- Edited
Keet, Simple X and 0xchat are other options
Keet, Simple X and 0xchat are other options
Threema was originally not open-source in that its source code was not open to independent review. In late 2020, its frontend apps were open-sourced, leaving only its server component proprietary.
Personally, I use SimpleX Chat. It's the first messenger without user IDs which takes improving user privacy one step further. All of a user's data is stored on their device in lieu of a messenger's server. E2EE messages are temporarily held on a relay server until received and then they are permanently deleted.
For more information: https://simplex.chat/docs/simplex.html
Xarcell
It’s whatever chat application the majority of your contacts use. I had Signal on my phone for 2 years. Nobody on there.
Xarcell In an ideal world I would use only SimpleX. But since about a year ago I pushed people real hard to communicate with me via Signal, I'm not going to get anyone to switch over.
So I stay with Signal.
I use whichever Chat Application the majority of your contacts use. For me most use Whatsapp. I have Signal and Whatsapp installed as some have started to use Signal.
I dont try to convert people to use another Chat-Application as for example most handyman use Whatsapp. So if I need to contact my electrician I have to use whatsapp because I cant explain him "hey I only use <alternative-Chat-Application> please also use it its <explain-security of chat-applications> " they would ignore me in the best case or say I should look for another electrician that uses <alternative chat-application>
Aeon
Yep, here it’s all Whatsapp. It’s a general apathy about privacy in general with this population. Honestly, they really don’t care. I’ve given up.
qtox
briar
berty
session
status
You cant expect a handyman who works 8-12 hours a day to research security and privacy of phones, and compare pros and cons of different messaging apps.
they ask their colleagues and employer what to use and use that.
And Whatsapp is the defacto default messaging platform in my country.
Aeon
You can’t expect over 99% of the population to care, they simply don’t.
troika tox hasn't been updated in ages I really wouldn't suggest using it. If you need a cool peer-to-peer messenger app try Briar or Cwtch.
SimpleX has been good. I only have a couple of friends who downloaded it, but I use it with my kid on their ipod touch.
Xarcell The GrapheneOS team officially recommends Signal and SimpleX.
Cold_Beer I think you're jumping to conclusion too fast. "99%" does not even mean anything, as a lot more than one percent of the world population is using privacy-preserving technologies.
Maybe you feel this way because of the environment you live in, and that certainly has an effect on collective beliefs and perceptions about specific subject —be it security, or privacy or surveillance, or government incompetence—. There are parts of the world (e.g. the EU) where privacy is viewed as strong fundamental human value: https://www.forbes.com/councils/forbestechcouncil/2020/07/29/the-privacy-mindset-of-the-eu-vs-the-us/.
Many users could simply not be aware of privacy regulations and of the fact that they have a choice (see here and here). This is why communication and information is so important. Do not give up; continue to talk to friends, family, spread messages over social media, write to members of parliament or contact them directly; if you give up, you lose, and this way we all lose.
This could also be relevant (see the concept of "privacy inertia"): https://www.securitymagazine.com/articles/94560-of-americans-very-concerned-about-online-privacy-but-most-dont-take-any-significant-action
The difficulty to use privacy-preserving and privacy-respecting technology is a huge barrier for most people who are not technically savvy, or are not able not willing to spent so much time on privacy related issues because they perceive they have more important thing to do, like work, care for family/children, take care of medical conditions, do not have time because they work too hard o do not have the money to simply but things that are not spyware. Consider the fact that more than 13% of USA's population lives in poverty: that more than 37 million people who have more important things to think about than "privacy"! Or consider the fact that there are more than 3 billion people (!) who do not have access to the internet, and Shitbook (aka Meta) is providing "free" access to the internet to hundreds of million of poor people living in poor places, but in fact the "internet" for them is just spyware and the access exclusively to shitbook's services (see e.g. this article). You cannot expect that people in Africa, South-east Asia or India to be using GrapheneOS on a 300+ dollars phone and other privacy preserving apps and services (even free!) when those people lack basic access to water, hygiene, food, etc. and have to think about like, I dunno, not dying, instead of where their "data" goes. Also, many people still lack basic education, and the quality of education is declining even in the Western world, and I personally think that is a HUGE part of the explanation.
Then, there are multiple statistics and polls that suggest that in fact people care —to varying degrees— about privacy (e.g. this one or the ones from Prof. Lorrie Faith Cranor from Canegie Mellon, or by the Pew Research Center, or by the Electronic Frontier Foundation).
When consulted about the "chat control" proposed legislation, (a small sample) of people in the EU was not happy, to put it mildly; a majority said they care about privacy; though one should also consider the small sample size and the voluntary participation (source).
Maybe this issue is perceived in a stronger way by young people: according to a large representative survey, 80% of children in the EU say that they would not feel comfortable and safe being politically active or exploring their sexuality if authorities were able to monitor their digital communications on the basis of finding child abuse material (source: https://edri.org/our-work/most-criticised-eu-law-of-all-time/)
A 2012 study from Hallinan et al. concludes that:
As technology and data processing play a greater role in the
life of the individual and society, they gain increasing signif-
icance in the shaping of the social environment. This potential
makes them an inevitable policy battleground. Accordingly, in
a democratic society, participation should play a role in each
policy approach, initiative or decision. However, whilst ‘public
opinion’ is often cited as legitimation for measures and
discourses aiming in myriad directions, an understanding of
how the public understand and approach these issues, that is
to say an understanding of what this ‘public opinion’ actually
is, is conspicuously lacking.
