Battle of the Secure Messaging Apps: Signal Triumphs Over WhatsApp, Allo (theintercept.com) 171
There is no shortage of messaging apps out there, so which one should you be using? If you care about your privacy, you would want your messaging client to be end-to-end encrypted. This narrows down the list to WhatsApp, Signal, and Allo. The Intercept has evaluated the apps to find which among the three is the best from the privacy standpoint. The publication says that while all the three aforementioned apps use the same secure messaging protocol (Open Whisper System's), they differ on exactly what information is encrypted, what metadata is collected, and what, precisely, is stored in the cloud.
WhatsApp:It's important to keep in mind that, even with the Signal protocol in place, WhatsApp's servers can still see messages that users send through the service. They can't see what's inside the messages, but they can see who is sending a message to whom and when.In addition, WhatsApp also retains your contact list -- provided you have shared it with the service. If government requests access to this data, WhatsApp could hand it over.
Allo:The first thing to understand about Google's forthcoming Allo app is that, by default, Google will be able to read all of your Allo messages. If you want end-to-end encryption via the Signal protocol, you need to switch to an "incognito mode" within the app, which will be secure but include fewer features. [...] Allo's machine learning features prevent Google from turning on end-to-end encryption for all messages, since Google needs to be able to ingest the content of messages for the machine learning to work, a Google spokesperson confirmed. Signal:The first thing that sets Signal apart from WhatsApp and Allo is that it is open source. The app's code is freely available for experts to inspect for flaws or back doors in its security. Another thing that makes Signal unique is its business model: There is none. In stark contrast to Facebook and Google, which make their money selling ads, Open Whisper Systems is entirely supported by grants and donations. With no advertising to target, the company intentionally stores as little user data as possible. Signal's privacy policy is short and concise. Unlike WhatsApp, Signal doesn't store any message metadata. [...] If you back up your phone to your Google or iCloud account, Signal doesn't include any of your messages in this backup.But what about Telegram, you ask? A Gizmodo report, also published on Wednesday, says that Telegram's default settings store your message on its unencrypted servers. "This is pretty much one of the worst things you could imagine when trying to send secure messages."
WhatsApp:It's important to keep in mind that, even with the Signal protocol in place, WhatsApp's servers can still see messages that users send through the service. They can't see what's inside the messages, but they can see who is sending a message to whom and when.In addition, WhatsApp also retains your contact list -- provided you have shared it with the service. If government requests access to this data, WhatsApp could hand it over.
Allo:The first thing to understand about Google's forthcoming Allo app is that, by default, Google will be able to read all of your Allo messages. If you want end-to-end encryption via the Signal protocol, you need to switch to an "incognito mode" within the app, which will be secure but include fewer features. [...] Allo's machine learning features prevent Google from turning on end-to-end encryption for all messages, since Google needs to be able to ingest the content of messages for the machine learning to work, a Google spokesperson confirmed. Signal:The first thing that sets Signal apart from WhatsApp and Allo is that it is open source. The app's code is freely available for experts to inspect for flaws or back doors in its security. Another thing that makes Signal unique is its business model: There is none. In stark contrast to Facebook and Google, which make their money selling ads, Open Whisper Systems is entirely supported by grants and donations. With no advertising to target, the company intentionally stores as little user data as possible. Signal's privacy policy is short and concise. Unlike WhatsApp, Signal doesn't store any message metadata. [...] If you back up your phone to your Google or iCloud account, Signal doesn't include any of your messages in this backup.But what about Telegram, you ask? A Gizmodo report, also published on Wednesday, says that Telegram's default settings store your message on its unencrypted servers. "This is pretty much one of the worst things you could imagine when trying to send secure messages."
No App that depends on a Server is "Secure" (Score:5, Insightful)
Want a messaging app that is secure, get a peer-to-peer messaging app that does not depend on servers.
Re:No App is "Secure" (Score:3, Insightful)
> Want a messaging app that is secure, get a peer-to-peer messaging app that does not depend on servers.
