The Perfect Private Messenger
from hereforawhile@lemmy.ml to privacy@lemmy.ml on 16 Oct 02:57
https://lemmy.ml/post/37598462

What’s the closest thing we have to a perfect private messanger?

In my mind the perfect private messanger is both completely secure, and also completely anonymous.

All the mainstream messengers can pretty much ensure the contents of the message will not be revealed…but that is not good enough. I want to be able to deploy and establish a completely anonymous AND private channel of communication on a dime without having to jump through extreme operational security hoops.

Does it really exist?

#privacy

threaded - newest

florencia@lemmy.blahaj.zone on 16 Oct 03:13 next collapse

SimpleX is currently the best one possible.

All the security of signal without needing a phone number.

Everything can be through tor. Contact link can be formed with a one time use code that you DM someone privately.

Anything more advanced and you’re basically in internet dead drop territory. An encoded message on a pastebin through tor. Congratulations, you’ve entered pedophile/terrorist level security realm.

hereforawhile@lemmy.ml on 16 Oct 03:23 next collapse

Simplex does check alot of those boxes… but smp traffic is easily identifiable unless your jumping through the major hoops of establishing a totally anonymous proxy.

An encoded message on a pastebin through tor. Congratulations, you’ve entered pedophile/terrorist level security realm.

Thats to bad being anonymous and secure puts you in that category. It shouldn’t!

florencia@lemmy.blahaj.zone on 16 Oct 03:47 collapse

Honestly, pedos & terrorists get the whole world cooperation on doxing them. So if they’re not using a tool or method then it’s not proof against nation states.

Why the need for complete anonymity though? Literally only pedos operate at that level so that nobody can squeal on the others if they are busted (they inevitably need to mess up a real kid because their CSAM isn’t good enough).

LytiaNP@lemmy.today on 16 Oct 05:05 next collapse

This kind of mindset is what make the privacy community seem like outcasts. Yes, pedophiles and other criminals would benefit from complete anonymity, but that does not mean we should draw the line at how anonymous someone gets to be because “only pedos operate at that level”.

rirus@feddit.org on 16 Oct 10:07 collapse

Journalist and human rights activists are criminals in certain circumstances. Being a criminal doesn’t mean they are bad.

9limmer@lemmy.zip on 16 Oct 09:01 next collapse

Journalists and activists can make good use of top security.

Corridor8031@lemmy.ml on 16 Oct 22:28 collapse

“Antifa” are terrorists in the usa now

Jecogeo@lemmy.eco.br on 16 Oct 03:33 collapse

Why not XMPP? Its anonymous, E2EE, etc.

ISOmorph@feddit.org on 16 Oct 07:22 next collapse

I use XMPP and it’s good. SimpleX is even better at anonymising meta data afaik

rirus@feddit.org on 16 Oct 10:05 collapse

Does it have Post Quantum Encryption? Only anonymous if used with TOR or VPNs.

nymnympseudonym@piefed.social on 16 Oct 03:30 next collapse

https://briarproject.org/

irmadlad@lemmy.world on 16 Oct 03:32 next collapse

At first I read ‘The Perfect Private Massager’

You want both, a completely anonymous AND completely private channel of communications? I mean, not to sound sarcastic, when you find one, please do share. There are no absolutes. For every technology, there exists or will soon exist, an equal, yet undoing technology. I have amended this to exclude most strong ciphers as pointed out by one of the Lemmies here.

notarobot@lemmy.zip on 17 Oct 04:23 collapse

Yeah. AFAIK there is no messenger that purposely delays your messages anywhere from 1 second to ,I don’t know, a month? To stop someone from correlating your time online with the time messages are sent. That would be insanity. But it does increase privacy and anonymity a bit

irmadlad@lemmy.world on 17 Oct 04:34 collapse

I may have taken the OP a bit too literal when he said ‘completely’. me skuzi

lunatique@lemmy.ml on 16 Oct 03:38 next collapse

…SIMPLEX (the app)

hellfire103@lemmy.ca on 16 Oct 03:48 next collapse

SimpleX?

Tox would also be fantastic, but they need to improve their encryption and get it audited. Also, some nicer UIs in the various clients would be nice.

solrize@lemmy.ml on 16 Oct 04:02 next collapse

I think you don’t want to know the real answer. It sounds like you want a phone app, but what you really have to do is flush your phone down the toilet and use a totally different approach. Also, there is absolutely no way to avoid difficult opsec. The communications technology is irrelevant since the greatest vulnerability in any security system is the people who use it. Do you think the private messenger software will free sessions with your therapist from spying? Guess again.

As the saying used to go, you’re seeking a Star Trek solution to a Babylon 5 problem.

grey_maniac@lemmy.ca on 16 Oct 19:13 collapse

Technically, you should keep your phone and run false, normie activities on it. Give it to someone else to use and move about while you’re actually operational so it remains actively pinging the world while you’re away from it. All while also using the real approach, but not within range of your phone, or any windows or apple hardware linked to you either.

mistermodal@lemmy.ml on 16 Oct 05:14 next collapse

Lot of people mentioning SimpleX but I can’t imagine trying to make someone go online at the same time as me to start sending each other messages without being annoyed. It also relies on funding from the British state IIRC.

