Real-Time Communication - do we have what we need?

I agree that Keybase does a lot more than people generally need it to. But I will also say that Keybase is probably the only platform that has solved multi-device E2EE in my opinion, which is a surprisingly difficult problem. Wire was pretty decent at it too, but that’s kind of about it.

Hard to do anything about calls though. It’s unfortunate there are no one-size-fits-all, great messenger options available.

2 Likes

Wire is. Or it was :d

I have recommended Keybase to some friends because of kbfs, and told them to use that encrypted storage for backup. I use it for same purposes, but mostly for some testing and comparison with other services (Tresorit is one I use for my data)

Regarding Threema, I think it should be recommended for people who are satisfied with its features. The reason I don’t use it is taht you can not use PC/Web app withouth your phone being online (like WA)

About TwinMe, I see no reason to recomend it. Mobile only, closed source.

And when people recommend Telegram, I don’t see it offers anything better than Skype. It also has secret chat (powerd by Signal®) and bad privacy :grinning:

1 Like

FYI: You don’t need to register your own personal phone number. You can register any phone number. However, you must be able to receive either an SMS or a call during registration.

Edit: Of couse, “any phone number” includes disposable phone numbers retrieved from websites. Since anybody could re-register such phone numbers again, it is important to always set up a Registration Lock PIN.

The only problem is that today it is almost impossible to buy prepaid SIM card without leaving all your info (ID card or passport). At least in Europe. But again, we (users) need to make difference between privacy and anonymity. IMHO, this is not a problem. The reason why Signal is not my main IM/VoiP service is that I can not add PC device without phone, and there are no calls (audio nor video) from PC.

I had situation 2 years ago, when night before my trip I lost (broken) my phone. And realized the only way to reach my contacts (and call family) from my laptop (i could survive without phone for few days) is to use Skype, since there is no way to activate Whatsapp, Viber, Signal… desktop clients. And then I decided that is the most important feature for me :wink:

We are located in Europe, and we use Signal with prepaid SIM cards that aren’t connected to ID cards or passports. For example, you can buy such SIM cards in every Czech supermarket.

While it isn’t convenient, you could set up Android x86 in a virtual machine on your PC to install the Signal apk. Then, you can install Signal Desktop on your host machine and connect it.

Yes, this is still the case.

1 Like

Keybase has good solution with paper-key. Too bad others don’t follow same (similar) path

Here you got, now that I re-read it I don’t know if the macos can be considered fixed but IDK, to me it deserves at least one ok mark.

Is there another way to report an issue which is not on github? I don’t have an account.

Yes, Wire did fit the bill so well, I’m quite saddened by the recent developments. But what can you do. Time to move on.

I use the free version of Tresorit too. I’d buy a subscription if it was cheaper and didn’t have less storage, don’t really need that much.

Multi-device support brings all kinds of issues and was one of the reasons Wire had so many metadata problems. You gotta sync those messages somehow between devices, which will result in less privacy. Also, the multi-device functionality never worked great for me. Sometimes, I got a call and it wouldn’t ring on my laptop and just on my phone although I had the desktop version open and was typing a message. I just stopped using the desktop version in the end.

Yep, I know. I travel though and don’t ever want to deal with SIMs anymore unless I have to. Also don’t want to manage numerous SIM cards for my entire family because they won’t be able to.

Ah thanks for the link, I see what you are referring to now. It looks like this was written just before I updated my review last month. I did go and download the latest version yesterday to retest it. The Mac version still saves files to disk, and I couldn’t find anything in any of the settings to change the default location where files are saved. I also discovered that the files are not deleted when you delete a Jami account.

I think Jami is getting close to a recommendation from me if they take care of 3 things:
-Encrypt files on disk or make saving files to disk optional
-Stability improvements, the Mac version won’t quit properly and messages sometimes freeze up
-Make an option in the FDroid version to use polling to get new messages instead of a constant connection to a notification service. The battery drain is too high.

I did update my review to note that there are now zero trackers.
Also I find that the way you can type in random names and see if there is a match to registered users is a bit disconcerting to me. I’d rather require using some key for initial connections.

Mmm, that things are kinda shitty, I’ll try to make a post on their subreddit to see if they can come around here and answer some questions, since the mods are replanning all the real-time communications jami and tox are the ones that are going to be more publicly used, so being polite with its users is a good thing to do. I’m all good with briar but it’s just too basic and I don’t even know if they plan to add more features.

