Since there's a few threads discussing alternative chat protocols, I figured we should attempt to centralize it in order to have a decent discuss the strengths and weaknesses in our preferred clients/servers.
As far as I know this is a fairly complete list of the currently most common chat protocols and applications used by privacy conscious users. If something was forgotten feel free to add.
The long standing champion of ez internet based chats. Not very secure by default.
Currently the most well known/tested privacy conscious chat protocol. Used by many different users around the world for secure communications
Phone based e2e encrypted messaging client and protocol. Trusted by many, has created the new and interesting encryption method known as double-ratchet.
Similar to signal but owned by a Russian, one of the largest private messaging platforms in russia
No.
A fairly new decentralized chat protocol that supports e2e encryption. The main matrix.org server has a CoC as well as pretty poor privacy protections from the server admins. Hosting your own matrix server appears to be safe and is indeed end to end encrypted. More testing needs to be done as the devs don't seem as paranoid about privacy as they should.
A P2P and E2E encrypted chat network based on a DHT, pretty decent but comes with the usual problems of P2P software. Supports groups, voice, and video although the video still sucks.
Fuck you I hope there's more threads about it, it's good to have discussions about things that you depend on and knowing their strengths/weaknesses.
This is on the same level as CVEs needing local access. Not its job to do what Tor/i2p do.
I don't even use it since I have nobody to talk to, but you sound like a shill.
Gavin Miller
Nigger how does P2P software, designed to use your normal IP "leak" your IP?
See
Ethan Carter
ok, kiddo. Keep LARPing
Easton Taylor
...
Zachary Morris
This is a fairly genuine concern but can be worked around with proper opsec in practice. That being said, it'd be nicer if things just werked with tox but it's fairly immature as a platform.
Jose Russell
This is required for deniable encryption. Pick one and only one. You are retarded
Landon Sanchez
Wow such a horrible problem!
Jeremiah Nguyen
Since this thread went to shit already. OP can't inb4 you fucking retard.
Wow rather than declaring samefag you went for a LARP? Haven't seen this defence before I'll need to review my deck to counter this.
Jaxon Phillips
Proof? Protip: You are just a LARPer. Of course you don't have any proof.
stfu LARPer
David Stewart
DISGUSTING FAGGOT. THROW YOU FROM A ROOF.
Owen Gomez
I fucking hate that all chat programs need to have a centralized server of some sort to be usable. There’s literally no way around it to get the modern features people expect from messaging clients.
Juan Ramirez
Glowers don't like decentralized services. Harder to track. They like complicated and feature bloat. Enjoy your voice chat.
Nolan Morales
Well, Tox doesn't and neither does Ring, but I wish they did have a "tracker" option for phonefags who can have trouble participating in a DHT among all the other troubles with phones like idle with cloud botnet for notifications.
Henry Peterson
Just google it faggot. Name EVEN JUST ONE protocol that has deniability without this. But you can't because you are an NSA shill.
Yeah, mobile push notifications really kill it. You can’t do it without a centralized hub that if exists would completely defeat the point of a decentralized messaging platform. These days if you want users, having a good mobile experience is a must. This is why Tox and Bitmessage will remain unused.
I have no idea about this, just wanted to know about the general opinion on this
Evan Wilson
Its founder is currently literally in exile.
Brody Ross
burden of proof. just google it faggot.
not me btw
Levi Morgan
Sure thing, FSB-kun. #FreeDurov
Ryan Wilson
bonus: I bet you guys believe on clowns like Snowden. Lol angry NPC detected. Fodder.
Juan Brooks
based and blackpilled
Cameron Campbell
Webrtc can cause issues with leaking your private IP and creates another web tracking method
Jokes on you nigger I built my own PC from scratch on a ton of breadboards, all of my devices are shielded by tinfoil, plus I live in a faraday cage and I directly interface with my network telling the packets where to go with my thoughts.
James Davis
...
Aiden Howard
The real problem with push notifications are not really a problem of Tox (or other P2P), because it is instant messaging. You get the message in realtime, but Google decided that you need to use their botnet as an app developer if you want to allow your app to wake up from idle and notify the user. You can probably get around it with some battery draining setting like disabling idle or allow an app to have an open connection in idle mode or something like that (hence the need for tracker and not DHT), but as far as I can tell it is something the user must actively do. The App can't ask for permission to do it.
IRC is plenty secure if you don't allow random niggers without SSL to connect
Jaxson Lee
I haven't heard much about briar, is anyone a daily user? Sounds pretty interesting but I don't want just another private mobile only messaging app. I already have one for that and getting people to use signal was hard enough.
Nathaniel Brooks
...
Isaiah Williams
You either don't know what larping is, or you're just a monkey flinging shit around. Previous anons identified problems with protocol technicalities, not claiming to be Cisco engineers or some such shit. Crawl back inside your mother's womb because you clearly aren't ready for the real world yet. Sage for fagposting.
Andrew Adams
Would love some more info on that if you have any?
