this post was submitted on 16 Dec 2023
28 points (91.2% liked)

Privacy

31998 readers
967 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hi,

I'm looking for an instant messaging ( IM ) ~~apps~~ software/protocol that run on Android and computer

and meet the following requirements :

  • Open source !
  • E2EE
  • Messages are send in direct ! (not passing by a server)
  • handle group
  • Truly private ! ( That's the tricky part )

 

The closest that I've found is Briar

  • +can work without internet ! (bluetooth, local wifi, files !)
  • + use TOR
  • - Mutual party have to exchange key (or your can introduce someone)
  • - sending media suck for now, poor image quality
  • - no call or voice messaging

 

I've been looking for alternatives:

  • ~~Session~~
    • Sadly it keep ALL the conversation into server !!! so it's a no go.
  • speek
    • I didn't try it yet, any feedback ?
  • simplex
    • it look very promising ! (didn't tried it yet)
    • + seem to handle multiple profile in one !
    • + do not require that both party send an invitation !
    • ~~! I didn't found (yet) if the messages are send in direct or pass by a server..~~
      It's not P2P all the messages pass by servers.. too bad.

All post about alternatives or experience with the one that I cited are welcome.

you are viewing a single comment's thread
view the rest of the comments
[–] Gordon_F@lemmy.ml 1 points 8 months ago* (last edited 8 months ago) (2 children)

A little update.

I've just tested simplex on Android.

it's very well thought out ! The features make sense. UNFORTUNATELY it's not P2P ! all the messages pass by their servers :'( with Briar it's P2P.... weirdly they claim their way is better than P2P ! any comment on that ?

In my point of view, if messages are stored somewhere it's mean the can be process[^1] !

Cheers.

edit: lemmy link to their community !simplex@lemmy.ml

[^1]: Copied, analyzed, cracked (Brut force or what ever)

[–] Quexotic@beehaw.org 3 points 8 months ago (1 children)

It sounds like you're assuming that everything you put out there isn't already being stored.

https://www.eff.org/nsa-spying

[–] Gordon_F@lemmy.ml 1 points 8 months ago* (last edited 8 months ago) (2 children)

Thank you very much @jet@hackertalks.com & @Quexotic@beehaw.org

The EFF article is really interesting for everyone. ( I was aware of this )

Indeed no one should assume that his packets are not intercepted along the road. But conceive an software that on top of that, specifically route the traffic trough his server not make it better (on the opposite in my opinion)

Even if the owner of those server do not process the data... ( This is relying on blind trust) those servers might be breached. (in addition to the systemic data recording, like in the EFF article )

Let put it simple, is SimpleX offer on the actual Internet (can't wait the next gen, GNUnet or anything similar) a similar level of Trust & privacy than Briar ?

[–] Quexotic@beehaw.org 1 points 8 months ago
[–] Gordon_F@lemmy.ml 1 points 8 months ago

I've did some more digging.

and Briar still remain better at security level !

The big downside of SimpleX is that it's not P2P and IP correlation by watching your traffic is possible.

SimpleX recommend to use Tor on top of it with for example Orbot. That's a good idea, but not the best to convince none-tech folks to adopt it. (it's already so hard to change peoples habit... ) Tor should be embedded.

As soon Tor is embedded I will migrate to it. SimpleX have nice thought features and it's easy to use.

[–] jet@hackertalks.com 1 points 8 months ago* (last edited 8 months ago)

Direct peer-to-peer connections giveaway your IP address to the person you're communicating with. Meaning anybody observing the network can see two people are specifically communicating with each other. Briar attempts to get around this by using Tor to obscure it.

But briar is using Tor as a relay, just like simple x does. The architectures are very similar from that lens.

To your threat model, ideally data does not rest on the network, but you have to assume any data that hits the network is being recorded by a bad actor to be analyzed later.