Это видео недоступно.
Сожалеем об этом.
BEST Encrypted Messaging Apps Compared: Chat Privately!
HTML-код
- Опубликовано: 14 авг 2024
- Let's talk about the most private, secure, and anonymous messengers! Today we'll compare WhatsApp, Signal, Telegram, Facebook Messenger, iMessage, Session, Threema, Briar, SMS, Matrix, Wickr, & XMPP.
Top 5 Messengers Video: • 5 BEST Messengers For ...
Secure Messaging Chart: www.securemess...
00:00 Introduction
00:41 Project Funding
01:25 End-to-end encryption? (E2EE)
02:05 Default E2EE Settings
02:46 Is it FOSS? (Open Source)
03:50 Public Transparency Report?
05:04 What information required to register?
06:48 Metadata Collection
08:54 Encrypted cloud backups?
11:23 Timestamp & IP Logs?
12:02 Security Audits?
13:40 Onion Routing?
14:17 Destructing Messages?
15:47 Recap & Summary!
🔐 Our Website: techlore.tech
🕵 Go Incognito Course - to learn about privacy: techlore.tech/...
🏫 Techlore Coaching - to get direct support: techlore.tech/...
💻 Techlore Forum - to connect with other advocates: discuss.techlo...
🦣 Mastodon - to stay updated: social.lol/@te...
We cannot provide our content without our Patrons, huge thanks to:
BRIGHTSIDE, Clark, Ente, Larry, Afonso, Boori, Brad, Casper, Cookie, Floyd, JohnnyO, kevin, love your content, NotSure, Poaclu, x
🧡 Join them on Patreon: / techlore
💚 To see our production gear, privacy tools we use, and other affiliates: techlore.tech/...
💖 All Techlore Support Methods: techlore.tech/...
#messenger #privacy #security
It's bragging time! What's your favorite messenger? Leave them below 🔽🔽
Fix 1: Telegram technically has a transparency report, but it's suspiciously empty. Make of that what you will: t.me/transparency
Fix 2: Session has made a thread with some fixes, including how they (properly) handle cloud backups: twitter.com/session_app/status/1447812389928275972
Matrix and briar ftw
Signal for SMS protection and Matrix/Element for chatting with others
You need to add that "hat" to your merch line.
Status, not even in your video.
No. It's basically moving your SMS messages from your message app to arrive in Signal. SMS using Signal does not make it more secure at all.
The biggest hurdle is nobody stops using whatsapp. Wtf can i do, i just sit alone in my private messenger with nobody xd.
Cuz WhatsApp is the best 😎
Show them this video
Get new friends lol
Same. I deleted WhatsApp and not even that made convinced all of my friends to switch…
Same
Wow! Can't even begin to think about the amount of time/work it to produce this comprehensive comparison. Great video!
For a split second my brain was like: never heard about that SMS messenger before >.
Lmao
“Never transmit anything electronically that you cannot explain to a jury in a fair trial. Facts don’t matter in a kangaroo court.”
"It is facebook run" or "It is facebook, run"?
Yes.
Wow
Unbelievable the amount of time and care you've invested in this. Thank you! I appreciate this channel.
I have Signal, Telegram, XMPP, Matrix Element, and Briar. And SMS of course.
Ive enabled and configured all that I can to maximize security and privacy.
I also have separate apps for RSA encryption. I can copy/paste encrypted messages into any of these apps.
Im impressed by Session though; I might look into that now.
Do you know the app called Chomp?
Matrix has encrypted cloud backup (with the option to keep encryption keys backed up encrypted as well)
Honestly I delete Whatsapp I thought nobody's gonna talk me anymore but believe me real people who love you will do it from different platforms or call you directly
Exactly
You red carded Session for not having encrypted cloud backups. Session has no cloud back ups... Messages are stored encrypted in decentralized node swarms. Probably should turn that one green and add a whole new criteria to your list.
Exactly
Are these nodes for permanent storage?
If so, combined with no PFS the encryption seems to be broken by design
@Necro Nemesis
Session doesn’t store any messages locally on your device?
But does it exclude itself from whole device iCloud and Google One backups? I think that's what they're talking about.
