It seems like I constantly see “X secure messaging option is actually bullshit because it was purchased by Dr. Evil and Y is actually just e-mailing your messages directly to Xi Jinping.”
Is there an authoritatively “best” one I can just…download and setup easily? Is Signal good? Or do I need to solder a Raspberry Pi to the flux modulator of my home Linux NAS GUI, etc…?
Signal is actually good. More people should be using it.
There is no best, each has their merits and drawbacks.
If you were to pick a messaging app I would go with Singal because they give good transparency to users, while giving frustrations to governments wanting data.
Also Elin Musk has blocked signal links on Twitter.
Only downsides of Signal are 1. It’s centralized 2. You have to sign up with a phone number.
It’s secure, cross platform, and easy to set up and use.
Probably most importantly, it’s a similar experience to using other popular texting apps and the set-up experience is familiar to anyone singing into any big-brand-name app, making it a relatively easy sell to non-techies.
To add to this:
It’s also owned and operator by a non-profit in the United States (unlike Telegram and Whatsapp which are operated from the UAE and a for-profit company respectively).
WhatsApp is owned by Meta (FaceBook), which is notorious for stooping to the level of borderline malware to steal data.
Look at openAI trying to switch to a forprofit. It’s hard to imagine signal surviving for longer especially that it is hemorrhaging a shit load of money and donations aren’t enough to keep it afloat
Signal is actually trying very diligently to pioneer a novel financial model for a sustaining long term. Here’s a lemmy post from a few month ago about a Wired interview with Signal Foundation’s president covering it in some depth (and a current archive link to the article). They seem to be one of the few actually good entities left in a world of surveillance capitalism and pervasive domestic government espionage.
Whether they succeed or not in the long term is certainly still unclear, but I expect they have many years of financial runway remaining.
Signal.
Wired had an interview with Signal’s President last year that I found enlightening and provided an entry point for me to self educate further. Here’s an archive.org snapshot of it: https://web.archive.org/web/20240828100224/https://www.wired.com/story/meredith-whittaker-signal/
For the click-averse here’s an excerpt I find compelling:
Going back to your sense of Signal’s new phase: What is going to be different at this point in its life? Are you focused on truly bringing it to a billion people, the way that most Silicon Valley firms are?
I mean, I … Yes. But not for the same reasons. For almost opposite reasons.
Yeah. I don’t think anyone else at Signal has ever tried, at least so vocally, to emphasize this definition of Signal as the opposite of everything else in the tech industry, the only major communications platform that is not a for-profit business.
Yeah, I mean, we don’t have a party line at Signal. But I think we should be proud of who we are and let people know that there are clear differences that matter to them. It’s not for nothing that WhatsApp is spending millions of dollars on billboards calling itself private, with the load-bearing privacy infrastructure having been created by the Signal protocol that WhatsApp uses.
Now, we’re happy that WhatsApp integrated that, but let’s be real. It’s not by accident that WhatsApp and Apple are spending billions of dollars defining themselves as private. Because privacy is incredibly valuable. And who’s the gold standard for privacy? It’s Signal.
I think people need to reframe their understanding of the tech industry, understanding how surveillance is so critical to its business model. And then understand how Signal stands apart, and recognize that we need to expand the space for that model to grow. Because having 70 percent of the global market for cloud in the hands of three companies globally is simply not safe. It’s Microsoft and CrowdStrike taking down half of the critical infrastructure in the world, because CrowdStrike cut corners on QA for a fucking kernel update. Are you kidding me? That’s totally insane, if you think about it, in terms of actually stewarding these infrastructures.
Signal works the best for me, and I think its the best option out there for common people who wants the best privacy
Signal is known as the gold standard right now but there are new ones popping up all the time. SimpleX chat is good too (despite the “Nazi-haven” smears).
You say it’s a “smear” but is it based in truth?
I’m certain that any worthwhile encrypted communication will be used by evil people to do evil.
That doesn’t really answer the question lol
I suppose I was commenting on the question, not trying to answer it. I’m out of the loop, so I can’t answer it. Checked some articles and it looks like a bunch of neo-nazis switched to it.
They are also using Google, Windows, Apple, etc. so I’m not sure the question actually pertains, but I guess that’s not my concern.
My understanding is that Briar is ethically the best, but no one uses it. Signal is the best if you actually want to use it to communicate. Telegram is where the pirates and drugs are.
Here’s the long version: when a dev is making a messaging app, they eventually have to make a choice: do I integrate SMS/MMS? If they want to make this app a daily driver messaging platform to help you ungoogle your android phone, they have to integrate SMS/MMS, which has security vulnerabilities and limits how secure they can make their app. More importantly, people do not tolerate ads on their messaging app, so they flat-out cannot monetize it without losing their entire userbase. If they don’t integrate SMS/MMS, they are creating a closed ecosystem, and a closed ecosystem can be profitable. If leadership changes, the new leaders might decide to turn their users into either cutomers or products.
