Another one bites the dust, another nail in the coffin of privacy messaging apps.
Where to now? How many messaging apps are left to try? How many times can i ask my friends and family members to try a new messaging app before they tell me to f-off?
1 Like
I guess there are always Signal, federated solutions like Matrix and XMPP and P2P projects like Jami.
While Signal is centralized, I hope their nonprofit status prevents them from getting bought or anything bad happening.
1 Like
Ummm, sure sure, yes, except for the fact that
-
Signal requires a phone number to register as does Telegram
-
Matrix security is in the hands of whoever is hosting the federated server
-
XMPP doesn’t play nice with iOS
-
Jami doesn’t work…no really it doesn’t, nor Tox and Briar is only Android
-
other suggestions such as on the outdated securechatguide.org are outdated.
BTW someone should really remove Keybase from privacytools.
The only messenger which is opensource, decentralized and encrypted seems to be Session Messenger, an that isn’t even being recommended by Privacytools. Why?
Anyway, what a crap show, the messenger scene. Makes me ill.
3 Likes
We aren’t removing it from Privacy Tools just yet. We feel it’s too soon to make that decision.
My 2-cents is we’ve rushed decisions in the past and learn from each instance.
Instead we are closely watching the situation and will determine if we should keep or remove at a later date.
1 Like
It was more about the fact that wire stores quite a bit of data about who you’ve been talking to.
Also if you look at our Cutting the Wire article we mention two points:
Morpheus Ventures holds a portfolio including companies in healthcare, voice AI, life insurance, and retail customer data analytics: All sectors that have historically used invasive data collection methods to survive.
Yet another red flag, and one of the more important ones to us, was is that Wire decided not to disclose this policy change to its users, and when asked why, Brøgger was flippant in his response, stating: “Our evaluation was that this was not necessary. Was it right or wrong? I don’t know.”
I am inclined to agree with @Supernova in regard to Zoom just wanting acquire technical and intellectual support regarding encryption. It is likely their way of responding to jitsi’s example of E2EE.
Zoom’s decision from a business point makes a lot of sense. It would be very risky to not have something planned in response. They also got a lot of bad press regarding their bad marketing (saying they had E2EE when they didn’t), so I think sitting back and waiting for Jitsi to implement it and doing nothing just was not a realistic pathway for them to regain any kind of trust.
It is also likely that Keybase had issues really finding a way to monetize their platform without compromising on their ideals. They were giving KBFS storage and everything away for free.
I don’t think the model for Zoom has ever been to have analytics as the main path generating revenue. It seems to be more about marketing paid plans for paid features. That said I am concerned by Zoom’s announcement that E2EE will only be for paid customers. Hopefully that changes in the future.
They did after all remove that code that called back to Facebook when dragged over the coals about it.
I do think generally a lot of companies use the Facebook APIs without realizing the kinds of data it is collecting on their users. This presentation at CCC 35C3 How Facebook tracks you on Android indicates a lot of companies don’t realize the impact.
Okay, so you’ve established your use case here, with your family.
I don’t see how this would be a problem. Wouldn’t your family already have your phone number?
This is a really poor generalization. In regard to E2EE, that’s in the hands of the client. Sure, a home server may be able to tell who is talking to who, and if you’re really concerned about that, maybe setup your own, or buy an instance from modular.im which is pretty cheap and invite your family to that.
You’ll find decentralized distributed platforms that lack servers have less features. That is really a trade off.
We have a issue open but as nothing has really changed we see no point in removing it yet.
The reason is because session is very new, and a bit experimental. We’re waiting to see how that pans out and what the community things of it in regards to stability. That said we have this tracking issue in regard to it’s inclusion.
Since the re-organization of the instant messenger page we’ve taken a policy of not recommending products which are not mature enough to be depended on for every day use.
3 Likes
I understand the need for a wait and see approach and I agree it is the wiser thing to do in these situations, but, does PT have an internal timeframe for delistings when a product has been potentially compromized? 2 weeks? 1 month? Is it a passive approach, ie, scouring the internet for newsbites or do members actively contact the company/devs to determine what is happening regarding the acquisition?
