What do you recommend as a good FOSS private and secure chat app on Android that isn't Signal?
What do you recommend as a good FOSS private and secure chat app on Android that isn't Signal?
I have nothing against Signal. I just don't have access to a phone number right now. I fully intend to use the Signal when I get a number. I know there is no silver bullet, no absolutes in the privacy world but I'm looking for any messengers that are generally considered to be private and secure on Android that I can try to convince my friends and family to use. I have a mid - low threat model, it's just the thought of giving the Zuck anymore of my family's data makes my skin crawl.
Thank you, I'll check this out.
I like Element.
It's a matrix client. Polished and nice. It's ok all the platforms under an Apache license. No phone number required. You've got federation on matrix as well, so just sign up on any server.
Polished? No… don‘t bother with element if you want a good user experience. It‘s a buggy mess
It used to be very buggy, but it's gained a lot of polish recently, especially if you haven't used it since Spaces were introduced. Sometime before then I think the cross verification/signing user flow for E2E key management also greatly improved with the introduction of QR and emoji based cross-device verification for syncing encryption between existing signed-in sessions to newly signed in devices. The only bug I ever notice these days is the "mark as read" quick action in android notifications being broken on notifications older than a couple hours.
It's really good on mobile but alright on pc.
XMPP. It's an old standard, there are servers you can get an account with or you can host your own. And with OMEMO encryption everything is end to end encrypted.
thank you! i was surprised not to see that one way more often. i guess it is, because ios doesnt have such a good client as conversations for android.
Signal is great, Element (matrix) is great, but I personally think SimpleX did a fantastic job so far, and I really want them to succeed.
SimpleX seems cool, never heard of it before (they have bad SEO, I think the name doesn't help)
Only thing that keeps me from using it right now is the missing multi device support. But apparently, that is something the devs want to implement sometime.
Have to keep an eye on it, thanks!
While SimpleX is good for small groups, unfortunately it doesn't really have desktop apps yet.
Matrix is great, Element has a really nice UI for it.
Signal also does work without a phone number, in fact it doesn't really work for SMS anymore. Signal provides P2P for any communications with another Signal user. Matrix supports P2P as long as you set it up (encrypt a channel) and I think DM's are P2PEdit: So Matrix is cool, End to End, NOT P2P, and probably the right decision for OP.
Yup, a Matrix client (especially Element) is a great choice.
How do I use Signal without a phone number? Whenever I booted the app it needed a number.
a work around I use is text verified.com , costs like 2 bucks and then you can activate signal. Catch being that you can't reuse the number to verify again, so its only a temporary solution but I have setup a bunch of accounts that way.
Element/Matrix can be E2EE, it is most decidedly not P2P
did you mean E2EE? I don't think signal is P2P. the signal server relays the messages in between users
I guess Matrix would be your best option then. I use Schildichat as client, which is a fork of Element with some extras.
But if you can't get a plan, why not get a prepaid burner SIM? You can buy a prepaid card for minimal amount and you generally keep the number at least for a year, and you put in 5~10 euro each year you can keep it active endlessly.
A lot of things require a phone number. Here, the goverment needs you to have one, but also most workplaces and even the DHL. Getting a cheap trow-away sim isn't a bad option. Especially since pre-paid SIMs aren't connected to your name like those on a plan are.
Simplex, element(or most matrix compatible messengers) session, bchat. If the goal is to get your family to switch over though good luck.
Thank you! XD They're actually quite open to it which I'm thankful for. My dad has used Signal in the past so he's cool with it and I've been slowly introducing FOSS alternatives to my mom. I got my dad off of Spotify and Mom off of Amazon music using ViMusic. I'm actually quite happy with my parent's foray into open source life! :D
That's great news! The more the better! I've been liking simplex with the folks who have been willing to use it with me. It's also crazy simple to get started with it as there's not much to the account setup process. Takes literally seconds to be up and running
Table comparison of many messengers: https://www.messenger-matrix.de/messenger-matrix-en.html
I mostly use Signal but also Threema for a few contacts (you don't need a phone number for Threema, but it is not free - around 4-5 € one-time-payment).
Love your profile pic BTW. Screw u/spez!
I'd suggest SimpleX, personally! Not only does it not rely on phone numbers, but because you add people through single-use links instead of using identifiers, there is no contact information of yours to be shared without you actively choosing to share it with someone yourself. I'd say it's pretty approachable, and the actual messaging experience is packed with a nifty feature set.
Yeah I think I'm going to try SimpleX! It looks the most promising. Private with no identifiers (that's quite a feat!) and pretty enough with UI that my parents can use it.
Self host your own istance of Matrix
Protonmail? Matrix?
Isn't ProtonMail an email client? Correct me of I'm wrong. I do use Tutanota to subscribe to all my Newsletters. A few other people mentioned Matrix so I'll check that out.
