2y ago

What messenger app to recommend to those not interested in privacy?

So I'm in a somewhat unfortunate situation. My circle of friends doesn't want to switch to another messenger and we are currently stuck on the worst possible platform for security: Telegram.

The problem is that it is very hard to convince anyone to switch, if they are all perfectly fine and like Telegram. I mean I can get why they like it: The UX and UI of Telegram are amazing and there are well functioning clients available for any platform. It has more features and gimmicks than any other messenger I know BUT it lacks one mayor thing: E2EE. And that's mostly what I care about. The second problem is that I was the person who recommended the switch to Telegram right after WhatsApp was bought by Facebook. I know, that was a bad recommendation, but back then I didn't know shit about privacy or why E2EE mattered. I was just like "Hey, it's not by Facebook, so it must be better". And now everyone I know is there and won't leave.

If - in the hypothetical situation of me setting an ultimatum and deleting my Telegram after that - I wanted to make them switch somewhere else: What messenger would that be? Currently I'm mostly thinking Signal. I know it's not perfect either, it is centralized, and the servers are in the US, but it has a bigger user base already than most of its competitors like Threema or Matrix/Element and it is very easy to set up and use. I'm already a user of Signal, Threema, Matrix, WhatsApp and Telegram (every platform for some contacts, but most of them on Telegram sadly), so having yet another option is not a problem for me, as well as getting rid of one is also no problem. I'd love to delete both Telegram and WhatsApp in this move.

So, in conclusion, what I need is a messenger that has all or most of the following:

best possible security (E2EE is minimum)
easy to use (no complicated setup, simple UI)
already has some users (not too niche)
cross-platform and multi-device (should run on Android, iOS and Windows/Web)
some flashy dumb features like stickers and so on to keep them entertained

My choice would be Signal. But I am unsure if that is the best choice or if I should just wait a bit and see what all of the new EU laws about messengers and gatekeepers bring to the game and if anything chances with that.

62 comments

Gotta go with the crowd here. Signal is what you are looking for.
- @shortwavesurfer @MarcRnt Sadly, Signal is just another walled garden. We need to make XMPP apps more popular.
  
  Is it?
  You can run and connect to your own signal server, separate from the world if you wanted to…
  Interoperability with other messengers Vs privacy are separate requirements and use cases.
  
  I personally dont have much experience with XMPP. From what i understand you have to roll your own encryption or everything is plaintext. Matrix encrypts but has major UI/UX issues around key management that make it a PITA to use.

The only answer for what you are looking is Signal (user base). The next thing would be Whatsapp, so .... Signal... Just signal.

First Telegram isn't the "worst possible option for privacy" and second, as you pointed out, Telegram is largely superior to others when it comes to usability and cross planform support.
- Yeah but... Thet are not E2E encrypted by default. That shows how little they care about privacy.
  The worst thing about Telegram is the false sensation of security and privacy it gives to unaware people (most of them).
- I never understood these arguments for Telegram. Sure, it does have more features. It's not better in terms of usability and cross platform support though. I use Signal desktop everyday. It's a great experience. Cross platform.. The only platform Signal doesn't support is Web. Which... if there are mobile apps and desktop apps. Web is an insecure redundant need IMO. For the argument that web is good for scenarios where you can't install desktop apps: I would flip the question to.. why would you give a platform you have 0 control, permission to access your secure & private messaging? It just comes down to threat modelling. Telegram is neither secure, nor private. It shouldn't even be in the same conversation unless talking about FB Messenger, messaging on Instagram or DMing on Twitter/X.
  
  I use Signal desktop everyday. It’s a great experience. Cross platform…
  Not it isn't. It fails do sync messages, its an electron app that is slower than anything else native.

I want the answer to be Matrix. I think decentralization and federation are important to the future of internet services to avoid single points of failure, and Matrix seems to take E2EE seriously. So far, I've found Matrix to be slow and unreliable, with some of my private conversations having as many messages "unable to decrypt" as successfully delivered.
So the answer isn't Matrix yet, though I hope it will be in the future. The answer, as most comments have already said is Signal.

The only answer for what you are looking is Signal. So .... Signal... Just signal.
or Molly, of course :)

Easiest seems to me just enabling E2EE in telegram since it’s there. Asking to use secret chats seems easier than asking to switch plattforms
- Except that the feature is only available on mobile

FB Messenger and Instagram Messenger would be the worst for privacy... But Telegram is basically just FB Messenger with nicer UX features.
There's a couple of platforms that have better privacy and security (debatable) features than Signal, but Signal is more widely adopted amongst the E2EE Messengers.

Signal?

SimpleX Chat > Matrix > others
Btw it's very difficult to change something in the routine, many people have your same issue; where I live WhatsApp is a fucking authority...

