Good E2EE messengers besides Signal?

schweizer

Ilgar Definitely not. It still requires a phone number causing a privacy issue. And I do not like that Signal is a trust. You are not the customer. And its US controlled servers are a downside too.

JollyRancher

schweizer
While the phone number requirement is problematic, the rest of that post is pretty ill informed.

Unless you make it onto a US (or Five Eyes to a lesser extent) NatSec targeting list where the US federal government is willing to expend serious effort going after you, the US is actually about the most privacy friendly jurisdiction around.

There are zero restrictions on what kinds and degree of encryption are legal in the US.

Any attempt to go after/target someone based on speech or political beliefs is going to run headlong into the First Amendment.

US courts are notoriously bad about localizing foreign subpoenas for data. Unless the foreign LEO's can get the FBI on board with the investigation and to apply for the subpoena, it basically goes nowhere.

If law enforcement serves a subpoena on Signal they receive 1) associated phone number, 2) date the Signal account was established, 3) date of last Signal login.

Law enforcement can clone your phone number and thus swipe the associated Signal account and thus receive any future Signal messages sent to you but they can't see past messages or contacts.

If your threat model involves serious, directed, effort from the US NatSec establishment then you should default to basically everything electronic being compromised.

Ilgar

schweizer I'm definitely aware about trade of about metadata and 14 eye intelligence with encrypted molly, but in my opinion it's better than threema because of AFU usage. If threema would provide BFU notifications (I'm not even asking for molly style encrypted storage) I would start using it again, after they implemented PFS, even though swiss laws dropped the ball of privacy and neutrality recently either.

schweizer

JollyRancher While the phone number requirement is problematic, the rest of that post is pretty ill informed.

While I do not know everything I still think I am better informed than you.

JollyRancher Law enforcement can clone your phone number and thus swipe the associated Signal account and thus receive any future Signal messages sent to you

See? They couldn't do that with Threema because it does not rely on phone numbers. Hence Signal and its clones are not the only best messenger out there.

The US are not sticking to their own laws. At least not if non US citizens are involved. Did you hear about a guy called Edward Snowden? Your answer sounds very naive to me. Industrial espionage is AFAIK not forbidden to US services. Thus consider the (current) US government as hostile and I am not alone. Maybe even some US residents will agree with me.

Onlyfun

JollyRancher Any attempt to go after/target someone based on speech or political beliefs is going to run headlong into the First Amendment.

Disclaimer I'm not going into any political discussion, I just could not pass by above quoted statememt as is.
No offence but this statement is sooo not true/naive. They came after terrorists in Iraq, hailing democracy an human rights, including promoting Saddam to being hang. Wondering which amendment exactly were they following? :))

To the point of this thread. I see simplex way ahead of other messengers, and use it of course, trying my best to move my circles into it.

IcyScroll

cb474 If you're using Simplex on both your phone and the desktop, can you access the same thread with another party from either app (they way you can with Signal)? Or will the desktop app and the phone app appear as separate people in the same chat?

Right now SimpleX Chat does not support multi-device chat synchronization. The way all messengers currently implement multi-device support is bad, this includes Signal. I suggest reading this research paper: https://eprint.iacr.org/2021/626.pdf

Signal doesn't improve in this area, because it considers the threat to be outside of its threat model. SimpleX wants to provide an implementation that protects its users from issues described in the research. This is going to take time.

Currently, it's possible to use SimpleX database from a mobile device via a desktop, but only if both devices are connected to the same local network.
I believe most people using SimpleX network at this time have separate databases for their devices devices. E.g. Bob (laptop) and Bob (phone). This might actually slightly protect against the availability concern @Linux wrote about.

cb474

IcyScroll Thanks for the explanation. I did see the note on the Simplex website about the desktop app synchronizing if you are on the same local network. Does that mean once I link the desktop app to my mobile device that if I leave home, exchange some messages, and come back later, it will continue to work? Or am I going to have to relink every time? (My current technical understanding of Simplex is not very high.)

I appreciate that there are better and worse ways to do this from a security point of view. But I think my threat model is not so high that I am going to worry about it.

JollyRancher

schweizer

The US are not sticking to their own laws. At least not if non US citizens are involved.

The US is generally obeying its long standing laws, its just that most people are very ignorant of what those laws are. A non US citizen outside of the US has zero privacy rights under US law, the NSA and friends are legally able to spy on such individuals to their hearts content essentially at whim. Entry into the US for non citizens is a privilege, and one that can be contingent upon providing full access to your electronic devices and data.

If a non citizen outside the US is using a US based service they don't gain any legal rights but the service itself has them. Whether or not the service chooses to exercise its rights and fight to protect its customers is up to them.

Did you hear about a guy called Edward Snowden?
Yes, what about the traitor? Very little of what he leaked actually violated US law and a lot of it was wholly legitimate NatSec operations.

Your answer sounds very naive to me. Industrial espionage is AFAIK not forbidden to US services. Thus consider the (current) US government as hostile and I am not alone. Maybe even some US residents will agree with me.

That depends entirely on what you mean by "industrial espionage". Its also not, as a practical matter, forbidden to any nations corporate entities. Incidentally, EU firms regularly engage in industrial espionage as well.

Bluntly, today, it is not the US that is going after digital privacy, end to end encryption, or electronic security in general. Its the EU and its member states pushing that.

IcyScroll

cb474 I don't know, honestly. I wouldn't be surprised if it required relinking every time. You'll have to give it a try or ask in the SimpleX users group. Please consider reporting back once you find out :)

DeletedUser495

Ilgar BFU notifications? You certainly have no clue what you are talking about.

