Are encrypted messengers worth it? What are you using and why?

>Silence works like any other SMS application. There\'s nothing to sign up for and no new service your friends need to join.
holy shit

They still need to switch their SMS app to it to benefit either of you, which is hard to talk some people into. Silence doesn't seem to be compatible with Signal either, so even though Signal has gained popularity, you're asking people to switch to a weird new SMS app again. I'm open to trying new software all the time, but almost no one I know feels the same way, so it's been tricky trying to migrate people to a new chat platform. When I bring it up, a lot of them won't even say anything. It's annoying to say the least.

Signal and Threema.

This is the worst problem here.
I managed to convince my gf that encryption is necessary only when I needed her to send me my internet banking login and all the channels we used were botnetted.
Otherwise you just hear everyone say "I have nothing to hide". Really feels creepy when everybody even uses the same phrase.

>Signal
Depends on google services
>Threema
Proprietary

Trash

threema. stable, fast, secure, also calls. pretty popular in euroland.

I just use plain sms, or iMessage if the other end is on an iPhone.

I don’t use encrypted messengers (besides iMessage) because first, you don’t know if you can trust them, and second, I communicate with people all over the world and plain sms works with all of them.

Interestingly, iMessage is provably secure. You know what keys have been used to encrypt the message and you can tell if another key was added to the mix.

For the other messengers if you don’t know 100% if it’s secure then it’s not secure. This is especially true for messengers that try to roll their own encryption algorithms.

>euroland
Exactly one single hipster girl I know uses threema. I know that because she mentioned it once in order to complain that no one uses threema.
EVERYONE except me uses whatsapp and only a few people i pressured into it use signal now.

you can download the signal apk frim their website and it updates itself.

>"user, you're not on whatsapp?"
>"yeah, i use threema. it's an european product developed and maintained by a swiss company, using swiss servers, not facebook. i know, it's two bucks, but it's worth it!"
>"alright, i'll give it a try"
22 contacts and growing. people actually start to replace their whatsapp with it and also start to develope a sense for security and privacy
>"but it's PROPRIETARY!"
yeah, read the whitepaper and ask yourself why signal is endorsed by the u.s. government and no one is talking about threema but europeans and the companies using it for communication.

using signal but want something more customizable. also something that does sms too.

I think the problem with IM services is that we are past the time where people sign up for stuff like this.
The documentation is as bad as any software project even though it is painfully easy to demonstrate how stuff works through a pretty graph but nobody does it.
is the correct analysis, but why isn't this on their website?
I don't think it is malice, I just think they are stupid.

The picture I just drew should obviously be prettier if put on a site, but you can easily draw diagrams like this to illustrate how the service works.

Obviously, it will kill services which uses google to send the wakeup sms which everyone relies on, but at least be honest about it.

That's not what decentralized means. You're describing open S2S protocols. Decentralized would be more like bitcoin, bittorrent, or even better yet, some broadcast/multicast LAN messaging protocol. There is no decentralized nature to XMPP at all. That's like claiming SMTP is a decentralized protocol.

Matrix uses electron

Is there some overhead if you are sending an encrypted SMS? Do you for example need to send two encrypted SMS for a text that would fit in one unencrypted?

There are companies that use facebook for communication and that does not exactly say much about security. However the wiki says Threema is based on open source NaCl crypto library, so that might be a better argument. But still, you can never trust software that is not completely open.

from wiki - XMPP:
"The XMPP network uses a client–server architecture; clients do not talk directly to one another. The model is decentralized "
And there is similar mention in matrix wiki.

No, Riot, one of the clients for matrix, uses electron.

If you define secure as "trust Apple, a company subject to the Patriot Act and that is allowed to operate in countries such as China", iMessage is secure.

>But still, you can never trust software that is not completely open.
if you go there, you can't trust any code you've reviewed and compiled yourself. a certain layer of trust is healthy. it's not microsoft or google or facebook we're talking about but a small swiss company.

>you've NOT
my fault.

Still a little bit better than straight up data mining corporations - what most of people use.

Actually, if you are not a security expert yourself, the best solution would be to put some healthy amount of trust in an open source, audited software.
Compiling yourself is a paranoia/whistleblower tier security (or gentoo). A bit too much for average Sup Forums posters.
Sure, small swiss company is probably better than using Big Brother services but you can never know how much.

you're welcome. threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf

I meant that you know how many keys are involved in the encryption. The keys are only those on the devices taking part in the communication. You can tell if Apple were to stick another key in the process.

Other secure systems do the same thing but some don’t.

May as well just assume it’s not secure and just use plain sms.

