Haven't found the one yet:
- open source software, doh
- end-to-end encryption...
- has browser frontend and Android app
- public URL without sharing your mobile phone: messaging software that force you to have a mobile phone
- self-destroying messages (turned on by default please)
- user base large enough to give some confidence that it was reviewed for security issues
- easy/built-in setup over Tor
Optional but really ideal:
- can delete messages from the device of the person you sent it to, no matter how old
- decentralized, your username is a public key
The state of messaging is ridiculous as of 2020.
Internet Relay Chat vs XMPP: stackoverflow.com/questions/4149380/whats-the-best-open-protocol-for-chat-room-software
TODO evaluate. No
pip install
???You gotta be born after the year 2000 to understand it.
This is becoming more and more popular as a group chat with channels and threads possibility as of 2020.
Very similar to Slack.
They force your username to have 4 random digits? www.reddit.com/r/discordapp/comments/43kjdl/whats_the_number_next_to_the_username/
Not possible to anonymously join just one server without creating a new account? What's the point of servers then! www.reddit.com/r/discordapp/comments/6gmjl7/changing_nick_before_joining_a_new_server/ Oh, also nicks don't hide your username from the server in any way, you can get the original username by just clicking on the person's username.
No proper threaded discussion without creating new channels? As of 2022 there is kind of a way, but it was a bit obtuse.
As of 2022 they also have a school hub: support.discord.com/hc/en-us/articles/4406046651927-Discord-Student-Hubs-FAQ which auto creates groups by university email access. Good idea, and shows popularity amongst that user group.
Servers don't have an ID to join them? www.reddit.com/r/discordapp/comments/b9zdt6/join_discord_server_from_id/
Can only make public servers if you have 1000 members?? support.discord.com/hc/en-us/articles/360023968311 Why so much bullshit?? www.reddit.com/r/discordapp/comments/6jouf8/how_do_i_make_my_server_public/
Also asked at: webapps.stackexchange.com/questions/163441/how-to-create-a-public-discord-server-that-anyone-can-join-without-an-invite
Discord is useless if you want to participate in more than one large group because of this. It is impossible to get email notification for selected threads you care about.
No way to get email notifications for missed activity? support.discord.com/hc/en-us/community/posts/360041806392-Can-we-get-an-email-notification-option-for-messages-
Ciro Santilli worked on it for a brief time in 2016, when it was still called Ring, before he got fired. :-)
The people were quite nice and the project idea is fine, Ciro hopes they succeed.
No chat only? .... community.jitsi.org/t/chat-function-only/79067
As of 2020: end-to-end encryption optional and turned off as default, and marked as experimental...
Appears to be based on XMPP: community.jitsi.org/t/jitsi-users-is-jitsi-a-regular-xmpp-server/13211
Basic must haves:
Other cool stuff:
- sealed sender: signal.org/blog/sealed-sender/ Nice!
Missing:
- Tor routing by default:
- option to enable disappearing messages by default:
- community.signalusers.org/t/ability-to-set-your-own-default-timer-for-disappearing-messages-on-all-new-conversations/5144 "Ability to set your own default timer for disappearing messages on all new conversations"
- www.reddit.com/r/signal/comments/jhknuz/default_disappearing_messages_timeout_for_new/
- messages are not encrypted on desktop via the password manager!?!?