And:
(1) Was not compiled by anyone else
(2) Does not depend on libraries compiled by anyone else
(3) Does not run on an operating system compiled by anyone else
(4) Does not run on hardware built by anyone else
(5) Is completely bug-free all the way down to the hardware
(6) Does not depend on unique identifiers like telephone number
(7) Only uses onion routing to prevent 3rd parties from building a social-gr
Re: (Score:3)
Re: (Score:2)
C) Does not require you to remove your tinfoil hat to use it
Re: (Score:2)
Clearly the only "Safe" option is using telepathy.
And talk to those fucking mind-readers?
Re: (Score:2)
Re: (Score:1)
The Wickr instant messaging app allows users to exchange end-to-end encrypted and content-expiring messages, including photos, videos, and file attachments.The software is available for the iOS, Android, Mac, Windows, and Linux operating systems and is very secure.
Re: (Score:2)
You clearly missunderstood your parent.
Want a messaging app that is secure, get a peer-to-peer messaging app that does not depend on servers.(7) Only uses onion routing to prevent 3rd parties from building a social-graph of your contacts
Onion routing requires nodes, aka servers.
As we are talking about phones which get basically dynamic IP adresses all the time, it is impossible to have such a service without a central server infrastructure that knows who is online and how he is reachable.
Of course such ser
Re: (Score:2)
Onion routing requires nodes, aka servers.
As we are talking about phones which get basically dynamic IP adresses all the time, it is impossible to have such a service without a central server infrastructure that knows who is online and how he is reachable.
That isn't true. Anytime you write "impossible", it should make you think twice.
Here's an example (I haven't used this, but I know this sort of thing is very feasible via Tor): https://github.com/prof7bit/To... [github.com]
Re: (Score:2)
Of course it is true:
TorChat is a peer to peer instant messenger with a completely decentralized design, built on top of Tor's location hidden services,
You need a Tor Service to find your peer. How else would you find a peer?
Reading the wiki helps: https://github.com/prof7bit/To... [github.com]
On the other hand, we talked about Phones, where IP adresses change constantly (actually they use a different protocol for addressing), Tor is for "PCs" only.
Re: (Score:2)
Every choice in life is a trade-off. There is no such thing as perfect. You must prioritize what matters most to you.
A confounding factor in my case is that every clique I communicate with seems to have their own pet IM app, to the extent that I've got an entire subfolder in my phone dedicated to all the IM apps I need to run to communicate with them all. All taking up memory and resources when they poke around for new messages. What I want most is some sort of Trillian Mobile that unifies everything into one single app, not one app per user or group.
Also, is it just me or is Wickr on Android the least reliable IM app e
Re: (Score:2)
In this case we know something about how governments and other spies operate. I'm sure if the NSA or GCHQ really wants you data they will get it by some foul means, but for avoiding bulk surveillance and preventing your private communications entering the hands of law enforcement, local government, ISPs, consumer rights groups (see proposed UK Snoopers' Charter) etc. keeping your data off a third party server works really well.
In the UK the government is likely to require ISPs to log your traffic. It is the
Re: (Score:1)
Want a messaging app that is secure, get a peer-to-peer messaging app that does not depend on servers.
That sounds incredible. So now you must email or call the person you're attempting to chat first and get their IP address as well as make sure the proper ports are open for bi-directional communication. Why didn't anyone think of this already!
Re: (Score:2)
I'm not picking on you in particular, there is a whole rash of posts in this thread going "der, dynamic IPs, der, P2P lol" and no one is thinking at all.
Yes, a distributed server infrastructure is probably (weasel word because I'm not a computer scientist) required for randomly distributed hosts to discover each other across a NAT-heavy dynamic IP internet.
However, the host finding protocol is entirely different to the P2P messaging protocol.
