Secure private encrypted messenger (opensource)

Here is another interesting article about Signal and the shutdown LibreSignal that was killed by Moxie

This issue is written in broken English, the person who wrote it says again and again that someone saw Moxie accepting a bride and that’s their proof, then references some articles about Signal (where it is praised) and they say the contrary. This is straightforward conspiracy theory or schizophrenia.

Ease of use or privacy focus. The dilema. If you market yourself as a privacy messenger then I would hope that this is the priority when designing the app and that ease of use is a secondary priority.

Then again, use Briar, which requires zero trust on anyone but you and your receiver and masks your traffic through Tor, but it lacks a lot of features so good luck with convincing people on using it.

Integrating an opensource wallet that has already been tested and vetter should not be an issue. I am not a coder so I haven’t looked into their Git, but, if everything is encrypted on the phone, I don’t see a problem. Just as a side note, the crypto wallet i think is just an extra feature. A person who seriously wants to use a crypto wallet for ERC20 etc, will use a proper wallet like Atomic or Exodus etc.

AFAIK combining two kinds of different software into one makes it difficult to stay up to date and it could add a security flaw, since something that could affect one may affect the other.

I don’t think it is a conspiracy theory to presume that the NSA has the capabilities to crack various encryption schemes using a quantum computer that they may or may not have, but even without, they have massive amounts of computer power at their disposal.

If I’m not wrong quantum computers aren’t still a thing so I don’t think we should worry about it, and when the time comes quantum computers will also be able to create stronger encryption.

To assume that the NSA does not, is foolish in my opinion. Also, you would have to doubt that Snowden is telling the truth as he is the one who made the statement. However it is just easier for the NSA to force 9 and 14 eyes nations to install backdoors into their programs rather than trying to intercept and crack encryption.

I’m not saying it is not possible, but we don’t have proves, stating as if we were 100% certain is nothing but FUD, which could lead to conspiracy theories, which could lead to backfire against privacy advocates. Also, could you support you statement about Snowden? I’m interested on that.

https://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_print.html

On conspiracies, people who said in the pre-Snowden leaks that the NSA was spying on their comms and intercepting telecom data were also called conspiracy theorists.

I know that, I have read about the topic and watched documentaries and such, but still we need to work on what we do know, we can’t go over there theorizing about what the NSA can do, about which encryption methods still work or not as if they were the only attacker and group of people who dedicate their time on such things.

Yes, I agree with you, that post is an opinionated rant with no validity.

I did, I love it. The only problem is that it is not available for my friends who use an iPhone…yet.

Sorry, but IBM released a commercially viable Quantum supercomputer back in 2018. Seeing that IBM have made so much progress, one can assume more progress for the NSA. Of course we don’t know but, the NSA would never make such an achievement or capability public knowledge as it would compromise their security.

Quantum resistant encryption algorithms already exist, but when will they be incorporated into the likes of private messengers? Perhaps when it is already too late.

There is a big difference between a conspiracy theory that is based on conjecture, prejudice and no evidence, and a viable possibility based on evidence. Before Snowden leaks, there was no evidence to support the people that believed that the NSA was spying on everyone and collecting their data. Hence it was a conspiracy theory. Once Snowden provided evidence to support these peoples claims, it was not. The NSA and their encryption capabilities may appear like a conspiracy theory, but we have certain pieces of evidence, namely public record albeit it old, data about their vast supercomputer facilities as well as evidence from the likes of Snowden that they were interested in Quantum computers back in 2014. We do not know their full capabilities due to the secret act, however we can extrapolate their capabilities, knowing what we know as well as the fact that Quantum computers that are operational are real, thanks to Google and IBM.

I suppose we will need to wait and see.

Again, this is why usability is such a big thing too, I agree that a privacy product should have privacy (duh) amongst its greatest priorities but software are built on usability and functionality and then around anything else, if not, even if it’s the best privacy product, it will not achieve anything. We should expect both things in FLOSS software with private inclinations.

I see, I wasn’t sure about the current status of quantum computers, so it is very probable that state agencies like the NSA have access to that kind of things.

I know, I understand what you mean, and I am sorry if it sound like I was explicitly calling you a conspiracy theorist. My main concern with theorizing with this kind of stuff is that it does not take us anywhere. People who are beginning to change their habits are going to look scare and desperate, people who are in the middle road will have uncertainty and in general we still don’t have anything else so it is better than anything, I don’t think that people should stop using current encryption protocols because maybe the NSA can break it. Also I think we should really give importance to black/white hackers and bug bounty hunters, even tho they may have little resources I think that if it would be crackeable someone would have spoken about too.

All in all, excuse me if I sounded rude or aggressive, there have been some users around lately who started going towards the conspiracy theory kind of stuff and going too deep is a hard topic. We are going kind of off topic so if you still want to discuss something it will be better to do it via PM.

We should keep an eye on this messenger, IMHO it looks promising.

I know, I understand what you mean, and I am sorry if it sound like I was explicitly calling you a conspiracy theorist. My main concern with theorizing with this kind of stuff is that it does not take us anywhere. People who are beginning to change their habits are going to look scare and desperate, people who are in the middle road will have uncertainty and in general we still don’t have anything else so it is better than anything, I don’t think that people should stop using current encryption protocols because maybe the NSA can break it. Also I think we should really give importance to black/white hackers and bug bounty hunters, even tho they may have little resources I think that if it would be crackeable someone would have spoken about too.

All in all, excuse me if I sounded rude or aggressive, there have been some users around lately who started going towards the conspiracy theory kind of stuff and going too deep is a hard topic. We are going kind of off topic so if you still want to discuss something it will be better to do it via PM.
We should keep an eye on this messenger, IMHO it looks promising.

Don’t worry about it, no need to apologize.

I agree that useless speculation is … useless and a waste of time. I think the main takeaway is that we should remain vigilant regarding the state of crytpography and the capabilities of agencies like GCHQ and the NSA in their ability to crack encryption schemes. When I say we, I especially mean the creators of communication apps who I hope will not be complacent in this area, thinking that real use Quantum computer threats on encryption are at least a decade away. Waiting for the fire to come to your doorstep before acting, is a recipe for disaster.

I will leave a link from MIT tech review on how a quantum computer could crack RSA 2048 in 8hrs.

1 Like

Not commenting on any of the answers here, but on the original post:

There are hundreds of different instant messengers. If you ask 10 people to choose the best, most secure, and most private instant messenger, you very likely get 10 different recommendations. Then, people start to find arbitrary reasons against other messengers while generating hype for their own favorite messenger.

The fact is that there is no perfect single instant messenger, which meets everybody’s requirements. There is also no “secure” messenger as already pointed out by the EFF, which deprecated their original Secure Messaging Scorecard due to this. Even a “BCM Messenger” can’t meet all requirements.

You missed the point of my post,which was to have a discussion about BCM and to verify or debunk the claims they make about the security of their product.

So what are you trying to say here? That we shouldn’t discuss certain products in regard to their security?

As already pointed out in other posts here and on GitHub, PTIO needs a defined and fixed set of threat models to rate the security of a product. You don’t just rate security by looking at some features and saying “Yeah, looks good.”

The most important question would be: “Is the BCM Messenger (or any other software product) relevant to the typical PTIO user?” If true, “Which are the most important threat models of the typical PTIO user? Are these threat models addressed by the BCM Messenger? Does anybody actually test this or do we just rely on documentation? Why is this messenger better or worse than messengers already recommended by PTIO?” etc.

Of course a product has to be rated according to the threat model which in this case is privacy. Can you provide a link to the GitHub post you are referring to?