Actually, I don't know why I had forgotten this already.
Link: DEF CON 31 - The Internals of Veilid, a New Decentralized Application Framework - DilDog, Medus4
Veilid. I watched this DEF CON presentation on it. I remember asking myself "How would this differ from Matrix and why do we need a competing standard?"
But actually, after watching, I do realize that in certain ways it seems more elegant and decentralized than even Matrix. It's really more focused for general application development, but that means chat can be developed on the framework.
So maybe put this on your radar as well while it's being developed. It certainly has jumped to my attention after watching this video.
https://veilid.com/
- Really interesting! Sadly in the past a lot of such frameworks went the way of the titanic :/

Matrix or Signal

Signal is good but you can look into simplex chat or session
- Not ready for primetime. Like, absolutely not.

I think the only choice is Signal for practical purposes. There is no creating accounts, no scanning ID's, no invite link to chat. If they already know your number, there's nothing they need for you to contct you on Signal.
For people who I have their number, I will never ever acknowledge any other option than Signal because confused people don't end up making any choice. Only if they talk about servers and networks, then I will teach them network security. I say SimpleX F-Droid is king of them all, but for random people, I only mention Signal/Molly.
For the record, I will say that I am more willing to currently use Whatsapp than ever use Telegram. I can't speak to the cool features with Telegram because I hate it too much to register my number with them.
- I don't understand how you trust facebook more than telegram. It's the exact opposite for me
  
  Watch this whole video https://yewtu.be/watch?v=rtRQKQkvUfE

DMA will only affect Whatsapp and Facebook Messenger from messengers, Apple's iMessage manage to be excuded as they don't have 45 million active users (10% of EU population).

Edit: I said Google Messenger when I meant Facebook.
Signal fits all of your criteria.
Has E2EE by default
Has most generic UI possbile that just works
Has a bunch of users
Has clients for Android, iOS, Windows, macOS, Linux
Has flashy features like stickers and stories
Run by a non profit foundation instead of a single developer or for profit corporation

Signal does not support web app

as much as I want everyone to use something like Briar or Cwtch, Signal is the only viable alternative for normal people. Session maybe, but last time I tried it, it was buggy and it has a small userbase.

Matrix is slowly growing to feature parity with Discord and looks and functions a lot like Discord, which may make the switch over to it easier for some people.
I understand why Signal dropped SMS support, but that's literally the only reason I had it, and without the SMS support, I don't actually have more than one other person that uses it so it became pointless to keep using.

I just simply sent a message to everyone I kept in touch on Telegram to switch to Matrix/Element and guided them through the registration to a local homeserver thanks to one of my friends' blog posts.
The easiest way to convince your friends to switch is to just make the switch and help them sign up and use the service.

If they have Android, Conversations is great, not more complicated to use than your normal instant messenger, except for the account creation which works just like email (user@server) so not that difficult either.

I use matrix and setup matrix bridges to avoid this. If you are fine with a single user setup beeper should be easier. this way you use matrix yourself and your friends use whatever they want. (you can qemu an x86 android image, and pass a webcam, for whatsapp to work on the bridge)

Telegram is absolutely not the worst one. Those are whatsapp, facebook messenger, and viber. Telegram is not good, but I think it's an acceptable compromise
- Do you have any info on Viber being a bad service privacy-wise? It's a lesser-known messenger that prides itself on its privacy policy but I can't find any info on it being the case or not.
  
  Check this analysis from 3 days ago.
  7 different tracking components, from 4 different companies, including facebook.
  I don't think it should pride itself on anything related to privacy.
  It also has quite a few hard to explain permissions.

Hot take here; so PLEASE do not reply unless you're the OP.
Maybe you don't have to switch. At least not immediately. Ultimately someone will make a stink out of switching. Again!
MProto isn't the best cryptography around; but it does provide some implementation of some low level privacy. I wouldn't trust a credit card number to it; but it's not worthless. It is however heavily disliked by people who understand cryptography and value privacy. But Your friends don't care! That fact is irrelevant to them emotionally.
And this is where the problem starts...Your friends have gotten accustomed and attached too much to Telegram and it's many eye-candy features and smooth polish.
This is where you need to "Sour The Milk" and wean them off Telegram.
Perform your usual setup of a new group. Use Signal or Matrix (usually this will be though Element). Then Force anyone who decides to be stubborn on Telegram to use the "Secure Chat" feature on Telegram. At least then the stubborn holdouts won't be causing you excessive privacy issues.
Then lastly just transition to your new platform and pay exclusive attention to the new one and let people trickle in.
- That's a valuable Idea. If I force them to use the secret chats option, then they maybe notice that Telegram is worthless without all the flashy stuff and is not private at all. And it's at least a step forward into the right direction.

62 comments