Regarding Signal and Telegram and their need for a phone number to register a user account; many people, not just me have taken issue with this as it is an invasion to one’s privacy. I should not need to have a phone number to chat securely with other people. Maybe I’m crazy for thinking like that, but it just doesn’t compute, that a secure messenger needs a meatspace identifier.
Now i know the counter arguments, but regardless of the origins of Signal, now in 2020, years later when SMS is essentially irrelevant, why are they still pursuing this avenue with phone numbers? Forget about your phone number being compromized internally by Signal somehow (even though there is possibility), but, if I have to get a phone number my security can still be compromized outside of the Signal eco-system by the telco and other agencies.
It just doesn’t make sense anymore to have a phone number necessary for an account. Riot doesn’t need it, Session doesn’t need it, ZOM doesn’t need it, and others like TwinMe etc. But this is a dead end talking point as Signal will apparently never have email signups. There was a thread about this and it was closed by the lead dev.
Anyhow, let’s wait and see.
1 Like
There is no specific time frame as every situation is different. In regards to Keybase, nothing has actually changed with the product source code is the same as it always was.
I think delisting at this point would be pending an announcement of it’s discontinuation. I doubt Zoom is going to do this, until at the very least their product has all of the features Keybase currently has, or at least most of them.
Sure, and with general people on the internet, that makes perfect sense. However you did mention your family. It’s entirely suitable to use Signal with your family and Riot with everyone else, or Riot for everything.
It comes down to:
- Your family already knows your phone number
- If you use riot with your family the home server admin might know who you talk to, but not what you’re saying. They’re not going to know if they are random people or indeed your family. If you have your own home server then they won’t know that either, unless they connect from another server.
Either I think are entirely acceptable in this threat model.
I think that was because Signal was designed to be private, but not anonymous.
Sure, sim jacking is an issue. However with Signal you can verify identity via a QR code. The keys are stored on the device, so they would have to change, and the other recipient would be notified of that change.
Well there is this make note of Signal allowing signups with UUID, which we are keeping an eye. Hopefully it will be possible one day.
1 Like
Please, picture the PTIO folks are willing volunteers, not really burdened by time frames in a usual corporate culture sense.
I think another reason they require a number is that to limit bot accounts. If the service is flooded with bot accounts spamming, it is not desirable. These are open source projects and thus plugging bots in should be trivial to code in theoretically.
Its a bummer to ask for a phone number, so I am eager to see how Session turns out as well.
1 Like
I have not seen references to these before but perhaps I missed it. Was the Keybase acquisition related to this at all?
zoombot | Keybase - https://keybase.io/zoombot
This is interesting. First registered on March 17. Notice it has a verified https URL of bots.keybase.io which you can follow to find:
1 Like
No ofense, I understand your point but I think y’all contradict themselves over there. You list Jami which literally doesn’t work, but Session which is far more mature isn’t listed?
Good thing about Telegram, though, is that you do not need to show your phone number to other people, you can hide it on your settings from everyone and people can find you through your username.
1 Like
Doesn’t work how?
Remember telegram doesn’t use audited encryption (MTProto 2.0 is not audited) and it is not on-by-default, meaning many people think their conversations are secured, when in fact they are not.
Also collecting phone numbers regardless of whether they are visible to contacts is a big no no.
1 Like
Not sure how you can claim Jami doesn’t work. I have never had an issue with it working.
Also, Session seems to be even more alpha than is claimed. I have never received a notification that a new message has come through, and it alerts me non-stop about random useless updates about Loki.
Worse, the service is located in Australia and does nothing to offer assurances that the AUS gov’t isn’t compromising or can’t compromise their service. While they are hardly alone being based in a shitty country (Signal), Signal offers far more assurance that they cannot access your chats.
They claim “Only by decentralising the routing and storage of communications can it become truly private under this new legislation.”
Except many have said it’s expensive and not worth it to run a node, and they even admit that nothing is stopping the gov’t from running one (and then theoretically forcing Session to route traffic to it).