Ilgar

DeletedUser495 I could have it with signal before it was abandoned.

silence*

P.S. I'm not sure there even is technical possibility to push notification from encrypted device state, just hope it's possible to trigger generic notification in a main profile BFU.

Ilgar

DeletedUser495 basically what I meant is “Make Molly’s UnifiedPush receiver directBootAware, store whatever it needs in Device Encrypted (DE) storage, so it can show notifications BFU (before first unlock).”

Ilgar

Onlyfun agreed. noone should ever trust u.s.

JollyRancher

Onlyfun
Note the caveats in both that post and more generally that I always add. US legal protections extend to US citizens and to the territory of the US. If you aren't a citizen or in US territory then all bets are off. Likewise, if you end up a direct target of the US NatSec establishment to the point that drone strikes and/or extraordinary rendition are on the table then all bets are off.

If your threat model has active (as opposed to passive) targeting by the NSA, CIA, FBI counter Intel, etc. in it then you should not be asking for messenger advice here.

If your threat model involves federal, state, and/or local US law enforcement becoming aware of you or your non NatSec related legally questionable activities then Signal, SimpleX, Threema, and even Session are most likely more than adequate from a technical perspective. When compromised it is almost always an OpSec issue on one parties end that allows law enforcement to get the messages.

Onlyfun

JollyRancher with all respect, I won't comment on political related part of you reply to keep up with forum's code.

While I agree with your approach to threat modeling, I believe simplex to be a superior choice vs other apps you listed. Not requiring a phone number is big, but it goes way further allowing a separate personality for every new chat to compartmentalize communications as much as you want. Let alone other dings bells e. g. more detailed setup of group chats and etc.

Linux

IcyScroll Correct. Right now its possible to mitigate this concern by sharing per-profile address with your contacts. This link will likely depend on a different server than the one used for receiving messages. This is not foolproof as your contact would have to manually use your address after noticing the failure. There's also a possibility that you would change the address after a server used by your contact (to receive messages from you) had been shut down, rendering them unable to contact you, as the last address that was shared with them would be obsolete.

So the approach is to make 2 connection per conntact, 1 via one time link and one via per profile link?

IcyScroll Having a secure fallback for digital communication is always a good idea. Session might actually be somewhat helpful for this, due to its simple account creation process and no PII needed. However, it's worth noting that Session is nowhere near SimpleX in terms of privacy and security, as its cryptography is far worse than Signal's, to say the least.
Technically even an e-mail address is enough for this, depending on your threat model, of course.

Is there a better option then Session, as a backup to SimpleX, that allows for MITM resistant messaging?
The problem I have with most other solutions like Matrix or XMPP, is that you need to put a lot of trust in the server.
Mainly because at the moment, their is no option to link directly with public keys or at least view the public key of a contact (to verify against a post of this public key on another platform).

I very much appreciate that SimpleX is by default MITM resistant because its places the public key inside the sharing link.

Sevv

Linux session doesn't have port forward secrecy.

IcyScroll

Linux So the approach is to make 2 connection per conntact, 1 via one time link and one via per profile link?

You can connect however you prefer. What's important is sharing your SimpleX address with all your contacts, if you want them able to connect to you again in case something goes wrong in the future.

As for the redundancy approach, you'd have to either create a second SimpleX profile or connect incognito. That's because only one connection to the same contact seems to be possible at the moment. Any additional attempt within the same profile causes existing conversation to be opened.

Linux Is there a better option then Session, as a backup to SimpleX, that allows for MITM resistant messaging?

Anything will do as long as you perform key verification with your contacts. You could even use Tuta, which seems to have rolled out this feature recently. I believe you would be better of using it instead of Session. Tuta plans to implement PFS, Session has stripped it a long time ago.

So in summary, I think these options are good when it comes to addressing the availability concern. Sorted from most to least secure against MITM attacks:

Multiple SimpleX Chat connections and/or sharing your profile's address.
A separate solution with key verification (Signal, Tuta, Briar, Matrix/XMPP, Session, etc.)
Using any traditional e-mail service for sending new SimpleX links in case your existing chats stop working.

Thomas_Classic

You could also use Molly. Which I'd a more hardened version of signal. Personally it all just depends on your threat model and what you are trying to hide from

schweizer

Ilgar I do not understand why anyone would have a sophisticated privacy phone and then want BFU notifications. You can as well disable device encryption and display lock. You gain usability for the sake of security.

Linux

IcyScroll You can connect however you prefer. What's important is sharing your SimpleX address with all your contacts, if you want them able to connect to you again in case something goes wrong in the future.

But isn't the long term link also bound to a specific server?
It also starts with smp[number of a server]

IcyScroll Anything will do as long as you perform key verification with your contacts. You could even use Tuta, which seems to have rolled out this feature recently. I believe you would be better of using it instead of Session. Tuta plans to implement PFS, Session has stripped it a long time ago.

Can I get a public key from Tuta that then can be used for everyone messaging me to verify the connection, without me doing anything additionally?

IcyScroll A separate solution with key verification (Signal, Tuta, Briar, Matrix/XMPP, Session, etc.)

The problem with Signal, (probably) Tuta, Matrix/XMPP is that they all lak an option to verify against a stable public key that can be send/posted one time and then be used by everyone who want to verify the connection.
SimpleX and Session have a public key in the link/ID.

Ilgar

schweizer https://discuss.grapheneos.org/d/37-mollyim/158

DeletedUser499

schweizer I do not understand why anyone would have a sophisticated privacy phone and then want BFU notifications.

Because, BFU is a "thing", so they want it... Whatever it is!
but now it gets in the way of their really important notification that their Bluetooth kettle has just boiled.

« Previous Page Next Page »