[deleted]

There are not vulnerabilities, there are features suited for governments.
All apps has vulnerabilities, In terms of security nothing is perfect, It is more interesting for an attacker to waste time looking for bugs in widely distributed applications than in a minority one.

Icecube
The average user is never going to use Dino on their desktop and Conversations on their phone. Most other clients are the same on both.

    Javcek Session is pretty decent but has some bugs. I use it occasionally but the biggest issue for any secure messaging platform is if I only have one or two contacts on it and everyone else I talk with can't be bothered to use it, there's little value. I use signal, session and even whatsapp, they have their own strengths and weaknesses but are all far superior to sms.
    I like signal, it has a larger user base, a low barrier for entry and despite a lot of concern about having to provide a phone number, is quite secure.

      My family and I have been using Session for a year or so.

      All in all, we prefer Signal, for fewer annoying things, but like the onion routing and the no phone number requirement of Session.

        However, I will try Session again. It doesn't require any registration and that's what I care about most. It doesn't make it a problem for me to set up an account on Matrix but for my family members it would be an added inconvenience.

          • [deleted]

          Javcek set it up for them, all they have to do is use it. No excuse.

          I have set up a matrix server to use with my family. It runs great !

          Olvid How long have they been in the game? Safe to use?

          Which messenger for the moment that are user friendly is best for privacy, security and is anonymous? (You can say Signal too if no phone number was required)

            I like the approach Snikket is taking. It's not reinventing the wheel. XMPP, which is very well tested, robust, lightweight and has proven it can be extended for new usages as the world evolves throughout the years. With OMEMO for robust, secure and private E2EE. Built on top of existing popular server (Prosody) and clients (Conversations and Siskin) and contributing back to upstream. All with a consistent branding for easier adoption by non techies. I wish it was more popular so that it coul get more funding, collaborators and a larger ecosystem for easy deployment of servers etc.

            I wish all the effort that was spent towards building the bloated, complex and complicated Matrix would have been spent extending XMPP further, building more servers, clients and gateways.

              brightjob4495 May i ask, could you mention some benefits of XMPP over matrix? I do not know neither very well, i only heard that they are similar

                brightjob4495 Finally some sense, there is imo nothing better than XMPP.

                Why XMPP?

                Server entity and app entity are 2 different things, reducing any kind of supply-chain attacks since the signing keys of the server are not the signing keys of the application.

                XMPP server (prosody) can be hosted as a hidden service on the Tor network, making it impossible for someone to locate the physical server. Perfect for anonymity use-case. In this use-case XMPP becomes onion routed and you cannot leak your IP address.

                XMPP doesnt need any identifying information from the client, you simply need to make a username@servername,something and create a password. That's it! No phone number, no email, no nothing!

                XMPP is very lightweight and doesnt need a lot of resources to host the server on unlike matrix, a simpel VPS or raspbery pie is enough to host the server on for thousands of users.

                XMPP has the ability for END 2 END encrypted chats and file sharing thanks to OMEMO, which is a Signal fork and audited. XMPP supports OMEMO for private chats and also for private group chats!

                XMPP has also the option for federation by enabling server2server connections, though for those who want privacy they can disable that of course.

                  Hathaway_Noa Well i must say you got me interested there, could you please provide me with a link as to how to setup an onion xmpp?

                    Signal recently announced new "quantum resistant" features.

                    Hathaway_Noa

                    OMEMO, which is a Signal fork

                    I'm definitely curious - what might it look like for OMEMO to inherit these "quantum resistant" features from upstream?