W
W
weranda2017-10-23 09:44:56
Messengers
weranda, 2017-10-23 09:44:56

The most heavily protected messenger - what is it?

Greetings
Propagandists are frightening about the possible access of a narrow circle of people to personal correspondence in instant messengers. We all know that the "narrow" circle of people - all those who have such an opportunity with their Wishlist. As I understand it, all popular messengers store correspondence on their servers, but are there open source projects of the same level as all well-known Telegram, Viber and others?

Answer the question

In order to leave comments, you need to log in

7 answer(s)
A
amorphine, 2017-10-23
@amorphine

There are p2p messengers - decentralized, as secure as possible. What about Telegram security and other things - no one knows what they have under the hood (on the server).

Z
zorca, 2017-10-23
@zorca

Convenient Slack-style: Rocket Chat
Maximum security: uTox

P
poisons, 2017-10-23
@poisons

Any messenger where you do not control the server side can be vulnerable.
In my opinion, nothing is safer than a bunch of "your own jabber server + OTR / PGP on clients", in principle, cannot be.

S
Sergey Sokolov, 2017-10-23
@sergiks

Look at the sources and protocol specifications of the Signal messenger:
https://signal.org/docs/

V
Victor Umansky, 2017-10-23
@Uman

An excerpt from an article about security

Network Security FAQ

Put jabber and don't fool yourself)))))))
7. What about messengers: Skype, WhatsApp, Viber, Telegram, is there encryption there?
You can’t use them:
- Central server (you can’t create your own)
- Closed source code (what these programs actually do and nobody knows where everything is dumped)
- Encryption not according to open proven algorithms (GPG, OTR), but according to their own proprietary (you decrypted when necessary)
- Binding to a SIM card
8. Why not just chat in a random game chat and / or communicate with pre-set words that others will not understand?
It is not enough to hide the subject of the conversation, since the very fact of the conversation remains: its sides, time, place, from which devices it was and other data that will remain on the server. And you cannot trust the encryption of some "game chats".
9. Then which messenger should I use?
Those that work on the jabber protocol (XMPP), are open source, time-tested and support encryption of client-client GPG and / or OTR correspondence (i.e. no outsider will see it, even server owners):
For Tails (or any other OS):
Psi (GPG)
Psi+ (GPG, OTR) polished Psi with additional features
Pidgin (OTR) old proven client, built into Tails
Tor Messenger (OTR) still in beta test
For Android:
Conversations (GPG, OTR)
Xabber (OTR)
10. Why jabber and not messengers like Tox, Ricochet?
Jabber is time-tested, supports proven client-client encryption algorithms (GPG, OTR), allows you to send messages offline (when the interlocutor is not online). All newfangled crafts do not yet have this.
11. What is the difference between GPG and OTR encryption, if in a simple way?
In a simple way: OTR requires the interlocutor to be online, but gives deniability (after the conversation, the keys are destroyed and the messages can no longer be decrypted, even if the keys were seized from both parties).
GPG is much older, more secure and has more functionality (you can encrypt files, sign messages, check signatures), keep keys in the encrypted Persistent section on Tails, have complex passwords and make backups and there will be no problems.
12. How to organize encrypted jabber conferences (chats from 3 participants)?
Client-client encryption in jabber conferences (i.e. no outsider will see it, even server owners) is possible through OMEMO - supported only by Pidgin (plugin needed), Gajim (plugin needed), Conversations (Android) clients. I haven't checked myself yet.
Client-server encryption in jabber conferences (i.e. it will not be seen by anyone outside, but it will be seen by the server owners, and it can remain on the server if the logs are not turned off) can be achieved by connecting to jabber servers in the .onion space. For example, to our server with logs disabled. You can not write critically important information in the chat, but send it to everyone with encryption separately.

V
Viktor, 2017-10-23
@nehrung

You didn't say what you want from the messenger other than security? Let's take Skype as a standard, and if you want everything that Skype offers, plus security, then you will not find this. The closest user option to Skype is Tox: good video and sound, there is file transfer, but there is no showing the Desktop in the video stream (static screenshots are sent instead). And of course, Tox (unlike Skype and others) does not have any central server, users communicate directly with each other.

R
Ruslan, 2019-10-19
@msHack

RetroShare easily breaks through NAT
Tox messenger easily breaks through double NAT
XMPP with OTR
JAMI is still damp but you can use
all of the above is open source I personally tested all these programs

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question