Instant Messaging page updates

[Perelandra0x309]

Description

Resolves: #948

Here is my proposal for changes as discussed in #948

Overview of changes:

Add criteria to cards with details. This would be nice to show an overview of how an app adheres to each category, and give a chance to briefly explain any concerns.
Open Source
Cross Platform
Ease of Use
Privacy Respecting
Prevents Mass Surveillance

Add Threema, Wire and WickrMe as cards

Make securechatguide.org link into two links to the EFF and Features Matrix pages

Combine all XMPP clients into one list under the "Worth Mentioning" section

Add Briar, Keybase and TwinMe to the "Worth Mentioning" section

Create a separate "Experimental and Beta" section

[netlify]

Deploy preview for privacytools-io ready!

Built with commit 6163730

https://deploy-preview-951--privacytools-io.netlify.com

[blacklight447]

Would add another field for anonymity and one registration information.

[Mikaela]

I disagree with removing Threema from this list. Also could this have alphabetical order or are they in some obscure order of which is the least worst? Personally I have also started calling WhatsApp as Facebook WhatsApp (note the nonbreakable white space).

[Perelandra0x309]

Even if Threema doesn't get added as a recommendation, I don't think it deserves to be grouped together with the likes of Viber and Messenger. Threema is always encrypted using elliptical curve and XSalsa20 protocols.

[Mikaela]

Threema is always encrypted using elliptical curve and XSalsa20 protocols.

How can this be confirmed if it's not open source?

[Perelandra0x309]

Please see https://threema.ch/en/blog/posts/audit19en for audit information.

There is also https://threema.ch/validation/ which provides instructions on how to compile a suite of applications that will let you decrypt a Threema data backup (using the password that you encrypted the backup with when creating it) to extract the encrypted messages and your private Threema key. Then with the NaCl library installed on your system (which is what Threema uses) you can use your private key to decrypt ciphertext from your backup.
I have not seen any other non-open source application provide this amount of resources to examine what the application is doing and how it encrypts messages.

Another meaning of "always encrypted" that I mean is that there is no option in the application to choose to send an unencrypted message, so there is no change of sending a message in clear text by accident. That is not the case with the other apps.

[Mikaela]

Why remove Mobile?

[Perelandra0x309]

Cards have been grouped into sections: "Mobile Devices", "Mobile and Desktop" and "Desktop". Some people just need messenger apps to be on their phones, others need them on both a mobile device and their desktop, so I think it is good to make some distinction between those that have the capability to be on both. Signal is under the "Mobile Devices" section so having the "Mobile:" in front of the name is redundant.

[Perelandra0x309]

If we only have 3 apps as we are seeming to be leaning towards then these categories probably aren't necessary.

[Mikaela]

Isn't it still Android & iOS? I last used Signal desktop today and it wanted linking to my phone by scanning a QR code, so I wouldn't call it as cross-platform, maybe `Android & iOS + X remote clients).

[Perelandra0x309]

Yes, it does only link to your Android/iOS mobile device from the desktop clients (Mac, Windows and Linux). Those 5 platforms were already listed on the original version of the page so I just followed what was already there. So the desktops are a bit of a grey area- not full clients, but they do allow the use of Signal on a desktop. So do clients that require or link to another platform count as a platform?

[five-c-d]

You have to have (exactly) one master-device, which is always going to be either signal4android or signal4ios, in order to install signal4desktop, but not to actually use signal4desktop (i.e. once it is installed).

gory details

The reason is because some functionality is only available within the smartphone-apps, in particular, registration requires the ability to receive inbound SMS or inbound robocall which signal4desktop doesn't do -- because laptops tend not to be able to get inbound SMS/PSTN. You also need signal4smartphone if you want to make and receive cryptocalls, signal4desktop does not have that yet -- because again, laptops tend to be a much worse UX versus desktops.

If you are like me though, you install signal4android, then link signal4desktop running on your choice of Linux distro ... after which you can pop the battery out of your smartphone and signal4desktop will work just fine. You cannot do this permanently but signal4desktop is definitely not some kind of "remote control of the phone" type implementation, which is how whatsapp functions for example.

People that are serious about not having a smartphone as their upstream-device, can use the unofficial github.com/AsamK/signal-cli as a workaround: register that as your master-device, and then link the (official) signal4desktop client to your (unofficial) sig4cli master, and you need never leave your laptop. If you want cryptocalling from your laptop, you can also install android into a VM, and then install signal4android into the VM. It is a bit tricksy to link signal4android-in-a-VM on your laptop, with signal4desktop running on the SAME laptop, because it is tough to QR-scan your own screen, but there are ways to skin that cat.

