Selecting a secure messenger
04-10-2021
Lately secure messenger have been becoming more popular because a certain
rich guy tweeted about one. Many have since hopped on the secure messenger
hype-train. Which one should you choose though? Should you choose the most
popular one? The one Musk promoted? Or maybe the one you are already on is
secure enough? Let's see.
Before we start, know that there's no perfect solution, everything will
have some kind of problem and even if it doesn't humans are still in the
equation so mistakes will always be present. Despite that there are
obviously applications that are superior than others and the criteria are
as follows:
- Is the app open source?
- How does it make money?
- Does it have end to end encryption and how good is the encryption?
- What is the jurisdiction?
- Does it have forward secrecy?
- Is it decentralized?
- Can you sign up anonymously?
- Is it end to end encrypted by default?
- Does it leak metadata?
- Has an audit been done on it?
Let's examine those a bit more carefully.
-
The app being open source allows for one to look at the source code and
validate that the app does not do anything spooky like send your messages
directly to microsoft.
-
If the app makes money by selling your data obviously it's not good,
something like donations is way better.
-
Some applications don't offer e2e encryption, only client to server
encryption which allows the server to read all the messages, something
that is not favourable, or maybe it does have e2eE but it's weak. An
example is telegram which had developed it's own encryption standard and
has been heavily criticized for flaws and poor security.
-
The jurisdiction of the app is important as if it's based in a country
with heavy anti-privacy laws the devs might be forced by law enforcement
to hand over user data or implement a backdoor.
-
Forward secrecy means that if a hacker can somehow acquire the key of a
message and decrypt it he wouldn't be able to decrypt the next message
using the same key, which makes encryption even stronger.
-
Decentralization is the concept of no central authority controlling the
network of the app. This is good for the reason that if the entity that
controls the 1 and only server of a centralized app decides to censor
someone they can do so freely. On xmpp for example anyone can host their
own xmpp server which is very good.
-
Anonymity is really important to privacy and security, however phone
numbers and emails can link you to your identity. Services that advertise
themselves as privacy respecting yet require a phone number, are really
suspicious.
-
Many users use the defaults, like windows which is preinstalled to every
machine, many people still use internet explorer, why? Because it's
preinstalled on their machine. For the same reason my will not use e2eE
if it's not on by default.
-
Metadata is data about the actual data like time, location, sender,
receiver etc. Metadata might not sound bad but it can actually be deadly,
you can construct relationship maps only with metadata, guess pretty
accurately the contents of a message just by looking at the dates and the
2 people between. For example if the 2 people are indian and the message
was sent in the morning then the content is probably one of their
infamous good morning messages.
-
Lastly audits are really useful because they are actual tests done by
experts that tell you if the app is secure or not.
Based on the criteria I layed out the best messenger would probably be
Briar. However Briar is very user unfriendly, it lacks a lot of features
and is hard to use. It's still highly recommended though, you can't get
more secure that Briar. What I personally use is XMPP, the only criteria it
doesn't meet is that not all clients had an audit performed on them and a
bit of metadata can be viewed. Matrix is also ok but more metadata is
leaked and it's not completely decentralized as the matrix.org server
pretty much gets a copy of all the messages, still encrypted though.
Session is another pretty good recommendation the cons of it are: no
forward secrecy, based in autstralia which has some pretty bad privacy laws
and many have criticized it for being built on top of blockchain. Last
suggestion is Deltachat which is a client for email that encrypts your
emails and displays them to you like instant messages. Cons are metadata
leaks because email, and no security audit.
Why I don't like signal
Signal is what many decided to adopt, it's probably the most user friendly
secure messenger. I don't like signal because it needs a phone number, is
centralized, is in the US which is a part of the 5eyes and it's developers
have displayed some shady behaviour. More concretely the source code for
the server was not updated for about a year and then the developers dumped
a year's worth of updates in a day. They do not allow third party clients
or servers and don't have the app in the fdroid store, saying it's more
secure this way which is not true. Lately there was word about integrating
a crypto coin to signal which was created by the ones behind signal wishing
to make a profit. You can still choose to use it but this is my stance on
it and why I don't want to use it.
TLDR
Use Briar if secrecy is your #1 priority followed by Xmpp and
Deltachat and last place matrix and Session. Don't use telegram and signal.
Obviously the results are my opinion, choose what you want to use but I
hope this will help you to make an informed decision.
Links