KCne I would consider that fact that telling everyone you email and send discord messages to, to switch to a certain platform, will likely cause many people to be alienated. No matter how high quality a messenger is, you may want to consider the impact they could have on the quality of your relationships.
I want to adjust my statement above (unfortunately I can't eddit it):
I want something that at least technically can be used for similar purposes, like receiving messages from strangers and organizing communities.
KCne 23Sha-ger Session
https://soatok.blog/2025/01/20/session-round-2/
I stand by what I said previously: Don’t Use Session.
The fact that they forked Signal and deliberately moved forward secrecy from the protocol was already sufficient reason to never trust it.
What they replaced forward secrecy with does not pass muster for secure cryptographic software.
23Sha-ger Threema
https://soatok.blog/2021/11/05/threema-three-strikes-youre-out/
Most of what I shared here isn’t a game over vulnerability, provided you aren’t using Threema for group messaging, but my findings certainly debunk the claims made by Threema’s marketing copy.
If you are using Threema for group messaging–and especially for sharing files–you should be aware of the Invisible Salamanders attack discussed above.
When in doubt, just use Signal. It’s free, open source, private, and secure.
Eirikr70 xmpp
https://soatok.blog/2024/08/04/against-xmppomemo/
As things stand today, I cannot recommend anyone use XMPP + OMEMO.
From the lack of a mechanism to keep implementations up-to-date with protocol versions, to a lack of clear rationale for protocol design decisions, to ecosystem issues with both the app availability and their third-party open source dependencies, to the most popular app (Conversations) being an absolute mess of complications, XMPP+OMEMO hasn’t earned my trust.
Emmy [matrix]
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
Don’t use Matrix.
I had incorrectly assumed ignorance, when it was in fact negligence.
There’s no reasonable world in which anyone should trust the developers of cryptographic software (i.e., libolm) that deliberately ships with side-channels for years, knowing they’re
present, and never bother to fix them.
grapheine Simplex
I personally believe that SimpleX has made meaningful contributions in the instant messenger field! Still, I don’t consider them perfect. For example:
https://discuss.privacyguides.net/t/simplex-vs-cwtch-who-is-right/19256/112
So would you recommend SimpleX?
IcyScroll I'll try to help, let me know if you need anything else.
Under the hood SimpleX Chat is complex indeed, however besides the flatpak not having access to all user files by default, I wouldn't say it's hard to get started. Sure, it's not as easy as Signal (contact discovery) but that's mainly because it's just different. Every contact needs to be given an address in order to connect. Address can be profile-wide (like Signal QR code) or single-use: one for every connection you want to have. It's up to users to distribute their addresses, for now. When it comes to e-mail, SimpleX address can be added as part of signature to let your contacts know there's another way to contact you if needed.
I find SimpleX Chat much easier to use than for example XMPP. In my opinion it's a great tool to have regardless of whether people around use it at this time. In the meantime, an empty SimpleX profile can be treated just like a mailbox :)
I like many things about Simple
But since they don't have any contact discovery methods two question is particulary important for me
- What happens to an existing contact/connection if the smp server we have made our connection over goes offline?
- ould it be possible in the future to create server independent long term SimpleX links?