Hi,

I’m looking for an instant messaging ( IM ) apps software/protocol that run on Android and computer

and meet the following requirements :

  • Open source !
  • E2EE
  • Messages are send in direct ! (not passing by a server)
  • handle group
  • Truly private ! ( That’s the tricky part )

 

The closest that I’ve found is Briar

  • +can work without internet ! (bluetooth, local wifi, files !)
  • + use TOR
  • - Mutual party have to exchange key (or your can introduce someone)
  • - sending media suck for now, poor image quality
  • - no call or voice messaging

 

I’ve been looking for alternatives:

  • Session
    • Sadly it keep ALL the conversation into server !!! so it’s a no go.
  • speek
    • I didn’t try it yet, any feedback ?
  • simplex
    • it look very promising ! (didn’t tried it yet)
    • + seem to handle multiple profile in one !
    • + do not require that both party send an invitation !
    • ! I didn’t found (yet) if the messages are send in direct or pass by a server…
      It’s not P2P all the messages pass by servers… too bad.

All post about alternatives or experience with the one that I cited are welcome.

    • moreeni@lemm.ee
      link
      fedilink
      arrow-up
      10
      ·
      11 months ago

      The “truly private” req really smells with “I have no threat model and don’t know what am I doing”

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        Yeah. What does privacy mean?

        Does it mean nobody knows what you’re saying? Doesn’t mean nobody knows that you’re talking? Doesn’t mean nobody can tell two people have engaged in a conversation?

        In addition to direct observations, you can make indirect inferences from many of those characteristics.

        If I can observe your peer to peer traffic I know who’s talking to who.

        If I can observe your network, onion routing layer, I can determine who is talking to who with high probability

        If I can see network traffic at all, I can determine who our members of a group, if the group messages are delivered simultaneously.

        • KDE@monyet.cc
          link
          fedilink
          arrow-up
          2
          ·
          11 months ago

          is rare, but briar as you identified is pretty good. Though android only.

          The trouble with peer to peer is it isn

          theres also notification scandal recently which i think the op doesnt know about

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            11 months ago

            It was always known, in the threat model.

            Though I think everyone assumed Google required a warrant.

            Even without Google, Apple’s participation and push notifications - signal still has the same capability. Simply because they’ve created a centralized architecture.

          • Gordon_F@lemmy.mlOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            9 months ago

            Though android only.

            Anyway on Windows, Apple there is no sense to have a privacy apps if the OS it self pump everything it can.

            And on Android it only make sense if you use an AOSP rom, or another but without the google crapware…

    • Skull giver@popplesburger.hilciferous.nl
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      If you allow for servers that can’t read your messages (Tor nodes and such), “serverless” messaging is quite possible. All the layers of encryption and redirection aren’t great for latency, but there’s no reason two phones can’t be connected over Tor/Veilid.

      The problem in practice, I think, is notifications. To receive notifications, you need to be online all the time. To be available on Tor all the time may help deanonimze you so you also need to shake up your connections every now and then, which requires some CPU heavy recalculations and key exchange from the network as connections are reestablished.