What’s the closest thing we have to a perfect private messanger?
In my mind the perfect private messanger is both completely secure, and also completely anonymous.
All the mainstream messengers can pretty much ensure the contents of the message will not be revealed…but that is not good enough. I want to be able to deploy and establish a completely anonymous AND private channel of communication on a dime without having to jump through extreme operational security hoops.
Does it really exist?
Matrix gets a lot of flak from people for their constant protocol changes, de-facto centralization around matrix.org and Element etc… but I’m very happy with Matrix as an open, federated, encrypted and private messenger and I hope it gets more adoption.
No. If you don’t jump through those hoops you give up the completeness of your anonymity, privacy or security.
If you’re uninterested in simply recognizing that fact, consider that the “push button, get privacy” level development is being worked on in reverse by every intelligence agency, data broker, state and municipality with astronomical funding levels.
You need to define extreme operational security hoops.
For me, meeting a human in person and scanning a qr code or relying on an out of band scheme to do the same is a huge hoop.
AFAIK simplex is the closest we have to perfect privacy.
+1 for simplex. I don’t use tor, but if you want the best of the best, use it
jami
How does Jami handle offline messages? From understanding its p2p, so both ppl have to be online right?
from my knowladge it stores the message on the senders device until the other person js online then sends it
Can’t believe nobody brought up i2p.
Messages sent through i2p in theory would be secure and anonymous. With an envelope anology, no way to tell if an envelope stops at a particular house or gets forwarded on, and also they can only see bags of envelopes and not a specific envelope.
Are there any cool i2p sites or apps? Since it doesn’t have exit nodes I never found a reason to use it.
I2p has a BitTorrent system. They’d have to block i2p completely to stop it. It will probably be the only way to torrent once VPN bans/liability get brought up.
Can you hook me up? I don’t know how to find those torrents/indexers/trackers
Briar, SimpleX, I2Pchat on desktop, maybe LXMF/Reticulum/Sideband over I2P if you want to get techy.
SimpleX is currently the best one possible.
All the security of signal without needing a phone number.
Everything can be through tor. Contact link can be formed with a one time use code that you DM someone privately.
Anything more advanced and you’re basically in internet dead drop territory. An encoded message on a pastebin through tor. Congratulations, you’ve entered pedophile/terrorist level security realm.
Simplex does check alot of those boxes… but smp traffic is easily identifiable unless your jumping through the major hoops of establishing a totally anonymous proxy.
An encoded message on a pastebin through tor. Congratulations, you’ve entered pedophile/terrorist level security realm.
Thats to bad being anonymous and secure puts you in that category. It shouldn’t!
Honestly, pedos & terrorists get the whole world cooperation on doxing them. So if they’re not using a tool or method then it’s not proof against nation states.
Why the need for complete anonymity though? Literally only pedos operate at that level so that nobody can squeal on the others if they are busted (they inevitably need to mess up a real kid because their CSAM isn’t good enough).
“Antifa” are terrorists in the usa now
Journalists and activists can make good use of top security.
This kind of mindset is what make the privacy community seem like outcasts. Yes, pedophiles and other criminals would benefit from complete anonymity, but that does not mean we should draw the line at how anonymous someone gets to be because “only pedos operate at that level”.
Journalist and human rights activists are criminals in certain circumstances. Being a criminal doesn’t mean they are bad.
Why not XMPP? Its anonymous, E2EE, etc.
I use XMPP and it’s good. SimpleX is even better at anonymising meta data afaik
Does it have Post Quantum Encryption? Only anonymous if used with TOR or VPNs.
Signal is far from perfect but its good enough for me.
Love signal but it’s NOT anonymous
Edit: signal. Not simpkex
…SIMPLEX (the app)
I would still like to understand why Jami is never mentioned in these posts. I’m not aware of any technical or security objections, and the less I hear about Jami, the more concerned I become about using it.
You can’t have big groups in Jami, it’s limited to a small number of participants (can’t remember how many).
Yeah. SimpleX has a similar problem, because it’s basically creating a bunch of 1:1 connections between everyone to preserve anonymity - IIRC (I freely admit I could be misremembering this). As I understood, it’s a decent limit, though - more than the 7-12 friend/family group you’d reasonably trust in a chat group.
I did not consider this a blocker - who’s using encrypted chat for large groups? Large group chats are fundamentally insecure; is the use case about anonymity, not encryption?
Sure, encryption may not be important for large groups but it can happen that it may be needed. If I were to make a group with my coworkers, I’d want that to be E2EE. On top of that, even without E2EE, you need good UX to host discussion groups for various topics, and Jami is simply not there yet.
Okay that’s cool but even software projects like SimpleX need group chats for the software’s community to ask questions and such, where should they be hosted? Slack?
SimpleX?
Tox would also be fantastic, but they need to improve their encryption and get it audited. Also, some nicer UIs in the various clients would be nice.
I think you don’t want to know the real answer. It sounds like you want a phone app, but what you really have to do is flush your phone down the toilet and use a totally different approach. Also, there is absolutely no way to avoid difficult opsec. The communications technology is irrelevant since the greatest vulnerability in any security system is the people who use it. Do you think the private messenger software will free sessions with your therapist from spying? Guess again.
As the saying used to go, you’re seeking a Star Trek solution to a Babylon 5 problem.
Technically, you should keep your phone and run false, normie activities on it. Give it to someone else to use and move about while you’re actually operational so it remains actively pinging the world while you’re away from it. All while also using the real approach, but not within range of your phone, or any windows or apple hardware linked to you either.
Session, Signal, Matrix, and more.
