Cross-posted from : https://lemmy.ml/post/16566616
Hi, I wanna know what is the most secure and best messaging app/platform… Need an app that is crossplatform and has a very good numbers of features and security. (And it has to be FLOSS) I thought about XMPP clients, Signal, Session, IRC clients… Propose and explain me your choice
- SimpleX is libre software and the most decentralised voice chat here.
- Briar is libre and the most decentralised but is missing voice chat.
- XMPP and Matrix are libre software and federated/decentralised. XMPP servers use far less resources, so creates more decentralisation than Matrix in practice.
- Signal is libre and more popular but centralised, acceptable.
- Avoid Threema’s app which requires a service as a software substitute.
SimpleX doesn’t need a phone.
The desktop app can run standalone or linked to the phone-profile (but the phone must stay connected for that).
They also have a CLI version (which you can use as a central hub for your profile).
SimpleX isn’t able to share your profile-data between devices. Instead you connect with e.g. the desktop app to the phone to use the phone-profile, but it need to stay online, which can be inconvenient.
With the CLI version you are able to run it on some (private) server and then connect the phone and desktop app to it. But it is still not really convenient, as you need to establish a tunnel (for example SSH port forwarding) to the server (the clients don’t support connecting via internet URL the last time I checked).
SimpleX
There is no best, because none of them cover every use case or threat model. However, these are worth considering:
- Matrix, if you don’t mind minor meta-data leaks (reactions and avatars have not yet been moved to the encrypted channel, IIRC).
- XMPP with OMEMO, if all your contacts are technically skilled enough to manage the requisite clients, servers, and protocol extensions, or if they have a skilled admin to do it for them.
- Signal, if you don’t mind linking a phone number to your account, can tolerate an ecosystem effectively married to Google, and accept the risks of a centralized service that can be attacked or shut down by someone with the right access or influence.
In situations where your safety depends on anonymity from the powerful or well-connected, I would instead look for a messaging system tailored for such things. (It would, of course, require giving up some convenient features that most of us expect from a general-purpose chat platform.)
As far as I know you still need a phone number to create an account. But for connecting you can use the new usernames (and make sure to disable automatic number sharing with contacts in the settings).
In fact you could say that for now XMPP is the best in your opinion, but a bit technical?
No, I would not say that.
I used XMPP in the past, but long-lived public server support is almost nonexistent these days, and proper setup/maintenance requires too much tech skill for the general public. Also, it lacks modern features that many people have come to expect. I would only suggest it for small groups, and only if you can run your own server and provide tech support.
For my needs, Matrix is the best available today. It covers the things that I find most important, and is constantly improving.
but long-lived public server support is almost nonexistent these days
Uhm, that is untrue, especially compared to Matrix where multiple public servers recently had to shut down because of excessive server resource use.
But yes, like in any healthy federation it is better to run your own XMPP server.
For beginner self-hosters Snikket’s guide is even less work than others, but ejabberd/Prosody are easy to setup up compared to most software. General public is generally out at needing their own server even if the system requirements for XMPP incredibly minimal & many would have access to hosting at home on the cheap with dynamic DNS & basically anything with a processor + a Linux distro.
Not sure what the modern feature support you are talking about tho. Some clients already have stickers, reactions, threading… but the ‘X’ is for ‘extensible’ so it is all meant to be optional on purpose so it is easier to implement clients & democracy wins on features that clients decide are worthwhile to uptake (at least now that Google is out of the picture dictating too much)–& you have community-ran compliance suites for server features like the one for Conversations. Having used a couple of Matrix clients that aren’t Element, the fragmentation of client feature support is literally just as bad–except there is a lot less maturity due to age.
Where your friends are?
Yup. Reality. No point using a hyper secure chat system if literally nobody you know is using it.
My friends knew I was using it. I said why with very simple words, focused on freedom and abuse over side effects, privacy and security, and they joined. I guess having friends who actually respect you helps a lot.
We should be glad that WhatsApp with E2EE is what people jumped to, instead of Facebook Messenger
WhatsApp is part of Facebook. You really think they operate differently?
SimpleX is quite a promising project, uses Double Ratchet End-to-End-Encryption (from Signal), and has a very interesting protocol and model to provide quite strong metadata protection, especially in regards to whom you talk to and groups you’re in.
If your threat model requires exceptionally strong Metadata protection, SimpleX is probably going to be your go-to
Though, for a more lenient threat model, where still good, but less laser-focused metadata protection is enough, Signal will probably do just fine.
Personally I use Signal, but I also have a SimpleX Profile, an XMPP Account and Matrix. (preferred in that order)