Once the hosts are knows and can be contacted then the P2P protoco
Re: (Score:2)
You're absolutely right, but I thought this was a solved problem? From memory (aka wrong) the old Skype client used to operate in a number of modes, and if a client found it could accept inbound connections it would act as a relay server and help hosts to find each other. I read a paper on the protocol once and it seemed very clever. This work [saikat.guha.cc] is from 2006, and there is much more [columbia.edu] available. Anyway, keep in mind that's all for the old original Skype protocol, the new stuff under Microsoft is all centralized
Re: (Score:2)
That's what NFC is for.
Re: (Score:2)
Honestly, most users don't care about this type of privacy. They just want something that can prevent their spouses/boyfriends/girlfriends/parents from seeing their conversations and more points if there is no record left that their was a conversation.
Re: (Score:2)
And those like you deserve to have their faces ripped off and nailed to their parents genitals.
Then go for "Ring"... (Score:2)
Re: (Score:2)
If you can't compile Signal yourself that's only due to lack of knowledge on your part. I compile my own Signal version (with some slight changes) with each new release. All the required tools can be downloaded for free.
Re: (Score:2)
Try Silence (former SMSSecure): https://github.com/SilenceIM/S... [github.com] . It is a fork from TextSecure, the predecessor of Signal, and uses the Signal protocol over SMS. You still need phone providers, so technically you need servers, but you need no account and no registrations.
Re: (Score:2)
Re: (Score:2)
What makes you think you are limited to TCP/IP networks?
Still confused by Allo (Score:3)
and it's need to have a machine-learning built into it. It's going to be like that stupid Inbox stuff Google tried pulling a few years back, isn't it? I don't need something to create rules and read my email for me to sort it out. I can do both of those tasks just fine. Doing that doesn't save me effort or mental expense; just the opposite. If I had it turned on, I'd be worried it was screwing something up.
With Allo auto replying for me, I'd be very concerned it would be handing out information to people I didn't want to know certain things in my life. Even though Google is likely going to indemnify themselves in the click-thru, I can't wait for the first lawsuit from someone who was stalked and assaulted because Allo told said stalker where they were.
Re: Still confused by Allo (Score:5, Informative)
It's Google. Google doesn't care about your privacy. In fact, Google hates your privacy. Don't touch anything from Google. It's an evil company.
Re: (Score:1)
They had a great, easy, fast, and ubiquitous app with Gtalk, it had an open protocol, integrated with several third party software, had a simple and effecitive desktop client, then, out of nowhere they decided to do hangouts... ok, it added video and some other bells and whistles, but it was worse, it was separate from Gtalk in the begining and just pushed people away. Then they decided to stop supporting gtalk and tried
Re: (Score:2)
It's going to be like that stupid Inbox stuff Google tried pulling a few years back, isn't it? I don't need something to create rules and read my email for me to sort it out. I can do both of those tasks just fine. Doing that doesn't save me effort or mental expense; just the opposite.
Inbox is awesome.
The thing you have to understand about Inbox, though, is that it's an e-mail client focused on the needs of people dealing with enormous volumes of email, and people whose email inbox (or at least a subset of it) represents their to-do list. If you get 400+ emails per day, including lots of emails from mailing lists and various automated systems, and including many emails that you don't actually need to read but just scan quickly, Inbox is a lifesaver.
What makes it great?
1. Gmail's la
Re: (Score:2)
And in return, you let google read, index, and data mine all your email.
You gave up some privacy for a few minutes of convenience.
No thank you.
Re: (Score:2)
And in return, you let google read, index, and data mine all your email. You gave up some privacy for a few minutes of convenience. No thank you.
Well, that's the same with Gmail. I was presenting Inbox as a Gmail UI alternative. There are clearly other issues which may lead people to other decisions. Personally, I'll take the convenience (and did even before I started working for Google).
As a practical matter, what negative impact on your life would you expect from allowing Google to index your email? For me it's fewer ads for tampons and more ads for cameras and quadcopters, which works for me.