@@climatechangedoesntbargain9140 no, they are only stored on servers for 2 weeks. Long enough for the message to be delivered to an offline recipient.
The only problem with this, is; even when you set up your disappearing messages setting, they only delete off of your device. They stay on the server for the entire two weeks.
So, if you recover your account, all messages that you have received in the last 2 weeks will come flooding back, where they were disappearing messages, or not.
However, they’re currently addressing this problem after a lot of backlash. I and a lot of others gave them hell for it in their community everyday until they finally said they were gonna deal with it.
As for the backup, you should be able to check this yourself by logging into your cloud backup and seeing if the messages are being stored, or not.
WhatsApp does unencrypted cloud backups to either iCloud or Google Drive depending on your device.
Session seems cool
Briar is the way to go! They are trying to develop an iOS and Desktop Application.
I really love Briar. I hope they come through with the iOS app. Some of their posts sounded skeptical about the prospect.
The tox protocol guys are also there if anyone wanna check that out
The lack of an iOS app is my biggest issue with Briar. So many people use iPhones (at least in my circle) so trying to use an app no one can download is a problem. Thanfully signal is cross platform and I've managed to get a few people on board with it.
One thing not mentioned in this video is how the data is stored on the users phone. In the UK the police mainly use the method of seizing phones and searching them (rather than any form of remotely monitoring traffic). A far more low tech, but effective method. I feel that none of the messaging apps do anything to protect against this.
You need an up to date phone with a 13+ #/symbol/character password to make brute force attacks difficult. Ensure e2e msgs are deleted and no metadata or cloud backup on your msging app. However there is no true safety with information online or on your phone. You can just do what you can to make it difficult to retrieve information and most importantly omit truly sensitive info to prevent it from being seen. I’ve heard signal has been actively trying to patch or rework security exploits that Cellbrite has used to retrieve info from users. But again no true safety online and the privatization of phone cracking means you never know just how far along they are.
Each app has the liberty to implement Application Level LocalDatabase Encryption.
Whatsapp or Telegram doesn't encrypt the local contents but Signal, Session, SimpleX, Wire does. (IDK about Blockchain-based/Tox/XMPP clients and pretty Sure Matrix Clients doesn't have one)
At least on Mobile.
This is so that even if the phone was bypassed via BFU 0day (which is very very very unlikely) then the feds still need to crack an extra layer.
Telegram has a self destruct timer you can set on all messages
LOL just use GrapheneOS. I don't think any fed can do much against a Pixel with a hardened OS and a security chip... They'll need to get the crazy 0days for that.
I would love to know more about Matrix's leakage issues, as this is the first I have heard of them, and it's currently the messaging service I prefer
Using Silence for SMS does provide end to end encryption, a fork of the original Signal project. It encrypts locally, sends, then decrypts. Both parties have to use it though. Development halted since SMS can only do so much but it's still valid.
Session: best by test!
Thanks Techlore. I don't trust any of these apps, not one but i trust you. Never sell your Channel out. Over time people will come to you only.
so what do you use then, mail by pigeon? im sure Signal or Session will work fine unless your activity trying to overthrow the government.
Small recent change to Signal: you no longer need a phone number to add new people to your account with the new usernames. (You do still need it register though.)
Another semi-recent change to Signal: the spam filter is not open source. They wrote a blog post about this. The calls to and from and thereby the data going in and coming out still are, but the exact criterea with which they filter spam is not open source (for obvious reasons). (I don't think this needs an edit.)
Awesome video overall, thanks for all the effort you put in! 🌟
Started switching to session some time ago, still have use for messenger and WhatsApp but generally session feels the same only secure, just waiting for voice.
WhatsApp backup is not encrypted. They even warn you that if you decide backing up you messages in the cloud, they will be stored as plain text. Not encrypted and easily to be read.
The only thing about these awesome apps is that your friends have to use them as well for you to be able to switch successfully.
Is there anyway to encrypt messages without using an app?
A close one between Signal and Session. I feel like Signal is for between friends, while Session could be for some people whom we wouldn’t keep in touch with them for a very long time. Also, there is sth called Perfect Forward Secrecy. Does it matter? Thanks.
