Today, most messaging apps have true end-to-end-encryption (Telegram’s must be activated per contact for Secret Chat), but what really differs now is how many can tie your communications back to you through metadata. Obviously those which require a phone number or an e-mail address, do have your activity tied to you potentially.
WhatsApp, Signal, Telegram and similar do require this for registration. Partly it is for authentication, finding friends, and also for resetting access if access is lost. What data you can see after a reset, gives an indication of what the provider has access to. For Signal, you won’t be able to read any of your older messages. Signal indicates in this linked article, though, that they only keep the very minimum of information (tested by a legal subpoena). Telegram has more access as that is how all your chats get restored, but they have been banned in various countries because they don’t hand over the information. WhatsApp, of course, we all know about their passing of detailed metadata upstream to Facebook (it’s in their terms and conditions). I’ve done a post before about the risks and the monetary rewards around harvesting metadata. Just by registering on WhatsApp, you have also shared all your friends’ phone numbers to Facebook, along with how often and how long you contact them, where you are when you contact them, etc.
We’ve also seen lots of secure messengers emerging that require no phone number and also no e-mail address, eg. Briar, XMPP, Jami, Threema, SimpleX, Nostr, and many more. Many mainstream users don’t adopt them because the common problem is, you can’t find your own friends easily (who do you chat with then?).
So this is one of the reasons why Signal has been pretty popular as a secure messenger. It requires a phone number, but retains virtually no information about you to sell or leak, and you can very easily find all your friends using it. So no, it is not THE most secure messenger, but it is certainly the most secure of those requiring a phone number or e-mail address for registration.
But the main takeaway is, unlike with an SMS app where only one app may be the active SMS app, your phone can have 10 or more instant messengers installed, so there is no reason not to also have Signal installed. It helps your friends, who are more privacy conscious, to stay in contact with you via Signal. Whether a message notification pops up via WhatsApp or Telegram, It’s still going to pop up, unless you have a friend that insists on contacting you through two apps at the same time. Most modern messenger apps use push notifications, so they are not constantly polling, which uses data and battery all the time.
Go ahead, try more than one messenger, and you may be amazed that there are often better and more interesting features to try. Many of your friends will thank you.
#technology #privacy #messengers #chat #Signal
But I don’t want to have to manage 10 different communication apps, and I don’t want to be in a walled garden, and I don’t want to wrestle with my contacts about which app to use. I want federation.
F*ck off Signal. I choose Matrix instead.
Well I use Element for Matrix as well… but why not 10? You only really manage them once when set-up. After that, you just respond to whoever messages you, or you compose a message of whichever one. They no longer chew battery or data in the background. I have 11 installed and there is really no “extra” effort.
Well part of the frustration is setting them all up again on a new phone or after wiping a current phone. Most privacy oriented apps have a rather rough/painful set up process, especially when trying to restore backups of your data since they often don’t automatically back up and restore for you.
Could be yes - although I seem to think with my transfer from one Samsung to another it brought the files and settings over. Can’t remember for sure now as was over a year ago, but I did not recall any major issue.
You will get it, courtesy of the EU. Look up the Digital Markets Act. Big names like Facebook Messenger, Apple iMessage and such will be forced to federate.
And that’s just the start, like 20% of the full scope of the already accepted bill. It will be a bigger shakeup than the GDPR when it gets implemented.
Yes but the EU also wants to ban encryption.
Let’s see what shape the laws take after they’re written, rather than running purely on what we hope they will be.
Signal is easier to get into and with the upcoming implementation of usernames and hiding phone numbers I think I will convert all my friends on there. Aside from that, you could create your own Signal server if you want and unlike Matrix, it doesn’t leak any metadata.
I thought self hosting wasn’t possible with Signal?
I meant proxy server but I looked a bit more into it and there is a project that allows you yo have your own Signal network
Run proxy: https://signal.org/blog/run-a-proxy/
Run private network: https://github.com/CableIM
Federation works great for a lot of use cases, but as a result of that it requires a lot of unencrypted metadata to pass through several servers in order to route a message properly. If your primary concerns are about walled gardens and fragmentation, Matrix is a great choice. If you’re mainly worried about privacy, signal’s lack of federation makes your communications more private.