Telegram is not a secure messaging app.
Is that the one Amazon purchased?
No, Telegram is a Russia controlled service not using encryption at all unless you specifically turn it on - and never for groups.
Being Russia controlled they put out a lot of disinfo and so way too many people and news outlets still include it in the “secure messaging” category.
My understanding is that Briar is ethically the best
I’m out of the loop, what does this mean?
Meaning they haven’t had any big scandals and seem like a good company
I thought Russia owned it
Ethic pertains to the morality of ones action. Think of murder, as a generally agreed unmoral act, or sharing freely as a generally moral act.
Think of it as the market growing or falling, but in a context where this does not really benefit you personally.
I know it sounds really convoluted but believe or not, that’s what humanity used to run on.
(Also Briar can make a completely decentralyzed network relying on connecting phoner directly and boucing the messadge around, It’s almost a must have if you are, like, trying to organyze when the government shut down the internet and stuff.)
I think that the person you’re responding to is asking for the specifics of why Briar is ethically superior. Do the other options have ethical issues? Or does Briar have a specific characteristic that makes it ethically superior (e.g. its p2p nature)?
I’d also like to know. It’s never occurred to me to look at the technical nature of secure messaging systems through the lens ethics so I find the idea intriguing.
I know it was a great attempt at humour on my part.
From an ethical standoint any earnst attempt at upholding privacy is equally valid. Past the technical necessity, you should probably look at those tools from any ulterior motives standpoint, or path toward a potential future monetization.
On this front, Telegram is clearly shit, Signal is centralized and nothing prevent it from turning “evil” and starting to charge money.
Ideally you’d need complete open sourceness to start getting your feet into ethics, possibly also some political statement beyond some bland “free speech” stance.
Ahh, gotcha. Apologies, I haven’t had enough caffeine yet, so it went completely over my head.
That makes sense to me. I also prefer Briar on that basis, although I currently don’t use it at all. I’ve had a hard enough time getting folks to switch to Signal, so I don’t want to try to push them to move once again. If Signal starts enshittifying then I’ll probably start the Sisyphean push to switch again.
edit: ugh it’s Sisyphean not Sisyphusian
I’m 100% pushing nothing but Signal. It’s the easiest one that brings with it a genuine mental switch. I like to assume that after such a transition it will be easier to look at anything else down the line, say if Meta buys it or some other dystopian shit.
Briar seems like meshtastic but with no additional hardware at the expense of significantly less range when offline.
Signal if you trust them to not leak your identifier and because its gotten the most mass adoption.
Simplex if you can convince your circle to use it because it has no identifiers and is user friendly.
Whoever built that website really needs to fix the hitbox on the ‘X’ when you’re done reading the popups. Or instead of trying to show off with JavaScript they can just have a separate page like most websites
What do u mean leak ur identifier. Isn’t that just like your phone number
Signal is the best balance between secure and convenience. There are more private options out there (i.e. don’t require a phone number), but they are harder to adapt especially if you want to get non-techy family and friends to switch over.
As always the answer is it depends.
Ive seen a lot of merchants of illicit products move towards sessions.
It depends on your threat model, signal or maybe element is likely the best compromise.
Signal
Matrix
Those are your two choices. Signal is centralized, Matrix is federated.
Signal via Molly seems like the best option at the moment. Molly is a third party client that allows for even more protections like database encryption and getting rid of Google firebase notifications, for example.
Signal using the Molly fork is good. Besides that, there’s stuff like Session and Simplex for nerds out there. Matrix exists but it doesn’t encrypt all metadata iirc.
Its best not to use a phone at all if you can help it.
The keyboard app on most phones that are default still gives info to apple/google. So even if you use signal, the data goes over.
You can side-load apps that take phone keyboards over (even better if you don’t use base android OS at all). But I dont know your situation.
I know your joking but the most secure that is still usable is probably an encrypted home server and using something like irc/XMPP. A pi with yunohost can do wonders. You can use the converse app on the phone to hook into that. It’s auto encrypted if you go that route.
Security is a spectrum so you have to chose how much inconvenience is best for your situation.
The question says “for my phone”.
Also by your logic why use a PC, just don’t use the internet at all.
All of my suggestions are for the phone? I don’t understand the confusion.
If self-hosting and “Warning, some assembly required” isnt an issue, Matrix - Synapse. I spooled that up in my home lab recently and im slowly moving my group chats over to it.