Yes it matters
Not in session. Because, session mitigates those vulnerabilities in other ways.
Anonymous account creation, onion routing, metadata minimization, etc.
What about Jami?
Telegram supposedly stores data in the cloud in the encrypted form. The encryption key is split into parts stored across different jurisdictions. Thanks to this approach users don't need to think of manual backups and also get dozens of impressive cloud features while at the same time this allows Telegram to refuse data disclosure requests from a legal standpoint. The details are clearly explained its privacy policy as well as FAQ.
@Resident Zero , my description applies to regular (cloud) chats. When it comes to secret chats, their primary focus is security, consequently the data of secret chats isn't stored in the cloud and is end-to-end encrypted. Also secret chats offer a few extra features for security. BTW, 1:1 calls use the same kind of E2EE as secret chats.
I've been trying to find some video even addressing this approach to encrypting messages but all of the RUclipsrs just keep harping on about E2EE. Telegram chose their approach because true E2EE makes for a terrible user experience. I want full sync between all my devices and desktop and the ability to get my message history back of I switch device, this makes Signal a terrible choice for me sadly.
@@KjellEilertsen , agree.
@@KjellEilertsen It's the neverending problem of technical privacy and convenience.
@@KjellEilertsen Threema handles local storage and backups better than Signal does.
Particularly on iOS Signal is fairly terrible for backups.
14:22 Btw, Briar now has this in their latest update on the 24th of September.
Session FTW
Shame he didnt any of review the tox protocol messengers. Oh well, c'est la vie
The problem is that 90% use whatsapp 10% use signal, no one uses the rest.
Wish I could give more than 1 like.
I'm missing in this overview the location of HQ/datacenter,
to know if it is GDPR-compliant or is the data available for NSA
and which law/regulation is applicable.
WhatsApp has encrypted cloud backups but not by default and pushes (but doesn't require) users towards an option where Facebook stores the key (but totally doesn't have access honest gov).
Session .... For the time being or signal
Session or Threema.
I don't want options. I want 1 secure app that's compatible with encryption for other apps a well.
Why is Wire always omitted from these?
"let me in plz"
🤣
Aha... I still miss s Wire review in your videos! Could you do it in the future?
The Session messenger is the most secure and anonymous but it is slow and doesn't have audio and videocalls:(
5:20 - This is the part im concerned about when Snowden said he uses Signal, but in order to use Signal you have to register a phone number.
Why would Snowden give away his phone number like that, knowing that the NSA can track any phone number to its exact location within 5 feet as Snowden also said. 🤔
Buy a SIM card with cash and give as little information as possible (mint in the US), register on Signal, remove the SIM card… problem solved
Virtual phone number, my dude.
Amazing way to overview such a complex topic
very clean and clear presentation
I would have included that not all of them are free
XMPP is the most free and most open.
According to this data (thank you by the way) it seems that Session is the best choice especially now since they addressed the cloud backup issues?
If you are ok with the privacy laws of australia and that this country is a part of the big five eyes... yes it's good. But if not use better signal or threema
@@AlphaProductionCss, but in this case, because the NSA, Signal is as worse as Session then…
What about Jami???
What about Olvid ?
And session vs autralia laws, is it safe ?
YES. The source code is open and the messages aren't stored with session.
Briar can work without internet so it's the most secure, simple.
So for me the question boils down to this: What's the most secure messanger(s) that ALSO support RCS (or at the very least MMS). While getting everyone I chat with onto a new app would be the ultimate long term goal, that's not going to happen for a while so I need something that can still use the old non/less secure protocols. Any suggestions?
I don't think there is any FOSS that supports RCS yet. Might wait a couple more years.
Google isn't releasing their RCS protocol api for third party apps
Google Messages have E2E encryption and E2S encryption, comes by default in most Android phones, and can be downloaded on the Play Store if it didn''t come stock with your phone. But if you hate Google with every fibers of your being, using a google product may not be for you.
How about Jami?
i don't use any except telegram. Time to move on to Session and Briar.
Weird question on XMPP;
Can you send an email (from a gmail address) to an xmpp address?
Asking for a friend
Email and XMPP are different protocols altogether.