Re: (Score:2)
It crosses a line with me. Knowing personal details gained from 'reading/indexing' what are supposed to be private messages is just wrong. I know its in your EULA and anyone using your services has agreed to allow Google to do this. But I never will. Even if the data is for ads, its still a personal profile about very, very private details. I know Marketers drool at the mouth for information like this, but I will not give you that info. EVER!
Re: (Score:2)
Re: (Score:2)
Drink more kool-aid.
Got nothing of substance to say, I see.
Re: (Score:2)
There's not a lot you can do with the automatic categorization. You should make a point of always moving any mis-categorized e-mail, because that's how the system learns, but it'll never be perfect. For Inbox to work as well for you as it does for me, you have to be able to define good filters, based on simple logical rules, not rely on the automatic categorization. In my case, the vast bulk of my email comes from various mailing lists and automated systems, so it's easy for me to define rules that sort mai
Messages on iOS and macOS (Score:3, Informative)
Encrypted end-to-end by default.
signal source code does not matter (Score:2, Informative)
Seeing their source does not assure you of anything. You'd have to decompile the app you download from the store to know if it was bugged.
Re: (Score:2)
you are welcome to compile and install signal yourself; if you don't trust the app store download.
Re: (Score:2)
Re: (Score:2)
You can also compile it from source yourself and verify the checksums. While you can't prove that nothing was changed from the given source code, you can prove that that same source code can produce an identical binary, and induce that nothing has been altered.
It's still good enough to eliminate the possibility of tampering, assuming someone is watching.
This was done, for example, with TrueCrypt [concordia.ca].
Which one should you be using? (Score:4, Insightful)
The one your friends and family use. What's the point of a secure messaging network if nobody you know uses it?
Re: (Score:2)
The one your friends and family use. What's the point of a secure messaging network if nobody you know uses it?
Users can install multiple messaging apps. I, for one, have several: Signal, WhatsApp, Google Hangouts, Skype, etc.
So far it works fine, and most of my friends and family use Signal.
Re: (Score:2)
I run two: a normal IMAP client, and an Exchange client for work email.
Re: (Score:2)
The one your friends and family use. What's the point of a secure messaging network if nobody you know uses it?
My work uses Jabber, our outsourced developers use Hipchat, our other outsourced consultants use Slack, my kids use WhatsApp, and Snapchat, my wife uses Facebook, and SMS, My close friends use Wickr, my other friends are still on MSN/Skype. I have all these (except Facebook which I refuse to be a part of) and it's no big deal, I actually prefer that there's no crossover of worlds. This is the one thing Facebook/Google/Linkedin etc don't get. I have different relationships, and I like to keep them all separa
What about WIRE? (Score:2)
Wire is a rather nice messaging App that has end to end encryption. They don't advertise, or hold encryption keys. See here: https://wire.com/privacy/
Re: What about WIRE? (Score:2)
It's about the protocols, stupid (Score:5, Insightful)
..then you have already stopped obsessing with "apps" and are primarily concerned with protocols. Once you have decided on, say, XMPP plus OpenPGP extensions, then you have plenty of competing apps to chose from.
And of course, it follows that whatever protocol you use, will be "service-agnostic." Since you're going to pick something which uses a secure protocol, you basically don't care about servers; they're all commodities. Install jabberd or whatever at your Linode. Seriously: whatever.
I don't know how WhatsApp or Allo are even seriously considered. What do they speak? When people talk about the app more than the protocol, that's a bad sign. (e.g. I use the web and it's irrelevant whether I use it with Chromium or Firefox. The more you care about my specific browser, the more I think you're trying to talk me into not-using-the-web.)
Re:It's about the protocols, stupid (Score:4, Informative)
..then you have already stopped obsessing with "apps" and are primarily concerned with protocols. Once you have decided on, say, XMPP plus OpenPGP extensions, then you have plenty of competing apps to chose from.
