This is an official discussion thread linked from the www.privacytools.io website. This thread can be used for troubleshooting, questions, discussions and if you look for alternatives.
Wire has became the least bad option with E2EE and multiple devices for me which is why it has replaced WhatsApp for my communication with family.
I wish I could use XMPP, but it’s missing nomadic identity and I would feel stress maintaining it, so Wire seemed to be the biggest name that seems OK and who isn’t likely to disappear tomorrow. I do also support other IM platforms, even if my family isn’t on them.
I was drawn towards Signal, Riot/Matrix, and Wire (and Threema but it’s paid and I want anonymity). After really struggling to divide them, I am decided on Wire (I think!). Signal is based in US and being so big and “endorsed by you know who” I have my suspicions about it (rightly or wrongly). I also need the best features I can get as I need voice, video, screenshare etc if poss. I was put off Matrix by the fact that no matter how many sites I find talking about it, they ALL seem like programmer level people. It just seems like the techie’s option, but a friend recently told me Riot is actually easy to use. I may therefore take a look at that.I am yet to try Wire or Riot but will install both.
I would be grateful for any votes towards any of these (or any others). I have to mention SafeSwiss - this looks EXCELLENT, but I tried the windows version and there are no audio alerts working for me. I also need a Mac compatible UI so I will wait and hope they develop that further as it looks great.
For my more secure machine, I was told Tox chat is the best for anonymity. I tried it once but it was horrible to use and I had loads of bugs. It was ok for text chat, but for calls it wasn’t usable for me. Can anyone suggest the MOST anonymous/private messenger platform for a secure machine perhaps running Tails or just Linux on a librebooted machine?
i think the “experimental” thing can be dropped on https://www.privacytools.io/software/voip/ - it looks like Tox is being marketed as stable now???
i’d be interested in peoples opinions regarding Tox
I am under impression that Matrix is using Jitsi Meet especially for group calls, but I don’t know are you trying to replace chat or 1:1 calls or them all, I haven’t tried calling in Wire or Signal, but Riot/Matrix is very heavy especially if you have a lower end phone like my Nokia 1. Also I don’t like Threema being closed source.
I also used to use Tox with my partner and the experience was horrible as it was missing support for multiple devices and often using a lot of battery and data. In the end we replaced it with XMPP server (edit3: this happened maybe two years ago, so I hope Tox has improved since then) ran by their friend and they are an admin. I guess my list would be:
- XMPP with technical users (or if you aren’t worrying about the server going down or burden of admining it)
- It’s said to leak some metadata (I don’t remember which exactly) to the server and your contacts, but you could connect to it over Tor and Tails ships with Pidgin (I hope in the future it will be Gajim), but Matrix/Synapse stores everything you do on the server forever so I guess that isn’t a problem for you (or you are unaware of it).
- Wire with not-technical users (my family) or users whom aren’t trusted with my phone number (it’s easy to say my username is
Mikaelaon Wire.com, I feel a bit paranoid with saying my phone number is
- However it also stores some metadata plaintext-accessible such as list of people you have contacted on Wire and possibly your groups (which Signal doesn’t even know about).
- Edit: I forgot to say that for some reason Wire rejected phone numbers of two of my family members on different days (and weeks) at first, so both originally registered by email and added phone numbers afterwards. I don’t know what caused that or if it was just temporarily, but it may be a too big step for some people and possibly a point for Signal
- Signal with whoever uses it and actively recommend it to current WhatsApp users.
- As I said, I don’t like phone number requirement
- I don’t like having a single master device either, even if linked devices keep working when your phone breaks) is a problem for me, I have had two family members cut out of WhatsApp group due to breaking mainboards or other technical problems (one of them was my grandmother who was calling or sending SMSes to some people about not having WhatsApp working, so please no single-device tied accounts for me, with Wire I could tell her to install it on her computer or login on the web app).
- But still, but it’s easy for anyone familiar with WhatsApp as it asks the same things (so people are probably easier to migrate on it), and they have actively worked to decrease metadata they see and everyone agrees it to be the most secure option, so I guess I have to support it (+ after I left WhatsApp, some of my contacts were there already ) .
Edit2: Wire requires Android 4.2+ while Signal requires Android 4.4+, I don’t know if this affects anyone, but some people in my circles price physical keyboards above everything else in a phone and thus have funny Android versions.
My answer seems to have gotten a bit messy, but I hope it will be of any help to you.