Why is it a problem to not have encrypted cloud backups if u r using message destruction??
Talking about Session here
@@EmmanuelDeligeorges Session has no backups at all, so it shouldn't be a problem.
You should have made a recommendation for the best app, and explained your choice.
hands down best video on the topic
Looks like session is best
Thank youuuu :-)
Nicely done.
Thank you, I learned two things in this video, check.
you wish that telegram would have transparency report ??? why ???
Thank you for the time and endeavor.
You should add to this list the OLVID. It is French
I love Threema but I strongly dislike their support team. Here’s my 2 cents about Threema:
- Metadata is pretty much limited to just the date of creation, last login, creation of revocation keys that’s pretty much it. I don’t give them my PIIs so there’s that. I’m certain these don’t qualify as “some”, but rather conditionally, and minor ones otherwise.
- Threema support informed me that it is not possible to verify what’s happening in the server even with the server code, so…?
Clearly he favoring Signal here lol Signal should be have "some" rather than "minor". Giving your phone number to a messaging app and called it secure and private is like saying FB messanger Secret chat is secure and private because it has e2e
- Threema support informed me that it is not possible to verify what’s happening in the server even with the server code, so…?
I think you mean if the server code is open right? If that's your mean, then threema support is right! you can't verify what the server of your messaging do even they release the source code. Because they just can put other code on their server completely different on their open code. Best example is Signal server code! It's open to every one.. BUTT they can't use it lol
@@narahinampas6430 To be clear, you can use the server code, but when you do that only the users on your Signal servers can be reached.
I don't understand why you are concerned about the server.
The things the server can do are:
1) deliver your encrypted data to the proper place.
2) log your connection metadata.
3) log your encrypted data.
When the encryption is robust against attacks, and you take steps to protect your connection metadata then the server misbehaving isn't really a worry.
I'm even moooore confused... Thanks 👍
10:05 WOW Apple backs up your data in unencrypted form without your consent, that is horrible!?
It is encrypted in transit and on server, but you can always use Advanced Data Protection, which uses end-to-end encryption.
Useful video.
0:33 Nice tinfoil banana hat there, Henry! 😂
Session!!!
Facebook censors private chats, blocks URLs and locks accounts for sending some private images that are considered bad by image detection.
Very helpful overview. Thanks
Great work! Thank you
What about Wire?
Yeah, same
It's been a while since Wire stopped being any recommended as a good alternative.
@@RomanBellicTaxi okay but why? I’m not trying to sound like an a**, I must have genuinely missed the memo. Has anyone done a deep dive to explain? Any links? I haven’t noticed any negative news about Wire.
I've been on WhatsApp for dating, but it's time to ditch it. Thanks for the facts! I'm still keeping Telegram - I trust their vision and track record, even if their implementation is sloppy. Nice stickers, too. 😽
There vision is terrible, they don’t have e2ee on by default. How could you ever trust a company like that.
@@tcideh4929 They do what I need them to do and have protected their users. That's enough for me.
Telegram as an organisation are super sketchy, there's no clarity on the legal structure, they have made contradictory statements about data sharing with government, said they'd publish transparency reports then didn't, and their encryption algorithm makes a ton of weird choices because 'we don't trust cryptography experts'.
No Jami?
what about Viber ?
Anything you do online or on a mobile phone can be seen by someone somewhere. 100% anonimity doesnt exist !
That may be the case but even 25% anonymity is better than 0%! - S
Good comprehensive vid! What do you mean when you say “the backup is end-to-end encrypted”? Do you mean that the backup is encrypted by a key that is on your device? Because technically when you upload your backup, one end is your phone and the other end is the cloud server. As long as it’s an https connection it’s always gonna be “end-to-end encrypted”
Means that when you backup, for exemple your whats app messages, facebook can decrypt your backup and read them, because they posses the key to do so.
For end to end encryption on backup, lets say you scwitch phones, and want to backup all your conversation, you will receive an encrypted backup that only you posses the key to decrypt.
I do believe that, as of December 2022, Telegram no longer requires a phone number. Please correct me if Im wrong. I saw a comment about that after a recent update.
