Secure messengers: are there any?

[hodlbananas]

Hey guys, I'd like to bring up a question of finding a secure, fast and easy to use messenger application. Since cryptocommunity is based pretty heavily on privacy, decentralization, etc. I thought this is a good place to talk about that.

Among reports on NSA's surveillance practices, iCloud leaks, "The Snappening" et al. I've started searching for a way to communicate with people online in full privacy, without the risks of my messages and/or media files being read/seen by anyone for whom they are not intended.

Here's what I got:

1. WhatsApp and its direct counterparts: Viber, FB messenger, Skype, and the rest - just your average, very popular messenger app.

Completely out of the question. Anything that doesn't state security as one of its competitive advantages (like Telegram does, for example - more on that one later) can't be relied on, despite some preemptive measures that they're taking. It just doesn't matter how good an app is at encrypting messages, if the NSA are free to tap into the communications unobstructed - which Skype and FB have voluntarily agreed to: they're both part of the PRISM project. There's basically no telling if Whatsapp or Viber or any similar service won't do that too.

2. More security-oriented, sorta underground apps: Telegram, Cryptocat, RedPhone, TextSecure, etc.

All these seem to suffer from one or another inconvenience problem. Cryptocat has no functions, other than messaging texts, and you also have to transfer the chat names to people in person, if you want to really ensure the security. RedPhone only supports voice calls. TextSecure seems to lack such glaring issues and is pretty covenient, but it suffers from one problem, which is native to this category of messengers: the lack of people using them. A messaging app is only as useful as are people that are using it, so if it's so underground that none of your friends/colleagues/etc. use it, then you can't use it as well, no matter how secure it is.

The only messenger from this category that is relatively free from the problems of both convenience and popularity, is Telegram, which has all the features that you expect from a regular app and, I'd say, is somewhere in between underground and mainstream at the moment. It also has a special feature - secret chats, that is specifically tailored for secure conversations.

Ultimately, Telegram may very well be the best option at the current moment, but as its userbase grows, it can attract more attention from the government agencies, and ultimately suffer the same fate as Skype and FB - its encryption may be end-to-end, but the app itself isn't peer-to-peer, which means that it has centralized servers and people running those servers. And where there are people in charge, one cannot be 100% sure about their incorruptibility. Its another, although less grievous problem, is hazy monetary policy: currently they are running on investors' (Durov's, mainly) money, and they don't have plans for paid features, so it's not entirely clear as to what they're gonna do when the pot runs out. But again, this is a much, much lesser problem, compared to the security vulnerabilities associated with centralization.

3. Peer-to-peer messengers, completely underground: Bit Message, Bleep, Redact, TextHer, etc.

Most of these have some serious design flaws, which may or may not be fixed in the future: Redact fails to deliver 100% of the messages to the receiver, according to reviews in the Play Store. Bit Message, at this moment, seems to be completely off-limits to mobile devices, since it relies on a PoW algorithm, which will make your phone burst in flames while you're holding it.

Some of them are better and some are worse, but these are all plagued by the lack of their audience, even more so, than the previous category. Redact and TextHer have about 1500 downloads in the Play Store combined. Bleep appears to be the most popular among all of them, with about 100K downloads over the last 10 months or so, which is still abysmal, compared to Telegram's 50 million in the first year.
                                                                                                                                                                                                                                                                                         

So, ultimately it all comes down to this: you have to chose between security weak-spots, low usability/absent features or very low popularity, and you can't have them all at once. Or can you? Maybe I missed something, and there is a messenger, which offers a 100% secure p2p operation combined with convenience of some more popular apps? Share your opinions guys, what do you think?

[dsattler]

Have a look at threema: https://threema.ch/en/

It's quite popular in western europe. Unfortunately no open-source, but AFAIR the code was security-reviewed by an independant expert.

[misterycoins]

OTR
https://en.wikipedia.org/wiki/Off-the-Record_Messaging
Off-the-Record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations.

