this post was submitted on 03 Oct 2024
93 points (86.0% liked)

Privacy

32442 readers
816 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I've been inspecting this topic quite a lot and I'm a little confused now. So, we have reasons not to use Signal, reasons not to use Matrix, there were also some claims about Session being a fraught. Briar is mostly activists related (not very suitable for daily use), XMPP lacks good clients and suffers from fragmentation of protocol standards implementation, SimpleX is too feature-incomplete (no UnifiedPush support, big battery drain on Android, very decent desktop client without any message sync). I can't say a lot about Threema or Wire, as I'm not very familiar with them.

So, my question is — is there any good private messenger at all? What do you think is the most acceptable option?

EDIT: In addition to my post:

All messengers have their flaws, I'm well aware of that. I was interested in hearing users' opinions regarding these shortcomings, not in finding the perfect messenger. I may have worded my thoughts incorrectly, sorry for that.

you are viewing a single comment's thread
view the rest of the comments
[–] mox@lemmy.sdf.org 8 points 2 months ago* (last edited 2 months ago) (1 children)

There are a few that do a good job of protecting our messages with end-to-end encryption, but no single one fits all use cases beyond that, so we have to prioritize our needs.

Signal is pretty okayish at meta-data protection (at the application level), but has a single point of failure/monitoring, requires linking a phone number to your account, can't be self-hosted in any useful way, and is (practically speaking) bound to services run by privacy invaders like Google.

Matrix is decentralized, self-hostable, anonymous, and has good multi-device support, but hasn't yet moved certain meta-data into the encrypted channel.

SimpleX makes it relatively easy to avoid revealing a single user ID to multiple contacts (queue IDs are user IDs despite the misleading marketing) and plans to implement multi-hop routing to protect meta-data better than Signal can (is this implemented yet?), but lacks multi-device support, lacks group calls, drops messages if they're not retrieved within 3 weeks, and has an unclear future because it depends on venture capital to operate and to continue development.

I use Matrix because it has the features that I and my contacts expect, and can route around system failures, attacks, and government interference. This means it will still operate even if political and financial landscapes change, so I can count on at least some of my social network remaining intact for a long time to come, rather than having to ask everyone to adopt a new messenger again at some point. For my use case, these things are more important than hiding which accounts are talking to each other, so it's a tradeoff that makes sense for me. (Also, Matrix has acknowledged the meta-data problem and indicated that they want to fix it eventually.)

Some people have different use cases, though. Notably, whistleblowers and journalists whose safety depends on hiding who they're talking to should prioritize meta-data protection over things like multi-device support and long-term network resilience, and should avoid linking identifying info like a phone number to their account.

[–] ReversalHatchery@beehaw.org 1 points 2 months ago (2 children)

Matrix is decentralized, self-hostable, anonymous, and has good multi-device support, but hasn't yet moved certain meta-data into the encrypted channel.

yet? do they have plans? I'm (relatively) a fan of their platform because of federation, but I thought that it's not really possible, or at least a very much lot of hard work and even more to change that

[–] possiblylinux127@lemmy.zip 1 points 2 months ago (1 children)

I think the hardest part is the DNS and federation

[–] ReversalHatchery@beehaw.org 1 points 2 months ago (1 children)

I don't understand, could you reword it?

[–] possiblylinux127@lemmy.zip 1 points 2 months ago

DNS requires public records and the federation meets sharing information between lots of servers.

[–] mox@lemmy.sdf.org 1 points 2 months ago (1 children)

I don't remember the statement in the bug report verbatim, but it indicated that they intend to fix it, which is about what I had previously seen on other issues that they did subsequently fix. I expect it's mainly a matter of prioritizing a long to-do list.

I can't think of a reason why it wouldn't be possible. The protocol is continually evolving, after all, and they already moved message content to an encrypted channel that didn't originally exist. Moving other events into it seems like a perfectly sensible next step in that direction.

[–] ReversalHatchery@beehaw.org 1 points 2 months ago* (last edited 2 months ago) (1 children)

I can't think of a reason why it wouldn't be possible

I was in the impression that the protocol was designed with that in mind that the server can do certain things in response to certain other things happening. I think the room membership management part of the client spec writes about this.

But yeah, this can probably change, especially that they are now doing versioning

[–] mox@lemmy.sdf.org 1 points 2 months ago

Worth mentioning just in case you're not aware: versioning is present not just on the protocol spec, but on individual rooms. That ought to ease any semantics changes that might be needed.