Private messengers: what to look for and my top alternative to Signal
32 sats \ 2 comments \ @mikethemaxi 10 Mar tech
Private messengers: what to look for and my top alternative to Signal
There are many instant messengers to choose from on the market and most of them come with some promises of privacy and end-to-end encryption. They throw at us some technical jargon, mention some sort of security protocol and, of course, win everybody over with the famous "military-grade encryption" pitch.
What does it all even mean? Is this all true? Can we trust those sorts of statements? As the famous saying goes: "Don't trust. Verify."
I'm a big proponent of people doing their own due diligence. Digging as deep as possible. Never to trust things at face value. Heck, you shouldn’t even trust this article. Take this as a simple call to action to do your research after reading it.
For me, there are a few decisive factors to keep in consideration when choosing a particular tool like a private messenger.
Mind you, this is not a fool-proof system. There isn't a perfect private and secure instant messenger out there. However, in this ongoing battle for privacy, we can surely improve our fighting chances.
If you're in the camp of those preaching that your life is an open book and you have nothing to hide, just remember the famous wise words of Edward Snowden: "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."
It seems to me that every generation after GenX doesn't appreciate what we fought so hard for not so long ago: freedom of speech, democracy, independence, justice, rule of law, equality and, of course, privacy. I recent history, some European countries lived under authoritarian regimes. There was no privacy. There were undercover government informers at every corner, and it was a crime to meet up with your friends in public due to fears of conspiracy or mutiny.
Privacy is a true achievement for modern Democracies. It is a Constitutional right for most developed countries. In fact, privacy is even deemed a pilar of our society, an inherent and inalienable human right protected under Article 12 of the Universal Declaration of Human Rights, which reads as follows: "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."
Therefore, if for no other reason, it is at least our duty to ensure that we play our part in maintaining privacy in our communications, in our correspondence.
Let's face it. Most days you'll only be sending out heart emojis and sharing funny memes. Artificial Intelligence systems used by surveillance agencies will probably filter those out. Heck, even if your meme gets red-flagged, you'll probably bring some joy to the poor analyst asked to review your messages.
Still, that's not the point. The point is that no one should be getting access to what you're assuming to be a private message. The point is that you shouldn't be profiled as someone endorsing whatever message you receive or send out.
So, what are the important factors to consider when picking the right option for you?
The program or app should be open source. It should be audited by credible and independent third-party entities. It should publish transparency reports or have a warrant canary system in place.
Being open source means anyone can see the code and examine if the tool is indeed programmed to do what it says it does. Are there any concerning or weird pieces of code that could suggest the existence of a bug easily exploitable by hackers or is a backdoor system in place? Is the assembled program that you are installing compiled from the source code available publicly by its developers without any interference or changes? Do you want to build it from source yourself? In short, this guarantees that you are not being duped by empty promises of greatness from the developers or from the company behind it. If the code has been audited by a reputable entity, that means it has a stamp of approval from real experts. You see, being open source is great, but not all of us know how to interpret the code in search of potential bugs and other problems. That's when these third-party auditors become really useful. It gives us more piece of mind. Just remember that, for extra security, it is always best to check if the auditor analysed the current version we're using. If the review was conducted 2 years ago and there have been a lot of updates since then, maybe lots of problems have been created in the meantime and remain undetected. Regular audits are a must.
If the developers publish a transparency report or some sort of warrant canary on their website or social media, that's a very good sign too. This will basically inform you if the people behind the platform have been issued any type of court order to provide information about its users, thus potentially compromising its privacy. The canary is usually a real-time alarm indicator used by many as a graphical depiction of a bird which disappears automatically in case they receive a shady request.
Lastly, don't fall for the military-grade encryption rhetoric. It's misleading. Without going into much detail, this just means it follows the same cryptographic standards that have been around for years. It's highly likely that even your web browser right now uses it to communicate with a lot of sites. Those messaging programs aren’t jumping through hoops and loops to offer you something unique.
So, what could you use as a better alternative to Signal? I particularly like “Element X - Secure Messenger”, and simply love “Session - Private Messenger”. Element is a well-known matrix.org client that works well with iOS. For me this is a perfect alternative to Telegram. It's a decentralized chat client interacting with everyone on an open network, regardless of the app the others are using. You can even self-host it if you don't want to use someone else's server. More than a chat app, it gives you the opportunity to join communities discussing different topics. It ticks most boxes for me, but I'll spare you from a boring review. There are countless great reviews all over the Internet and it's pointless to make yet another one replicating what everyone has already said. Have a look at https://element.io for more information and give it a try.
Session has to be my absolute top pick and I've started converting a few people already. It's a bit buggy, I'll admit it. But it has been working well for me even in video calls between iPhones and Windows computers. There are also a lot of reviews out there about this one. You should definitely look at those and also visit https://getsession.org. However, I think it merits here at least a quick description. Session uses a network of user-operated servers all over the world. Messages are completely anonymous, and it can't track the slightest bit of metadata about you. It doesn't need a phone number and you don't need to create a username and password. Just get a unique code to use the app. You can send messages, make phone calls, video calls, share attachments and even hold group chats of up to 100 people without ever sharing your data and IP. It even supports disappearing messages! The interface is clean and intuitive. Very reminiscent of an old terminal.
There's also a cool feature to connect with your contacts by scanning a QR code in person. This is what I've done with all my family, some friends and a couple of colleagues. Establishing a direct connection this way ensures that the person you'll be talking to in the future is actually the intended recipient of the messages. You avoid talking to contacts who may not be who they claim to be and may be impersonating someone else.
Synchronizing messages across devices still has a few hiccups and push notifications occasionally suffer a delay.
Still, after all these years testing so many platforms, I’m finally happy with one that doesn't force you to share a phone number with the entire world. This is why, with each incremental update of Session, it slowly started to make its way to my top choice of private messengers. Alas dethroning Signal.
Give it a try. It might just surprise you. Lastly, we couldn't close these remarks without addressing the elephant in the room: adoption.
It's okay to have different messengers on your phone. Maybe you won't be able to convince all your friends to switch to Session, but you can do the next best thing.
Within your household, propose it as a family privacy policy. Most sensitive personal information is shared with your relatives anyway. It worked for me. My kids first asked why we couldn't use Snapchat or Discord, and then ended up accepting Session just thinking that I was weird. For confidential work matters, make a stand. Let your colleagues know that you can either communicate through a particular app, or get together in person to discuss it afterwards.
For any other situation, a widely used messenger like Signal or even iMessage (if you're not backing up your messages to iCloud or have Advanced Data Protection turned on) will make your life easier and do the trick. Just keep in mind that with Signal you need to provide your phone number to everybody (and let everyone find you on the app), and that iMessage is just a tad worse because you have no idea of what the code is really doing behind the scenes. Above all else, never forget that you to must play a part in securing your messages. Now more than ever. Even if you’re just sending little hearts to your significant other…
write
preview
related posts
0 sats \ 0 replies \ @mo 10 Mar
Opt out with matrix.org
reply
0 sats \ 0 replies \ @03365d6a53 10 Mar
Simplex is the best messenger
reply