[The Bad Guy]

What about ICQ , how save is it ?
For privacy I guess you could go with MEGA-CHAT which is made by Kim Dotcom (we all know his problems with NSA and their spying ) but it's still on BETA phase AFAIK

[hodlbananas]

Have a look at threema: https://threema.ch/en/

It's quite popular in western europe. Unfortunately no open-source, but AFAIR the code was security-reviewed by an independant expert.

Yeah, this one seems all right, a million downloads in the playstore, no data storage/mining by provider. But, like you said, it's not open-source, nor is it p2p, hence not 100% private. Independent experts and service providers can be bought/coerced into disclosing users' personal data. It's doubtful that anyone will bother right now, but when and if it grows, it can become a vulnerable target.

Another problem with it is that it's not free, which means that it won't enjoy a similar level of natural growth that free counterparts, like WhatsApp or Telegram do, and I can't just ask all my friends and colleagues use it. So it's either going to remain on this unpopular level, where I can't really use it, or it will grow and with it will grow the probability of gvt. agencies tapping into it.

What I think this shows is the fundamental problem that any messenger has to face: it's either going to rely on a financially- and/or technologically-intensive solution, which will make it less popular and thus less usable, or decrease the complexity of the underlying solution to attract a larger userbase, in exchange for fundamental flaws, which may ultimately lead to security leaks. I think, when someone finds out a way to integrate a p2p solution in a mobile app in a cheap and computationally efficient way, and markets it right, they will be golden. So far I've failed to find such an app.

OTR
https://en.wikipedia.org/wiki/Off-the-Record_Messaging
Off-the-Record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations.

This is nice, never heard of it. Found a report about some security vulnerabilities found by the EFF and less-then-optimal battery usage by the Diffie-Hellman protocol, but overall it seems legit. Have you been using any of its mobile implementations yourself?

What about ICQ , how save is it ?
For privacy I guess you could go with MEGA-CHAT which is made by Kim Dotcom (we all know his problems with NSA and their spying ) but it's still on BETA phase AFAIK

Look it up, man. I've just found several reports on ICQ's vulnerability, here's just one of them. Anyway, it's pretty apparent, since it uses proprietary software and servers, that it isn't and can't be secure.

I failed to find a mobile version for the MegaChat, is there one?

[AtheistAKASaneBrain]

I remember a while ago reading about some sort of decentralized skype called Tox. Not sure if the project is still being developed or not.

https://en.wikipedia.org/wiki/Tox_%28software%29

[cryptocoiner]

bitmessenger maybe?

[funkenstein]

GPG/PGP is the standard solution.   

"Messengers"  are underlying transport protocols.  What keeps something secure is the next layer on top.  A quick check is to say "did a company produce this?"  If the answer is yes, than you aren' t using a secure protocol. 

[RodeoX]

You want SureSpot. End to end encryption, full deletion permissions, and open source.  

https://www.surespot.me/

It's free, but the author has a bitcoin address in the app for tipping!

[Spendulus]

Hey guys, I'd like to bring up a question of finding a secure, fast and easy to use messenger application. Since cryptocommunity is based pretty heavily on privacy, decentralization, etc. I thought this is a good place to talk about that.....

Passenger pigeons.

Can't beat them.

[funkenstein]

You want SureSpot. End to end encryption, full deletion permissions, and open source.  

https://www.surespot.me/

It's free, but the author has a bitcoin address in the app for tipping!

Let me get this straight.  This app is designed to run only on fully compromised (back doored) devices right?  

Lets move past that for a second and assume we don't care about those players who have that access, and are just trying to fend off script kiddies and low level advertisers / spamz0rs.

Now, where is my private key stored?  How do I verify that I have the public key of your private key, in other words how do we know there is no MIM going on?  

Is a key fingerprint easily available?  

    

[RodeoX]

You want SureSpot. End to end encryption, full deletion permissions, and open source.  

https://www.surespot.me/

It's free, but the author has a bitcoin address in the app for tipping!

