Hi,
I’m looking for an instant messaging ( IM ) apps software/protocol that run on Android and computer
and meet the following requirements :
- Open source !
- E2EE
- Messages are send in direct ! (not passing by a server)
- handle group
- Truly private ! ( That’s the tricky part )
The closest that I’ve found is Briar
- +can work without internet ! (bluetooth, local wifi, files !)
- + use TOR
- - Mutual party have to exchange key (or your can introduce someone)
- - sending media suck for now, poor image quality
- - no call or voice messaging
I’ve been looking for alternatives:
Session- Sadly it keep ALL the conversation into server !!! so it’s a no go.
- speek
- I didn’t try it yet, any feedback ?
- simplex
- it look very promising ! (didn’t tried it yet)
- + seem to handle multiple profile in one !
- + do not require that both party send an invitation !
- and have also a optional long term address
- ! I didn’t found (yet) if the messages are send in direct or pass by a server…
All post about alternatives or experience with the one that I cited are welcome.
deleted
The “truly private” req really smells with “I have no threat model and don’t know what am I doing”
Yeah. What does privacy mean?
Does it mean nobody knows what you’re saying? Doesn’t mean nobody knows that you’re talking? Doesn’t mean nobody can tell two people have engaged in a conversation?
In addition to direct observations, you can make indirect inferences from many of those characteristics.
If I can observe your peer to peer traffic I know who’s talking to who.
If I can observe your network, onion routing layer, I can determine who is talking to who with high probability
If I can see network traffic at all, I can determine who our members of a group, if the group messages are delivered simultaneously.
is rare, but briar as you identified is pretty good. Though android only.
The trouble with peer to peer is it isn
theres also notification scandal recently which i think the op doesnt know about
It was always known, in the threat model.
Though I think everyone assumed Google required a warrant.
Even without Google, Apple’s participation and push notifications - signal still has the same capability. Simply because they’ve created a centralized architecture.
deleted by creator
deleted
https://www.privacyguides.org/en/real-time-communication/
https://www.securemessagingapps.com/
Peer to peer messaging is rare, but briar as you identified is pretty good. Though android only.
The trouble with peer to peer is it isn’t very private as the people you message see your connection directly, except with briar
Not exactly what you’re looking for, BUT the best bet would probably be jabber/xmpp. There is a server involved but you can be that server with a ras pi or an old laptop, or VPS, and with OMEMO e2ee, the server can’t see message content only “bob sends X to john.” And as the server owner you can keep no logs and trust yourself.
simplex uses relays/servers, but incoming and outgoing messages are configured to pass through separate servers. you can see this in the network settings
Additionally these servers are random per-contact, can be changed around and all data and almost all metadata is either encrypted or otherwise protected ;)
Session doesn’t store logs on a central server. They are encrypted and stored on lokinet.
Anyway other options are: Jami, Signal or Molly and maybe matrix. Keep in mind Briar will drain battery a bit and doesn’t receive notifications offline unless you setup a dedicated device
https://www.securemessagingapps.com/ if you see closely for session , it says that attachments are centralized in their servers in canada
session tries to promote their oxen cryptocurrency and lokinet which imo crypto currency are used by baiters to bait people into ruining their money
you dont understand what signal /molly is , do you ? they are centralized server and OP specificially asked not centralized server / server for that matter
matrix is good but it still need server , plus matrix.org takes quite a bit of metadata
jami’s good but it uses turn server to verify your name
briar’s bluetooth functionality can be violated plus no good ui/ux
Interesting that you mentioned briar and Bluetooth. What is the issue with Bluetooth?
just search seytonic bluetooth on yt , you can find it preety easily ngl
Okay, just on general principles telling me to watch an influencer on YouTube who summarizes an article isn’t a great way to have a discussion.
But whatever, I think this is the article you’re referring to:
https://www.theregister.com/2023/12/06/bluetooth_bug_apple_linux/
Bluetooth keyboard, keystroke injections.
That’s a generalized Bluetooth issue, not a briar issue. I was just curious if there was a specific briar implementation problem, but if this is the article you’re referring to then briar is fine and hasn’t had a issue.
i have an exam tomorrow and as such i wasnt able to show you all the sources
and no currently htrere is no briar specific problem in my radar “yet”
Session does not have centralized servers in Canada. There are issues with session but centralized servers aren’t one of them.
uhh i linked you the website source , no offense but its written there also i hate crypto so maybe thats why i am picking up on those guys specifically i guess
speek sucks in my opinion , i tried it ,
tbh jami is the best app currently in the p2p messenging space
berty sounds good as well , its built on top of ipfs and weshgaurd
tox is good as well
(i have messaged briar and berty team regarding some questions and i havent gotten its answer , i will update you when i get the answer)
SimpleX uses servers, but they’re just relays and due to SimpleX’s design, no single server can figure out who you are or who you’re talking to. By using Tor they also couldn’t band together and fingerprint you by IP.
If you want to see the model explained, visit their website or just ask here, I’m glad to explain how it keeps your contact graph, identity and messages private :)
Meahtastic and LoRa actually meet your requirements
https://www.youtube.com/watch?v=EAQI2ZSmxPU
Peer to peer messaging, line of sight.
Have you looked in to Jami?
deleted by creator