Tox was pretty ‘alpha’ 2 yrs. ago - i tested it recently and i liked it - then again, there’s several UIs for it, so some might not be quite as good - i think qTox is the most popular and polished
Wow. thanks for such a great response Mikaela.
A few things I should have said:
- I don’t use smart devices (I have them but rarely use them). I am a desktop (mac or win) only. Soon to be linux/tails - so “heavy” wouldn’t bother me really.
2.XMPP - I have heard this mentioned but have no clue what it is or how to use it. It sounds like a tech only thing where you have to set up servers etc, if so that won’t work for me. Maybe in the future, but I am hoping the new splurge of apps will come up with decent options for secure chat, I really have high hopes for Safe Swiss.
Wire stores metadata - Yes that’s what I learned too. It put me off it for a while, but after going around in circles for many months I found it’s the lesser of two evils. I don’t much mind if they can see WHO I talked to (i would rather they didn’t but its not a deal breaker for me), so long as they can’t see the content of the messages (unless I am targetted big govt for some reason, which I shouldn’t be as not doing anything illegal. I just want my FU**ING PRIVACY!
Tox - Yes, I should have said I tried all the UI’s, including qtox and utox. Both had problems. It was around 6-12 months ago so I may try again. But I don’t see it ever being as slick as the real Skype competitors like Signal/Wire/Threema/Riot
Do you think Wire is more privacy-respecting than Riot, or vice versa?
Thanks again, I have a warm feeling being a member here now. I researched this stuff for a very long time and I have plans to learn how to build totally secure machine. I have children and wife and I don’t want their browsing habits, video watching preferences etc stored for EVER if I can possibly help it. So I plan to get several Thinkpads running libreboot and a privacy OS. Then they can surf in SOME privacy at least, and make it harder for the data thieving bastards to build profiles, shadow profiles, etc etc.
On that note, that’s another big question - OS. I was decided on Qubes after doing research, but I was recently reliably informed that, whilst it’s GREAT in many ways, it has ONE major flaw in that it isn’t immune from Spectre/Meltdown attacks, meaning it’s as wide open as windows if someone really wants to get into my machine or spy on it. I am therefore a bit lost on the options for OS, best I can think of is Trisquel, any thoughts welcome!
Lenovo owns the Thinkpad line and, far as i’m concerned, they are now garbage - i bought a TP just after Lenovo acquired it - i had to replace a cooling fan in about a year and the power wire for the display burned off the connector and had to be re-soldered after about 2 yrs.
i might suggest taking a look at boutique laptops, such as Clevo/Sager - just make sure that whatever you choose can run the regular, vanilla, downloadable version of the proprietary video driver from Nvidia (not the OEM version) if you’re going to use the proprietary driver (i think AMD is pretty much not a choice for Linux OSs ???)
i don’t know a lot about Spectre or Meltdown, but afaik these are hardware bugs in a big pile of mostly Intel processors but i think AMD is affected too
Intel is not going to recall boat loads of CPUs, so it’s left to patches which apparently inhibit performance and i believe this has been addressed in the newer Linux kernels
oh, and there’s these too, but only a 15" screen it looks like - pretty sure there’s open architecture stuff available as well, but you’d have to look
In that case I might close Signal out.
It’s a ~twenty years old still developed federated chat protocol (which also powers many games etc.) and possibly the biggest competitor of Matrix. I listed it as technical, because everything requiring username/password instead of phone number (or even email) seems to be too difficult for average user and I don’t want to take the risk of the server I pick for family going down for a long time or something so Wire seemed like a good compromise between everything.
In reality there are many good XMPP clients and servers, I recommend checking XMPP.org’s getting started page which has links to two public server lists.
As a client I wish to mention Gajim and Dino on desktop and if you used a smartphone Conversations (free on F-Droid, small fee on Play Store) and on iOS Monal or ChatSecure (I have no personal experience).
As a server, the one I referred to earlier is blesmrt.net (page in Czech), Disroot has mostly closed Matrix in favour of XMPP and in my opinion Trashserver.net looks good and one of my contact has good experience with it (however it didn’t support the push XEP last time I heard, so it’s not a good option for iOS (or if you want to use Play Store Conversations with Play Services)).
The illusion of difficulty comes from XMPP being so modular that it fits many purpouses and you can pick the XEPs you want ignoring some that you don’t need (while I have understood Matrix to require you to implement everything no matter what you are doing). I also recommend checking compliance.conversations.im for a list of the XEPs Conversations recommends which I think is everything basic you expect from a IM client on mobile age.
