Skred messaging app

Hello,

I’m a big fan of your web page and rely on it often when seeking software. Currently, I’m looking for a secure messaging app. When looking your webpage, I noticed that Skred and Threema are not listed. I looked at the selection criteria, and I guess that the only reasons are that they are not open source and audited. Are these the main reasons?

I’m looking for a safe E2E messaging app that has the option to lock the app and be in a country with more respect for privacy (here, I chose countries that are also good to have VPN servers in it). Skred (France) perhaps isn’t the best example, but Threema with Switzerland is.

Threema was already discussed several times. Please check before opening a new thread. Why not recommend Wire and Threema?

Also please next time open a thread for things separately.

2 Likes

Unless you really know what you are doing. Just use Signal. It is really the best out there.
SimpleX is a good option if you need to be more anonymous and for peer to peer we recommend Brair. See The Best Private Instant Messengers - Privacy Guides

Besides that I really don’t see the need for another messenger it isn’t audited. This is a minimum requirement The Best Private Instant Messengers - Privacy Guides as many honeypots are out there. There is also no whitepaper or git repo. Basically no information of who is behind this.

Your country selection doesn’t make much sense. If an app client is open source and fully end to end encrypted it means the company nor the country can access the data.

You asked for the main reasons, but I believe the main reason is that we never looked at this app. I had never heard of it either, which isn’t a good sign.

For messenger apps it is important that there is a community that checks the code on github for changes. Signal definitely has this.

There are so many red flags with this Skred can’t even list then all. There also isn’t much point in using this as we trust Signal that milions of people use these days.

3 Likes

Country means nothing. Interpol exists in EU and so there aren’t any ‘safe’ countries.

Privacy policy – Skred It’s bad and a lot.

1 Like

Thank you all for your time in answering me.

While E2E protects against snooping eyes, nevertheless, the fact that servers are in a country that is very non-privacy keen and has even openly demanded that software developers install backdoors is a concern for me. How can I trust that E2E actually works?

On the other hand, Interpol is not a Law enforcement agency in the classical sense – meaning it does not have investigative powers. Also, since I’m not using apps for criminal activity, I’m not concerned too much – to be targeted, but still, I do not want to have my private messages read by anyone—or to fuel some big data intelligence analytics.

Or to be easily accessed .That is why I also need an app that I can lock. So if my phone gets stolen or someone hacks it, the messages are still safe.

Simplex was my no1. choice but for some reason i cant install it on my phone.
I’m a bit of n00b so what exactly is problematic in Skred Privacy policy – I would like to learn to spot red flags.

We wouldn’t be considering this, there doesn’t appear to be any audits. No source code available.

2 Likes

First a caveat, I’m not sober right now (so please correct my errors) but their Privacy page states in capital letters:

INFORMATION SKRED HAS

Meaning they have access to everything they mention below that, which includes:

  • a unique id for your phone
  • who you talk to (twin codes)
  • “number of users, device brands and operating systems, locations, number and duration of calls, number of messages exchanged, etc.”
  • “Contents of messages exchanged in conversations with your contacts, until the conversation has been reset.”

They essentially have access to everything you do with the app.

2 Likes

if the app is open source we can verify that your communications are being encrypted before they leave your device… you dont need to trust the servers

That is of course assuming that you understand what is going on and there isn’t a major flaw in the cryptography used.

2 Likes

By “we” I obviously mean the community at large. If everyone was expected to audit the code of every app they run, there would be no need for third party audits…

1 Like

My point is, even with source code available, there has been many cases where the “many eyes in the community” thing does not hold true.

There can be flaws particularly with cryptography implementation that are very subtle that undermine the whole process. For open source contributions there generally has to be a specification (documentation) and open development, (issues, pull requests etc) otherwise nobody really is interested.

Some companies, will just dump a archive (.tar.gz etc) or a checkout into a public repository, but do all the development behind closed doors. We’ve seen this, and generally there is next to no community involvement when that happens.

Additionally, there’s nothing preventing a binary release from differing from public source code. So a good part of “trust” comes from reputation, something that can only be built over time.

1 Like

I do agree with most of it, even if theres nothing new in it for me. It seems that more than replying to me youre adding context to your previous comment: