Patrick, I’ve noticed an issue with beginners and less experienced users: they either don’t know where to communicate safely, or they install messengers with built-in Tor, resulting in Tor over Tor. Essentially, Whonix is best suited for anonymous web browsing and secure communication, especially for journalists. Beginners, particularly Windows users, don’t know where to find and download messengers. For example, many think that Matrix or XMPP are messenger names. Searching for a website to download a messenger can be phishing and compromise the system. Many users from Asia, Eastern Europe, South America, and Africa are unaware of secure messengers—they consider WhatsApp or Google Messenger or Telegram (without E2EE!!) the gold standard of protection from western developers. I sometimes share these reviews, and even in privacy chats, people say, - Wow, I didn’t know about these messengers! https://privacyspreadsheet.com/messaging-apps
And it is mandatory to note that such popular secure messengers as Briar and Tox create Tor over Tor, which is very bad for anonymity. Or does Whonix disable Tor over Tor for both the Tor Browser and other apps (tor-messengers)?
In this case, a beginner or journalist will get maximum protection “out of the box” - they will enter the secure Tor browser and immediately see where to download an application for secure communication. And, your recommendation of search engines helps novices expand their search results without including Google or Bing (yes, many Tor Browser novices are unsatisfied with DuckDuckGo’s search and use Google, unaware of Brave Search, Qwant, Startpage… - Whonix expands the knowledge of beginners in this regard)
This is just food for thought. It will make Whonix more caring and convenient for those who are just starting their journey in the anonymous internet or for whom secure communication is a matter of life and death - persecuted activists and journalists worldwide. I thought this would be a great addition to the future new version of Whonix. Thank you
I found a page on the wiki Instant Messenger Chat , but it seems it hasn’t been updated in a long time and doesn’t include an overview of the frequently recommended Simplex, Briar, Session, Status. And most users don’t use the documentation until they run into issues. So, such an important topic as secure chats could be highlighted on the browser’s home page.
It is very strange to see Telegram in this list, which does not appear in any security rating, and has been criticized by all security specialists and cryptographers for the lack of end-to-end encryption by default and the complete absence of encryption in group chats, and for using MTProto, about which it is written here:
Even in Russia, where Telegram is particularly popular, political activists do not recommend its use
And now Telegram reveals to your chat partner registration date and country of the SIM when starting a personal chat after a recent update. What privacy and anonymity can we talk about?
At the same time, No secure private messenger without email and phone registration is mentioned. Nor is any quantum-resistant messenger, such as Simplex
But if this topic isn’t discussed, sorry for taking your time
Although Telegram Desktop is functional in Whonix, it requires Phone Number Validation and is therefore unrecommended at this time.
Disadvantages include:
End-to-end client encryption is not a default. Easy to confuse encrypted and non-encrypted chats. For the purpose of encrypted chats it would be better to use a messenger that is always encrypted end-to-end by default.
We got a wiki page on that too.
Please avoid duplicated discussions.
A lot of these messengers have already existing forum threads and/or are mentioned in the wiki. There are strong reasons against some of them, advantages and disadvantages for others.
We cannot discuss 10+ messengers at the same time in 1 forum thread. That will quickly become confusing.
So please pick one, the most promising one, then see the existing Kicksecure, Whonix wiki and discussions. Only then, if there is something new to add, post.
There is anon-ws-disable-stacked-tor which works for some applications (not limited to Tor and Tor Browser) but this cannot work for all applications that come with their own built-in Tor.
Thanks for the overview, one main issue with messengers is that you got to have the other side use the same protocol / system. So when looking at the safest options out there, then, well, do you have enough userbase to communicate with? without forcing the other side to install something?
That does not justify using a really bad option such as Telegram and certainly not Whatsapp for sensitive communication but I think XMPP with say OMEMO is currently still considered to be good (obviously depends on the client and XMPP server too) while enjoying a large enough user base. Especially when used in Whonix, behind tor.
Quantum issue may change that - correct me if I am wrong with the above.
Regarding the homepage - personally I prefer absolutely nothing there.
XMPP/Matrix are good options, but now there are applications for more advanced communication. You can check out the reviews I’ve published to see messengers that stand out for their anonymity and privacy protection. Patrick said it’s better not to discuss this here and I will create separate forums.
That’s what I wanted to talk about when I brought up the topic of recommendations. Most users, even advanced ones, don’t read documentation and wikis unless they have to. Okay, sorry.
Patrick, on this page in the Anonymous Email, Chat and Communications section, XMPP, Signal, and Telegram are listed. Maybe it’s worth removing Telegram from there or replacing it with another secure messenger? Otherwise, this page looks like the Whonix developers are recommending Telegram for anonymous communication. Telegram fans might even use this page as advertising for their awful messenger, despite the extensive criticism that has been there since Snowden’s criticism (nothing has changed in terms of their server-side message storage approach since his Telegram post)
I forgot to mention the most important thing (but this is written in the links I have published) - Telegram still doesn’t have end-to-end encrypted secret chats on its desktop and web versions! It’s been 12 years, and these chats are still not available on desktop, so conversations are less secure than on WhatsApp. All messages will be accessible on the server by Telegram admins. I think Telegram should be primarily not recommended just for this reason. Even Facebook or Instagram has a chance for e2ee with closed-source code, but Telegram doesn’t have this option in its desktop and web versions.
Sorry for my awkward english. I mean that Telegram should be marked as maximally unrecommended for this reason. Not because it requires a phone number, and not because e2ee chats are not enabled by default. But because it is impossible to activate e2ee chats in Whonix due to it absence in the desktop and web versions.
Just don’t write and review Status. I was wrong. It doesn’t have builds for Linux desktop yet. But info about Briar and Session would be very useful in the wiki. I looked at the forums about it Briar Desktop in Whonix and Session Private Messenger and there are multiple issues mentioned with these popular anonymous messengers. Simplex Chat can be added as a considered secure option - no phone number and email, unlike in Signal and XMPP/Matrix, minimal metadata, no Tor over Tor, quantum encryption.
In the end, we can get this list of ideal messengers for Whonix: Simplex, Cwtch, OnionShare, XMPP/Matrix, Delta Chat - all of them are actively developed, do not involve Tor over Tor, strong anonymity, and do not require a phone number for registration. And these are fairly popular chats. Simplex and Delta Chat work well in countries with strong censorship.
Let’s give Patrick some time for update wiki. Whonix/Kicksecure team is a small group, and they are currently very busy with an upcoming cool major update. I think the popularity of Whonix and Kicksecure will greatly increase after this update. Many bloggers and journalists will be reviewing it.