I think there also previously weren’t any compliance suites (technical document) that told client and server developers or admins which features they want to support in order to support e.g. smartphone users.
We are the same here, I think Wire has the best compromise between usability and metadata and if you want to be entirely free of metadata, you would need Ricochet/Cwtch/Briar or similar and good luck getting your family on it (even if my mother said that she is awaiting with excitement on which platform I am moving everyone to next ).
I find it a bit difficult question. Both are open source and I think both want to fix their issues with metadata as much as they can.
At the time of writing, I don’t think Wire has developed federation yet, so the easiest comparsion would probably be Wire vs chat.privacytools.io and Wire is easily someone faceless and PTIO is mainly @Jonah whom you have seen around and possibly chatted with multiple people on
#general:privacytools.io so you can ask yourself which are you trusting more?
Wire has a central control and may be storing metadata for less long time than Synapse, but Matrix sends the message and possibly metadata to multiple servers (diagram/how does Matrix work) so it becomes a question on do you trust Wire or server admins whose servers are in the same rooms as you are? (If I may compare to XMPP again, XMPP multi user chats aren’t federated yet, but MIX is coming with that feature.)
My main Matrix account is on PTIO server, but I have avoided having to think about this deeply, because it performs so badly on my phone (and drains battery and my family has even worse phones), the desktop app seems to freeze for me more often than those of Signal, Wire and Keybase and the signup is not as easy as phone number. Unrelatedly I also find the interface somewhat addicting and myself endlessly scrolling between rooms or checking if there is new activity (like some do with Facebook/Instagram), so I have removed the app even on my more capable Play Serviceless phone.
@blacklight447 is the resident Qubes person, I think it would have those patched in this time, but I am personally not using it (I cannot find the energy or time to move from Debian which I am used to). We have an issue about listing gNewSense where I brought the issue of CPU vulnerabilities which are generally handled by nonfree microcode and until how do gNeswSense and Trisquel handle those is known, I think Trisquel will be vulnerable for them.
Yes the Lenovo TPs are not much good, the earlier ones made by IBM are old, very old, but better and certainly harder wearing. I am not bothered about performance. The ‘secure’ machine will have ONE task, to be as private, secure and anonymous as possible. It won’t be used regularly and it wont be used for processor heavy stuff, just browsing, chatting and maybe some webmail. Very light use, I just want to have the option of having a PRIVATE conversation if I feel like it!
I will take a look at the machines you mentioned though, thanks
Sorry not sure how to do the proper quotes thing.
“In that case I might close Signal out.” - Why? They do have a desktop app. I used it and it’s pretty good, but I suspect Wire will be better.
XMPP - That sounds more like it might serve my needs the more I hear about. I won’t use on iOS or Android. Only mac/win/linux desktop machines. How anonymous/private/secure is it?
“awaiting with excitement on which platform I am moving everyone to nex” - Ha ha, I have family and friends exactly the same!!! It’s like a damn hunt, constantly switching as we find out how each one fails to secure data. Let’s hope Wire does the trick, for a while !!
“I also find the interface somewhat addicting” - Yes that’s a good point. I wondered if it might be a bit like that. I do NOT want that kind of thing! I just want to connect with ONE or TWO people and have a conversation. If I wanted a social group gathering, I would go into town and have a beer face to face with real people
Spectre… Trisquel may be vulnerable, but not if the hardware is pre 2007 (duo core for example instead of i5, i7… ). That’s my intention, to have an old machine running very lightweight software, bios etc (libreboot)
> doing this
The Matrix team tends to not want to compete with XMPP. Quote from Matrix.org FAQ, What is the difference between Matrix and XMPP?
We think of Matrix and XMPP as being quite different; at its core Matrix can be thought of as an eventually consistent global JSON db with an HTTP API and pubsub semantics - whilst XMPP can be thought of as a message passing protocol. You can use them both to build chat systems; you can use them both to build pubsub systems; each comes with different tradeoffs. Matrix has a deliberately extensive ‘kitchen sink’ baseline of functionality; XMPP has a deliberately minimal baseline set of functionality. If XMPP does what you need it to do, then we’re genuinely happy for you! Meanwhile, rather than competing, an XMPP Bridge like Skaverat’s xmpptrix beta or jfred’s matrix-xmpp-bridge or Matrix.org’s own purple-matrix has potential to let both environments coexist and make the most of each other’s benefits.