Let me get this straight.  This app is designed to run only on fully compromised (back doored) devices right?  

Lets move past that for a second and assume we don't care about those players who have that access, and are just trying to fend off script kiddies and low level advertisers / spamz0rs.

Now, where is my private key stored?  How do I verify that I have the public key of your private key, in other words how do we know there is no MIM going on?  

Is a key fingerprint easily available?  

I use only jailbroken phones that I modify. It runs fine on my BLU phone. If you are concerned about what it does then I suggest you download the source and compile it for yourself.
When you want to invite someone it can be done in-app. You just need their username to directly connect to them. This app is not tied to a phone number or an email, or identity at all. Not that my phone is connect to me anyway. 

[roadbits]

Is anyone still using TorChat? Does it work well, even though it doesn't seem to updated in a while? is it still a safe working program?

[nachoig]

The only messenger from this category that is relatively free from the problems of both convenience and popularity, is Telegram, which has all the features that you expect from a regular app and, I'd say, is somewhere in between underground and mainstream at the moment. It also has a special feature - secret chats, that is specifically tailored for secure conversations.

Ultimately, Telegram may very well be the best option at the current moment, but as its userbase grows, it can attract more attention from the government agencies, and ultimately suffer the same fate as Skype and FB - its encryption may be end-to-end, but the app itself isn't peer-to-peer, which means that it has centralized servers and people running those servers. And where there are people in charge, one cannot be 100% sure about their incorruptibility. Its another, although less grievous problem, is hazy monetary policy: currently they are running on investors' (Durov's, mainly) money, and they don't have plans for paid features, so it's not entirely clear as to what they're gonna do when the pot runs out. But again, this is a much, much lesser problem, compared to the security vulnerabilities associated with centralization.

I have bad news for you. The cryptograph used in Telegram isn't considered good.
http://www.alexrad.me/discourse/a-264-attack-on-telegram-and-why-a-super-villain-doesnt-need-it-to-read-your-telegram-chats.html
http://thoughtcrime.org/blog/telegram-crypto-challenge/
http://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/
https://news.ycombinator.com/item?id=6913456

And end-to-end encryption needs to be the default (which doesn't happen in Telegram), otherwise, no one will use it. Although their end-to-end encryption shouldn't be trusted anyway.

OTR
https://en.wikipedia.org/wiki/Off-the-Record_Messaging
Off-the-Record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations.

This is nice, never heard of it. Found a report about some security vulnerabilities found by the EFF and less-then-optimal battery usage by the Diffie-Hellman protocol, but overall it seems legit. Have you been using any of its mobile implementations yourself?

OTR is good, but not for mobile. You and your contact need to stay online all the time because it doesn't work with offline messages. Also, it doesn't work with group messaging.

[dsattler]

Have a look at threema: https://threema.ch/en/

It's quite popular in western europe. Unfortunately no open-source, but AFAIR the code was security-reviewed by an independant expert.

Yeah, this one seems all right, a million downloads in the playstore, no data storage/mining by provider. But, like you said, it's not open-source, nor is it p2p, hence not 100% private. Independent experts and service providers can be bought/coerced into disclosing users' personal data. It's doubtful that anyone will bother right now, but when and if it grows, it can become a vulnerable target.

Another problem with it is that it's not free, which means that it won't enjoy a similar level of natural growth that free counterparts, like WhatsApp or Telegram do, and I can't just ask all my friends and colleagues use it. So it's either going to remain on this unpopular level, where I can't really use it, or it will grow and with it will grow the probability of gvt. agencies tapping into it.
<snip>

Really? It's 1.99 for lifetime use, even whatsapp charges you 0.99/year after the first year!
You're right about the closed source though, that is a showstopper IMHO.