Yeah, about the last point, it also fails to send a lot of times. I tried the new version and I could not send images or audios. Can you?
In which OS you can type random usernames? I’m using the android version and I can’t find how to add someone who is not right next to me.

FYI: https://signal.org/blog/signal-for-ipad/

You still need to have a phone as the primary device with Signal on it. The iPad app is not standalone.

Is this enough to consider Riot non-private messenger?

Maybe even to de-list it from PTIO, having in mind all the data New Vector as a for-profit company can access?

Also, why these open-source decentralized services (XMPP, Matrix…) keep data on server AFTER messages are delivered to clients? What’s the point, besides keeping message history for new devices? But this can also be done from client side (implementing backup option).

I really don’t know where to look anymore :expressionless: There is literally zero fully-featured (all major platforms, voice/video/IM, not requiring phone, secure by default) privacy oriented communication tools/services

1 Like

You’re totally right, after Wire sold out I’ve been trying every possible software and none of it works properly or is totally good in terms of privacy. Antox fails to send messages when you are not using wi-fi, same problem with SafeSwiss, Riotim leaks a lot of metadata, Jami fails to send messages even when connected to wi-fi and Briar lacks a lot of functions (I don’t need to work on different platforms but at least to be able to send photos).

After some time I have finally managed to convince my normie friend to use a private app and lately I’ve been using Whatsapp again because we can’t find a proper alternative.

Someone has any idea? I think I’ll be using Riotim since I guess it should send messages properly and has more features.

1 Like

Well, I think both Wire and Riot are still better choice than Whatsapp or Viber. Hell, I think Skype (if using private chat) is better than anything from Facebook (or Google). At least you don’t need phone (number) to make account and use it :d

I’ve been considering WickrMe, but again, fail to see why it would be better than Wire or E2EE Riot (besides less metadata). Plus I can not use it on Linux (keep getting ‘No Internet connection’ error).

Also, I would like to add that all popular messengers, except XMPP, have shitty desktop versions. I hate web :rant:

1 Like

New Vector should not be able to read things from databases of servers not controlled by them.

On Matrix, I am under the impression that they are git for instant messaging and supposed to store messages forever. On XMPP, you as a user can disable Message Management Archive if you don’t wish the server to store copies of your messages, which is usually practical for multiple devices.

I feel you, that is why I seem to be dividing into multiple tools.

  • Text: Conversations/Gajim/Dino/Signal (and Wire where I am yet to migrate my family away and that may not be happening any more this year)
  • Voice: Mumble
  • Video: Jitsi Meet

Jami also still has a very important place in my i3 autostarts since the selling of Wire.

My solution would be using Signal as practically WhatsApp without FACEBOOK and then removing the WhatsApp account so the friend has to use Signal or simply not in contact with you (or downgrade to SMS that is hopefully not under FACEBOOK’s control).

As far as I know of, WickrMe is not open source, so I am not considering it as an option.

If by web you mean Electron, I feel you. There is also Telegram though, but it’s again far from private.

Yes, New Vector can not access other servers’ databases, but as it is mentioned in article above, vast majority of Riot/Matrix users is using their servers. I mean, for most people email = gmail, so it will be the same with Matrix (=matrix.org & riot as standard client)

Regarding FOSS, what’s the point in open-source server, when we can’t verify if the same code is deployed :d

I think the main threat model for average user is data collection (and sale to 3rd parties), i.e. no need to hide from governments, but it is important to keep data from corporations. So in such case, using closed-source software shouldn’t be a deal breaker, especially if it passed external audits

Generally clients don’t store any data locally. It is really hard to keep track of multiple devices if the server doesn’t know what messages they have. But, in an ideal world everyone would be hosting their own Matrix server instead of using a public one. Then your messages would only be stored on your server (and the recipient’s server), like email.

Hmm I was just going to bring up this point as a counter-argument to you. Do you also think we should recommend against email because Gmail exists?

Actually yes :slight_smile: And it is often advised not to use email for secure and private communication. 90% of my contacts use gmail. Rest is outlook and yahoo. So whats the point for me having mailbox or tutanota account? Only to hide my habits from google, which is good enough reason for me, but not for anyone else I know