hhmx.de

scy

scy
@scy@chaos.social

Föderation EN Sa 01.03.2025 14:18:18

"Trying to get rid of US services" also means looking for alternatives for . (I don't intend to dump it outright, but with Signal being my main messenger for the past years, I think I should at least _consider_ other options.)

Of these(!) options listed(!) in the poll, which one(s) would you recommend?

Please don't suggest others.

64% Threema
16% Delta Chat
15% XMPP
5% IRCv3

107 Stimmen, bis Di 04.03.2025 14:19:17

0x   6   1x

nadja

nadja
@dequbed@mastodon.chaosfield.at

Föderation EN Sa 01.03.2025 14:29:07

@scy Threema is the only of these with a even slightly worthwhile E2E-Encryption, so I think it's that or bust.

0x   1   0x

scy

scy
@scy@chaos.social

Föderation EN Sa 01.03.2025 14:34:23

@dequbed messenger-matrix.de/ would disagree. Or do you have some strong arguments against OMEMO?

And Delta Chat is using OpenPGP, which would also qualify as "worthwhile E2E encryption" in my book.

0x   2   0x

nadja

nadja
@dequbed@mastodon.chaosfield.at

Föderation EN Sa 01.03.2025 14:40:48

@scy that matrix is wrong. OMEMO does not implement PFS, and Conversations implements a very old variant of OMEMO that is still using SHA-1 and not even close as secure as Threema

0x   1   0x

scy

scy
@scy@chaos.social

Föderation EN Sa 01.03.2025 14:47:18

@dequbed Guess I have some reading up to do. Thanks! ;) If you have any relevant links to throw at me, I'd appreciate it, but I think I'll also find my way around.

Maybe @joinjabber is interested in chiming in?

0x   2   0x

nadja

nadja
@dequbed@mastodon.chaosfield.at

Föderation EN Sa 01.03.2025 15:41:28

@scy I don't think I have any specific links to throw your way, even the OMEMO document doesn't claim PFS anymore.

Also, OpenPGP doesn't even attempt PFS, and for that and some additional reasons I'd rank it as even worse E2EE than OMEMO is. But then again, that ranking depends on what you threat model is.

0x   0   0x

Delta Chat

Delta Chat
@delta@chaos.social

Föderation EN Sa 01.03.2025 18:30:31

@scy @dequbed @joinjabber @sten @mxey
Delta Chat is used in, and designed for, people in repressive environments world-wide, and has some proven track record:

- a 2024 deep analysis of 's guaranteed end-to-end encryption mode from Applied Crypto Group at ETH Zuerich eprint.iacr.org/2024/918

- a 2024 security audit of @rpgp , the Rust-implemented engine github.com/rpgp/docs/blob/main

- FAQ entry on PFS delta.chat/en/help#pfs

- Six security audits overall chaos.social/@delta/1139637079

0x   1   1x

mxey

mxey
@mxey@hachyderm.io

Föderation EN Sa 01.03.2025 20:40:07

@delta “six security audits overall” but the one you link to says “Yet, the security of its protocols has not been studied to date.”. Claiming you had 6 security audits in total, when 5 of them apparently didn’t look at your protocol, in a conversation about the security of the protocol, is misleading at best.

0x   1   0x

Delta Chat

Delta Chat
@delta@chaos.social

Föderation EN Sa 01.03.2025 20:43:16

@mxey good question. Research studies are actually a different thing than security audits. So more precisely we would need to say "five security audits and one research study" and the research study is referring to the relative lack of research studies, not security audits (we don't know of any messenger that has more published security audits than ours btw).

0x   0   0x

mxey

mxey
@mxey@hachyderm.io

Föderation EN Sa 01.03.2025 15:36:14

@scy i wouldn’t categorize OpenPGP as worthwhile crypto latacora.com/blog/2019/07/16/t

It’s nowhere close to what Signal does

0x   1   0x

Stephan Neuhaus

Stephan Neuhaus
@sten@chaos.social

Föderation EN Sa 01.03.2025 16:47:53

@mxey @scy I was about to write just about the same. I'm sure that PGP (any variety) *can* be used securely, but it's just too damn hard.

The "packet" format is so useless that you could have sign-then-encrypt or encrypt-then-sign and never know which.

When last I looked (which is admittedly some time ago), PGP still supported many many now dangerously obsolete algorithms. I understand why they do that, but it's certainly not an endorsement to use it as the crypto layer for a new messenger.

0x   1   0x

mxey

mxey
@mxey@hachyderm.io

Föderation EN Sa 01.03.2025 17:16:47

@sten @scy PGP also by design cannot have perfect forward secrecy

0x   1   0x

Stephan Neuhaus

Stephan Neuhaus
@sten@chaos.social

Föderation EN Sa 01.03.2025 17:44:05

@mxey @scy PGP has so many options that I'm loath to support this statement with any kind of confidence. But in its normal use case (some hybrid encryption scheme that uses both sides' long-lived keys), that's certainly true.

