ago

Except that the feature is only available on mobile

[–] [email protected] 11 points 1 year ago

FB Messenger and Instagram Messenger would be the worst for privacy... But Telegram is basically just FB Messenger with nicer UX features.

There's a couple of platforms that have better privacy and security (debatable) features than Signal, but Signal is more widely adopted amongst the E2EE Messengers.

[–] [email protected] 10 points 1 year ago
[–] [email protected] 9 points 1 year ago* (last edited 1 year ago)

SimpleX Chat > Matrix > others

Btw it's very difficult to change something in the routine, many people have your same issue; where I live WhatsApp is a fucking authority...

[–] possiblylinux127 8 points 1 year ago (1 children)

Signal is good but you can look into simplex chat or session

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Not ready for primetime. Like, absolutely not.

[–] [email protected] 8 points 1 year ago (1 children)

I think the only choice is Signal for practical purposes. There is no creating accounts, no scanning ID's, no invite link to chat. If they already know your number, there's nothing they need for you to contct you on Signal.

For people who I have their number, I will never ever acknowledge any other option than Signal because confused people don't end up making any choice. Only if they talk about servers and networks, then I will teach them network security. I say SimpleX F-Droid is king of them all, but for random people, I only mention Signal/Molly.

For the record, I will say that I am more willing to currently use Whatsapp than ever use Telegram. I can't speak to the cool features with Telegram because I hate it too much to register my number with them.

[–] [email protected] 3 points 1 year ago (2 children)

I don't understand how you trust facebook more than telegram. It's the exact opposite for me

load more comments (2 replies)
[–] [email protected] 8 points 1 year ago

Matrix or Signal

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (2 children)

Actually, I don't know why I had forgotten this already.

Link: DEF CON 31 - The Internals of Veilid, a New Decentralized Application Framework - DilDog, Medus4

Veilid. I watched this DEF CON presentation on it. I remember asking myself "How would this differ from Matrix and why do we need a competing standard?"

But actually, after watching, I do realize that in certain ways it seems more elegant and decentralized than even Matrix. It's really more focused for general application development, but that means chat can be developed on the framework.

So maybe put this on your radar as well while it's being developed. It certainly has jumped to my attention after watching this video.

https://veilid.com/

[–] [email protected] 2 points 1 year ago

Here is an alternative Piped link(s):

DEF CON 31 - The Internals of Veilid, a New Decentralized Application Framework - DilDog, Medus4

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source, check me out at GitHub.

[–] [email protected] 2 points 1 year ago

Really interesting! Sadly in the past a lot of such frameworks went the way of the titanic :/

[–] BrikoX 7 points 1 year ago* (last edited 1 year ago) (1 children)

DMA will only affect Whatsapp and Facebook Messenger from messengers, Apple's iMessage manage to be excuded as they don't have 45 million active users (10% of EU population).

Edit: I said Google Messenger when I meant Facebook.

Signal fits all of your criteria.

  • Has E2EE by default
  • Has most generic UI possbile that just works
  • Has a bunch of users
  • Has clients for Android, iOS, Windows, macOS, Linux
  • Has flashy features like stickers and stories
  • Run by a non profit foundation instead of a single developer or for profit corporation
load more comments (1 replies)
[–] [email protected] 5 points 1 year ago (1 children)

Signal does not support web app

[–] [email protected] 4 points 1 year ago

as much as I want everyone to use something like Briar or Cwtch, Signal is the only viable alternative for normal people. Session maybe, but last time I tried it, it was buggy and it has a small userbase.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

Matrix is slowly growing to feature parity with Discord and looks and functions a lot like Discord, which may make the switch over to it easier for some people.

I understand why Signal dropped SMS support, but that's literally the only reason I had it, and without the SMS support, I don't actually have more than one other person that uses it so it became pointless to keep using.

[–] [email protected] 3 points 1 year ago (3 children)

I just simply sent a message to everyone I kept in touch on Telegram to switch to Matrix/Element and guided them through the registration to a local homeserver thanks to one of my friends' blog posts.
The easiest way to convince your friends to switch is to just make the switch and help them sign up and use the service.

load more comments (3 replies)
[–] [email protected] 3 points 1 year ago

If they have Android, Conversations is great, not more complicated to use than your normal instant messenger, except for the account creation which works just like email (user@server) so not that difficult either.

[–] [email protected] 2 points 1 year ago (1 children)

I use matrix and setup matrix bridges to avoid this. If you are fine with a single user setup beeper should be easier. this way you use matrix yourself and your friends use whatever they want. (you can qemu an x86 android image, and pass a webcam, for whatsapp to work on the bridge)

[–] [email protected] 2 points 1 year ago (8 children)

Telegram is absolutely not the worst one. Those are whatsapp, facebook messenger, and viber. Telegram is not good, but I think it's an acceptable compromise

load more comments (8 replies)
load more comments
view more: next ›