7.5 KiB
| title | date | tags | author | |||
|---|---|---|---|---|---|---|
| Messengers | 2022-03-06 |
|
madaidan |
Telegram
Telegram is not end-to-end encrypted by default, which allows the Telegram server to see all of your messages unless you use a "Secret Chat". Telegram uses custom, unaudited encryption, and the first version of MTProto had severe security issues, although these were fixed with MTProto 2.0. However, Telegram still uses strange cryptographic primitives, such as AES-IGE, for "performance", although they use it in a way that they aren't affected by its known security issues. Telegram has also been criticized by well-known cryptographers, such as Moxie Marlinspike, Matthew Greenand Filippo Valsorda.
Telegram has held crypto cracking contests, but these were rigged. Although the clients are open source, the server is not, so self-hosting is not a possibility. The creators of Telegram have also spread unfounded misinformation about competing apps before.
Telegram, along with most other messengers, leak significant metadata about your messages, even if the message itself was end-to-end encrypted.
Wire
Wire stores all metadata unencrypted on their servers, and plans to correct this have not been acted on for several years. Unlike Telegram, however, Wire has been audited, and its server code is fully open source, allowing it to be self-hosted.
Previously, Wire's privacy policy stated they would only share user data when required by law, but they have quietly changed it to say that they will share data when "necessary". The ambiguity of this raises some red flags.
Threema
Threema is a paid service that claims to be more private and secure than Signal.
They have downplayed security audits by saying that those audits refer to an older protocol and provide outdated advice. This fails to mention that this is because the researchers behind the audit revealed the vulnerabilities to Threema, and Threema then fixed them. Threema has also been criticized by the cryptographer Soatok.
XMPP
XMPP is a federated protocol that allows encryption through OMENO. It has been criticized by Soatok. He highlights how XMPP clients have outdated protocol implementations, how OMENO has vague design choices, and how the popular XMPP client Conversations has security issues.
Matrix
Matrix is another federated protocol that primarily features the Element/Element X client. Soatok's criticisms of Matrix include lack of forward secrecy and vulnerabilities in Matrix's Olm library that he found easy to find. He also criticizes unsatisfactory attitudes by Matrix developers, who failed to address vulnerabilities that they knew for years.
Better Messengers
These messengers have forward secrecy, post-compromise secrecy, and general security practices that make them stand out among the rest. However, as you'll see below, they are not perfect.
Signal
Signal uses audited and solid encryption, conceals some metadata with Sealed Sender, has private groups, has a better track record than most, and is recommended by several experts.
To hide your phone number, you can use Signal usernames and change the Who Can See Your Phone Number setting to Nobody.
Note that Signal stores the encryption key in a plaintext file on macOS, and has no plans to fix this. Signal doesn't sandbox media or RTC, they haven't resolved issues relating to outdated TLS proxies, and they haven't addressed a very severe and near-untraceable potential attack called Careless Whisper.
Molly
Molly is an alternative Signal client for Android which allows you to encrypt the local database with a passphrase at rest, to have unused RAM data securely shredded, use SOCKS proxies to route your connection via Tor as an alternative to TLS proxies, and more. It also has usability improvements including scheduled backups, automatic locking, the ability to use your Android phone as a linked device instead of the primary device for a Signal account, and support for UnifiedPush through a MollySocket instance. UnifiedPush can be especially useful with the Molly-FOSS client, which lacks proprietary code allowing support for battery-efficient notifications using Google Play Services.
Note that Molly currently cannot address Signal's media and RTC sandboxing issues, and Molly is also vulnerable to Careless Whisper.
SimpleX
SimpleX is a messenger that does not require user IDs to sign up. Some metadata leakage is mitigated through unidirectional SimpleX queues, and SimpleX has been audited.
Note that SimpleX describes itself as decentralized, even though only two entities are in charge of servers by default. SimpleX also claims to have some of the strongest metadata leakage protections, however they do not see leaking IP addresses to the server as a problem. Most messengers like Signal don't bother to hide your IP address from them, but IP addresses are metadata that SimpleX fails to recognize in importance.