andrej567 I had signal and trouble was that because some people had my phone number, they kept contacting me, like hey old pal how are you... I did not want to block them but at the same time i was not in mood to chat with them and kill time.

You should be able to use Signal and avoid this issue by setting "who can find me by phone number" to "nobody". Check phone number settings in Signal and set both of them to nobody. To the old pals this should look as if you weren't on Signal at all.

For the rest I agree with @N1b, that a good messenger is safe and privacy respecting and makes your peer groups available. In this sense, Signal might indeed be the best compromise. I still don't like that a phone number is mandatory to set up an account.

I also tried out Threema, which is nice if you have someone to message. I also like the idea, that it is a paid app and thus makes more clear, where the money comes from.

SimpleX looks promising and innovative, but I don't know anyone using it.

23Sha-ger so it's a good option to keep it in a separate Shelter profile registered on a prepaid sim.

As far as WA is concerned, this will hardly allow you to use it on a regular basis and stay anonymous, even with a VPN.

      andrej567 I tried session longer time ago, but it was not possible to have multiple clients for the same account back then.

      In the meantime, Session has Multi-Device functionality and it works good.
      Unfortunately, most people don't give a damn about confidential communication, they hold their smartphone like a piece of bread with honey, call via loudspeaker and speak very loudly so that everyone can hear everything.

      I have only one contact, who tests Session messenger with me since a long time.
      We have often very long voice-calls via Session (or sometimes via Threema or SimpleX).
      Works great.

      But as mentioned above, SimpleX now is technically on the highest standard.
      But who cares?
      – Okay, Jack Dorsey has recognised its value and made an investment…

          Eagle_Owl Session looks good but as someone above noted, you need people to communicate with. Grandmas are now able to use Element, to switch them to session at age 85, no-go. Except the family, i am pushed to have whatsapp. I thought about bridging whatsapp to element but
          a/ I did not have time to investigate, and
          b/ i need also whatsapp voice calls (work)...

            I use telegram, whatsapp, and signal. I would say signal is good, because, yes, you have to register with a phone number, but you can set it, so know one sees it. You can now create usernames, and give those to people instead of your phone number. You can also create expiring links for say there is someone in a group you want to contact you, without giving them your number. The cool thing about expiring links is that once they expire, No one, including signal can trace them back to a number just in case some asks. Same is true for usernames if you happen to change it. There is no limit to how many times or the frequency of username changes.

            I think everyone is missing the most important point though. Whatever messenger you use, it's only as safe as the OS you have it installed on. If someone has full control of you OS, then all bets are off. No messenger is safe.

            Let's not forget Molly, the hardened version of Signal which is currently the private and secure messaging service recommended by the GrapheneOS project account.

            I use Molly-FOSS (Signal) for all my contacts. It requires a phone number, which is problematic. I also need to fill out a captcha constantly, for using a VPN and likely an alternative client.

            This captcha is done via hCaptcha.

            SimpleX is great, it is my second messenger of choice. I have a chat with close ones as backup when Signal locks me out for arbitrary reasons.

            Signal has access to my contacts, but I will switch to contact scopes soon.

            Whatsapp also in a shelter profile. There I have a separate instance of MullvadVPN with a VPN in Germany, I have 3 contacts or so saved. There is a new app on F-Droid to open a chat in Whatsapp without saving a contact or requiring contact permission.

            Whatsapp, just like signal, need to be worked around to share photos, as both dont care about least privilege. You need to use the share portal.

            SimpleX meanwhile works great for calls, has the best background notification implementation that saves battery life but just works. It uses native Android photo picker and similar things.

            It may be confusing to new users, but it is not that hard to use.

            They have a Flatpak desktop client now, but it also uses Electron (just as Signals crap app) and works locally via a random opened port (last time I checked) so I need to manually allow a port in my firewall every app start. I think on Windows apps can do that themselves, cant do that on Fedora.

            So the desktop client is not usable. Phone+Tablet is also questionable. Molly works great here.

            In the past I have had Wire, Session, and Wickr, in addition to Signal and Molly, and I tried SimpleX recently. I only ever had one or two people who wanted to use Session, similar with Wire, no-one ever wanted to use Wickr (especially after its privacy fail), and SimpleX is still a bit new for people. Michael Bazzell notes (correctly, as I see it) that each new messenger that we ask people to use burns some of our privacy capital. Do it too often, and they stop listening.

            These days, I use Signal and Molly (two SIMs) and have gotten rid of the others, except where negotiated on an ad hoc basis with certain contacts.

            [deleted] Its still a record of you stored somewhere outside of your control.

              [deleted] Android only.

              Incorrect. It's also available on Windows, macOS and desktop Linux. Support for Linux mobile operating systems is currently in beta.

