Real-Time Communication - do we have what we need?

Following recent events regarding Wire ownership change, I have tried to review pros and cons of PTIO recommended communication services, in order to find better alternative. And to be honest, it doesn’t look so good

1. Signal

Signal is usually no. 1 in privacy messengers lists. And it is probably the best. However, I’m not sure if it is good enough. They aren’t as transparent as they should be, and don’t follow good practice of FOSS world

Sometimes they compromise on security

And there might be some bad bugs in the code. Though this is quite normal, and the only important thing is bugs are fixed asap

The biggest drawback for me to use it as a primary messenger is that I can not activate PC version without Android phone

2. Wire

Same as Signal. But without need to use the phone. Plus unencrypted metadata. Plus they stop caring about regular/private users

3. Briar

Nothing to complain about. Not so many features, but at least they are doing good job. Oh, F-droid version hasn’t been updated since April, while Playstore had few updates since then

4. Riot

Same as Wire, only in UK instead of US. Plus E2EE is not so smooth. Plus more metadata leaking

5. Retroshare

All cons are described here quite well. TL:DR - not so good for less tech savvy users

https://securechatguide.org/decentralizedapps.html#retroshare

6. XMPP

Metadata leaking. E2EE isn’t turned on by default. Not all clients support e2ee. Some are forcing OTR, some OMEMO. Not as secure as other apps

7. Kontalk

Similar as standard XMPP apps. Also I’m not sure openPGP is good way for secure communication.

https://securechatguide.org/centralizedapps.html#kontalk

This is the only messenger from this list I don’t use or haven’t even tried. But I don’t see the reason for that since Briar is more secure and private and standard XMPP offers more features, plus it might be more secure and/or private

8. Keybase

Same as Wire. Plus more metadata. Plus less transparent

9. Status

Don’t know what to think about it. It might be secure, but I’m not sure who is it for. It’s a simple IM, without many features, but with some other, non IM/VoIP things. Plus this

https://securechatguide.org/p2papps.html#status

10. Tox

Clients are not secure?

https://securechatguide.org/protocols.html#tox

11. Jami

Data leak on Mac. Though it’s not a big think IMHO, since users should use FDE. And my contacts don’t use mac :slight_smile: I hope Apple and Microsoft will at least put FDE as opt-out during setup

https://securechatguide.org/p2papps.html#jami

So, what’s next? :d

2 Likes

I messaged the folks at TwinMe to discuss them going open source. They check so many privacy and security checkboxes, but being closed source hurts the verification of that.

https://securechatguide.org/p2papps.html#twinme

As a company they might not be perfect also, I’ve only just started researching them, but I was surprised to see how they stacked up on the guide.

4 Likes

do TwinMe need SIM Card?

2 Likes

Not sure

I installed here to see now and the answer is no, the only things that need to put in the register to start using it is an name and picture for you profile, just it.

2 Likes

If you only consider security of messengers, there are already so many different properties that there can never be a perfect messenger. This is the reason the EFF dropped their Secure Messaging Scoreboard, and tried to explain the basics of securing things instead of recommending certain apps. We wrote about this here: https://infosec-handbook.eu/blog/discussion-secure/#sm (listing many different features mentioned by the EFF).

So every messenger comes with pros and cons.

1 Like

But IMO, there are 2 big problems with p2p apps:

  1. Metadata leaking. I.e. your ISP or some 3rd party will know who you comunicate with and when
  2. Most of such services don’t support multiple platforms.

The first one can be solved using tor, like Briar does it. The second one is maybe bigger problem, but it is possible to find an option (Jami and SafeSwiss do that, but not as many as e.g. Matrix or XMPP)

So I don’t see the reason to use e.g. TwinMe instead of e.g. SafeSwiss. Or to use any p2p instead of centralized service (except Briar if it suits you)

And what worries me the most, is that I don’t know any other project that might turn out as better than any from the list above

https://wire.com/en/legal/#terms-15
So, Wire has 2 groups of users when it comes to privacy laws:

  1. Non-US users, under Swiss laws
  2. US users, under US laws

Though I don’t know how they know where are private users from, since you don’t have to give them any information but email. They only have IP address, and that can easily be manipulated with VPN

Regarding Riot, I didn’t know you have option to change identitiy server or don’t use it at all. I think in a year or two, Matrix/Riot will be the best feature rich service for privacy focused users. Though it all depends on upcoming UK privacy laws

Settings

2 Likes

I am not an legal expert, but I can tell you that we as a company chose not to create a branch in the US so that we definitely are not subject to US law.

So this confirms Wire will abide by any requests made under the USA CLOUD act.

1 Like

And if you live outside the US and think this won’t affect you, think again. If you send a message to a user in the US, that information now becomes attached to their account. So your information can now be obtained by US authorities.

Or think about a group chat room. How likely is it that someone in the room resides in the US? Now very single member of that room could be cataloged as a member by a request for the account data of one US citizen.

So now every person who lives outside the US will have to pause and consider, if what they are sending could end up in US jurisdiction. That ambiguity does not make a secure or private messaging system.

1 Like

I agree. But as I mentioned, they have no way to identify US users unless users themselves provide them informaton.

Also, Signal, Keybase, etc are also under US jurisdiction, so same applies for them also. In the end, we need to be aware what our metadata tells about us

…no way definitively

maybe? That is a good question. Certainly they can identify if someone signs up for Wire or uses wire from a US based IP. Not everyone is going to use a foreign VPN. But will they have other data sources to correlate with and identify who you are more precisely? Will they tap into Play Store or Apple Store data when you download the app to identify your country?

