Signal being based on a phone number (a clear identifier) is a non-starter. Signal is also a centralized model, using Big Tech servers (https://www.messenger-matrix.de/messenger-matrix-en.html
), with a clearly identifiable contacts graph (https://youtu.be/LrLsS7-woN0?t=3600
) and Signal’s multi device cloning capability bypasses the protections of the Signal protocol (https://youtu.be/PIi9jkWdJL0?t=1624
). If the software only hides the content and not your contact network, it is not private, PERIOD. Moving on…
Cyph and Threema cost money to use and people expect messenger apps to be free so those apps will probably never get much traction.
I understand that XMPP and Matrix store lots of user metadata on the servers: contacts, IP addresses, accounts directory, time of sent messages, etc. I also understand that Matrix is fairly centralized. So the federation models are not currently interesting options.
Synchronous apps that require both users to be online simultaneously are also a non-starter. So Cwtch, Ricochet Refresh, Briar and Quiet are for very limited use cases and will never likely have much of a user base. Plus, in a crisis with these apps, where you need to get a message out in an emergency and the other party is not available, you may be out of luck. (No, the Briar and Quiet mailbox ideas are not very practical for most people.)
I consider Tox, Status, Retroshare, Berty and many others to be too complicated (Retroshare), too buggy, not mature enough (Status/Berty), not well maintained (Tox), or lacking basic functionality (group chats, audio/video calls, file share–all e2e encrypted).
Jami has been inconsistent in my experience.
Then there’s Telegram and Wire that often end up on privacy app lists but have little to do with privacy.
I looked for easy to use apps for I2P, Freenet, Hyphanet and GNUnet with the idea that Darknet hidden networks might offer greater privacy. I found no app that was ready for prime time. Nothing even close.
Without getting into too much detail about the design flaws of these aforementioned apps (many with poor metadata protection, email requirements when signing up, etc.) the reasons stated are enough to disqualify them from my list.
Up until Simple X Chat (https://simplex.chat/
) came to my attention, I considered Session (https://getsession.org/
) the obvious choice. These two apps are the only ones that are worth considering in my opinion.
Some Comparisons: Session vs. Simple X Chat
Though Simple X has made some important design improvements over Session I still feel that the user interface is much cleaner and easier with Session. If Session adopted the Simple X method of creating social links via “temporary anonymous pairwise identifiers of message queues, separate for each of your connections” and abandoned the persistent Session ID I would say that Session could still stay in the race. Otherwise I expect that Simple X will over take Session. The no user ID of Simple X is the primary reason for why I am interested in Simple X.
Session uses the onion routing network Lokinet (being re-branded as the Session Network) to hide metadata. Simple X uses a proxied P2P architecture. Session’s solution to the latency and reliability issues of the Tor network was to build a faster onion routing network. [I have heard Rob Braxman state that the Session Network is faster (less latency than Tor) but does anyone have any data on this?]. Simple X’s solution to the latency issue with the Tor network was to use a 2-relay system (as opposed to 3), to cut out a node and improve the speed of data transfer by reducing the number of hops. I prefer the onion routing (Session Network) approach as I prioritize the stronger anonymity and I don’t care about latency for chat messages as long as the transfer time is within 10 seconds or so. Simple X allows me to select my servers but I do not know who these server operators are and there is no tangible difference to me between Simple X/Flux servers, Session Network servers, or Tor network servers–except that I suspect that there are more malicious nodes in the Tor network.
I don’t use voice messages so this feature is of no real importance to me. Voice messages do work on Session. Voice messages are still in the works for Simple X.
File sharing works well in Session. In Simple X they use a less intuitive file management tool.
Both Session and Simple X use the same calling design as far as I can tell. P2P e2e encrypted WebRTC.
1-on-1 calls in both apps work fine. I prefer that the call in Session takes place within the app as opposed to pulling up my default browser unexpectedly (without my permission), as occurs with Simple X. Session claims to have onion routed calls soon on the way. If they can pull this off without much latency I will be impressed. This would make the calling feature significantly more secure in Session compared to the Simple X model.
Simple X does a much better job than Session with the communities part. Session does not encrypt it’s community channels and requires self hosting (https://getsession.org/faq
). Is has a directory online: https://sessioncommunities.online/
but this directory is not accessible within the app. There are 3 official channels available within the app and these are just one way Session announcement channels for Session, Oxen crypto, and Lokinet). Due to not providing any e2e encryption privacy in Session communities and a higher barrier for setting up and finding communities it’s not a surprise that Session groups have lower participation. This failure of Session might be fine for someone who is just using Session as a private messenger for known contacts but not for someone who wishes to connect to a larger population. Session’s communities part is not worth using until they overhaul their system.
I should say that if there is going to be any chance that I will be able to convince some of my friends to ditch Telegram (etc.) for a private messenger app, the app will need to have a good community directory for news, etc.
Simple X communities are easy to find in the app and I understand that all communications are e2e encrypted. (Awesome!) Though there are stricter limitations on content for those who want to be listed in the directory compared to Session. Overall though they have done a good job with the communities part.
Session abandoned Australia for Switzerland because of draconian laws in Australia and increased oppression by the Australian government. Simple X is based in the UK which is a lousy privacy jurisdiction. As Simple X grows in popularity their strategy is to comply with the legal due process but design a system that limits network liability and offers no meaningful data to be available to the police. In the short run this strategy may be fine. I have my doubts that Simple X’s legal strategy will be effective long term because I expect that any truly effective tools that thwart the Technocrat’s agenda will be targeted if these tools gain sufficient enough popularity. I wonder if the Simple X team are willing to relocate, if necessary, in order to protect the privacy of their users? Session has shown their commitment to privacy already. Both projects should prepare for their respective projects to continue to function in a decentralized manner even if the founders are no longer able to continue participating.
For me, in addition to e2e encrypted 1-to-1 chats, group chats, file sharing, and 1-to-1 calling, I am REALLY looking for a secure group video conference call option for up 15-20 people.
I have been looking hard for the most private group video calling solution and the options are not great. With more than 4 people it seems a SFU server is generally required for reliable calling and the P2P options start losing performance/reliability. The best I have found is using a VPN with the Brave browser on a public Jitsi instance with e2e encryption enabled in the Jitsi settings. I am not sure what device/browser metadata is available to a malicious Jitsi server that keeps logs?
Group video calling options are typically either: proprietary, don’t work well consistently, don’t scale well beyond a few people, few offer e2e encryption by default, most are not clear about what privacy protections they provide by design (privacy policies do not carry much weight), very few have a 3rd party security audit, most are not clear about what metadata they collect, most are not clear about which servers are hosting the calls, very few are responsive to questions (if there even is a way to contact the service).
So for me if either Session or Simple X is able to offer group calling for 15 or so people while maintaining the highest standards for privacy available and create a consistent/reliable calling experience, that would be a major win. A highly private open source group calling app would be reason enough to use the app, even if there were no other functions.
I know that Evgeny of Simple X visits the forums of Privacy Guides and has a more extensive critique of Session including:
-security problems with unlimited cloning of Session accounts for device portability
-the crypto business model for the Session Network
-how Session abandoned parts of the Signal protocol, sacrificing the double ratchet algorithm (including break-in recovery, perfect forward secrecy and non-repudiation). Maybe he can unpack all of that and explain what it means in terms of privacy compromises?
-not post-quantum resistant
-the persistent Session ID making it possible to identify users
Perhaps Evgeny would be willing to write up a comprehensive comparison, critique and analysis of how Simple X and Session stack up to each other from his perspective?
That might help me better understand which app to go with.