And of course, it follows that whatever protocol you use, will be "service-agnostic." Since you're going to pick something which uses a secure protocol, you basically don't care about servers; they're all commodities. Install jabberd or whatever at your Linode. Seriously: whatever.
I don't know how WhatsApp or Allo are even seriously considered. What do they speak? When people talk about the app more than the protocol, that's a bad sign. (e.g. I use the web and it's irrelevant whether I use it with Chromium or Firefox. The more you care about my specific browser, the more I think you're trying to talk me into not-using-the-web.)
This gets modded as Insightful? Really?
You don't have to have read TFA, read TFS ffs. They all use the Signal protocol, what is relevant is precisely the servers and what meta data they store and what their privacy policy says they will disclose to 3rd parties.
Hence the fricking article.
Threema is missing (Score:3, Insightful)
n/t
Whast the point? (Score:3)
Whats the point of "secure" messaging in Whatsapp and Allo if the messages are not actually secure?
Wickr (Score:4, Informative)
"We commend Wickr for its strong stance regarding user rights, transparency, and privacy [eff.org]"
Wickr [wickr.com]
Re: (Score:3, Interesting)
Re: (Score:2)
But Wickr is commercial and requires central servers. Ring [ring.cx] does not.
If Slashdot has taught me anything, it is: Never, ever click on a URL ending in ".cx".
Re: (Score:2)
>"We commend Wickr for its strong stance regarding user rights, transparency, and privacy [eff.org]"
And, yet, the product is still completely coded-source. You are downloading and running an unknown binary and have no idea what they or are not doing with your data. There could be backdoors in that code either by Wickr or by some three-letter government agency and nobody will ever know.
You really can't assure security/privacy of anything if you are using closed-source software. Period.
Re: Wickr (Score:2)
I completely agree with you FWIW. Two points though:
1. The closed source on my mobile device could have back doors that I wouldn't know about. And frankly some open source code that is principally written by a large Corp (Google) is not particularly peer-reviewed by the FLOSS community and could be riddled (and often is) with vulnerabilities. Open source is not "the" answer - it also has to be accompanied by an open development community.
2. Some (but not all) of the closed-sourced concern about Wickr is
Battle of the Secure Messaging Apps: Signal Triump (Score:1)
Use Wickr. It's very secure.
I can't wait until (Score:1)
All messaging apps are replaced by open standards, and you have your choice of client.
Re: (Score:1)
Already exists! (Score:2)
XMPP is an open standard supported by dozens of messaging applications on every platform in existence. I use "Conversations" which supports end-to-end encryption.
Who posted this article? It is truly uninformed.
iMessage (Score:2)
iMessage is also end-to-end encrypted... and already has a huge install base.
Re:iMessage (Score:5, Informative)
iMessage has a few issues:
-Can't verify keys
-By default, will send as SMS if you have data connection issues
-Will send as SMS regardless of settings if the other person's iPhone is signed out from iMessage
-Only works on iOS devices
Re: (Score:2)
All true.
Re: (Score:2)
iMessage only works on iOs/OS X and is not reliable it loses messages all the time (unless it falls back to SMS).
Re: (Score:2)
Reliability is pretty good... but you are right that it will fall back to SMS by default (you can turn that off).
Re: (Score:2)
I switched SMS ON and switched internet usage off, as I have plenty of messages that never reached the recipient and plenty of messages that only reached one of my devices (via internet).
In my case you clearly can see what I have sent and what I have received does not match on the iPad, iPhone and Mac.
Re: (Score:2)
Then you have something misconfigured on your devices. I successfully use iMessage all day long (everyone in my sphere other than my boss uses iDevices) across an iPhone, iPad, Apple Watch, Macbook Pro and two Mac Pros... all of them are always in perfect sync with all messages showing on all devices instantly.
Take some time to work on the configuration on your devices. Make sure that they are all signed into the same iCloud account and set to be "Reached by iMessage" at all of your contactable addresses
Re: (Score:2)
I do NOT have cellphone service on my iPhone so you can put aside any SMS-related problems for my case. I also don't use iCloud so it can't be that either. Don't confuse Apple account with iCloud account.