Signal4desktop has some downsides, the main ones being A) it uses a few hundred megs of RAM because it is an electron-based app for ease of portability, B) you have to switch gears and use signal4smartphone if you want to cryptocall or perform groupchat-management or a few other such platform-parity things, C) there are not yet any real keyboard-shortcuts available. But it works fine with texting, file-transfer, voiceNotes aka audio-recordings as a kinda-sorta-substitute for cryptocalls, and most other messenger-type-things.

Whether the signal4desktop quasi-standalone slave-device "really counts" as cross platform or not, depends on your definition. To me, signalapp is linux-compatible (works on LineageOS+GrapheneOS and works on Debian+Ubuntu officially as well as Fedora+Arch+etc "unofficially"), and that is what really matters, but YMMV. Wireapp has "officially unofficial" Linux support, but some people prefer that.

[Perelandra0x309]

Since you can't have an official standalone desktop install I would not count that as a platform. I don't use Signal much even though I have it installed since I don't like giving out my number and I haven't used the desktop client.

[Mikaela]

If you are like me though, you install signal4android, then link signal4desktop running on your choice of Linux distro ... after which you can pop the battery out of your smartphone and signal4desktop will work just fine.

Do you have a link to documentation or something about this? Regardless I would still find calling it as cross-platform misleading as the user still needs Android/iOS for similar setup and if Signal Desktop would work after death of my smartphone, it would still seem like a temporary measure until I got a new one.

[five-c-d]

Replied over at #967 with links/etc, but can report from personal anecdata, it works just fine :-) Definitely does require some kind of master-device-running-android though, or an unofficial workaround like github.com/AsamK/signal-cli or android-in-a-VM if you want to PURELY operate from a laptop, not just 99% from the laptop

[Mikaela]

👎 for not being open source.

[Perelandra0x309]

On the contribution guidelines "Ease of Use" is listed as being most important, and Open Source is # 4 on the list and is "preferred but not required". Threema is partially open source.

[five-c-d]

Portions of it are open-source, but yeah, most of it is not, and because charging endusers to join is the business-model, pretty much never has a hope of that either.

To me though, the detail of "does not require any personal information to sign up" seems wrong... don't you have to enter a credit card number, or something, to sign up? You are issued a threema hash-num, so you don't have to give out personally identifiable details to USE threema, but you do have to pay, right? I assume they accept Monero or zCash or whatever, but 99% of everyday endusers are not going to do that, instead they will just use Visa or Amex, doxxing themselves in the process.

To be clear, I'm not saying that Threema folks retain such details, just, that the majority of everyday endusers will give out the sensitive details during the payment process. To me this is a downside, over and above the difficulty of convincing folks to pay for something the marketplace has convinced them ought to be free-as-in-beer

[Perelandra0x309]

If you get the app through the Play or Apple Store then those companies process your payment, not Threema. Threema just knows that you paid somehow and you have a valid registration from Google/Apple. You can also purchase it direct on their website with Bitcoin or PayPal. You can also get a registration code as a gift, you don't have to prove you paid for the license you have by verifying an email or anything.

[ghbjklhv]

@Perelandra0x309 Privacytools.io is tasked with listing the best in privacy, not all.
Software freedom can be just as important as ease of use.

[ghbjklhv]

If you get the app through the Play or Apple Store then those companies process your payment, not Threema. Threema just knows that you paid somehow and you have a valid registration from Google/Apple. You can also purchase it direct on their website with Bitcoin or PayPal. You can also get a registration code as a gift, you don't have to prove you paid for the license you have by verifying an email or anything.

Unless, they have solved the decades long issue of taking payments and staying private then it is still a privacy violation.

IMHO, Apple and Goggle Play violate privacy and freedom therefore paying through them may be worse.

Donation-only services respect privacy and in many cases allow you to create burner accounts. Which can protect your privacy further. :)

Other services implement pay-what-you-want and just use the honor system for verifying you actually paid when connecting. Payment is not linked to account in any way.

[Perelandra0x309]

Software freedom can be just as important as ease of use.

Yes it can be, but that is not the philosophy of this website. https://github.com/privacytoolsIO/privacytools.io/blob/master/.github/CONTRIBUTING.md states:

Software Criteria
Easy to use. Could your mother use that tool or service? Usability is most important.

I'm just asking if being not open source is a disqualification, which it does not seem to be. Again quoting:

Open Source / free software is preferred but not required.

Donation-only services respect privacy and in many cases allow you to create burner accounts. Which can protect your privacy further. :)
Other services implement pay-what-you-want and just use the honor system for verifying you actually paid when connecting. Payment is not linked to account in any way.

