Ask Lemmy

I'd rather use a Swiss messenger than basically any other country, but yeah Threema is not mainstream and might as well not exist to most normals.

I'd trust them personally over any other country though, and I did once make my own messenger that used a few different encryptions (main one was serpent) and 2 passwords (using a lot of variations on both with slightly dif encryption types in multiple rounds which I'll be honest was slow) . But yeah most normal people need to at least know something is mainstream/popular before they will ever install an app.

Signal is actually good. More people should be using it.

There is no best, each has their merits and drawbacks.

If you were to pick a messaging app I would go with Singal because they give good transparency to users, while giving frustrations to governments wanting data.

Only downsides of Signal are 1. It’s centralized 2. You have to sign up with a phone number.

It’s secure, cross platform, and easy to set up and use.

Probably most importantly, it’s a similar experience to using other popular texting apps and the set-up experience is familiar to anyone singing into any big-brand-name app, making it a relatively easy sell to non-techies.

Signal works the best for me, and I think its the best option out there for common people who wants the best privacy

Signal is known as the gold standard right now but there are new ones popping up all the time. SimpleX chat is good too (despite the "Nazi-haven" smears).

Signal.

Wired had an interview with Signal's President last year that I found enlightening and provided an entry point for me to self educate further. Here's an archive.org snapshot of it: https://web.archive.org/web/20240828100224/https://www.wired.com/story/meredith-whittaker-signal/

For the click-averse here's an excerpt I find compelling:

Going back to your sense of Signal’s new phase: What is going to be different at this point in its life? Are you focused on truly bringing it to a billion people, the way that most Silicon Valley firms are?

I mean, I … Yes. But not for the same reasons. For almost opposite reasons.

Yeah. I don’t think anyone else at Signal has ever tried, at least so vocally, to emphasize this definition of Signal as the opposite of everything else in the tech industry, the only major communications platform that is not a for-profit business.

Yeah, I mean, we don’t have a party line at Signal. But I think we should be proud of who we are and let people know that there are clear differences that matter to them. It’s not for nothing that WhatsApp is spending millions of dollars on billboards calling itself private, with the load-bearing privacy infrastructure having been created by the Signal protocol that WhatsApp uses.

Now, we’re happy that WhatsApp integrated that, but let’s be real. It’s not by accident that WhatsApp and Apple are spending billions of dollars defining themselves as private. Because privacy is incredibly valuable. And who’s the gold standard for privacy? It’s Signal.

I think people need to reframe their understanding of the tech industry, understanding how surveillance is so critical to its business model. And then understand how Signal stands apart, and recognize that we need to expand the space for that model to grow. Because having 70 percent of the global market for cloud in the hands of three companies globally is simply not safe. It’s Microsoft and CrowdStrike taking down half of the critical infrastructure in the world, because CrowdStrike cut corners on QA for a fucking kernel update. Are you kidding me? That’s totally insane, if you think about it, in terms of actually stewarding these infrastructures.

Signal has good encryption etc, is centralized, afaik needs Google Play Services except if you use Molly; but I think it's a bit more mainstream and simple to use for end-users

SimpleX also seems to have good encryption, post-quantum etc, and is anonymous and doesn't even use user identifiers (they explain why that's good on their website), so it could be good for occasional more sensitive conversations or sth (but I see people struggling with onboarding when installing it, and I still get confused by the UX sometimes). It's kind of not even decentralized, more like peer-to-peer, with servers to just cache messages when you're offline, I think.

Personally for day-to-day I prefer to use Matrix with Element: decentralized (which I really value for competition and user choice), e2e, and has good support for creating communities etc, so I'm lucky to have it as our main chat platform for work, and I've been using it for years in our hackerspace and personal chats etc. I see end-users still struggling sometimes with onboarding, but if they're close friends/family I usually need to set it up for them anyway

Signal if you trust them to not leak your identifier and because its gotten the most mass adoption.

Simplex if you can convince your circle to use it because it has no identifiers and is user friendly.

https://simplex.chat/

My understanding is that Briar is ethically the best, but no one uses it. Signal is the best if you actually want to use it to communicate. Telegram is where the pirates and drugs are.

Here's the long version: when a dev is making a messaging app, they eventually have to make a choice: do I integrate SMS/MMS? If they want to make this app a daily driver messaging platform to help you ungoogle your android phone, they have to integrate SMS/MMS, which has security vulnerabilities and limits how secure they can make their app. More importantly, people do not tolerate ads on their messaging app, so they flat-out cannot monetize it without losing their entire userbase. If they don't integrate SMS/MMS, they are creating a closed ecosystem, and a closed ecosystem can be profitable. If leadership changes, the new leaders might decide to turn their users into either cutomers or products.

Signal is the best balance between secure and convenience. There are more private options out there (i.e. don't require a phone number), but they are harder to adapt especially if you want to get non-techy family and friends to switch over.

Signal

Matrix

Those are your two choices. Signal is centralized, Matrix is federated.

As always the answer is it depends.

Ive seen a lot of merchants of illicit products move towards sessions.

It depends on your threat model, signal or maybe element is likely the best compromise.

Signal via Molly seems like the best option at the moment. Molly is a third party client that allows for even more protections like database encryption and getting rid of Google firebase notifications, for example.

Signal using the Molly fork is good. Besides that, there's stuff like Session and Simplex for nerds out there. Matrix exists but it doesn't encrypt all metadata iirc.

Its best not to use a phone at all if you can help it.

The keyboard app on most phones that are default still gives info to apple/google. So even if you use signal, the data goes over.

You can side-load apps that take phone keyboards over (even better if you don't use base android OS at all). But I dont know your situation.

I know your joking but the most secure that is still usable is probably an encrypted home server and using something like irc/XMPP. A pi with yunohost can do wonders. You can use the converse app on the phone to hook into that. It's auto encrypted if you go that route.

Security is a spectrum so you have to chose how much inconvenience is best for your situation.

If self-hosting and "Warning, some assembly required" isnt an issue, Matrix - Synapse. I spooled that up in my home lab recently and im slowly moving my group chats over to it.

Signal or XMPP

I use signal but if I could convince everyone I knew to use a messenger for security it would be Threema. No chance of that happening it's hard enough convincing people to use signal.