I’m a big fan of your web page and rely on it often when seeking software. Currently, I’m looking for a secure messaging app. When looking your webpage, I noticed that Skred and Threema are not listed. I looked at the selection criteria, and I guess that the only reasons are that they are not open source and audited. Are these the main reasons?
I’m looking for a safe E2E messaging app that has the option to lock the app and be in a country with more respect for privacy (here, I chose countries that are also good to have VPN servers in it). Skred (France) perhaps isn’t the best example, but Threema with Switzerland is.
Unless you really know what you are doing. Just use Signal. It is really the best out there.
SimpleX is a good option if you need to be more anonymous and for peer to peer we recommend Brair. See The Best Private Instant Messengers - Privacy Guides
Besides that I really don’t see the need for another messenger it isn’t audited. This is a minimum requirement The Best Private Instant Messengers - Privacy Guides as many honeypots are out there. There is also no whitepaper or git repo. Basically no information of who is behind this.
Your country selection doesn’t make much sense. If an app client is open source and fully end to end encrypted it means the company nor the country can access the data.
You asked for the main reasons, but I believe the main reason is that we never looked at this app. I had never heard of it either, which isn’t a good sign.
For messenger apps it is important that there is a community that checks the code on github for changes. Signal definitely has this.
There are so many red flags with this Skred can’t even list then all. There also isn’t much point in using this as we trust Signal that milions of people use these days.
While E2E protects against snooping eyes, nevertheless, the fact that servers are in a country that is very non-privacy keen and has even openly demanded that software developers install backdoors is a concern for me. How can I trust that E2E actually works?
On the other hand, Interpol is not a Law enforcement agency in the classical sense – meaning it does not have investigative powers. Also, since I’m not using apps for criminal activity, I’m not concerned too much – to be targeted, but still, I do not want to have my private messages read by anyone—or to fuel some big data intelligence analytics.
Or to be easily accessed .That is why I also need an app that I can lock. So if my phone gets stolen or someone hacks it, the messages are still safe.
Simplex was my no1. choice but for some reason i cant install it on my phone.
I’m a bit of n00b so what exactly is problematic in Skred Privacy policy – I would like to learn to spot red flags.
By “we” I obviously mean the community at large. If everyone was expected to audit the code of every app they run, there would be no need for third party audits…
My point is, even with source code available, there has been many cases where the “many eyes in the community” thing does not hold true.
There can be flaws particularly with cryptography implementation that are very subtle that undermine the whole process. For open source contributions there generally has to be a specification (documentation) and open development, (issues, pull requests etc) otherwise nobody really is interested.
Some companies, will just dump a archive (.tar.gz etc) or a checkout into a public repository, but do all the development behind closed doors. We’ve seen this, and generally there is next to no community involvement when that happens.
Additionally, there’s nothing preventing a binary release from differing from public source code. So a good part of “trust” comes from reputation, something that can only be built over time.
I do agree with most of it, even if theres nothing new in it for me. It seems that more than replying to me youre adding context to your previous comment: