Which is safer, Signal or Wire?

Because I place emphasis on privacy and security, I am wondering whether to use Signal or Wire. Signal wants to use a replication app like textplus, not his host phone number. (PINchord’s lock is firmly set) So it’s uneasy if it’s safe in terms of security and privacy. Wire registers by e-mail, but Wire collects metadata. Which one do you like?

I think we have discussed this in several threads already and it comes down to:

  • Signal: do you mind sharing your phone number to everyone you wish to connect with?
  • Wire: do you mind the server knowing whom you have connected with?

Personally my list is:

  1. XMPP with OMEMO, I trust my partner who has admin permissions and he trusts the owner and is friends. (I cannot English.)
  2. Wire as I don’t mind that metadata and I don’t have to share my phone number.
  3. Signal

In practice, XMPP is too difficult for people as it’s not phone number based centralized service and Wire isn’t very popular, so I find Signal the easiest to recommend to people as they already know how to use WhatsApp and it’s practically WhatsApp without Facebook and some evil features.

1 Like

signal encrypting everything (as my point of view, i mean they even encrypt your profile info (photo, name)) in other side wire saves your contacts in plain text (they saying they make it easy for them to share this list on cross platforms) so for me signal is great & signal’s team is amazing but iam using wire xD (signal team support is bad & we fighted before so i hated signal but as developer team they amazing)

2 Likes

If you want to see the pros and cons of Signal vs. other chat apps debated in scrupulous detail over the last four months, I suggest reading the discussion in issue #779 in the privacytools project on GitHub.

A couple of things to keep in mind. Firstly, privacy and security are not the same thing. In a nutshell:

  • Privacy is a social norm, which is protected by common decency and mutual respect among free people, backed up by laws against burglary, harassment, stalking, and so on.
  • Security is a technical quality, protected by careful design and maintenance of infrastructure, whether physical (the locks on your house), or digital (the encryption software that protects your internet banking from intruders).

As a result, tools don’t fall on a neat linear spectrum from low security/ privacy privacy, through to high security/ privacy. Well-meaning but inexperienced people can create tools that have high respect for privacy but low security. Datafarms can totally disrespect your privacy yet hire highly experienced people to secure their systems against their competitors and other enemies. This is why people talk about “threat models”, these help you to clarify what you most want to avoid, what you can afford to compromise on, and what combination of tools fit your specific needs.

BTW If we took the graph at politicalcompass.org and replaced the ‘economic’ and ‘social’ axes with ‘privacy’ and ‘security’, hypothetically we could identify roughly how a given tool measures up on both criteria, relative to others. But if you read that GitHub issue about Signal, you will quickly realize how difficult it is to even agree on how to evaluate and quantify the various factors they determine how secure or privacy-respecting something is.

Dude, you need to search the forum before posting. You consistently post topics that have been discussed numerous times.

I am wondering which message app to use. With emphasis on security and privacy. Since Signal requires a phone number, I will use the phone number generated by NextPlus etc. instead of the host phone number. Which is safer compared to the jmp.chat app? Snowden uses Signal,

This is again very related/similar to your previous posts/threads on this forum, @pinp.

The simple answer here:

No messenger is secure since there is much more to do than simply comparing some arbitrary security features. See https://infosec-handbook.eu/blog/discussion-secure/#sm. If you have no threat model, you can’t rate any security.

That sounds really interesting:

JIDs for Messaging with Phones

JMP gives you a real phone number for sending picture and text messages right from a Jabber account.

https://jmp.chat/

Can I use this phone numbers for “Mobile Validation”? Does anybody use JMP and can speak about it?

I’ve used it for around two years. I’m quite happy in general. It’s about as close to a privacy-friendly Google Voice replacement as I can imagine. In my experience mobile verification works better there than it does with Voip.ms. When I had trouble with one bank, I spoke with the developer (something Denver), who was happy to work on it and was able to resolve the issue.

I’ve been using this as well for a few years, exactly for the reason of having a different phone number to sign up for messaging apps to test them. The number will even take voicemail messages and send them as audio files to your linked xmpp account. One thing to note though is there is no encryption with this, either at rest on the jmp.chat server or with Omemo in messages. So I would not use this for any 2FA.