Schmidt's avatar
Schmidt schmidt@xmr.rocks 1 year ago
Privacy Features of Popular Messengers In the world of secure messaging, not all apps are created equal. Let's take a look at the privacy features of SimpleX, Signal, Session, and Threema. 1 SimpleX - Fully decentralized with no central servers. - No phone number or email required. - Minimal metadata collected. - Strong anonymity with no user identifiers. - Users can run their own servers. - Focused on privacy. 2 Signal - Strong end-to-end encryption. - Requires a phone number (less anonymous). - Collects some metadata (e.g., contact discovery). - Centralized, with servers controlled by Signal Foundation. - Widely adopted, with a balance between privacy and usability. 3 Session - Decentralized and uses Onion routing (Tor) for added anonymity. - No phone number or email required. - Minimal metadata. - User IDs are public keys, providing strong anonymity. - Open-source community servers, users can run their own nodes. 4 Threema - End-to-end encryption, but partially open source. - No phone number required, can use an anonymous ID. - Some metadata is collected, but it's limited. - Centralized, with servers controlled by Threema GmbH. - Requires a one-time fee, but offers robust privacy features. Conclusion SimpleX for decentralization & privacy purists. Signal for strong encryption with a user-friendly experience. Session for anonymity-focused users. Threema for those wanting privacy with an anonymous ID system. image

Replies (21)

AZA_21m's avatar
AZA_21m aza_21m@iris.to 1 year ago
Noooo, really? Fix this please 👇 Such a note deserves zaaaaaa image aps ⚡ (and MANY thanks for this content, good one)
Mondetta's avatar
Mondetta 1 year ago
Session messenger currently uses its own implementation called Onion requests instead of Tor. Session should eventually use Lokinet, which is faster and more reliable.
Session
Frequently Asked Questions - Session Private Messenger
Find answers to some of the most frequently asked questions about Session.
 Session Sins: 1. Slow development 2. Bad marketing (LOKI -> OXEN -> SENT) 3. After getting delisted from Kucoin abandoning their own private blockchain OXEN for ETH token called SENT.
Schmidt's avatar Schmidt
Privacy Features of Popular Messengers In the world of secure messaging, not all apps are created equal. Let's take a look at the privacy features of SimpleX, Signal, Session, and Threema. 1 SimpleX - Fully decentralized with no central servers. - No phone number or email required. - Minimal metadata collected. - Strong anonymity with no user identifiers. - Users can run their own servers. - Focused on privacy. 2 Signal - Strong end-to-end encryption. - Requires a phone number (less anonymous). - Collects some metadata (e.g., contact discovery). - Centralized, with servers controlled by Signal Foundation. - Widely adopted, with a balance between privacy and usability. 3 Session - Decentralized and uses Onion routing (Tor) for added anonymity. - No phone number or email required. - Minimal metadata. - User IDs are public keys, providing strong anonymity. - Open-source community servers, users can run their own nodes. 4 Threema - End-to-end encryption, but partially open source. - No phone number required, can use an anonymous ID. - Some metadata is collected, but it's limited. - Centralized, with servers controlled by Threema GmbH. - Requires a one-time fee, but offers robust privacy features. Conclusion SimpleX for decentralization & privacy purists. Signal for strong encryption with a user-friendly experience. Session for anonymity-focused users. Threema for those wanting privacy with an anonymous ID system. image
View quoted note →
Default avatar
Jim C 1 year ago
Thanks wasn’t familiar with SimpleX and Threema. Give @0xchat which uses #nostr a whirl too.
Default avatar
npub1q0sy...dpms 1 year ago
Few notes on this (and going to fork discussion by quoting you to maintain all due credits, if you don't mind). 1. Neither of these 4 are decentralized. By "decentralized" I specifically mean that the system does operate without ANY central infrastructure in peer2peer+DHT style, central server used for hash table bootstrap may be an acceptable compromise. Briar may be a good example of decentralized platform. 2. You're missing the context both in terms of threat model and use case, which makes the choice between the 4 pretty vague, like "just some 4 privacy messengers". 3. First question one should ask when choosing privacy tools: "Who's the adversary?" 2nd key question is individual definition of privacy. 4. Govt imposed blockings and restrictions are rapidly becoming problem #1 in private communications land and must be considered as a factor of platform choice. 5. Endpoint device is the most successful attack vector, in practice. Thus, features improving endpoint device security (e.g. "panic button") should be considered as well.
Default avatar
npub1q0sy...dpms 1 year ago
They indeed refused to implement PFS at some point, and even had some logical explanation for this decision (can't recall what exactly it was, unfortunately, I guess it was somehow related to codebase ties with Oxen implementation). As of now, they've split from OX blockchain and they do indeed use extended triple Diffie-Hellman agreement (==PFS) in recent (1 year?) versions. What other features are lacking?
1 replies ↓
Default avatar
npub1cysz...7zym 1 year ago
I have my issues with the migration in the first place, but it's good to know that PFS is planned. The remaining flaws are all in the chart- I believe the article I linked goes over them in more detail
1 replies ↓