What you are talking about is being anonymous. That is different than privacy. This site is focused of protecting what you do or say (privacy) not who you are (anonymity). So discussions about whether a certain service knows that you specifically paid for their product isn't really relevant to the philosophy of this site as I understand it. If that is not the sase then the criteria as stated needs updating.

However this thread is getting away from the original comment about Threema not being open source. I can understand not wanting to include it as a card, as I have written before it is not something others want so I am willing to remove Threema as a card.

[Mikaela]

I think you forgot to change these two lines while copy-pasting?

[Perelandra0x309]

Oh, yup.

[Mikaela]

I need to read this at a better time to comment.

[Mikaela]

(sorry, the better time is not now)

[Mikaela]

Ok, this is probably the third time I read my previous two comments so now it's on my actual todo list, I probably won't remember it otherwise.

[Mikaela]

I hear from iOS users that ChatSecure has issues with notifications and Monal is more often recommended.

[Perelandra0x309]

It could be, iOS isn't my primary system. I installed Monal on a test device and logged into one xmpp account, then sent a message to that account from another account but I didn't receive it in Monal but did get it in Conversations on a 3rd device.

[five-c-d]

I have heard the same (from the interwebz rather than from actual XMPP-on-iOS endusers however). But there are sometimes compatibility issues when you want Monal + OMEMO + ability to talk with people on non-Monal platforms, rumor has it?

[Mikaela]

I am having no issues OMEMOing from Gajim and Conversations to Monal user (or vice versa), but I will ask my contact to comment here.

[Spydar007]

Hello. ChatSecure does indeed have issues with notifications: they are not reliable and seem to only come through sporadically or when the app is opened. However, I have also had issues with Monal being able to upload images (and I believe this is a bug in the way it requests access to Photos on iOS), and ChatSecure is also unable to deal with images correctly.

I should mention that I run the betas of both these apps but I don't think these particular issues are specific to the betas, and these issues could also be an issue with my own server installation.

I'm not aware of any "compatibility issues when you want Monal + OMEMO + ability to talk with people on non-Monal platforms".

I think you are probably best to link both ChatSecure and Monal because they are both viable options for iOS users and are both actively developed.

[five-c-d]

Ah, sorry I was misremembering. Monal is the one which has full OMEMO support, there are still some things missing in ChatSecure (and Zom-derived-from-ChatSecure-as-opposed-to-NewZom-derived-from-MatrixOrg). http://omemo.top/ lists Monal at 100% OMEMO support, but ChatSecure is stuck at ~75% support. (Zom is listed as "100%" but I suspect that refers only to zom4android which formerly was a soft-fork of ConversationsIM, if I understand things correctly.)

So my question is, should privacyToolsIO list Monal, instead of zom4ios and chatSecure? I don't think we want to list every XMPP client, we just want to list the ones that everyday people might actually need/want as their "best overall option" for the platform in question:

• ConversationsIM from FDroid,
• Monal for iOS,
• Gajim for desktop, and maybe also
• Converse.JS for webapp

would be my "only from reading the interwebz not from actual experience" recommendations. Dropping chatSecure because it has less-than-full-OMEMO (plus notifications-problems apparently), dropping Zom because they are switching to Matrix-architecture, dropping ConversationsLegacy because (why is it on there still? honest question), dropping ConversationsPlayStore because why encourage paying when we can encourage FDroid, and only mentioning four XMPP apps because four is a lot of things to need to mention! :-)

[Mikaela]

My list of mostly personal experience is from https://github.com/privacytoolsIO/privacytools.io/issues/60#issuecomment-471736220 and I hear Dino recommended for beginners more often than Gajim even if Gajim is my personal choice.

Worth mentioning: Disroot has usage instructions for multiple XMPP clients mostly including screenshots.

• https://howto.disroot.org/en/communication/chat

[five-c-d]

Dino is Linux-only, and not 100% OMEMO though, right? Whereas Gajim is cross-platform and 100% OMEMO, so to me the only one WorthMentioning here on privacyToolsIO is Gajim, because it is the more privacy-respecting and more cross-platform choice.

The disroot helpdoc is about chatting and not about privacy: "SASL and TLS has been built into the XMPP core and E2E encryption can be implemented". I think that privacyToolsIO should only recommend IM clients that actually implement end2end crypto, preferably on-by-default. People that are the readership of privacyToolsIO will want

1. chat-clients that give them solid privacy and

2. something that runs on their existing platform AND the existing platforms of all their contacts.

With care, XMPP gives a reasonable amount of privacy, if you run your own ejabberd/prosody to shield metadata, and if you pick clients with full OMEMO support, and if you configure everything such that OMEMO is always used correctly (with somewhat-well-vetted crypto implementations).