Aaron Ross
like what? i can't even send plain text over a chat protocol without getting pozzed
Ayden Thomas
LARP
Chase Howard
Modern features like image sharing, embedded images, video, voice chat, multiple channels, etc.
For a pure text-based chat its relatively easy to not have a centralized server but for anything beyond that it's pretty much necessary
No u
Alexander Murphy
How can I get normalfag coworkers to communicate with me securely?
It looks like my best chance is to host a Matrix server with e2e and tell them to use Riot.im. Maybe Signal?
what about convincing boss/IT that its in our best interest as a businnes to switch from email/Slack to a e2e matrix server?
Aaron Perry
Depending on your business/industry you may be able to get them to consider matrix and have people utilize it's bridging feature.
Make the argument that slack is a central point of failure and can go down, also that it's not encrypted/owned by your company.
Switching to matrix would allow your company to host and federate multiple e2e encrypted servers providing redundancy with local and global chat rooms for any and all branches. On top of all that, setting up bridges allows users to choose to use a matrix client or continue using slack or whatever it is you guys use.
Jaxon Martinez
What does Zig Forums think of Riot.im? What does Zig Forums think of self-hosting a E2EE Matrix server and using Riot's desktop client? (I believe it is the web client + electron. I don't know shit about that)
Telegram is currently the best compromize between security and features, use a burner phone to make an account and use tor which you probably should do on every IM client anyway and it's perfect
Luke Parker
No it isn't. Riot.im > Wire > Signal >>> Telegram. Telegram is fucking garbage.
Ryan Clark
what 2 ore 3 support e2e ? I know only about the electron one, nheko has a warning about it and it's unmaintained
Austin Flores
Riot has decent clients but the built-in opt-out analingus is annoying, riot collects the names of private matrix servers because you need to log in before you can opt you.
Cooper Gomez
It's funny because in terms of not being buggy shit your comparison order there is exactly the opposite of reality.
Hunter Martin
Matrix leaks your IP to any server you use and they can record exactly when you talked to someone and who they are forever. As the old fed said "we kill people based on meta data".
Isaiah Myers
t. Government
Jaxson Collins
Look faggot it is simply a matter of fact that every open source messenger is in particular buggy shit. That being said, you should use them because the alternative is botnet bullshit.
Charles Gonzalez
You have no idea what you're talking about but it's okay, it's not your fault you're retarded.
How else do you connect to the fucking server you gigantic fucking moron
First off, matrix is a fucking protocol. Secondly you can host servers that use matrix yourself and secure them yourself. Are you concerned about you having your own fucking metadata?
Jesus fucking Christ go back to school
Jack Cruz
p2p does not leak your meta data to a server that records everything you do A bad one that leaks your meta data to one party Ah yes like hosting your own email server that always works so well. Not really, but the cloud provider I host it on (UK internet is bad) will have it 2. Find a better protocol faggot
Evan Morgan
Nice larp
Gabriel Long
p2p does not leak your meta data to a server that records everything you do, only the friend you are talking to knows who / when / ip. A bad one that leaks your meta data to one party Ah yes like hosting your own email server that always works so well. Not really, but the cloud provider I host it on (UK internet is bad) will have it 2. Find a better protocol faggot
Thomas Robinson
ok larper whatever
Julian Flores
Come on, autist. Tell me which bugs wire and riot have?
P2p programs "leak" your IP so others may connect to you. Why do retards keep spouting this as a security concern? Did we get invaded by redditors who don't understand basic networking? Doesn't it also support Tor so you don't even need to worry about that?
Jace Russell
Wow, kys
Landon Russell
Trolls, idiots, and government agents keep repeating these shit arguments. Tox is a chat network that doesn't rely on people maintaining a server, a central location to host a chat forum. The way to make this work without a server is through P2P networking techniques. You can tunnel your Tox connection through Tor if that's what you really want.
Jason Cooper
Oh god you dumb retard let me filter for bug tags for you: github.com/vector-im/riot-android/labels/bug Yes user I can lookup 2 more git repos for you. I guess that would be above your ability.
Logan Bailey
...
Charles Ramirez
...
James Fisher
< Most of the servers don't require STARTTLS for S2S, and when they do, they don't check the certificate validity.
Charles Perez
< Requires a phone number < You only need an SMS confirmation to log in from a new device (by default) < Therefore server has the encryption key for most of the chats
Caleb Peterson
>< Therefore server has the encryption key for most of the chats Not how any of those systems work. They use something similar to the signal protocol. A new device generates a new key. A new device cannot decrypt old messages (unless your old device sends the key to the new device). Users then get your new key sent to them (you can validate that it is actually yours manually) and they begin to encrypt all messages to you with the extra device key.
John Watson
What about Ricochet/TorChat ?
Lincoln Kelly
TorChat was abandoned over half a decade ago. It's 100% unsafe. Looks like ricochet isn't maintained anymore either. The last commit and update were over a year ago.
Caleb Taylor
Shit, I thought there were forked. I used to talk to some BOs via Ricochet. I guess I should use Tox or XMPP, now.