                    Simplex Chat is really nice and promising. It is written in Haskell which is also interesting. You can self host the relay servers or use the preset ones run by the team. You can also run a coturn server for NAT traversal, along with the simplex message relay and the secure file transfer server if you want complete control of your associates communications, if you find that approach fits your threat model.

                    Here is a podcast about it with the founder: https://optoutpod.com/episodes/s3e02-simplexchat/

                    As other stated before Molly is a very nice fork of Signal. You can use your own notification service and save battery. SimpleX founder has talked about possibly integrating the same notification system (UnifiedPush).

                    The link shared here: tomz really is the link to the unofficial GrapheneOS group on SimpleX.

                    It was flagged as suspicious, so I just wanted to point out it's okay.

                      My family and I migrated away from Signal a while ago, evidently for a reason that none of us can remember.

                      We just came back.

                      • Sbpr replied to this.

                        I also use Molly, which is an outstanding fork of Signal. But I wanted to take a moment to plug Threema, which I also use to good effect. It has the added benefit of anonymous signup without the need for a phone number, which the Signal service requires.

                        Another vote for Molly (signal fork). I use the unified push version which works very well.

                        praise to graphene for contact scopes, otherwise whatsapp would be unuseable (from both privacy and ui perspective).

                        remember to turn off your WA backups! last I read they are unencrypted to facebook servers. so much for e2ee

                        • Sbpr replied to this.

                          Blastoidea I stopped using Signal as a daily messenger. Since you can't remember why you stopped using it the first time, I'll give you my reasons for why I stopped using it.

                          This is a bit of a rant but it's something that has irked me a lot that is almost never talked about in the privacy space.

                          My threat model for a daily messenger, which is probably shared by most newish Signal users, is not really trusting big tech and being unsure if I can trust closed-source encryption promises - otherwise I would be fine with WhatsApp. The DeleteWhatsApp campaign promised a familiar experience with Signal, but from a nonprofit you could trust. It sounds perfect and this is how they convinced millions of people to download the app. But it was a lie.

                          For a daily messenger that's used to casually message friends and family, my goal is one thing: keep eavesdroppers out of our private conversations just like how we feel more comfortable talking about things in the privacy of our own home than in public. Signal developers have made it clear that they do not share this vision.

                          Signal's version of privacy means trust no one, not even the person you're speaking or even yourself. In the analogy above, their version of privacy means doing a mind wipe on everyone as they leave your home to eliminate the chance that they share contents of that conversation with others afterwards - and then throwing away that gift basket they gave you so that no one could guess they were there.

                          For high threat model conversations, I completely agree with Signal. Signal's more extreme privacy is absolutely necessary for some and I'm assuming some of this niche group may also be GrapheneOS ueers. But that's not the vision that was promised to the millions of people that naively installed it. And this is reflected by usability bugs that are defended as privacy features.

                          The two main problems I faced were media metadata and backups.

                          In my experience, normal nontechie people often default to using message apps to share photos (even if more efficient methods exist). No, they won't zip it. No they won't use another app. If you want the photos, this is how you're getting them. Period. "I already sent them, stop bothering me!" Signal though heavily compresses photos and strips their metadata, which is a nightmare situation for someone like me who is in charge of the family photo archive. Meanwhile, Signal purposely designed their user interface to appear similar to WhatsApp's, but the functionality works differently without informing the user. For example, if you send a photo as a document/file in WhatsApp, it sends the full untampered photo with full quality and all original metadata. Meanwhile, this same button in Signal still compresses it and still removes metadata. I had no luck trying to explain this to apathetic friends and family. Signal doesn't offer any way to turn this off and the lack of opt-out is considered a privacy feature. Signal also doesn't warn the user that they will tamper with sent media. I only discovered this months after using it.

                          The second issue is message backups. In a time when cross-platform compatibility and data portability is showcased, even in many "evil" Big Tech products, Signal has gone the other way. If Signal devs had their wishes, I'm sure they wouldn't allow backups at all and would make every conversation a disappearing message. They still don't have a way to backup messsges to a file on iOS, only to transfer to a new iPhone assuming you still have the old iPhone with you. Despite this being a such a crucial feature that has been requested for many years, nothing has been done. And their excuses make little sense. Other users have pitched iOS backup designs and even issued pull requests, but Signal straight up ignored them or even blocked these people. In short, if you lose your iPhone or move to Android, you will lose all of your Signal messages. I can't in good faith convince people I know to use Signal as their daily messenger knowing this, especially since most people I know use an iPhone.

