paradoxes in chat messengers

last edited Sat, 20 Jul 2024 12:26:17 GMT
backlinks: null

There are tons of instant messaging applications out there nowdays, but there is rarely a detailed analysis and comparison of the differences between them.

Signal direct link to this section

Centralized service, uses and pioneered the double ratchet algorithm used in other messengers such as Google Messages, Facebook Messenger, and WhatsApp.

Criticism direct link to this section

Phone numbers are often tied to legal identities and tracable payment methods, although this isn't an issue exclusive to Signal messenger you can't safely use this software anonymously. The service is centralized on Amazon AWS servers.^[1]

Session direct link to this section

Developed by the Oxen Privacy Tech Foundation, Session was created in response to centralized chat messaging apps with end-to-end encryption. Metadata is minimized at every step of the messenging process^[2]. Signup is unusual and similar to Mullvad VPNs model, users as assigned a unique identifier that's used to register with the service. Like the Matrix protocol, a recovery key must be saved to verify future sessions.

There isn't support for onion-routed calls at the moment, so using this feature isn't recommended for individuals with serious threat models.

Encryption direct link to this section

The Session Protocol uses Libsodium for their cryptography library.

Matrix direct link to this section

Matrix was created as a successor to XMPP and was presented as the secure and encrypted solution to the instant messaging and VoIP. The most supported client is Element which is funded by the same corporation developing Matrix. Furthermore, there have been reports of Synapse and element clients sending back data to Matrix.org. Disroot.org decided to cease use of Matrix in 2018, for privacy reasons ^[3]. Matrix.org also happens to be the largest centralized server and signups there are encouraged for new users. The protocol makes use of merkle directed acrylic graphs.

XMPP/ Jabber direct link to this section

OMEMO is an implementation of the double ratchet algorithm.^[4]

Telegram direct link to this section

By default nothing is encrypted with homebrew encryption being used in secret chats. There are additional settings that should be modified:

• phone number (set to nobody)
• data and storage (toggle off auto emdia download)
• last seen and online timestamps (nobody)
• forwarded messages, who can add a link to account
• disable P2P for calls
• don't interact with telegram bots

WhatsApp direct link to this section