I use iMessage on my iPhone and my Mac. Sometimes, the iPhone will keep annoying me about new messages even though I'm reading them on my Mac. Other times, the iPhone will receive days-old messages from multiple persons in a single burst. It also doesn't sort them in order either so my messaging threads for
Re: (Score:2)
Not using iCloud is your problem. They synchronize through iCloud. Get an iCloud account and put them both on it.
Re: (Score:2)
iMessages messing up because I don't use iCloud is Apple's problem.
Re: (Score:2)
You can blame who you like... but that's the reason it's not working...
Re: (Score:2)
iMessages messing up because I don't use iCloud is Apple's problem.
makes no sense. is it honda's fault that you want to drive the car without the wheels?
Re: (Score:2)
I don't think there was anything wrong configured.
Which messages get missing on which device looked pretty random to me.
With no longer using iMessage on my iPad and Mac and on the other hand having set my iPhone to SMS all is fine anyway.
However you have interesting hints, did not know (or forgot already again) that there are so many options (where something can go wrong).
n.b. Signal is limited to 3 devices (Score:2)
I was all set to go whole-hog with the Signal Protocol, until I realized I could only use it on three of my devices. It's a hard-coded limit (cf. github) and there are no plans to change that, currently.
Re: (Score:2)
For me, i could get away with 3 devices (just) but the desktop version appears to be a chrome application.
I don't really know much about "chrome applications"
I don't really want chrome in the first place. I definitely don't want a messaging app running in a broser tab or window if i can avoid it. If it gets its own task bar icon, and its own notification settings and it works with chromium etc etc it might be ok...???
I have a slightly different take on these three (Score:5, Insightful)
WhatsApp: You might have a chance of actually being able to communicate with someone you know - especially if you live in Brazil.
Allo: "The first thing to understand about Google's forthcoming Allo app..." - yeah, because Google Plus was such a hit.
Signal: The good news is, you can probably find all your Diaspora friends on this one.
Seriously... let's ignore all the ones that most people actually use, shall we?
Re: (Score:2)
If you look at the installed base, WhatsApp if the biggest. After that, we get Viber, Wechat and Line. Wechat is of course unsecure and mostly used in China or by Chinese-speaking people. So for western countries, if you order by user base Whatsapp is by far the nr 1.
SMS is falling FAR behind, even though even more people can use it, because it costs money in most countries and has far fewer functions.
Re: (Score:2)
imessage is encrypted end to end.
CHANGE YOUR PC CLOCK TO WAY OFF (Score:4, Interesting)
None of the three are secure at all. The FBI/CIA use time logging as a default tracking failsafe mechanism.
To have private chat you will have to run a live cd of Tails on a cd or in a virtual machine from an .iso as a live cd.
The only good version is 1.4.1. It is what Ed Snowden used. Do not ask me how I know, especially on Slashdot.
Centralized IMs (Score:4, Insightful)
Re: (Score:1)
Which one should you be using? (Score:1)
so which one should you be using?
The one that lets you contact people. So our choices are:
WhatsApp: Used my hundreds of millions of people around the world. A de facto standard in many countries ... what? Who are you people?
Allo: Forthcoming? As in not here yet?
Signal:
And there is threema ... (Score:3)
https://threema.ch/en [threema.ch]
Servers in Switzerland, Company has "bank status", open API, everything encrypted, anonymous ID.
Re: (Score:2)
was wondering why that wasn't included. Thought the user-authentication process would be considered a positive.
Re: (Score:2)
It's not free so that reduces usage a lot.
Re: (Score:2)
The app, costs like $5 or something, and then messaging is free. That is about the cost of a beer or two (depending on your country and beer sizes).
Can't get it how "cheap" people are in our times.
Wire is missing! (Score:3, Informative)
Wire has complete e2e--encryption and a full set of features missing in the other apps. (As well as all encryption bits being open source).
