Check this box to affirm you have no conflict of interest.
on
Website
Short description
Encrypted, easy-to-use XMPP instant messenger for your mobile device - From F-Droid
Why I think this tool should be added
This tool fits very well in this section and should be added, as it meets all qualifications assuming people message exclusively between two Conversations apps:
- Is open-source
- Requires no personally identifying information
- Uses E2EE by default
- Supports E2EE for all messages
- As far as I understand it has been audited: https://conversations.im/omemo/audit.pdf
- Supports forward secrecy with OMEMO
- Supports future secrecy with OMEMO (if I understand right)
- Servers are open-source
- Decentralized/Federated
The only cons are 1. It’s only an android app and not on any other platforms, but the same con applies to briar, and 2. If you communicate between Conversations and a non-Conversations XMPP app, then you may or may not have E2EE (however, most of the time you do, e.g. between Conversations and Gajim or Conversations and Dino). Maybe this site could recommend Conversations, but not recommend communicating with people outside of Conversations?
This second problem really also exists as a problem with the Matrix protocol, albeit a smaller problem in that case. With the Matrix protocol, Element might have been audited, but not FluffyChat (or any user’s third-party client of the week). How confident can we be that communication is secure if not between two audited clients? So I think it is reasonable to recommend communication only between Element-Element users and Conversations-Conversations users.
Personally, I think Conversations deserves a spot on the Private Instant Messaging page, at least at the bottom (with hundreds of disclaimers saying “be careful” if you would like). It is just too fully featured and too mature of an instant messenger, meeting all of the requirements given, that it deserves a spot somewhere.
Section on Privacy Guides
Real-Time Communication