Which best secure app you prefer
is threema really safe? voice calls, video calls, send chats, photos and videos?
I can't find a complete review anywhere about the security of the thremaa application.
I hope my question is answered. Thank you
The chart on the website says session has no audits while it says in the video it does, maybe it needs to get updated?
Yep, it does. Reference: getsession.org/session-code-audit
WhatsApp specifically states that backups are NOT encrypted... at least the last time I reviewed it which was around the beginning of 2021.
they are not END to END encryted. I will be suprised they dont encrypt their servers at all lol.
Mumble is better than all of them, and it's cross-platform.
Did Threema change any of its parameters recently concerning privacy?
It has been advertised recently in this spec ops movie and I am concerned if they are going mainstream which might affect the privacy parameters of the app. Excellent Video Btw, thank you.
Also can you specify what "Closed server " means for threema?
Terminal list
For iCloud, I thought there was a difference between phone backups and messages backups. I have my Settings -> iCloud -> Messages off. But it's still in my blob backup IIRC.
cool research bro
Honestly I use Facebook messenger but really only for work and chatting with close friends
Witch is the best app to use to avoid law enforcement?
Signal phone number is one thing, but the other is that you are required to have a primary account on an Android or iOS device, no other OS. This is duopoly business is gross and basically means you can't ditch a smart phone or try an alternative OS to use it.
Wickr isn't just owned by Amazon. There's also the CIA and Blackwater, so yeah, no thanks
Any review on Status Private Messenger? Available on iOS, Android, PC, Mac, Linux.
OK this is a very nice video I really love this content
Does Windows know what I'm doing in the Session messaging application?
At best windows logs your keystrokes. It doesn't necessarily mean it knows what you're talking about but Microsh1t certainly knows you use Session
Xmpp is available over onion routing idk why it was said it isn’t here.
why do i feel tis was filmed before the whatsapp content moderation news this week?
It wasn't. The ongoing WhatsApp news is referenced in the metadata section of the video, but events are still unfolding so didn't want to jump to any conclusions. Reference for people to be up-to-date on what's happening: www.propublica.org/article/how-facebook-undermines-privacy-protections-for-its-2-billion-whatsapp-users
What about xPal app ?😀
Briar looks the bomb but I can't find it in the Apple App Store?
Android-only unfortunately. Some iOS limitations make it challenging to host a P2P-based application on the App Store. This video didn't cover usability and the pros/cons of each messenger from a usability POV. Our top 5 messengers video touches on this more.
If you want privacy don't download stuff from the apple store.
In fact throw away your iphone and get another smartphonr
If you get a Google Pixel phone you can install Calyx OS or Grapheme OS on it, both operating systems that are promoted by this channel and are far more private than iOS or other Android builds. It's not too hard to install but you'll need some technical knowledge.
What's up with Matrix metadata? Thought it was the cool new way.
Next time include Viber, KakaoTalk, LINE, Skype, Snapchat and other popular apps. 🤣 I know they arent but it is hard to find people.
Signal all the way 👍
Good Video 👌
I'm running calyx and wish signal would work without micro g.
If signal solves its issue of phone number required then it will be the best service. I hope matrix solves it's meta data leakage. Signal and Matrix will be unbeatable
BTW I am unable to see that tinfoil hat in the Privacy Shop.
I think it’s good to have different services for different usages.
Signal seems like a good replacement for sms/private chats, matrix solutions for public chat rooms. For more security aware ppl, briar and jami are promising.
We should also have a local client that is just a unified frontend to all the open source solutions^^
@@florianfelix8295 using signal for private chats gives away the best enhancements of Matrix: synced messages across arbitrary devices
@@climatechangedoesntbargain9140 i don’t necessarily need that for private stuff though. Sure it’s not as suitable for business/projectoriented stuff. Signal is “just” a good WhatsApp drop in replacement.
I would say the strongest trait of matrix is the interoperability, so it’s ready made for more public, highly frequented stuff that can be embedded with many projects. Also the fact, that it is primarily a protocoI.
I've got a xmpp on my phone (conversation) but can't seem to work secure chat on iPhone 12. Please could anyone help out a noob like me
AMAZING video