Matrix is a protocol that if used slows any messenger to communicate with each other kinda like lemmy federation. There are many messengers that use it and if you establish a bridge you can use your matrix client to message people on signal or what’s app
You could try Session. It makes a session ID like this
. This can be used to contact people or for people to contact you. I’ve used it to talk to my SO a bunch of times.Huge fan of Session. I think it really hits the sweet spot of being user-accessible (including iOS, Android, and desktop clients with notifications) with a solid encrypted messaging base using Tor-like onion routing.
I've been slowly migrating my friends and family over to it (with varying degrees of tech literacy) and have had few issues so far.
It has been a huge ask to get my family to use Signal instead of Whatsapp, they are somewhat tech literate. To change again to Session would be even more of a big ask, So I'm not going to bother 🤣🤣
But as you said the availability of Apps on all platforms, the ease of setup and the solid encryption is what makes it good. Its a shame that not many people know about it, same for SimpleX chat.
I do have something against signal! Phone number, removing SMS support, MobileCoin, lack of federation...
Sadly, my friends/family are sick of swapping and I've found element/session to be unreliable or overly complex, so I stick with Signal because it's still much better than SMS.
Session
Not free, but (finally) open source: Threema Libre
If you have to give up your phone number to register why would you get Signal over Telegram? All the people you aren't supposed to talk to are on Telegram and not Signal, so if you're giving up your phone number, why pick Signal? Because it's FOSS? What's the difference in outcome? Both end in a phone number request from the government that the service will comply with.
Because the threat isn't getting your number stolen, it's about the content of your messages. While the goverment cóuld ask your phone number, they likely already have it unless you got a prepaid trow away that you keep replacing regularily. And even then it cóuld be traced when used anywhere. What they can't get, is your messages. At least not decrypted unless you give it to them yourself. And those are way more interesting. But it's not even about the goverment per se, it's for everything from data hungry companies to your old crazy ex.
Telegram sends everything plain text and stores that on their servers. One man-in-the-middle and we got everything you've said.
WhatsApp says they have E2EE but is propietary and non-checkable, and from Meta who has a rep for finding ways to secretly and unlawfully grab data. Even if you (foolishly) trust them, they do grab metadata from your messages.
Signal isn't about it being FOSS, but about privacy. FOSS just means it's checkable, which is good for security and privacy. They have E2EE not only on message content but also on metdata (unlike most alternatives who only do message contents), do external audits, and are part of a non-profit (which means showing how money is received and spend).
Not the OP, but from a privacy perspective, I would pick Signal over Telegram. They both have some issues, but Telegram is not E2EE by default and is a bit if a pain to use E2EE consistently. And yet, Telegram claims to be super secure, etc. There are a bunch of other issues there as well. I'm not saying Signal is the best privacy tool out there. But, between the two, I trust Telegram a lot less.
I don't have enough money for a phone number to give to any government agency much less to Signal. My phone ran out of service months ago and no one in my family is even able to re-up theirs much less spot me the scratch to help me with mine. In a perfect world where I could afford a cell phone plan I'd probably go for both honesty. They both have access to perks that I could use. But yeah I'd choose FOSS any and every day.
I am a little confused what there there is to delete. All posts are public. A bot can can come and harvest at any time. No way to ever guarantee deletion. Otherwise my display name, user name, and email are more or less random. Only nonrandom thing is my IP address which changes too sometimes. What else is there other then writing patterns and what you say which is public anyway.
Try Conversations https://codeberg.org/iNPUTmice/Conversations
Does anyone have any recommendations for Element chat groups to join? All I find when I DuckDuckGo it is recommended clients that use Matrix, coding stuff, or weird sounding mathematical principles. Any groups involving FOSS discussions or ttrpgs would be great!
Xonotic's offtopic for geopolitics ;)
Jk, it's a chat for the foss game on pc
I would have made a new post but I didn't want to seem like I'm hogging the bandwidth on this group by posting so close together so I asked here. Hopefully that's okay. You've all been so helpful, thank you guys.
Yeah you know what, nah not touching Element. I joined the biggest RPG group on the site and it was all proud boys and the most professional looking InfoSec discussion board with over 1800 people is a dead group where people spammed gore pictures. Screw that, Element is a cesspool. Simplex is the winner Ding, ding ding, ding! I'm closing up shop now, I need to wash out my eyes
Have you try Cwtch? https://cwtch.im/
I installed today. It looks fine.
Aside from signal I would say your options are Simplex or Briar.
briar is pretty decent. no voice/video, but solid and quite private with multiple ways of getting messages out in hostile network environments.
edit to say: its also completely p2p using Tor rendezvous points with no centralization at all.
I also like simplex! Now if only more folks would be willing to join me there
Jami https://jami.net/ Messenger app from the free software fondation.