0x   0   0x

David Chisnall (*Now with 50% more sarcasm!*)

David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange

Föderation EN Sa 01.03.2025 14:30:43

@scy Unfortunately, none of them is really a viable alternative and that's something that worries me.

0x   0   0x

Martin Schmitt

Martin Schmitt
@unixtippse@mastodon.online

Föderation EN Sa 01.03.2025 14:57:20

@scy Einfach mal @delta versuchen, mit den Leuten beim Congress abhängen, perfektes Konzept.

0x   0   0x

Bastian Greshake Tzovaras

Bastian Greshake Tzovaras
@gedankenstuecke@scholar.social

Föderation EN Sa 01.03.2025 14:57:33

@scy I’ve been using delta as a secondary messenger next to Signal. They are quite transparent about where they do better/worse than Signal itself. The ability to create multiple profiles (ie accounts) and use them in parallel is great, and being able to choose a server (or self-host if one prefers) is also great.

0x   0   0x

Andromxda 🇺🇦🇵🇸🇹🇼

Andromxda 🇺🇦🇵🇸🇹🇼
@Andromxda@infosec.exchange

Föderation EN Sa 01.03.2025 15:15:05

@scy They're all pretty bad. Threema has some major issues with their encryption protocol: infosec.exchange/@Fiona@blahaj

Delta Chat outright lacks forward secrecy, and also doesn't use post-quantum cryptography.

XMPP and IRC are a mess, and essentially unusable for less technical users.
When considering or recommending a messenger, always ask yourself: Would your grandma be able to use it? If she encountered some issue, would she be able to find someone, other than you, who could fix it? That unfortunately rules out a bunch of messengers.

I think best option is to use the @mollyim client for Signal. The second best choice would be @simplex

0x   1   0x

zeh

zeh
@zeh@mstdn.io

Föderation EN Sa 01.03.2025 16:01:11

@Andromxda
simplex is the most promising. federated architecture, foss and protects metadata. from there it can be improved, in terms of ui and such. i use it right now with some (non tech) friends, works well.

we need to get away from anything centralised, especially if controlled by only one entity. that means signal too.
@scy @mollyim @simplex

0x   1   0x

Andromxda 🇺🇦🇵🇸🇹🇼

Andromxda 🇺🇦🇵🇸🇹🇼
@Andromxda@infosec.exchange

Föderation EN Sa 01.03.2025 16:08:16

@zeh I agree that SimpleX is better from a purely technical standpoint, but it has very few users and still isn't as easy to use and straightforward as Signal. There's nothing fundamentally wrong with Signal, and they're constantly improving (e.g. adding PQ crypto, usernames, etc.)

There are some inherent flaws with federation/other forms of decentralization, Signal itself even has experience with that. TextSecure (the predecessor to Signal) used to federate with servers run by CyanogenMod, and it was a huge mess.
Keep in mind, there were only 2 parties in this federated network.
It becomes much worse and complicated if anyone can run a node and federate with the network.
Matrix is a perfect example of how not to do it.
It's not just leaking metadata all over the place, but there are also constant state resolution conflicts.

As good as it may sound, federation is not always the answer, and often (unfortunately) just doesn't work well enough for a messaging service that people can rely on.

0x   1   0x

zeh

zeh
@zeh@mstdn.io

Föderation EN Sa 01.03.2025 16:22:59

@Andromxda
signal is centralised and controlled by the signal foundation. they make sure no one else can run servers. they can maliciously id and map the connection graph of everyone. (even soatok admits this in the addendum here: soatok.blog/signal-crypto-revi). big, architectural, fundamental problems.

simplex seems to have cracked the federation problem by using dumb relays. works well and can grow in adoption.

0x   1   0x

Andromxda 🇺🇦🇵🇸🇹🇼

Andromxda 🇺🇦🇵🇸🇹🇼
@Andromxda@infosec.exchange

Föderation EN Sa 01.03.2025 16:27:48

@zeh

The article says:

In the absolute worst case, a totally malicious Signal Server can perform traffic analysis to correlate the IP address assigned to the messages arriving with the delivery token for a recipient.

That can easily be mitigated by using a VPN or Tor. Even using a shared IP address via CGNAT (very common on cellular networks) would mitigate this.

0x   1   0x

zeh

zeh
@zeh@mstdn.io

Föderation EN Sa 01.03.2025 16:42:12

@Andromxda
who's going to add tor? people won't know about the threat, won't know how to do it. and it's way beyond the ip, they have everyone's phone number. if the server is malicious, they can log and correlate (and be compelled to do so).
centralised systems are not under our control. they can disappear at any moment, attacked by tech or social or legal means. we can't be at the mercy of centralised systems and their owners. we should have learned this by now.