The vast majority of XMPP clients are legacy options which don't fully support end2end crypto, or unfinished projects that have yet to fully implement OMEMO, and those are ones we should not be listing at all. That's my strong opinion anyways :-)

[Mikaela]

Dino is Linux-only, and not 100% OMEMO though, right?

https://omemo.top/ links to dino/dino#36 which is closed and I don't know what they owuld be missing. They are Linux-only though.

[Perelandra0x309]

I tried Monal again and got it working to message my other accounts on Conversations.

[Mikaela]

I would prefer linking to https://conversations.im/ instead of Google and mentioning https://f-droid.org/packages/eu.siacs.conversations/ for users who cannot get over the price.

[Mikaela]

Oh and I think it's OpenPGP with a capital O, but I need t ocheck.

[Mikaela]

Correct, OpenPGP is written with capital O judging by https://www.openpgp.org/

[Mikaela]

I don't think OTR should be recommended anymore as there are platforms with better E2EE by default.

[Perelandra0x309]

OK, that link was on the original page.

[Mikaela]

I wonder if https://github.com/privacytoolsIO/privacytools.io/issues/740 should reach concensus first?

[privacytoolsIO]

Thanks for your work on this. I'm willing to add the suggested new messengers and adopt to the new sections, but this code cant be published currently. Our descriptions aim to be brief, and we use icons to show if its open source or what platforms are supported. Your long descriptions dont match with the rest of the website.

[Perelandra0x309]

@BurungHantu1605 this reply didn't show up below your post:

Thanks for your work on this. I'm willing to add the suggested new messengers and adopt to the new sections, but this code cant be published currently. Our descriptions aim to be brief, and we use icons to show if its open source or what platforms are supported. Your long descriptions dont match with the rest of the website.

Do you mean this part?
Open Source: Yes Cross Platform: 5 Platforms Ease of Use: Easy Privacy Respecting: Yes (but does require a phone number) Prevents Mass Surveillance: Yes for Signal messages, No for regular SMS messages

Since it seems Open source is pretty much across the board, and the platforms are shown by icons what if we just use the last 3?

[Perelandra0x309]

Cards have been grouped into sections: "Mobile Devices", "Mobile and Desktop" and "Desktop". Some people just need messenger apps to be on their phones, others need them on both a mobile device and their desktop, so I think it is good to make some distinction between those that have the capability to be on both. Signal is under the "Mobile Devices" section so having the "Mobile:" in front of the name is redundant.

[Perelandra0x309]

Yes, it does only link to your Android/iOS mobile device from the desktop clients (Mac, Windows and Linux). Those 5 platforms were already listed on the original version of the page so I just followed what was already there. So the desktops are a bit of a grey area- not full clients, but they do allow the use of Signal on a desktop. So do clients that require or link to another platform count as a platform?

[Perelandra0x309]

On the contribution guidelines "Ease of Use" is listed as being most important, and Open Source is # 4 on the list and is "preferred but not required". Threema is partially open source.

[Perelandra0x309]

Oh, yup.

[Perelandra0x309]

If you get the app through the Play or Apple Store then those companies process your payment, not Threema. Threema just knows that you paid somehow and you have a valid registration from Google/Apple. You can also purchase it direct on their website with Bitcoin or PayPal. You can also get a registration code as a gift, you don't have to prove you paid for the license you have by verifying an email or anything.

[Perelandra0x309]

Please see https://threema.ch/en/blog/posts/audit19en for audit information.

There is also https://threema.ch/validation/ which provides instructions on how to compile a suite of applications that will let you decrypt a Threema data backup (using the password that you encrypted the backup with when creating it) to extract the encrypted messages and your private Threema key. Then with the NaCl library installed on your system (which is what Threema uses) you can use your private key to decrypt ciphertext from your backup.
I have not seen any other non-open source application provide this amount of resources to examine what the application is doing and how it encrypts messages.

Another meaning of "always encrypted" that I mean is that there is no option in the application to choose to send an unencrypted message, so there is no change of sending a message in clear text by accident. That is not the case with the other apps.

[Perelandra0x309]

If we only have 3 apps as we are seeming to be leaning towards then these categories probably aren't necessary.

[Perelandra0x309]

I tried Monal again and got it working to message my other accounts on Conversations.

[ghbjklhv]

I am personally against recommending any proprietary software.

Services should be transparent and proprietary services are inherently a black box.
Promoting decentralized and transparent services over non-free ones can be vital.

More info:
https://www.fsf.org/campaigns/priority-projects/voicevideochat
https://www.fsf.org/campaigns/priority-projects/decentralization-federation