So, as you see, the problem start from the very roots, because there is not a very good framework to understand what the "actual public opinion" means, and every person interprets reality and legislation in its own way, so everybody could give different answers to the same questions, but they could actually want the same thing (e.g. strong human rights)
Finally, a 2014 study from Dinev may give a (partial) answer to this paradox:
[...] And yet, despite this storm of revelations and analyses, there does not seem to be a considerable bottom-up political and societal pressure to change the practices of government surveillance and data collection by the private businesses. The society response as captured in poll after poll, seems to be divided and tepid. This may lead politicians and policy makers to think that people have accepted the government explanation of this massive surveillance as the necessary tool to strengthen the security of the nations and thwart terrorist attacks. As in e-commerce, we yet again see the well-known paradoxical phenomenon: poll after poll registers that people are highly concerned about their privacy. Nevertheless, they freely submit personal information and accept being monitored, both by businesses and government. Thus, feeling uninhibited, businesses and government expand even more their collection and use of personal data and behavior.
There can only be a few explanations for this interesting paradoxical phenomenon: (1) people think they care and are concerned about privacy but actually they are not; (2) people, organizations, and governments do not understand exactly what privacy is and how the lack of it can affect the individual; (3) people understand and want their privacy but do not exactly know the extent and the mechanisms of data collection and what the implications for their privacy are. While we do not know exactly which of the three explanations is adequate, either of them and good research evidence (e.g., Mason, 1986; Dhillon et al, 2007; Dinev et al, 2008; Li & Unger, 2012; Miltgen & Peyrat-Guillard, 2014) show that societies are still actively searching for the balance between preserving the right amount of privacy (that people will demand and not compromise over), and providing convenience (personalized services and goods in the case of businesses) as well as security (in the case of government surveillance). [...]
Also, since I mentioned "Chat control" (aka "Proposal for a Regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse" in EU's legalese), please pay VERY MUCH ATTENTION to what is happening, and if you live in the EU or know someone who lives there, I strongly encourage you to express you opinions to the EU interior ministers who are to endorse it on 10 October 2024, as discusses here. Please see how you can express you opinions and take action here.
Please educate yourselves about why this legislation not only is a clear violation of human rights, as it would undermine end-to-end-encryption, but would also not protect children, and in fact could hinder the already poor efforts on combating CSAM here:
https://www.spiegel.de/netzwelt/netzpolitik/chatkontrolle-zahl-der-falschmeldungen-zu-kindesmisshandlung-massiv-gestiegen-a-a746b118-82e7-4560-8ba4-45f02489768c
https://www.patrick-breyer.de/en/posts/chat-control/#Myths
https://threema.ch/en/blog/posts/stop-chat-control
https://volteuropa.org/news/chat-control-wont-protect-children
https://mullvad.net/en/chatcontrol
https://stopchatcontrol.eu/
https://chatcontrol.se/
https://www.ccc.de/en/updates/2024/chatkontrolle-kuhhandel-wahrend-niemand-hinschaut
https://european-pirateparty.eu/chatcontrol-eu-ministers-want-to-exempt-themselves/
https://chatcontrolv2.eu/
https://crm.edri.org/stop-scanning-me
https://netzpolitik.org/
https://european-pirateparty.eu/chatcontrol-eu-ministers-want-to-exempt-themselves/
(chatcontrol.eu and chatcontrol.wtf redirect to the same site from Patrick Breyer)
Try decentralized service https://bastyon.com/ - it's more than a messenger. It's based bitcoin code :)
ToffoliGate When talking about how technology is a huge barrier for most people, I wanted to add how important projects like GrapheneOS are, which with their (pretty automatic) web installer they massively eased the burden of installing the OS, and should not be a problem for most people.
Also, I'm sorry for the long and off-topic message, but I wanted to elaborate a little bit more on the popular misconception that people do not care about privacy.
To answer the original thread question: if you use trusted, popular and audited apps like Signal, SimpleX or Threema, you should be fine.
To answer the first post from Xarcell: Threema is almost completely open-source, with the only exception being the server infrastructure, which is proprietary and completely owned by the company (though companies can host their own Threema servers on-premise). They also had multiple security audits. The non-open-source nature of their servers should not be an issue if the end-to-end encryption protocol is sound (which it is) because that's the entire point: it should not matter when the data transits if it's correctly encrypted. Because, if not, by this same logic one should also not trust Signal because all of its data transits through Amazon, Google and Microsoft servers, which are of course very much not open-source. But this, of course, is non-sense, since it's all encrypted, and Signal is sound. Also, these three apps collect minimal metadata, which arguably is as important as being e2ee. WhatsApp is e2ee with the same Signal protocol (allegedly), but I would not recommend it to my worst enemy due to the huge amount of metadata they all collect, that goes directly to Shitbook and the glowies. This is why I hate when Signal and Shitapp are recommended by "experts" and put on the same plane just because they are both e2ee, because the retarded 'muricans use plain text SMS so anything that's encrypted is better than SMS.
I used Conversations on my xmpp server. For those not on my server (about 8 billion persons), it's sms.
Signal. Why push people to harder to use applications?