The world seems to be shocked by the news that WhatsApp turned any phone into spyware. Everything on your phone – including photos, emails and texts – could be accessed by attackers just because you had WhatsApp installed [1].
This news didn’t surprise me, though. Last year WhatsApp had to admit they had a very similar issue – a single video call via WhatsApp was all a hacker needed to get access to all of your phone’s data [2].
Every time WhatsApp has to fix a critical vulnerability in their app, a new…
This is an article written by telegram’s founder and CEO Pavel Durov in 2019 on “Why whatsapp will never be secure”. Your thoughts?
Both WhatsApp and Telegram suck. Just like any other messenger that’s either proprietary or not end to end encrypted. Signal is clearly the best choice.
Signal is not the best choice, it’s just a somewhat aceptable middle ground. I prefer something that doesn’t require a phone number and something you can self-host, like XMPP.
Good luck convincing normies to use some obscure messaging protocol. It’s difficult with Signal, even harder with Matrix, basically impossible with XMPP. 99.99999% have never in their life heard about XMPP. Also most mobile clients absolutely suck. You also can’t get proper push notifications without completely ruining your battery life. What a great choice!
Conversations is only available on Android. And that’s the problem. You need different clients on different plattforms, etc. It’s just a mess. Some clients don’t support encryption and everything is just unnecessarily complicated, especially for new users. You can’t just tell someone “let’s chat on XMPP”. You need to explain to them what XMPP is, what app to download depending on what OS they use, tell them how to set everything up, etc, etc…
Signal is definitely not perfect, but it’s the best known private messenger and doesn’t compromise on privacy and security. It’s very simple to use, the setup process is basically the exact same as on WhatsApp or Telegram, it has good clients for every platform and they have operated safely with a great record for over 10 years.
I understand that other solutions might be better in theory, but if we keep suggesting a new obscure and hard to use messenger to noobs, they will never make the switch. In order to get more privacy for ourselves and the (potentially less technical) people we need to communicate with, let’s just get them to use something simple and private like Signal.
Yea, ive gotten pretty wide adoption from friends and family on Signal, but id love to have a comparable product with even more features/security/privacy
Matrix may get there eventually, but for now its Signal.
When it comes to clients being not fully compatible - I understand where there might be a problem, but I personally never encountered it. Conversations covers Android, and Gajim is on both Windows and Linux. In my experience, they work just fine with each other, and Android+Windows+Linux covers the majority.
I do use Signal with a few people who refused to use XMPP, but I’d disagree they have good clients for every platform. Because the desktop one essentially doesn’t work without a smartphone. Registering in something like Waydroid doesn’t allow binding a desktop client because it wants to scan a QR code, and Signal-Cli just didn’t work with binding a regular client. So I am stuck using the inconvenient Signal-cli, because the only alternative I saw so far would be using it on Waydroid, which is even less convenient. Not to mention that the client itself is on Electron.
The major clients now do have OMEMO. Yea, I agree it’s flawed but that’s so far it’s the one I settled on. Do you know other, more refined selfhostable solutions? I am now looking for development there but doubt I’d get few people that I already got there to switch again.
Not aware that there is a modern decentralized secure and private chat protocol. Sadly.
I also am not aware of any developmenta of something like that, so XMPP is the best we got (for decentralized open widly supported protocols)
I know that a lot of clients do encryption of the message body by default, but it still leaves a lot of stuff in plain text (afaik).
Both WhatsApp and Telegram suck. Just like any other messenger that’s either proprietary or not end to end encrypted. Signal is clearly the best choice.
Signal is not the best choice, it’s just a somewhat aceptable middle ground. I prefer something that doesn’t require a phone number and something you can self-host, like XMPP.
Good luck convincing normies to use some obscure messaging protocol. It’s difficult with Signal, even harder with Matrix, basically impossible with XMPP. 99.99999% have never in their life heard about XMPP. Also most mobile clients absolutely suck. You also can’t get proper push notifications without completely ruining your battery life. What a great choice!
I don’t see a big difference, the hardest thing by itself is convincing someone to install one more program or app. Also Conversations does not suck.
Conversations is only available on Android. And that’s the problem. You need different clients on different plattforms, etc. It’s just a mess. Some clients don’t support encryption and everything is just unnecessarily complicated, especially for new users. You can’t just tell someone “let’s chat on XMPP”. You need to explain to them what XMPP is, what app to download depending on what OS they use, tell them how to set everything up, etc, etc…
Signal is definitely not perfect, but it’s the best known private messenger and doesn’t compromise on privacy and security. It’s very simple to use, the setup process is basically the exact same as on WhatsApp or Telegram, it has good clients for every platform and they have operated safely with a great record for over 10 years.
I understand that other solutions might be better in theory, but if we keep suggesting a new obscure and hard to use messenger to noobs, they will never make the switch. In order to get more privacy for ourselves and the (potentially less technical) people we need to communicate with, let’s just get them to use something simple and private like Signal.
Yea, ive gotten pretty wide adoption from friends and family on Signal, but id love to have a comparable product with even more features/security/privacy
Matrix may get there eventually, but for now its Signal.
Agree
When it comes to clients being not fully compatible - I understand where there might be a problem, but I personally never encountered it. Conversations covers Android, and Gajim is on both Windows and Linux. In my experience, they work just fine with each other, and Android+Windows+Linux covers the majority.
I do use Signal with a few people who refused to use XMPP, but I’d disagree they have good clients for every platform. Because the desktop one essentially doesn’t work without a smartphone. Registering in something like Waydroid doesn’t allow binding a desktop client because it wants to scan a QR code, and Signal-Cli just didn’t work with binding a regular client. So I am stuck using the inconvenient Signal-cli, because the only alternative I saw so far would be using it on Waydroid, which is even less convenient. Not to mention that the client itself is on Electron.
deleted by creator
Jami with unifiedPush notifications is a pretty good option
deleted by creator
You mean that XMPP protocol which is not encrypted by default? Oh yes you mean that.
XMPP would need to be redesigned from ground up as a secure and private messaging protocol to be a valid choice.
XMPP has it advantages but to many cry out that it is the savior when it is not. We need something better.
The major clients now do have OMEMO. Yea, I agree it’s flawed but that’s so far it’s the one I settled on. Do you know other, more refined selfhostable solutions? I am now looking for development there but doubt I’d get few people that I already got there to switch again.
Not aware that there is a modern decentralized secure and private chat protocol. Sadly. I also am not aware of any developmenta of something like that, so XMPP is the best we got (for decentralized open widly supported protocols)
I know that a lot of clients do encryption of the message body by default, but it still leaves a lot of stuff in plain text (afaik).