Let’s imagine one is targeted by an extremely powerful adversary with maximum REASONABLY available resources (access to hosting providers, cryptographers, ISPs and so on)
If you were supposed to give that adversary some kind of information over a messaging app while protecting your identity as much as possible (so identity over message encryption in this case), which app would you use? Obviously one would use a VPN and whatnot, but let’s imagine they do not.
From what I understand, the choices are
SimpleX (shady, based in the UK)
Session (shady, the choice of excluding PFS from the Signal fork is hard to explain and makes you want to run)
Signal (requires a phone number, even if you got a burner or a temporary number an advisory could probably turn it around you)
Cwtch (no idea)
Briar (has no offline messages and lacks many features, probably not an option)
I agree with the above replies, Signal is “good enough.” I don’t believe there is a better centralized alternative at the moment that non-techies can just download on a mainstream app store and easily use. The “better” alternative is a self-hosted solution like a Nextcloud chatroom, but it it’s rather complex to set up and more relevant for organizations like companies or schools. I self-host Nextcloud and yet use Signal all the time.
Signal concerns me due to the fact that it’s centralized on AWS which was recently secretly awarded a 10 billion dollar contract by the NSA, and the latter emphasizing AWS as their favorite hosting provider. Another thing is that it requires a phone number which is outrageous to me and adds a ton of completely useless metadata - sure, I can buy a temporary phone number with cryptocurrency but still it’s unclear to me why phone number registration is mandatory. I guess the main issue is that the central AWS server still sees your IP (obviously with such a threat model one would use a VPN but it’s more metadata regardless).
SimpleX has been around for only a few years, had 2 security audits done by the same company neither of which explored the implementation of the protocol which is arguably the most sensitive part and the part which is most vulnerable most of the time. Another thing is that it’s based in the UK and is funded by VC which instantly raises some questions.
A pro of SimpleX is that it’s decentralized (apparently, although the model isn’t very clear to me) and claims to route your traffic through 2 relays thus masking your IP, not sure how effective this is or what % of servers are hosted by actual people rather than SimpleX themselves but whatever.
Session is Switzerland-based which is nice but the removal of PFS while literally being a Signal fork is a complete anomaly to me, it’s a mysterious decision and the reasoning is “well it has a very limited real world use” which just sounds very sketchy. I do not intend to spread FUD, just the way that it seems to me.
Currently SimpleX seems like the best choice due to no phone number and everything but I seek to hear everyone’s thoughts. Thank you for the input.
Just like browsers, there is no perfect, just least bad.
If you dig enough, you’ll find dirt and cons to all of them.
We do recommend Signal because it’s an all around best in this category.
It is centralized and requires a phone number (that can be easily bypassed by smspool.net tho) but it’s quite good on all the other aspects, especially the social part where having somebody to install Briar would be quite a hard challenge.
It also depends on what you need your messenger for, but if it’s to talk to random people or friends online, this is the way. Otherwise, maybe some self-hosted VPN-shared Matrix or alike is the way to go if it’s for sensitive family stuff.
Hence, even if it’s a better approach there is no point having a phone that is battery-depleted after a few hours because of the implementation of the software.
Oh that’s a fair gripe. With the scenario OP described I figure they’d be able to only periodically check for notifications assuming they even intended on using this messenger long-term to begin with. If not, then this seems like a big problem. There’s always gotta be a trade-off.
Thank you for reading my original post - obviously, for my described “threat model” battery drainage is absolutely insignificant.
The only and main issue I see with SimpleX is the fact that - again - their server providers are either Akamai or Runonflux (even the ones supposedly “hosted by people”), so there is a 1 in 2 chance both relay servers are on the same provider, at which point a very simple correlation attack can be done.
I wonder what you guys think about this though, let me know
Having that in mind Session starts to look nice lol
If battery life is not a concern, self-host your own server and share some access to your friends via a VPN located at your home (or safer location that you control).
No damn clue myself. Some people are very nerdy on that topic here and I’m sure you can search the forum to find out a white paper with the implementation details on how good it is. The SimpleX maintainer looks quite knowledgeable but I think that Signal is still kind of gold standard.
Session also still doesn’t have forward secrecy (as of today) + other security concerns that a search might bring up quickly enough.
I’m just going to say look up the SimpleX main devs twitter feed and scroll down for a minute and decide for yourself if that’s something/someone you want to put your trust in.
How are you planning to communicate with this adversary in the first place to tell them which messaging app you’re sending the info through? Do you already have a contact for them on one of these apps?
Signal would probably be fine if you are on grapheneos and buy the number you’re linking to it with (carefully and properly purchased) monero. Have the phone on orbot or at least a trusted vpn when submitting.
Or, you can use simplex on a tails drive. Set up the simplex account only on that tails drive and don’t ever use it anywhere else. This is the option I would choose (assuming you know how to configure all this and use it). If you’re adversary is that powerful I’d personally want as little trail of the process as possible (which tails would help with). Anarsec has good guides for setting up some of these technologies.
Metadata resistance probably shouldn’t matter much in this instance as long as you scrub metadata from whatever files you’re sending before sending them (and don’t send PDFs). In this case, you don’t need to protect from the adversary monitoring your comms because you are literally trying to send them the info.
Wait, you want to communicate with the adversary? While remaining anonymous to that adversary?
Send a letter from a place you don’t live with no return address. Print the letter with the most common possible printer model you can find. Use an air-gapped, never on the internet computer to type/print the letter. Destroy the printer and computer after.
