Secure messengers: are there any?

[TeamButtcoin]

I use XMPP+OTR (with Pidgin on Desktop and Xabber on Android), Tox (qTox on Desktop), TextSecure, Bitmessage, and RetroShare on a daily basis. Each serve their (different) purpose. I'd like to see the all-in-one solution, but oh well...

that's a lie because in actuality 0 people use retroshare

[herzmeister]

that's a lie because in actuality 0 people use retroshare

that's the point, to make it look like that from outside

[ThomasVeil]

Nxtty: Anonymous, End-to-end Encryption, uses Blockchain, has permanent message destruction - but it's not Open Source as far as I see.
Here's nxxty on google play, the Apple version is planned.

Was just told that the anonymous user registration and encryption is handled via Nxt - and Nxt is open source. That could alleviate some concerns.

[dsattler]

Have you seen this secure messenger scorecard?

https://www.eff.org/secure-messaging-scorecard

[hodlbananas]

Have you seen this secure messenger scorecard?

https://www.eff.org/secure-messaging-scorecard

I did; none of those messengers are P2P AFAIK, which brings us to the point of this problem.

What do you guys think prevents people from building a convenient, easy-to-use blockchain-based P2P mobile app?

Well, I do know what - the incredible strain any PoW protocol puts on a mobile device and the amount of storage needed for the whole blockchain. So far the only solutions to this were different sorts of "crutches": like making a remote PC be a PoW whore for your phone, which means that you either have to set up a node on your computer and have it running 24/7, or pay someone to do that for you, which isn't what many people would call an "optimal solution".

What do y'all think can be done with a PoW system to make it applicable for mobile devices?

[g1974ak]

I don't think that there are some messenger secure. The big brother hear everything he want. Even some of messengers or one of those seems secure I don't believe that this is true. Before Snouden no one knew that existed that "wonderful" system of surveillance which surveid even the presidents, prime ministers or chancellors of the most important countries of the world. So, who don't exist some secret surveillance for every kind of messenger?

Don't panic people. Don't do subversive things and you are alright !!!! 

[herzmeister]

you don't need proof-of-work for a p2p messenger. maybe a little bit of hashcash to prevent spam. but even that would be just one of several possibilities.

tox is conceptually fine as it is, it just needs more developers, and on a more professional level at that.

the long-term solution would be all-purpose integrated p2p systems like storj or maidsafe.

[hodlbananas]

you don't need proof-of-work for a p2p messenger. maybe a little bit of hashcash to prevent spam. but even that would be just one of several possibilities.

tox is conceptually fine as it is, it just needs more developers, and on a more professional level at that.

the long-term solution would be all-purpose integrated p2p systems like storj or maidsafe.

I agree with the last point, that's what I was getting at for the most of the discussion. There are already p2p integrated solutions, but they're mostly in their infancy and thus don't enjoy much popularity, hence no network utility.

This has got me thinking: actually, I think using desktop PCs as PoW slaves for mobile devices wouldn't be such a bad solution as I initially believed, it just has to be done in a convenient way. And the messaging system will probably have to include a financial transaction feature in addition to messages themselves, to ease the process of payment to such remote nods.

[herzmeister]

the only thing that tox is missing conceptually in the current protocol is a storage facility, so that true offline messages can be implemented (right now both parties have to be online at the same time eventually for "offline" messages to be delivered). but that's the only missing thing that would be expected from a proper messenger, really.

and as soon we're talking storage layer we're in storj/maidsafe land. maidsafe claims to work without pow/blockchain. their security is based on a "proof-of-resource" and a node ranking system (there's still debate going how/if it can be secure enough). you can run a farmer though on your 24/7 online desktop box to provide storage space for others, to earn some of the integrated safecoins. but your devices will run under your same account, so apps could provide very much convenience in such a system, much more so than in today's internet/web where you need to maintain hundreds of logins/passwords.

[hodlbananas]

the only thing that tox is missing conceptually in the current protocol is a storage facility, so that true offline messages can be implemented (right now both parties have to be online at the same time eventually for "offline" messages to be delivered). but that's the only missing thing that would be expected from a proper messenger, really.

and as soon we're talking storage layer we're in storj/maidsafe land. maidsafe claims to work without pow/blockchain. their security is based on a "proof-of-resource" and a node ranking system (there's still debate going how/if it can be secure enough). you can run a farmer though on your 24/7 online desktop box to provide storage space for others, to earn some of the integrated safecoins. but your devices will run under your same account, so apps could provide very much convenience in such a system, much more so than in today's internet/web where you need to maintain hundreds of logins/passwords.

RE tox: that's actually quite a glaring issue. Do they have plans for introducing the feature?

Yeah, I imagine the team that would develop a similar system for messaging could also set up their own semi-official farmer nod and allow anyone to use it for free/some token fee to allow newcomers to join in for an acceptable price, in exchange for the lessened security such a centralized option implies.

[hodlbananas]

Hey guys, I have a question: do you think a truly secure p2p messenger should rely on the use of blockchain or some other technology to ensure the complete privacy?

Personally, I can see several quite obvious problems with blockchain-based apps, which are the size of the blockchain itself and the excessive amount of computational resources needed to run a PoW algorithm. But even with all those disadvantages, I don't think there is really a different option for a truly secure app.

What do you guys think?

[RodeoX]

a related WARNING about messaging.

At next months black hat conference in Vegas a new exploit will be detailed that allows an attacker to attack most any android phone just by sending a video by SMS. The video contains a payload that could lead to a complete takeover of your phone. Any android after 2.2 is susceptible and, unlike other attacks, you do not have to even view the message. Just sending it is enough and all the attacker needs is your number.
All you can do now is (on some phones) disallow auto download of messages and NEVER DL A VIDEO ON AN ANDROID PHONE!!!!!!! After the conference it will only take weeks for this exploit to move into the wild.