- github.com/signalapp/Signal-Desktop/issues/549
- github.com/signalapp/Signal-Desktop/issues/1318
- www.reddit.com/r/privacy/comments/fwux29/signal_desktop_stores_the_encryption_key_in_a/
- whispersystems.discoursehosting.net/t/improve-security-of-desktop-apps-encryption-of-data-at-rest/26494
- community.signalusers.org/t/why-cant-we-lock-the-desktop-app-with-a-password/1383
- web client:
- secure anti-forensic data erasure to attain plausible deniability of disappearing messages:
Previously missing:
- remove the need to share your phone number with contacts: messaging software that force you to share your mobile phone with contacts. This is a deal breaker for online acquaintances:Beta February 2024: signal.org/blog/phone-number-privacy-usernames/
- security.stackexchange.com/questions/231637/signal-contact-people-or-have-people-contact-me-without-revealing-phone-numbe/245665#245665
- community.signalusers.org/t/have-option-to-set-up-username/8723
- www.reddit.com/r/signal/comments/8kybil/is_signal_ever_going_to_include_usernames/
- community.signalusers.org/t/usernames-lets-throw-phone-numbers-in-the-dustbin-of-history/7282
- remove need for phone completely:
- community.signalusers.org/t/a-proposal-for-alternative-primary-identifiers/3023
- community.signalusers.org/t/remove-the-need-for-a-mobile-phone/1543
- community.signalusers.org/t/registering-with-an-email-address/919
- community.signalusers.org/t/username-id-registration-without-phone-number/9800
- community.signalusers.org/t/more-reasons-why-signal-should-ditch-phone-numbers-the-guardian-confirmed-the-identity-of-those-in-the-chat-by-cross-checking-phone-numbers-attached-to-the-signal-accounts/7311
- community.signalusers.org/t/why-is-phone-and-phone-number-required/1425 community.signalusers.org/t/what-is-the-technical-reason-that-i-cannot-use-signal-without-a-phone-number-and-that-i-cannot-use-signal-desktop-without-signal-on-my-phone/11400
TODO what's the fucking official discussion/feature request forum?
- community.signalusers.org appears to be the de-facto non-official one.
- github.com/signalapp/Signal-Android/issues/5372
- whispersystems.discoursehosting.net
- github.com/signalapp/Signal-Desktop/issues/1318 closes and points to discoursehosting
- github.com/signalapp/Signal-Desktop/issues/549
- www.reddit.com/r/signal/comments/lipo6z/community_signal_forum_vs_reddit/ gives some good history, says they pay for community.signalusers.org/ and have admin powers there.
Feature overview:
Not end-to-end encrypted by default, WTF... you have to create "secret chats" for that:
You can't sync secret chats across devices, Signal handles that perfectly by sending E2EE messages across devices:This is a deal breaker because Ciro needs to type with his keyboard.
Desktop does not have secret chats: www.reddit.com/r/Telegram/comments/9beku1/telegram_desktop_secret_chat/ This is likey because it does not store chats locally, it just loads from server every time as of 2019: www.reddit.com/r/Telegram/comments/baqs63/where_are_chats_stored_on_telegram_desktop/ just like the web version. So it cannot have a private key.
Allows you to register a public username and not have to share phone number with contacts: telegram.org/blog/usernames-and-secret-chats-v2.
Has Reproducible builds on Android and iOS: core.telegram.org/reproducible-builds
Self deleting messages added to secret chats in Q1 2021: telegram.org/blog/autodelete-inv2
Can delete messages from the device of the person you sent it to, no matter how old.
Claimed to remove metadata from servers unless legally obliged to collect it: www.quora.com/Does-WhatsApp-store-messages-on-its-servers-or-is-all-deleted-after-delivery-and-only-stored-on-recipients-phones/answer/Ciro-Santilli
They've had a few breaches: www.whatsapp.com/security/advisories/
They claim to delete metadata: www.quora.com/Does-WhatsApp-store-messages-on-its-servers-or-is-all-deleted-after-delivery-and-only-stored-on-recipients-phones/answer/Ciro-Santilli
Obviously with the single intention of killing a competitor.
It is impossible to make money off WhatsApp as it is because of end-to-end encryption.
Facebook just clearly bought it to prevent it from actually growing further and killing facebook.
It is mindblowing that the sale wasn't cancelled due to anti trust.
The outcome of this is that WhatApp will remain with the same feature set forever, while other competitors have been growing, notably Discord and Slack.
It seems that there is a case looming 10 years after the fact: www.cityam.com/facebook-fails-to-block-antitrust-lawsuit-over-whatsapp-and-instagram-ownership/ Wake up???
Your profile picture, name and status are public by default as of 2022!!! OMG!!!
This means that all secret services in the world have alrady scraped this information for everyone that uses WhatsApp!!!
They just have to go incrementally through the list of all phone numbers... 001 0000 0000, 001 0000 0001, 001 0000 0002, etc. and then you can deduce who has which phone number.
OMG... it is analogous to the Facebook profile face dump.
Sure, it is forbidden in theory: faq.whatsapp.com/general/security-and-privacy/about-harvesting-personal-information/.