Adium is ancient, has a ton of bugs and the devs are pieces of shit. Bradley Manning was convicted because they turned chat logging on by default. When this was pointed out to them they said they don’t care and didn’t change this.
I2P-Messenger is defunct AFAIK. Has it seen a new rewriting effort?
Although a work in progress Tor Messenger has a very important usability/security feature called CONIKS. This is a publicly auditable record that ties a user’s OTR fingerprint to their IM address which means that normal people no longer have to confirm fingerprints to start chatting securely.
@entropy please feel free to add to the chat page the stuff you researched.
ICYMI LibreSignal was Signal without Google. Until Moxie Marlinspike killed it with this comment. One day when I had way too much time on my hands and was in need of my nerd-drama fix, I read nearly all zillion pages of that thread. I’ll spare you from having to do the same.
At the risk of presuming to know what motivates Marlinspike personally (and without knowing much of his life story), the thread sounded a lot like the age-old tale: Revolutionary gets old. Revolutionary gets rich. Revolutionary wants mass market acceptance. In all fairness, however you feel about moxie0’s present level of idealism, it’s hard to deny that there is truth to his contention: that software that gets most of the technical details right that gets used is better than software that gets all of the technical details right but doesn’t get used.
Some of moxie0’s points are best stated using his own words:
Besides allowing for simple identifiers (like phone numbers), non-federation has major benefits:
XMPP is stuck in time. Making any changes to a federated protocol is very difficult, which is why it still resembles the late 1990s. It’s also why we’ll never have usable end to end encrypted email. Services that control their own clients and infrastructure can iterate quickly, federated clients and servers can not.
On distributed communications:
We’re trying to make mass surveillance impossible for the world we live in, not a fantasy land inhabited only by cryptonerds and moralists. This is the world we live in: people do most of their communication on mobile devices running iOS or Android, use Chrome on the desktop, and expect contact discovery to be automatic in their social apps. The browser has won the desktop, iOS and Android have won mobile, and the velocity of the ecosystem is unlikely to make “distributed” communication mechanisms possible for some time.
And a nice reply from eighthave of the Guardian Project:
@moxie0 We at Guardian Project applaud your work at making crypto easier to use, but don’t forget we are targeting different problems. As you said, Whisper Systems only cares about mass surveillance. We are definitely focused on targeted surveillance as well. Add in federation to the equation as an essential piece to circumvent blocking, and that makes it a lot harder to make easy-to-use software. ChatSecure works in China, which is part of the reason why we are funded, while Signal has been blocked for a while, and most devices there do not have Google on them. Federation is an important part of why ChatSecure still works in China. If you focus on the easiest part of the problem, then it becomes a lot easier to focus on a simple user experience. Focusing OWS on countries that don’t block internet services, avoiding mass surveillance, and requiring Google makes your problem space a lot smaller.
Perhaps, it’s agreeable enough to say that everyone has their own problem space that they are trying to resolve. As long as projects don’t misrepresent themselves or set unrealistic expectations, it’s fine to have solutions to different problems.
The Signal client is open-source. Portions of the Signal server are not open-source. In particular, the portions written by the NSA. (joke!) It’s not very clear why. But it wouldn’t really matter since Open Whisper Systems runs all the servers and could change the running code to some extent. This brings up another issue with Signal, besides the fact that it runs on iOS/Android. Here we have Privacy by Policy - their claim that they only keep limited metadata - that is difficult to work around. With OTR, I can simultaneously have 20 accounts on 20 different XMPP servers on 20 Tor circuits - not sure if that’s possible with Signal.
Google Play services are used as a convenient delivery mechanism and most importantly, for Google Cloud Messaging (GCM) - the notification engine. AFAIK it is possible to install Signal on a rooted phone using F-Droid and also possible to avoid GCM by installing GmsCore. Signal also accepts registrations coming from VOIP numbers, which should open up the program to Android emulators. [Still too many unknowns with Android and Signal servers for my paranoia.]
@HulaHoop pieces of shit noted. Will update OP and add task to my wiki list. Also, any comments regarding the little bit about hosting your own XMPP server? Obviously, it’s better for you than your contacts but any obvious deficiencies? Is there inter-server leakage when all activity (registration and messaging) occurs on one server? It could be a decent workaround when a paranoid Whonix user needs to communicate with OTR-only contacts…
XMPP was designed long time ago without anonymity kept in mind. Depending on the capabilities of your XMPP client it may leak some sensitive information about your software configuration such as the time on your machine, your timezone, geolocation (XEP-0080), version of your operating system and version of your XMPP client. Some XMPP clients can also download a content (pictures, files) authomatically that may be used by attacker to reveal your IP address. Thus, if anonymity matters for you, it is always better to run XMPP client inside some virtual operating system (on virtual machine), that doesn’t share its software configuraton with your main operating system.