Simple comparison chart is here: https://wire.com/privacy/ [wire.com]
Signal is great (Score:2)
Signal is great! Easy to use, secure, open source. What's not to love? The iPhone version sucks more than the Android version and there really isn't a desktop version yet. I really want a way to read and respond to Signal messages on my big keyboard and monitor.
And yes I know about the Chrome extension, I don't use close-sourced browsers.
Re: (Score:2)
True about the desktop version. They had something that claimed to be a desktop version [whispersystems.org], but when I ran it the first thing it wanted was a mobile #. Uhh.... my desktop PC doesn't have a phone number!
Signal uses your mobile number as a unique identifier akin to a username. Even if you don't run the app on a phone, you need to give it a mobile number to actually use the service.
That said, Signal is designed to be mainly used on mobile devices. The desktop version is convenient, but isn't really meant to be the primary means of using the service.
Re: (Score:2)
Does it have profile synchronization these days? Last I heard it doesn't.
who is sending a message to whom (Score:2)
[WhatsApp] can see who is sending a message to whom and when
Of course they do. How could they manage replies otherwise?
Re: (Score:2)
They could have messages sent directly between peers and not need to manage the replies at all. It's the relieance on a central server that is one of their biggest privacy weaknesses, the article is arguing.
2 factor authentication (Score:2)
As far as I can tell, these apps all require a user to have a telephone number (Subscriber Identity Module). This is then used to ensure a securely authenticated connection.
Good in theory.
However in practice, I get a new number every few years (by choice even if I could keep my old number when signing a new contract). After 5 years on my current number, I still get accounts, calls, and other material (via SMS or MMS) intended for the previous owner of the number.
Also, in my country, some banks use the sa
I like telegram (Score:2)
Telegram is a good compromise for all my needs.
Not everything needs to be encrypted. If the gov't finds out that I told my friend that my kitty did the cutest thing with a tissue, who cares? If I need to give someone a password to an account I set up for them on a server, then I have the option to encrypt. It would be nice if Telegram switched to using Signal's protocol for encrypted communications, cause Signal appears to be the benchmark that all other protocols are compared to, and I know there have b
Bullshit (Score:2)
Whatsapp and Signal can probably (whatsapp is no open source) see the same amount of data. Whatsapp is honest and tells the user, what they possibly can see, signal doesn't do this that upfront.
Nothing against some actually secure apps (and one point you should not neglect is a trustworthy vendor, which doesn't push malicious updates to an app, which is secure at the moment), but check your facts. I think there was one messanger (app, programs there are some), which wanted to get rid of the metadata by usin
Re: (Score:2)
Re:Telegram is missing. (Score:5, Informative)
But what about Telegram, you ask? A Gizmodo report, also published on Wednesday, says that Telegram's default settings store your message on its unencrypted servers. "This is pretty much one of the worst things you could imagine when trying to send secure messages."
Re: (Score:3)
It raises the question why they bothered to mention Allo then though, as it also has no encryption on by default.
Re: (Score:2)
Rather curious how the best app for end-to-end security is missing - namely Telegram.
Telegram has 2 modes. Secure ("secret conversations") and
Default (essentially insecure; because messages are stored on their server)
The default trades features for security, namely that of of synchronization between all client devices, without regard for whether they are on or off or anything else at the time the message sent. Its a feature i value, and its a reason i use telegram.
But it IS at odds with security; and its something I'd like to see addressed. Although it would be a substantial rework of the p
Rather curious that you can't read (Score:1)
Try reading that summary again. Short summary it is not the best. It's worse than all the others.
Re: (Score:2)
It is mentioned, and it is certainly not the best. But there are missing messengers: from the large messengers, Viber and Line recently switched to e2e encryption. How well it is implemented remains open for debate of course.
Re: (Score:1)
cows are for LUDDITES
Re: (Score:2)
only if they are sacred cows, otherwise steak is for dinner