                          On Android, they reluctantly created a backup solution, but this was a feature that only exists due to Signal's previous history of supporting SMS. They got rid of their old plaintext backups that could be opened outside of Signal and instead created their newer encrypted backups. Except...there is no official way to convert this new backup to something that can be viewed outside of Signal. You also can't merge backups and message histories. There are some third-party attempts to fix this on github, but it's a cat and mouse game since Signal updates will routinely break these attempts and at this point, I wouldn't be surprised if Signal devs were doing this intentionally. The third-party tools also aren't perfect, such as having a hard time with group messsages and creating duplicates. These solutions also usually require familiarity with techie things like command lines, Linux, etc, which is far from what most people are capable of using and far from the simple familiar messaging app that was promised. And just like iOS to Android, you can't transfer messages from the Android app to the iOS app.

                          As someone who has lost loved ones, insisting that people use Signal for low-threat conversations between friends and family is beyond cruel. Your message history is yours and you should be able to hold onto those memories for as long as you want. It shouldn't be up to an emotionless programmer to tell you that you don't need them.

                          As I mentioned in the beginning, I refuse to use Signal as a daily messenger and I've moved back to WhatsApp (and Google Messages for when they don't have WhatsApp). I still have some trust issues about using Meta (Facebook) and Google apps on my phone, but GrapheneOS at least helps to alleviate some of those concerns. I fully acknowledge WhatsApp isn't perfect as far as privacy is concerned, but assuming Meta isn't lying and there are no secret backdoors, it's still good enough for casual low threat-model use, which for me, make up 99-100℅ of my messsges.

                          One point often thrown against WhatsApp is that conversation metadata isn't encrypted on WhatsApp, which means WhatsApp and law enforcement can see who I'm messaging, when we messaged, and potentially where we were when we sent them. But as I said, this is for casual use. That's a lot of effort to find out I talked to my family today, which I do every day. As long as they can't see what we're talking about, I'm not terribly concerned.

                          The second part is them moving to Google Drive/iCloud for backups exclusively. While there have been attempts to backup and restore locally, I've never had luck. But, to whatsapp's credit, they offer encrypted cloud backups where you hold the password, not WhatsApp. I feel reasonably secure using it, minus the frustration of having to keep Google Drive installed on my phone. WhatsApp also offers a plaintext local export option for each conversation, which provides some peace of mind in case the backup fails or choose to leave WhatsApp in the future.

                          The third is WhatsApp's hungry permissions, but as mentioned, GrapheneOS comes to the rescue with this through contact and storage scopes.

                          I do keep Signal installed strictly for higher risk conversations that I intend to delete, which is not many since I'm a pretty boring person. Though for such a restrictive and infrequent use case, there are other apps that I could use instead like those mentioned in this thread that may offer even better privacy.

                          I think it's so important to consider the usability differences between GrapheneOS and Signal despite sharing similar privacy and security goals. Signal has a restrictive vision for how they want you to use the app, but still like to tease the masses that it's perfect for everyday use. The Signal community is also relentless in pushing people to stop using more user friendly messaging apps and to use Signal exclusively, which is so unbelievably toxic.

                          Meanwhile, GrapheneOS understands people have different threat models and gives users the choice by implementing optional usability features such as sandboxed play services. As an additional example, and a near perfect comparison, GrapheneOS's secure camera app gives you the option to not delete metadata whereas Signal does not give you this option at all.

                          The GrapheneOS mods have been outspoken about how GrapheneOS can be used across various threat models and that you have freedom in how you choose to use it. If you want a locked down minimalist phone, you can have it. But you're also free to install any privacy concerning app and change system settings as you see fit. Instead of telling you that you can't, they actually try to help you do it in a way that is more privacy respecting. GrapheneOS has even censored people in this forum that try to gatekeep this OS to only restrictive threat models. Even when users talk about doing something that poses additional security risk, the mods response is to first jnform people of the risks, but then say it's still ultimately up to the user, just don't blame GrapheneOS if things go wrong, which is very fair.

                          GrapheneOS is also not shy about stating what doesn't work (like play integrity attestation) instead of trying to trick users into thinking that everything works just like they're used to working. If things don't work, GrapheneOS devs appear upset that they don't work, even if it's for a feature that they may not use themselves. They want things to work, but have limited resources, so they encourage the community to create third-party solutions, to add to the codebase, or to post workarounds on their official forum - unlike Signal that purposely ignores user feedback and code suggestions.

                          GrapheneOS GETS it. Signal doesn't.

                              headphonejack

                              remember to turn off your WA backups! last I read they are unencrypted to facebook servers. so much for e2ee

                              Do you have a source for that? I'm having trouble confirming this from my own searching. If this were the case, I'd imagine this would be talked about tremendously.

                              WhatsApp still explicitly says in the app that neither Google nor WhatsApp can access your e2e backup.

                                  Sbpr I also read that the backup would be stored in clear but I don't have anything concrete on that either, it also seems that if a user flags your message, its content is analyzed, it seems that WhatsApp can access the content of the encrypted message in some way.