0x   1   0x

Andromxda 🇺🇦🇵🇸🇹🇼

Andromxda 🇺🇦🇵🇸🇹🇼
@Andromxda@infosec.exchange

Föderation EN Sa 01.03.2025 16:53:34

@zeh

who's going to add tor?

Those who need it.

I also figured that one could use a Signal TLS proxy as a privacy mechanism. It's usually used for censorship circumvention in countries like China, Russia or Iran, but it also works just fine for increasing privacy.
Again, the network layer is gonna be an attack vector for every messaging app.
Network-level privacy is the user's responsibility, that's how all modern systems work.

0x   1   0x

zeh

zeh
@zeh@mstdn.io

Föderation EN Sa 01.03.2025 16:59:01

@Andromxda
certainly not all modern systems. not cwtch, not briar nor simplex. (at least) these include metadata and network-level privacy in the threat model and add measures to mitigate.
simplex does that while being relatively easy to use, right now.

0x   1   0x

Andromxda 🇺🇦🇵🇸🇹🇼

Andromxda 🇺🇦🇵🇸🇹🇼
@Andromxda@infosec.exchange

Föderation EN Sa 01.03.2025 17:02:52

@zeh

Cwtch and Briar just use Tor, I'm not sure about about SimpleX. I can name another messenger with a similar approach: Session uses Lokinet, but it has some stupid integration of crypto currency, and massively reduces the security of the Signal protocol by removing forward secrecy. Soatok even wrote an article about it: soatok.blog/2025/01/14/dont-us

0x   1   0x

zeh

zeh
@zeh@mstdn.io

Föderation EN Sa 01.03.2025 17:04:33

@Andromxda so you agree, and that was not correct. many systems address net privacy and metadata protection, not just leave it for the user to contend with.

0x   1   0x

Andromxda 🇺🇦🇵🇸🇹🇼

Andromxda 🇺🇦🇵🇸🇹🇼
@Andromxda@infosec.exchange

Föderation EN Sa 01.03.2025 17:07:48

@zeh No, what I'm saying is that neither Briar, Cwtch nor Session actually solved the issue, they just mitigated it by using some form of a mixnet. You can do the same on Signal, but it will make the UX a lot worse. There's a reason why not everybody is using Tails OS or the Tor Browser. Sure, it solves the network privacy issue, but the UX sucks.

0x   1   0x

zeh

zeh
@zeh@mstdn.io

Föderation EN Sa 01.03.2025 17:12:11

@Andromxda they addressed the issue by using tor underneath. the users won't have to do it by themselves, contrary to your claim.
simplex uses an unidirectional routing system that provides some protection and then makes it easy to route through tor, on top.

in any case, my argument was about centralisation and the very serious problems it brings in.

0x   1   0x

Andromxda 🇺🇦🇵🇸🇹🇼

Andromxda 🇺🇦🇵🇸🇹🇼
@Andromxda@infosec.exchange

Föderation EN Sa 01.03.2025 17:51:22

@zeh

contrary to your claim

This is not true. I never disputed that Briar, Cwtch and Session route the traffic through mixnets by default.

makes it easy to route through tor, on top

Not a unique advantage of SimpleX, you can also route Signal through Tor just fine.

The exact same article you linked to also notes that:

That isn’t to say that federated encrypted messaging apps cannot ever meet the bar set by Signal. But they should focus more on improving their use of cryptography than weak arguments about jurisdiction or data sovereignty.

Signal provides top-notch cryptography, great usability, as well as a large userbase. Network-level privacy is each user's own responsibility. Imagine if every single app on your phone that makes network connections had its own VPN/mixnet client. The UX and battery life would be horrendously bad. This is exactly why all modern operating systems offer an API that makes it easily to globally connect to a VPN. Some VPN clients even allow you to only route specific apps through the tunnel, if that is what you desire. Commercial VPN services are becoming more and more popular, and almost every user has at least heard of them. Most people just don't use one, because they simply don't need it. The situation is very different in countries with heavy internet censorship like China, Russia, Iran, Saudi Arabia, etc.

0x   1   0x

zeh

zeh
@zeh@mstdn.io

Föderation EN Sa 01.03.2025 18:14:04

@Andromxda
contrary to your claim that i had pointed out, this one: "Network-level privacy is the user's responsibility, that's how all modern systems work."

you are trying to minimize the importance of centralisation and metadata protection. i think it should be clear that everyone needs it, especially in these times of rising fascism, and that it should be part of secure messaging systems. you don't. ok.

0x   0   0x

Jan Vlug

Jan Vlug
@janvlug@mastodon.social

Föderation EN Sa 01.03.2025 15:46:31

@scy Have a look at the clients for @matrix

0x   1   0x

scy

scy
@scy@chaos.social

Föderation EN Sa 01.03.2025 16:27:06

@janvlug I don't know how to spell it out even more than in the original post. Blocked.

0x   0   0x