On the other hand XMPP is a W3C internet standard, the server is super lightweight, plenty of tools and bridges work with it. Movim uses it, which is like an encrypted Mastodon where you can selectively make a post public but otherwise gates everything behind a login. Also you can send messages on the main phone network with the paid Cheogram service, but I realize that an unencrypted SMS relay is not a priority for everyone. I think it’s the bee’s knees.

rirus@feddit.org on 16 Oct 10:10 next collapse

Does xmpp have Post Quantum Encryption? Only anonymous if used with TOR or VPNs.

You don’t have to be online at the same time. To receive or send messages. Getting funding from governments would not disqualify a project. The founder of SimpleX is a right wing guy hating the labor government in the UK.

mistermodal@lemmy.ml on 16 Oct 11:02 collapse

I mean to set up the chat in the first place you gotta both be online. I think OMEMO is good idc if its quantum safe ill check later. Good tonmention ty, but if the government wants me bad enough to use quantum shit they’re just gonna go thru my device itself. Yeah I know abt post processing it all after stashing it. The american govt is gonna collapse first anyways #whocare #theytouchedthemoney #theytouchedthemoneyanditgotquiet

magic_smoke@lemmy.blahaj.zone on 16 Oct 10:15 next collapse

Lot of people mentioning SimpleX but I can’t imagine trying to make someone go online at the same time as me to start sending each other messages without being annoyed.

Do you just keep your phone off or do you not use your IM clients there? Literally never had this issue with simplex, it deliveres notifications just fine to my phone.

Though I did manually have to give it notification perms on android. Annoying but very easy fix.

mistermodal@lemmy.ml on 16 Oct 10:47 collapse

Look everyone I know smokes weed it’s really bad. More like a turn your brain on situation. You know how bad that is for your sleep architecture™ over a period of 4-5 years? It’s a wonder they can even remember what I said, but telling them to do something at a certain time? I’d be uncloseted as an authoritarian. The only way I even get people to use these apps is Appeal to Paranoia.

magic_smoke@lemmy.blahaj.zone on 16 Oct 11:10 collapse

I rip through an ounce of dabs a month and can run a homelab and write software that way, I have no problem holding a 9-5. Your friends are just irresponsible, or more likely, just don’t give a fuck like 99% of people.

Me and my friends are all stoners, we use simplex fine. Not sure what your deal is.

Either way why do they need to do something at a certain time?

YOU CAN MESSAGE OFFLINE USERS ON SIMPLEX THEY WILL GET THE MESSAGE LATER, IF THEYRE ONLINE NOW THEY WILL GET A NOTIFICATION. IF THIS ISNT WORKING YOUR NOTIFICATION SETTINGS ARE FUCKED.

I’m sorry you and your friends can’t figure out how to use literally the first open source privacy a respecting messenger that I actually think I could hand to my grandmother…

mistermodal@lemmy.ml on 16 Oct 11:17 collapse

i breathe more hash oil than air

Fucking act like it then and calm down, I was just saying to the other guy, the issue is having to be online in order to connect contacts. That is a serious issue outside of people you’re already tight with, think abt how flaky people are even in important situations.

Besides, what makes XMPP perfect to me is that the ecosystem is mature, it will be around forever, it has a service I can use to access Canadian and US cell networks while abroad. It has an encrypted facebook style social media site in rapid development that any XMPP acct can login to so they don’t need to make a new account, that by design NEVER HAS THOSE ASSHOLES ON IT

Hopefully Webxdc on XMPP takes off more it’s currently only on Cheogram Android app and Delta Chat droid/pc. You can make collaborative editors and games n stuff if I guess you want encrypted tuxcart (someday)

notarobot@lemmy.zip on 17 Oct 00:07 collapse

Simplex works async. You might be thinking of briar

mistermodal@lemmy.ml on 17 Oct 00:33 collapse

I don’t understand how every person responding to me has missed that I said “start chatting” not “continue chatting” but I will be idiot-proofing my lemmy comments from here on out, it’s exhausting

notarobot@lemmy.zip on 17 Oct 04:17 collapse

Such a high horse for such a tiny person.

  1. On simplex you can “start chatting” asynchronously
  2. You didn’t say “start chatting”. You said “start sending messages” which is something you do with people every day
  3. "Start chatting" and “continue chatting” do not mean what you imply the mean. There is no distinction between them as “the absolute first time” and “all the others”. I can start talking again with a friend I haven’t talked to in months. I can also start talking about a previous topi (" me and my girlfriend started talking once again about having children")

So… You know… Maybe get off the horse? It’s not that everyone around you is an idiot is that you failed to communicate… Or you are an idiot

MarriedCavelady50@lemmy.ml on 16 Oct 05:16 next collapse

Can’t believe nobody brought up i2p.

Messages sent through i2p in theory would be secure and anonymous. With an envelope anology, no way to tell if an envelope stops at a particular house or gets forwarded on, and also they can only see bags of envelopes and not a specific envelope.

notarobot@lemmy.zip on 17 Oct 12:21 collapse

Are there any cool i2p sites or apps? Since it doesn’t have exit nodes I never found a reason to use it.