The whole area of XMPP vs Matrix is quite subjective. Rather than fighting over which open interoperable communication standard works the best, we should just collaborate and bridge everything together. The more federation and interoperability the better.
I select where I want to reply to and then click quote and then copy-paste the automatic header
[quote="StanTheMan, post:12, topic:750"] around and add
[/quote]s, there would probably be a better way to do this, but I haven’t found it yet. Oh, turns out that you can do that even when the text box is already open.
Oh, I got the wrong impression that you want to avoid smart phones as much as possible.
I may have already said it, but I have this in my i3 config (yes, three electrons )
exec --no-startup-id flatpak run com.wire.WireDesktop --startup exec --no-startup-id flatpak run org.gajim.Gajim --quiet exec --no-startup-id flatpak run org.signal.Signal --start-in-tray
I am not sure how documented they are, but
--startup makes Wire start in tray instead of popping up on start and
--start-in-tray is the Same for Signal desktop, even if it requires right clicking and clicking “hide” to get hidden back to the tray, but it’s better than nothing.
I hear it said that it’s close to Signal-level secure when you enable OMEMO, on anonymous/private, I am not sure what you mean with them? There will be some metadata and you can connect through Tor, most of the clients support multiple accounts (one of my biggest complaints to Riot, but partially resolved by decentralized identity) and in MUCs by default only admins can see your XMPP ID and you can have per-MUC display names. However OMEMO requires the MUC to be members only and everyone to see each others XMPP IDs and if the server software isn’t up-to-date, everyone in the MUC must have each other as contacts (this is the case when Conversations says “OMEMO: partial” in advanced settings in account settings).
Before I send this, I should probably link to two of our issues from Github:
I have one desktop PC from 2006 at family which has 64-bit AMD CPU and it does still say on boot something about spectre mitigation and generic something, so I am not sure. It has
amd-microcode installed (running Debian 10), but I think it says something about being unable to detect microcode, so the CPU is probably too old for microcode updates.
It’s mainly working as a “print server” as it has some port missing from newer PCs and I haven’t been able to find an adapter, it does have GUI installed, but it depends on the user whether they just boot it and rely on CUPS/Windows to talk with each other or just login and get whatever they want to print by hand.
It doesn’t always seem like that judging by some rooms/MUCs on both sides
That quote is a bit outdated though as Matrix-Bifröst has became the XMPP bridge, there is a wiki page for address syntax but as far as I am aware the Matrix.org instance has never returned after the hack. There is another instance on
#disroot:disroot.org, but I quit Riot before seeing if anyone answered to me if it’s open and works just by swapping Matrix.org from address syntax with their address.
Well I finally took the plunge and went for Wire, over Signal, purely because of the phone number issue. It gets me suspicious this - IF Signal provided either a sister service or an option to use it WITHOUT a phone number being registered, they would take over the feckin world for secure messaging. So… why don’t they? Hmm. San Fransisco based - hmmm. Dragnet?
Wire is swiss, I signed up using a temp email, and its working a treat. It even has encrypted screen sharing. The only competitor for me now is Matrix/Riot, but I am just so feckin sick of it never being explained for NORMAL users instead of geeks! I am a geeky user, but nowhere near developer level of knowledge. So for me, it’s just enough confusion to avoid, as I can’t understand any of the info they publish about it. IRC, XMPP… all this stuff is another language. If they sussed out a way to present it for normal folk, they would get a lot more users I think (me and many of my friends for example!)
I do love the platform though, but it seems a bit suspicious (maybe not suspicious, but annoying) that every time you look into how to use Matrix most securely, they ALWAYS refer to “setting up your own server”, and then follows a shit load of coder-speak, where I close the window.
I might look out for someone offering a SERVICE to do all the tech stuff and create a custom server on a domain of my choice, now THAT is something which would interest me! But going into shell (or whatever you call it) on a hosting platform, then entering loads of code etc, naah, not for me.
So that’s me on Wire, which is nice to use although too basic even for me! Not enough functionality for changing audio alerts (which are barely audible). That’s REALLY annoying. All these companies trying to be the next Skype (but secure), and NONE of them seem to understand the desire some people have for LOUD (or even just audible) ALERTS for incoming messages FFS!! Bear in mind I have tested 10-20 messengers over the past 12 months and this is an issue with pretty much ALL of them!! (Except Vipole and Riot - ViPole is crap unless you pay, Riot has already been discussed!)