The fact that they are making such a clear and bold claim to differentiate US based users shows their intent. Whether they can actually identify user’s country 100% is not as important to me. They legally intend to, to the best of their ability. That’s important.

1 Like

I agree there are ways to assume users country, though that is not crucial IMO. Signal also operates under US laws, and must comply with those. But we know they don’t have any important user related data they could provide to US authorities (at least that’s what they claim). And that is more important.

The thing is, authorities in EU can also get all the data from service providers with court order. The important thing is to choose providers who don’t log/make more (meta)data than it is necessary to run the service.

Signal might be good replacement for IM services like Whatsapp, Messenger, etc. But when it come to e.g. Skype (for business) replacement, with voice/video calls, Wire might still be better option than Riot or Rocket.chat, even for private users. Cause I would rather have US authorities have some of my metadata, than UK or Brazil auth. have all my (contacts) data, since e2ee is not turned-on by default. I would definitely recommenced Riot to tech savvy users, and most of my contacts are, or at least could pay attention to it. But without default e2ee, it shouldn’t be recommended as e.g. Skype replacement, even though New Vector probably cares more about users data than Microsoft.

As I already mentioned, Jami is also good . It doesn’t have e2ee for group chats, but I don’t know if that’s necessary in p2p services

I think we are living in “Perfect is the enemy of good” times :smiley:

It may be of interest here that we are redoing the real Real-Time Communication page making bigger distinguishion between centralized/federated/P2P systems and also explaining those words. The curious may find a preview page here, but please don’t link to it widely as the previews won’t ever update after the PRs are merged and after that happens you will find it at the usual site.

3 Likes

Looks nice, it s good idea to split it like that :+1:

Though I wish we had some other centralized services. I would rather recommend Threema than Keybase, even though I don’t use it. Both are partialopened, but Threema is in CH and collects less metadata

You are pointing out good argument against all instant messenger. You didn’t say that signal relays on google firebase and you can’t download it from f-droid.
If you want a “real” instant messenger try ricochet.im… Not perfect becuase both sides have to be online but the best we have. For a multiuser chat try cwtch.im .
Telegram is never pinted out as a optio, but secret chats (only avaible in mobile) are a realy good option. If you use only secret chats with Telegram-FOSS it’s a plausible option.
Yes we need realtime communication, email is just to slow (and not secure).

You should keep in mind that almost all (if not all?) of the information on secure chat guide is pretty outdated in terms of software, the Jami developers have stated on their respective subreddit that some of the problems showed on that website have been fixed. I can’t talk for the rest of the listed apps but I imagine some changes must have been implemented.
It would be a really good idea, if not a necessary one, to have a chart like that or like the that privacy guy for these kind of things were a lot of things have to be considered.

Interesting discussion so far. I’ve been searching for a Wire replacement myself after the entire moving-to-the-US-debacle. My entire family used Wire because it was easy to set up and had good privacy, also worked well enough most of the time.

Now, here are my findings at the moment:

  • Signal is a no-go due to the phone number; I don’t want to share it and two family members just have an iPad, so they can’t even install Signal at all.
  • I tried Jami and found it to be buggy. Every time I made a call, my front-facing camera activated for some reason although it was a simple audio call. Quality was okay, but not great at all.
  • I stumbled over TwinMe today and only tested it briefly. The setup was very easy and fast, the app looks great and the video call qualiy was amazing. My partner was on 4G while I was on Wi-Fi. If I understand correctly, the one initiating the call is basically hosting, so I was surprised it worked that well because the 4G speed in this area is pretty bad (1–2 Mbps).

What I like about TwinMe the most is that there’s an apk file available for anyone who doesn’t want to go to the GooglePlay store, and that you don’t need to give away your phone number/email. You either share your QR code to connect or send a unique link to a contact.

Other apps I tried: Riot (too confusing to set up for family; the channels are overkill and might confuse them), Ricochet (tried it ages ago, development is pretty much dead, although there seems to be a new spin-off), XMPP (too complicated for family and not a fan of the metadata leaking), Keybase (again, too complicated, does too much and no calls). Not sure what to think of Status.im yet, but it does too much for my needs, the same as Keybase.

For now, I’m going to test TwinMe with my family and see how it works out. I do hope the developers will think about opening up the code (at least partially) or get a security audit. It also worked well over VPN, which surprised me.

I haven’t tested Retroshare at all because, if I understand correctly, the VoIP features are still in development. That is something I’d need on top of encrypted messaging.

1 Like

Could you please post a link to that? I looked and couldn’t find any mention of things they fixed.

I last reviewed the app on 10/10/19 and there has been a new update in the last few days (Free as in Freedom). However when I downloaded and tested it on the Mac it still has the same issue I mentioned with transfered files being saved unencrypted on disk. Send a file to Jami on a Mac and you will find it in /Users/[your account]/Library/Containers/com.savoirfairelinux.ring.macos/Data/Documents. In fact if you delete the current account, the files remain, and if you add a new user account files sent to the new user are saved in that same folder as well. So you have files being sent to multiple Jami users getting saved to a single folder.

I do appreciate and accept corrections via Issues or Pull Requests on github for my website. If you find something that is not right or out of date please help me make things right. I do this in my spare time and get no compensation for running the website or spending time reviewing what is now a catalog of over 100 messengers.