MarriedCavelady50@lemmy.ml on 17 Oct 12:36 collapse

I2p has a BitTorrent system. They’d have to block i2p completely to stop it. It will probably be the only way to torrent once VPN bans/liability get brought up.

notarobot@lemmy.zip on 17 Oct 12:42 collapse

Can you hook me up? I don’t know how to find those torrents/indexers/trackers

persona_non_gravitas@piefed.social on 16 Oct 05:15 next collapse

Briar, SimpleX, I2Pchat on desktop, maybe LXMF/Reticulum/Sideband over I2P if you want to get techy.

RheumatoidArthritis@mander.xyz on 21 Oct 19:43 collapse

Cwtch is in the same space

Eirikr70@jlai.lu on 16 Oct 08:09 next collapse

Your own xmpp server

rirus@feddit.org on 16 Oct 10:04 next collapse

How is that anonymous?

notarobot@lemmy.zip on 17 Oct 04:20 collapse

Because no one will ever send you a message

~/s it was a joke. Hold you horses xmpp fans. Im not attacking anyone here~

RheumatoidArthritis@mander.xyz on 21 Oct 19:43 collapse

I host one but the more I analyze privacy implications the worse it looks.

Only you and maybe 10 other people will connect to that server’s IP, port 5222. This makes it very easy to track your group by telco operators and people who have access to their logs.

Even if you use a VPN or Tor at all times, most of your other users likely don’t.

And the domain is registered to someone’s name too, although I know this can be worked around.

DieserTypMatthias@lemmy.ml on 16 Oct 08:16 next collapse

Session, Signal, Matrix, and more.

jobbies@lemmy.zip on 16 Oct 10:55 next collapse

Signal is far from perfect but its good enough for me.

notarobot@lemmy.zip on 17 Oct 00:04 collapse

Love signal but it’s NOT anonymous

Edit: signal. Not simpkex

daniskarma@lemmy.dbzer0.com on 16 Oct 11:05 next collapse

AFAIK simplex is the closest we have to perfect privacy.

notarobot@lemmy.zip on 17 Oct 00:03 next collapse

+1 for simplex. I don’t use tor, but if you want the best of the best, use it

Devjavu@lemmy.dbzer0.com on 18 Oct 16:06 collapse

This is probably the most anonymous way to text.

sxan@midwest.social on 16 Oct 14:57 next collapse

I would still like to understand why Jami is never mentioned in these posts. I’m not aware of any technical or security objections, and the less I hear about Jami, the more concerned I become about using it.

przmk@sh.itjust.works on 16 Oct 16:03 collapse

You can’t have big groups in Jami, it’s limited to a small number of participants (can’t remember how many).

sxan@midwest.social on 16 Oct 20:06 collapse

Yeah. SimpleX has a similar problem, because it’s basically creating a bunch of 1:1 connections between everyone to preserve anonymity - IIRC (I freely admit I could be misremembering this). As I understood, it’s a decent limit, though - more than the 7-12 friend/family group you’d reasonably trust in a chat group.

I did not consider this a blocker - who’s using encrypted chat for large groups? Large group chats are fundamentally insecure; is the use case about anonymity, not encryption?

mistermodal@lemmy.ml on 16 Oct 21:11 next collapse

Okay that’s cool but even software projects like SimpleX need group chats for the software’s community to ask questions and such, where should they be hosted? Slack?

przmk@sh.itjust.works on 16 Oct 21:29 collapse

Sure, encryption may not be important for large groups but it can happen that it may be needed. If I were to make a group with my coworkers, I’d want that to be E2EE. On top of that, even without E2EE, you need good UX to host discussion groups for various topics, and Jami is simply not there yet.

balance8873@lemmy.myserv.one on 16 Oct 21:54 next collapse

You need to define extreme operational security hoops.

For me, meeting a human in person and scanning a qr code or relying on an out of band scheme to do the same is a huge hoop.

stupid_asshole69@hexbear.net on 16 Oct 22:40 next collapse

No. If you don’t jump through those hoops you give up the completeness of your anonymity, privacy or security.

If you’re uninterested in simply recognizing that fact, consider that the “push button, get privacy” level development is being worked on in reverse by every intelligence agency, data broker, state and municipality with astronomical funding levels.

DrunkAnRoot@sh.itjust.works on 17 Oct 01:00 next collapse

jami

pricklypearbear@lemmy.world on 17 Oct 01:16 collapse

How does Jami handle offline messages? From understanding its p2p, so both ppl have to be online right?

DrunkAnRoot@sh.itjust.works on 17 Oct 05:24 collapse

from my knowladge it stores the message on the senders device until the other person js online then sends it

BCBoy911@lemmy.ca on 17 Oct 21:46 collapse

Matrix gets a lot of flak from people for their constant protocol changes, de-facto centralization around matrix.org and Element etc… but I’m very happy with Matrix as an open, federated, encrypted and private messenger and I hope it gets more adoption.

Devjavu@lemmy.dbzer0.com on 18 Oct 16:05 collapse

Matrix is convenient, not perfect security in any way.