Hi everyone, please do get involved to the topic, we won’t eat you!
Have you seen https://riot.im/ (not the /app or /staging or /develop)? For normal users, I would have guessed Disroot, but it seemed the same and I have no idea how to explain it to normal user, so yesterday when I was talking about the three solutions, I offered Wire as the easiest option (with Signal being closed out due to smartphone requirement and I am not sure anyone listened to me about XMPP). I had forgotten Matrix, but most of my experience with it has been performance issues…
I think that would be
I am the opposite in this issue and I have disabled all other alerts than Wire pings, because otherwise I would be getting too distracted and checking notifications all the time. Android 9 (8?) native notification settings allow different notification per type though and that is what I have on my main phone (even if it’s Android Go).
Did you notice Wire’s about page?
Our people have previously worked at companies like Skype, IBM, Telio, Cisco, Fjord, SoundCloud, and Gameloft.
Many in our team worked at Skype in the early days, helping to change the telecom landscape, and contributing to real-time communication technologies that became WebRTC — which now powers tools used daily by hundreds of millions of people.
Yes I installed it and have it running now. That is pretty nice. However I want screen sharing and Wire does that, and seems to work better too. I have no idea what XMPP/Jabber are. Riot is definitely nice, but I am not convinced its as secure as Wire, every time I look for info everyone seems to think its “more secure self-hosted” which begs the question “why didn’t you just tell me it’s secure WITHOUT that?!” Because maybe it isn’t? I am paranoid, I admit
That link to Jabber hosted accounts - I just don’t understand enough about it. Would that be more private than say Wire or Signal do you know? (Or Riot for that matter)
I dont quite understand what you mean. I don’t have android or smart phone apps, I just want a messenger for Mac and Windows desktop (and Gnu when I pull my finger out and get a machine!), I dont have 2000 friends like Facebook addicts, just a handful of close friends I want private one to one chats with, so I need an alert I can bloody HEAR! Why can’t these companies recognise that and just add one? I did ask Wire last time I tested it (and rejected for this reason) about a year ago. It’s because everyone is all app-focussed now, smart this and smart that, they don’t give much of a damn about old fashioned COMPUTER users any more I think.
Yes I read that. Are you suggesting you don’t trust it because of that info? I remember Skype before MS bought it, what a joy it was too! Nothing lasts forever!
Based on my search engineing and discussions with other people I take XMPP+OMEMO, Wire and Signal roughly as private (except that Signal stores a lot less metadata and shouldn’t even know who I am messaging due to sealed senders).
might be OK link
Oh, no, I was just trying to make fun of your saying about everyone wanting to be Skype
Ha ha, thanks Mikaela!
Yes I have seen too many friends become zombies due to ‘smart phones’. Pulling phone out of pocket every 30 seconds to see whats “happened” in their online world. Makes me feel quite ill to watch it. We had a really close family friend who adored our kids (knew us when they were born). 15 years later he barely sees us because over the years he has become less and less sociable and easy to be around. Last time we saw him he was literally looking at his phone 80% of the time he was with us. I cracked in the end and asked “What the **** is it that’s so important? Has there been an earthquake in your town?” - He jumped up in shock, didn’t really understand the question. Then we had a discussion and I explained how he is never PART of a conversation any more, it’s not so annoying for me (as everyone is like it) but the bloody kids ADORED his company and now couldn’t really care for it one way or the other as he never looks them in the eye or talks TO them properly, always distracted. He is now going through somne kind of self-managed REHAB!! Trying to wean himself off the device, only allowed it at certain times of day. It’s awful how an entire human can be transformed by addiction to this stuff. My kids got a good lesson from it though. I actually let my son have an iphone a few months back, he just wanted to use it for youtube to learn how to solder and make electronics stuff, so I let him have one. No Sim card, no texting etc, just youtube. After 2 months I noticed I hadn’t seen him with it for a long while. I asked him and he said “I have got rid of it, I could see myself getting addicted to it and it scared me”. That’s a 15 year old kid! HOORAY!!! I think it will all come full circle in the end and people will learn these devices are USEFUL but NOT harmless, and sometimes it’s better to do things the long way, like reading a map instead of being commanded by Siri where to go. It’s always a trade off. I think we are trading off our intelligence for convenience, and the companies are picking up massive profits while we do so.
XMPP/OMEMO - sounds technical, so I am not even going to go down that rabbit hole as I will be reading all day and have only more dilemmas!! Wire for me for now