Cross-posted from : https://lemmy.ml/post/16566616
Hi, I wanna know what is the most secure and best messaging app/platform... Need an app that is crossplatform and has a very good numbers of features and security. (And it has to be FLOSS) I thought about XMPP clients, Signal, Session, IRC clients.. Propose and explain me your choice
There is no best, because none of them cover every use case or threat model. However, these are worth considering:
- Matrix, if you don't mind minor meta-data leaks (reactions and avatars have not yet been moved to the encrypted channel, IIRC).
- XMPP with OMEMO, if all your contacts are technically skilled enough to manage the requisite clients, servers, and protocol extensions, or if they have a skilled admin to do it for them.
- Signal, if you don't mind linking a phone number to your account, can tolerate an ecosystem effectively married to Google, and accept the risks of a centralized service that can be attacked or shut down by someone with the right access or influence.
reactions and avatars have not yet been moved to the encrypted channel
Fortunetly there is ongoing work to do that. Still admin sees who you are talking to, but there is some effort.
In fact you could say that for now XMPP is the best in your opinion, but a bit technical?
No, I would not say that.
I used XMPP in the past, but long-lived public server support is almost nonexistent these days, and proper setup/maintenance requires too much tech skill for the general public. Also, it lacks modern features that many people have come to expect. I would only suggest it for small groups, and only if you can run your own server and provide tech support.
For my needs, Matrix is the best available today. It covers the things that I find most important, and is constantly improving.
Now you're able to hide your number at different levels, but it still requires you to use a phone number to sign up and use.
You need to understand your threat model. Some apps are very secure but extremely inconvenient and hard to use. Others are more convenient but may not be able to hide the fact of a conversation between certain users for example
If I want convenience for now I would use Signal or maybe Session, but here I want the (almost) most secure thing that I could get
There is always a cost to security. How much you and your recipent ready to pay?
And, what you mean by "secure"? E2EE is basic. How about meta data? Or resilient to DPI? How about correlation attacks?
There can be a milion factors that can contribute to security. You can have it all but I don't know if such thing exist or not. For each factor, you gain some security but loss some in other places. You need to pick and choose what you need.
I wanna get something that could be tweaked like changing the encryption... Something really customizable, maybe running my XMPP server
So you want self hosted? And what you mean by changing the encryption? Changing the encryption protocol and encryption algorithm are two different thing. OMEMO is kind of de facto for XMPP. Last I checked it seems doesn't let you choose the cipher suite like TLS 1.2 dies. You can spin another if you gave the capability to do so but not recommend.
And whatelse you want to tweek?
That would be cool to have a messaging app that let me change almost what I want like the encryption protocol, changing the encryption keys... And so on, don't know if it's possible
Key? Oh, welcome to the land of GPG/OTP where platform and protocol doesn't matter. Good luck finding a friend willing to deal with this just to talk to you though. And loose some important security features like forward secrecy and double ratchet.
This spreadsheet is a very helpful comparison of the different messaging apps. I've been using SimpleX for quite some time now, and the only issue I have is some lag on the iOS client.
This table is really good: https://www.messenger-matrix.de/messenger-matrix-en.html
There is no one best, as we wish there would be. Depends what you want.
XMPP and Matrix are definetly the most based ones, because you are not tying yourself to one particular app and server, they're the common languages. And this is what I would want to use for mass communication and as a base, default.
Signal is nice if those above are not enough developed yet for you. Easy to switch friends into and discover contacts with it's phonebook based nature. But there is no open API for thrid-party apps, only reverse engineering from open source code.
If you don't need calls Matrix has a bridge so you can use both at the same time.There are also the most anonymous ones, like Briar, SimpleX or Session, there is a lot of them. For me their usage is when two or more people want really private chat and both agree on the app. I really can't and don't want to see them as the default.
Delta Chat is quite good, it's an email client thats built like a messenger app. It's E2EE with Autocrypt lvl 1, you can use it with most email services, and they have a self hostable/hosted "chatmail" service that you can also use if regular email services are slowing down the messages (gmail isn't the best for this). It also supports apps and games in chat using the webXDC standard.
"Best" is subjective. I like Signal because it has a great modern UI so I can pretty easily get non techy/privacy people using it.
The other day I found this, using an very old inbuild command line tool in Windows, Mac and Unix: finger
https://happynetbox.com
Write for Example
finger zerush@happynetbox.comin the command line
Not until now, I discovered it only some days ago. I think it's an interesting methode to send Messages ocassionaly, but not so practically in the daily use.