Of course, we just don’t know yet. Session is new and has not been tested in a situation such as this.
My point is not that you shouldn’t use Session, but they are far from being mature enough to back up many of their claims, and they are not mature enough in the dev process because it’s still really buggy.
I hope they become all of these things, it’s a cool ass app. But I think it’s weird people are championing them so early on.
The Loki Network is still using proxy connections, they haven’t even transitioned to their onion routing yet. Way too early to make any judgements on this system.
That just furthers my case that Session isn’t a “more mature” solution and isn’t ready to be used as a messenger outside of testing.
I was able to send maybe 5 messages and then it stopped working, I couldn’t receive a message to a phone which was next to mine, that kind of working.
Yes, I know that, but at least you’re not forced to give your phone number to someone on the internet, it’s still a shitty thing, but it’s better than nothing, I’m not defending Telegram, just comparing.
I have had a whole lotta issue with it, I’ve used it once and that’s about it, keep it installed for some time to see if it started to work but nothing. I don’t understand why you’re surprised, though, most of the people I’ve read say that it doesn’t work. Still, I love the project.
I’ve always received notifications, and the thing about updates happens when you delete the chat with those messages, I know it’s annoying but if you don’t delete it it doesn’t pop up.
Okay then, you’re right there.
The government running nodes is something which can apply to any software that relies on running nodes, but hopefully there are methods that can prevent them from gathering data.
Okay, I understand all that and I think you’re right, the only thing I’m saying is that it sends messages with a proxy and it does it flawlessly (except a few times, and bugs are related more to media-messages) compared to Jami, which at least in my case, wasn’t able to use for more than 1 day, compared to Session, which I used for almost 2 months.
Well, if that were really the reason, then all these other messenger services would do the same, especially Matrix/Riot, but that is not what we see. Of course, volume is different between Signal and Matrix, but still, if it were a real concern we would see Matrix enforce phone reg. Since they don’t, I think the real reason why Signal still uses phone number reg is:
- it is because their system was built around SMS
- conspiracy reason; because Signal is in the US and the NSA wants to be able to track phone numbers. I know i know, their servers are encrypted and couldn’t possible get access to user phone numbers right…mmmm.
.
.
.
A state law enforcement agency, or intelligence service, can then force local mobile telcos to disclose the names of the persons behind those phone numbers. In the case of the Hong Kong protests, Chinese officials could get a list of people who organized or coordinated protests via Telegram.
The above is regarding Telegram, but it could, also apply to Signal.
This feels uncertain. We should be able to track if shenanigans are going on the server side.
I feel like reason number 1 is more likely. Their move to mimic FB Messenger seems to suggest they would like to meet user expectations about instant messengers in general.
If the Chinese can do it (albeit with Telegram), why do you think the NSA can’t? I think that is whishful thinking.
Read the full article and pay close attention to Nobody.
“Changing to a different app like Signal is not a viable option for us. Because the way the protestors communicate heavily depends on the support of very large groups […] in which Telegram has really good support,” Chu said.
"On the other hand, Signal and Wire groups are limited to a few hundred people, and Signal makes your phone number visible to everyone anyway.
Back on Keybase, just now in the news
How was the data leaked? Through Google’s Firebase platform. Oh, that includes Keybase too.
https://reports.exodus-privacy.eu.org/en/reports/io.keybase.ossifrage/latest/
In regard to that Signal actually has very little data. They talk about Sealed Sender. In that article they also mention a real subpoena and what they were able to offer.
For something like that Matrix would have been a better choice. The reason being is that even if the Chinese government banned a particular home server, users could just create an account on another one.
"On the other hand, Signal and Wire groups are limited to a few hundred people, and Signal makes your phone number visible to everyone anyway.
and for groups of that size E2EE isn’t helpful. The government could easily just enter the chat room and monitor conversation.
There are in fact many Chinese users on Matrix. I also believe there’s many Chinese Matrix servers operating behind the GFW, some of them not federating).
And for private, smaller conversations there is E2EE on Matrix. The cross-signing and verification is an excellent addition.
Something I would like to see is it easier to use Riot through Tor.