Chat Apps, Government Ties, and Transparency

I still stand with Signal App.
Telegram has no default E2EE.
Threema's encryption was compromised .
Threema & Telegram both are for profit companies.
Signal is non-profit & all their source code + finances are public. Even their server codes are publically available
- Even their server codes are publicly available
  Last I checked, their provided server code lags behind their production server, so you rarely get to see the current version. However, that's kinda the point of E2EE, is you don't have to trust the server.
  
  And one can always self-host or use a different server.
- I gladly donate it month to Signal. Love my freedom of speech

I can't believe people are saying Telegram and Threema might be better than Signal. Signal isn't perfect but Telegram and Threema are worse.
- Because we keep saying Signal, Telegram, Threema instead of Anti-Libre Software, Service as a Software Substitute and Centralised.
- It really depends on your use case. Most of my simple chat messages are the same as I would have in any public space. I have no need for encryption, I have need for convenience in that regard. With Telegram I have my chat history on all devices and don't need to use my phone to connect which are two must-haves for me. For my use case, Signal is the worse option. That doesn't make Signal bad, just not suitable for me.
  As a privacy-concious person I am very much aware of the non-secure nature of my chats, but since that is not a factor of consideration to me when it comes to casual chats with a few friends and family members. The worst thing Telegram could do is analyse my chats and ... then what?
- Signal is not applicable when you need a public space for people to just have a discussion, like in discord. Signal clients are clunky and rely on cross sync from what I see, while telegram clients are well made and convenient to use. Even Whatsapp went away from electron so I'd choose it over signal any day.
  
  Have you tried Signal recently? On Android it's very well polished.
  In fact I believe it's a shame that not more people use such a beautiful app, regardless of privacy and security implications.
  
  Signal clients are clunky
  Obviously you have never used Element for matrix. Signal is like a Ferrari in comparison.
  
  Matrix would work for that and would avoid proprietary software and sketchy companies
- Signal is much worse than Telegram (in terms of privacy)
  
  Please give several reasons why

Man, everyone is hopping on the Trash Signal Bandwagon, even though TG is less secure, and nobody (the 99%) uses Threema.
- Don't forget Threem encryption was broken. Threema is not free
- It's called disinformation and psychological warfare. How else attack E2EE, libre software?
- I'm wondering if something interesting will fall off the truck this time :D
  Context: before that blogpost, cellebrite claimed they can "hack" signal (or they were kinda closer to the truth, and that was media talking abt hacks without reading stuff)

- Session is also sus because you effectively cannot host a node, last I have seen. They claim it is "against a Sybil attack" but all it does is making sure only people wih large disposable funds can have nodes, and the effect might be the exact opposite.
  Simplex is more interesting in this regard because while I am concerned with initial centralization (the default servers), they made hosting your own easy. But I personally stick with imperfect yet trusty XMPP.
  
  SimpleX is great. BUT it's not user friendly. Thus general adoption for the average user will be hard. Don't get me wrong using the app itself is easy but as soon as someone switches their phone that doesn't have technical knowledge they will loose their chats because they won't understand the concept of moving their DB. Since you don't have an identifier like a phone number with SimpleX those people could even lose contacts as a whole since they generate a new DB, hurting their social connections.
  That's the reason I personally never recommend SimpleX to anyone who doesn't have the technical knowledge to understand stuff like that.
- It has had some suspicious funding sources
  Wait until you find out where computers, the Internet, GPS, weather satellites and Tor came from.
- suspicious funding
  Which lines of its libre software source code are malicious?
  requires your phone number
  It's centralised
- It requires your phone number
  Not anymore, right? Or does it still need your number for signing up?
  
  Just to sign up
- Signal no longer requires a phone number. You can now create an account. Not sure if that helps your outlook on it, but yeah. It was a fairly recent update that this was rolled out.
  Edit: being told we still do need numbers to register. I haven't gotten a new phone since well before the change was made, so I haven't actually created an account and gone through the process. It looks like I misinterpreted what was going on when I read the changelog.
  
  Last I have seen, it still requires a number to register - it just doesn't have to be public.
  What gets me the most is the requirement of a smartphone to register. No way I am trusting my non-public chats to a phone, so that means either Waydroid/VM (which creates issues with copypasting) or signal-cli (which is fairly inconvenient).

Discord/WhatsApp
Anti-Libre Software (fails to include AGPL license file: bans us from removing malicious source code) 🚩🚩🚩
Telegram/Threema
Libre Software ✅
Service as a Software Substitute (app needs service and we are missing server software for it: broken app) 🚩🚩
Signal
Libre Software ✅
Self-Hosting (still needs service from us) ☑️
Centralised 🚩
~~Needs phone number~~ Centralised
~~Suspicious funding~~ Which lines of its libre software source code are malicious?
- Yes, app does not work without service and we are missing server software to serve this service it needs: broken app. Threema is SaaSS.
  
  The server / backend is not open source. Even though it's audited that's a red flag.

Signal is currently the best middleground between security, simplicity and widespread adoption.

how has no one discussed matrix here
- Unable to decrypt message
  Unable to decrypt message
  Unable to decrypt message
  Unable to decrypt message
  Unable to decrypt message
  Unable to decrypt message
  ...
  
  That must mean it's working! :D
- I don't get it at all. There are plenty of platforms like matrix, xmpp, simplex that don't require phone numbers tied to your identity. Signal has somehow managed to convince people that it's a private platform, despite it being a US hosted service that requires phone numbers.
  
  It's a Google hosted service, which is arguably worse because they may as well be a nation-state unto themselves.
  
  Who have they convinced that it is private? I think it has more to do with the overall purpose of the platform. Signal is not made for large group chatting with strangers like Matrix.
  
  Say the US government, in a worst-case scenario in which it constantly monitors all traffic that goes through Signal’s data centers, can ‘only' see phone numbers, IP addresses and timestamps, right? Or am I forgetting something here?

both suck when it comes to real hardcore privacy! Signal is surely a bit more private/secure/whatever, unless maybe you count in the US jurisdiction.
if you want hardcore privacy and security, use SimpleX. it's cutting edge.
- Also Tox, Briar, Session etc.

Nicely written article and a good read! However I had not heard of Threema before. It looks like a promising messaging app itself, anyone use it?
- It's relatively popular in DACH countries.
  I use it sometimes. It has its fair share of issues, and the back end is not open-source, but it is OK for the most part. Main benefit is that you don't need a mobile number to sign up.
  But if you are looking for an alternative IM to use with friends and family, I would rather suggest XMPP, specifically Snikket.
  
  Cool thanks!
- I am using it to communicate with 3 people (our common ground as I don't have an iPhone and don't use Whatsapp).
  A few years ago it felt a bit ruff and awkward to use, but many updates later it is as fluent as any chat app.
  The security feels ok. Of course it would be a lot better, if they would open source their code.