The content of your messages and the metadata associated with them should be secure and private. Unfortunately many messengers out there fail to do this.
In an ideal world, you’d avoid non-privacy-friendly messengers such as Facebook Messenger and WhatsApp.
You should also aim to avoid carrying out private or sensitive conversations on social media direct messaging (DMs) and even Apple’s iMessage system.
While iMessage is encrypted and arguably better than messengers like WhatsApp, metadata is not necessarily “safe.” Simply, better options out there exist for those seeking even more security and privacy in their messaging communications. The messengers listed here have a reputation for robust security and are considered private by design.
Session is a decentralized messenger, utilizing the Oxen Service Node Network to route messages in a similar manner to Tor. It is developed by Oxen and has a focus on privacy – specifically the protection of metadata – and security.
Session does not require a phone number (or any potentially unique identifier) for use. Accounts on Session are created using a SessionID; this SessionID is not a username/password combination and instead has a unique-to-you seed phrase attached to it for recovery purposes.
Additionally, users’ local Session databases can be encrypted with a PIN code. Session does not collect metadata or any personal data. Session’s decentralized nature and use of “onion” routing makes it resistant to censorship.
Session supports group chats, voice messages, and sending file attachments. Voice and video calls are a beta feature as of writing. These communication methods are all encrypted and the network has zero knowledge of metadata surrounding communications; because of this, Session states that there’s nothing to leak.
Session’s client does not use tracking methods nor display ads.
SimpleX Chat does not use any identifiers – not even for message routing. Users create profiles and databases stored on their devices. By extension, SimpleX does not collect any information, including metadata.
SimpleX Chat uses the SimpleX Chat protocol, which has been audited, to route messages. The SimpleX Chat protocol primarily relies on temporary anonymous pairwise identifiers to send messages. Users can choose which server(s) to send messages; as a result, every conversation could use different server(s) for message routing.
SimpleX Chat allows users to create links or QC codes to share their address, so other users can connect and chat. These links can be deleted or set as a one-time invitation link. Sending contact addresses via links or QC codes shares your profile with the receiving user. Users can enable the Incognito Profile setting to decrease the likelihood their profile can be linked to other activity.
Any data storage is done on the client devices. Data stored includes user profiles, contacts, and groups. Users can enable a lock for SimpleX Chat to more finely control who has access to your SimpleX Chat profile on their devices from a local risk or threat.
Users can also connect to the SimpleX network using Tor. SimpleX Chat has a robust groups feature, allowing users to create private groups that require a shared invitation link to join.
SimpleX Chat supports markdown in message composition. The SimpleX Chat client does not use tracking methods nor display ads.
SimpleX Chat is available over command line interfaces (CLI) for Windows and Linux operating systems. SimpleX Chat is also available for both iOS and Android devices.
Signal is a well-known private messenger developed by the Signal Foundation. It’s available on most platforms and implements the Signal protocol, which has been audited over the years by different third-parties for security. Signal relies on centralized servers for message routing; however, voice and video calls are P2P.
Signal also requires a phone number for account creation and use of the service. The phone number serves as an identifier and establishes the account, but a VoIP or landline number can be used as long as the user has a method for receiving the mandatory verification code.
All communication to the server is encrypted and Signal has stated the server does not log sensitive metadata such as who called whom and when. However, for the purposes of relaying messages, user verification, and fighting spam, Signal’s servers have access to metadata about the sender and recipient.
Contacts are encrypted on the user’s device(s) using a pin, preventing the server(s) from having access to users’ contacts. Users can the Sealed Sender feature – available for use only for those in your contacts – to minimize any metadata associated with communications, thus making communications even more private and secure.
Signal’s client does not engage in any tracking methods on its client nor does it display ads.
The Briar Project describes Briar as a “messaging app designed for activists, journalists, and anyone else who needs a safe, easy, and robust way to communicate.” In short, Briar is also available for users who want more privacy without relying on any kind of centralized servers.
Briar does not rely on centralized servers for message routing. Messages are . Briar is also not completely reliant on an internet connection to work; it can use Wi-Fi or Bluetooth to transmit messages between clients (who are contacts) in close proximity to each other.
Users can add contacts to Briar using the “add contact nearby” or “add contact at a distance” functions. The nearby option generates a QR code, which the desired contact can scan; the distance option renders a link you can send to your desired contact.
Briar account information is stored on the user’s/client’s device and encrypted with the set password created at time of account creation. Briar does not collect any information.
Briar’s client does not use tracking methods nor display ads.
Briar is available for Windows and Linux operating systems. Briar is also available for both iOS and Android…
*** This is a Security Bloggers Network syndicated blog from Avoid The Hack! authored by Avoid The Hack!. Read the original post at: https://avoidthehack.com/best-secure-messengers