[superpanos2]

You could use tox or bleep.
Bleep is closed source though

[ThomasVeil]

Nxtty: Anonymous, End-to-end Encryption, uses Blockchain, has permanent message destruction - but it's not Open Source as far as I see.
Here's nxxty on google play, the Apple version is planned.

[hodlbananas]

bitmessenger maybe?

See OP.

GPG/PGP is the standard solution.   

"Messengers"  are underlying transport protocols.  What keeps something secure is the next layer on top.  A quick check is to say "did a company produce this?"  If the answer is yes, than you aren' t using a secure protocol. 

Completely agreed!

Hey guys, I'd like to bring up a question of finding a secure, fast and easy to use messenger application. Since cryptocommunity is based pretty heavily on privacy, decentralization, etc. I thought this is a good place to talk about that.....

Passenger pigeons.

Can't beat them.

Yeah sure, encryption of both the destination and the message itself (if you're up for a little cryptography) is nice, but the messages are quite easily interceptable, and there is less than 100% deliverability, even without anyone trying to disrupt your communications. I'll pass.

[hodlbananas]

You want SureSpot. End to end encryption, full deletion permissions, and open source.  

https://www.surespot.me/

It's free, but the author has a bitcoin address in the app for tipping!

It's better than Bleep, I guess, but marginally (open source, with a similar number of downloads in stores).

The only messenger from this category that is relatively free from the problems of both convenience and popularity, is Telegram, which has all the features that you expect from a regular app and, I'd say, is somewhere in between underground and mainstream at the moment. It also has a special feature - secret chats, that is specifically tailored for secure conversations.

Ultimately, Telegram may very well be the best option at the current moment, but as its userbase grows, it can attract more attention from the government agencies, and ultimately suffer the same fate as Skype and FB - its encryption may be end-to-end, but the app itself isn't peer-to-peer, which means that it has centralized servers and people running those servers. And where there are people in charge, one cannot be 100% sure about their incorruptibility. Its another, although less grievous problem, is hazy monetary policy: currently they are running on investors' (Durov's, mainly) money, and they don't have plans for paid features, so it's not entirely clear as to what they're gonna do when the pot runs out. But again, this is a much, much lesser problem, compared to the security vulnerabilities associated with centralization.

I have bad news for you. The cryptograph used in Telegram isn't considered good.
http://www.alexrad.me/discourse/a-264-attack-on-telegram-and-why-a-super-villain-doesnt-need-it-to-read-your-telegram-chats.html
http://thoughtcrime.org/blog/telegram-crypto-challenge/
http://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/
https://news.ycombinator.com/item?id=6913456

And end-to-end encryption needs to be the default (which doesn't happen in Telegram), otherwise, no one will use it. Although their end-to-end encryption shouldn't be trusted anyway.

OTR
https://en.wikipedia.org/wiki/Off-the-Record_Messaging
Off-the-Record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations.

This is nice, never heard of it. Found a report about some security vulnerabilities found by the EFF and less-then-optimal battery usage by the Diffie-Hellman protocol, but overall it seems legit. Have you been using any of its mobile implementations yourself?

OTR is good, but not for mobile. You and your contact need to stay online all the time because it doesn't work with offline messages. Also, it doesn't work with group messaging.

Well, like I said, I don't trust Telegram to be 100% secure, nor anyone should, since it's not p2p, but it's the best option out there, as far as popularity/security ratio goes, in my opinion. And I can also force end-to-end encryption on those I communicate with by starting secret conversations myself.

Anyway, I'm not a fanboy of Telegram and will gladly switch to a better alternative, when it appears on the market, but for now I don't see a more secure option, which won't leave me unable to communicate with my network of contacts, due to them not caring enough to download Bleep or SureSpot.

[herzmeister]

I use XMPP+OTR (with Pidgin on Desktop and Xabber on Android), Tox (qTox on Desktop), TextSecure, Bitmessage, and RetroShare on a daily basis. Each serve their (different) purpose. I'd like to see the all-in-one solution, but oh well...