lets talk about instant encrypted synchronous communication lain. what are some you use? which ones would you never use? should you trust your life on any of them? p2p or decentralized? how do "chat bots" fit into all of this? where do we draw the line between anonymity and convenience? how do we deal with metadata?
starting with a nice long list and some of their drawbacks
- without a doubt first class in secure instant messaging clients at the moment.
centralized server, closed source
requires a phone number to register
only able to contact people through phone numbers
desktop client is a chrome app
file transfer and group calls aren't encrypted
- arguably just as good as signal, but doesn't have the backing of moxie
centralized server, closed source (soon to be open source)
requires either a phone number or email address to register (both if you want access to the desktop and mobile clients)
desktop client is an electron app
- a closed source client that is still fairly popular (i haven't used this client so i can't say very much about it)
centralized server, closed source client & server (encryption protocol is open source)
- protocol of "the future" still in alpha and under active development
no e2e by default (being worked on currently)
riot is based on electron, mobile app leave much to be desired
XMPP + OTR https://xmpp.org/
encryption is just a plugin and isn't baked into the protocol (im not sure how much of a problem this is)
"Encrypted" messengers that you should avoid:
Encryption protocol is known to be broken, since it is home baked and not made by cryptographers. E2E is not enabled by default.
This is Facebook. e2e may be working, but your data is still being harvested and sold to advertisers and/or used by Facebook. They own the client. They can do whatever they want with the data once it's unencPost too long. Click here to view the full text.