OTR enabled by default
not in Debian repo, but has signed portable installation and built-in updater
clumsy interface, wrt account connectivity
only global status options (can’t set per account)
has fewer user-configurable privacy options (compared to pidgin, gajim). Hopefully, that’s because they’re all set to safe defaults.
default has no stream-isolation: https://trac.torproject.org/projects/tor/ticket/14382. Whonix + Tor Messenger has stream isolation per xmpp server because port 9152 has IsolateDestAddr on Whonix-Gateway. Multiple accounts on same server will share circuits. Needs per-account proxy settings as is common on other chat clients.
wow.wow.wow. Love what I’m reading here: https://coy.im/about/
These guys are our kindred spirits. If coyIM does what it says it does, Tor Messenger is dead-on-arrival.
I’ll mostly just be repeating what’s on their About page… so what… it’s good.
new release yesterday. previous release 2 months ago. active development.
written in Golang.
supports one protocol (xmpp).
The goal of CoyIM is not to have every feature under the sun. Instead we want to carefully pick and choose the features that are necessary to create a good chat experience, while keeping the attack surface of the system to a minimum.
built-in OTR enabled by default. Tor enabled if present. (confirmed using netstat - port 9050).
! automatically connects to onion version of xmpp server if it exists (confirmed)
! automatic stream isolation of accounts (confirmed using onioncircuits: two accounts on same server going to same dest address and port were routed over different circuits. ?using IsolateSocksAuth like Tor Browser?)
(probably not a long enough delay to matter but it’s a nice touch)
If more than one account is configured, when connecting CoyIM will insert random delays before connecting to each account, in order to make fingerprinting of connections between accounts harder
yellow banner on top of home page indicating unaudited. nice transparency.
optionally encrypted config files
all dialog options explained clearly on the dialog
blob is signed. navigate to download directory for sigs
On their wishlist:
disposable one-click xmpp accounts
less config options are better
logging, maybe (personally, I wouldn’t mind having this)
ricochet does not use an inside application encryption layer. The only encryption is the one used by Tor onions. Therefore it does not provide OTR like encryption features. Maybe not catastrophic but also not great. Source:
unMessage uses stronger encryption, Double Ratchet Algorithm for in application encryption, which is similar to OMEMO (which is similar to OTR). More details:
The ‘Wire’ chat is created by Estonian ex-Skype mastermind (pre MS takeover) announced that they will opensource both client and server code. Multiple code audits over time show they are improving their codebase. The most recent by JP Aumasson (who uncovered bugs in Signal) confirms its robust crypto implementation. IM protocol uses Moxie’s ratchet. VoIP recently became E2E encrypted otherwise past notes say its RTP with SRTP. E2E encrypted group VoIP planned which no other major client has:
RTP is usually UDP based. Now that they are open source we can potentially ask for a TCP implementation like they did for Skype before. Maybe suggest Tor support too.
Server still has some proprietary components as of now (April 2017) but opening it up.
Both components client and server are released under strong copyleft licenses. However I noticed there are extra restrictions on client modification if the derivative app wants to connect to the Wire company server - that seems normal considering projects like Signal even forbid this from happening at all. They are aiming for a federated network anyhow so this restriction is less problematic long term.
Another point is contributions must happen under a CLA. Looking thru it: it seems a defensive agreement to make sure no one can abuse patents against them, copyrights are co-owned between contributors and them, promises that any contributions will be kept under an OSI or FSF license. Sounds reasonable.
Odd fact: signal (android app) does not work on a phone without google installed. Requires google services to run.
There’s more. I have a few online friends who keep dragging me into signal. But my main problem isn’t signal requiring google (which I’m not a fan of, for obvious reasons). My problem is that I don’t own a cellphone at all. I was glad when the users won the Linux battle on PC, but very sad when they lost the whole war by surrending to iOS/Android on their shiny smartphones. Most likely I would not buy a phone until it will be possible to install a standard Linux distribution on it, like I can do on my PC. I did a very superficial search online and it looks like signal also has a desktop app. Yet, to register an account, one still needs to have a phone to receive some authorization code to it. I would be glad to hear your feedback on this if you have anything to add.