>You can tell if Apple were to stick another key in the process.
Do tell how I can do that. The iPhone is a black box which doesn't even give me access to my own files.

Yes. using Wire as an IM, Riot.im for group chatting.

aes-256-cbc, the password is the current year.

U2FsdGVkX1/34R3VpvDZWmNH2+4jWJjbJJ2Uk2M2KTYj5EgxFQUOVhGdWTgVpHc0
RHUxu5qedsyoXwt64OfZ5hWChviLUhnf3Y1gB6twTqXhiAgqmNtXmdinca+xysAm
j6fOb5mo2ZTdu9naMMeCXQ==

I can decrypt this in my head. OP is a fag.

Do it then, and tell me what it says.

Also, it's encrypted in ASCII-only mode.

Matrix is a protocol, so you can use any of many (unfinished) matrix clients.
You cannot avoid making an account since you have to authorize somehow, but you can make an account on any availible public server or host your own.
Im using Riot to connect to my homeserver where i host accounts for my family and friends.

No other client except Riot implemented encryption properly yet tho.

You can actually use OTR with purple-matrix just fine

How do you get Riot to use encryption on IOS/Android?
It just says "Send message (unencrypted)" in the text input.

You need to enable encryption in channel settings and then it will always use encryption when talking in that channel (or conversation)

woops, meant for

Thanks.

Too much of a hassle for normies. Should be by default.

As I wrote here it's good that is uses open source crypto library and that they publish articles on how it works, but how do you know they use it properly since you can't see the whole source? What prevents them to include a part of code that reads your private keys?

>You can actually use OTR with purple-matrix just fine
Nice. But would that allow me to communicate with others that use encryption in Riot? I would just like to get rid of the bloated client on desktop.

Not him, but encryption is still considered experimental in Riot.

>Depends on google services
No it doesn't: signal.org/android/apk/

No, because I don't message people about anything important.

Interesting, thanks for pointing that out. Looks like wikipedia might be wrong and the FSF article they are using as a source too:
fsf.org/campaigns/priority-projects/voicevideochat

Encryption is actually a hassle for normies, since you have verify all the devices that take part in coversation.
That would be horrible on larger channels.

No, you cant use otr to decrypt riot encrypted messages, so its only possible when both ends are using it in pidgin etc. It works basicly the same like you would use OTR over xmpp or any other protocol supported by purple.

Fun fact, you can even use pidgin-opensteamworks to OTR your shit on steam

It depends on google services.

what's that? yalp store or fdroid?

Nope, non GPS version uses websocket

>Proprietary
So?

How does it depend if you can use it without them installed

I thought the NSA has hardware backdoors to read what you type anyways

I use Signal as my default SMS app
I know one person who uses Signal besides myself
Some day

Learn what "depends on gsf" means

it means you have to have gsf installed to be able to use it, which you obviously don't. just because your app store thing says it does, doesn't mean there isn't a version that doesn't need it.

Does IRC have encryption?

Using WeeChat with Matrix is both easy and beautiful; I highly recommend it.

Riot.im and Wire are where it's at!

Learn what looking at their website means. I use Signal all day long and I don't have any Google shitware on my device.

No. It means *some* features it has depend on google services. You can use the app normally in 99% cases.

Signal is FLOSS. github.com/WhisperSystems/Signal-Android/blob/master/LICENSE

No, listen. You literally couldn't use it without GSF before. The app said "you're fucked" when installing, so people had to install the websocket fork from f-droid. The released their own websocket version as apk on their site now like said.

The whole point was that
>Depends on google services
from isn't an argument against Signal since you don't need them anymore because the websocket apk exists. It used to be the case that Signal required botnet to work but it doesn't anymore. Signal doesn't have GSF as a depdendecy anymore. It's not an argument, stop.

Just read moxie's reasons here: github.com/WhisperSystems/Signal-Android/issues/281
Not that it matters to any of us anymore because of what said.

Signal no longer requires google services.
I can confirm: I'm using it fine without them.

This.

Non-open source servers. Wire and Riot.im are superior.

are you retarded user ?
github.com/WhisperSystems

>Are encrypted messengers worth it?

No, they are literally retarded unless you're a terrorist or pedophile.

i'm a drug lord though

Where's the server code, retard?

This. Wire plans on full, free federation soon as well.

Then you have nothing to worry about because there isn't a real drug lord in existence that isn't on the CIA payroll.

>implying they don't throw you under the bus as soon as the US govt needs some good PR for the war on drugs

Are you blind ?
github.com/WhisperSystems/Signal-Server

github.com/nylira/prism-break/issues/1314#issuecomment-316267751

it is bundled in the apk you faggots