BEST Encrypted Messaging Apps Compared: Chat Privately!
HTML-код
- Опубликовано: 8 июн 2024
- Let's talk about the most private, secure, and anonymous messengers! Today we'll compare WhatsApp, Signal, Telegram, Facebook Messenger, iMessage, Session, Threema, Briar, SMS, Matrix, Wickr, & XMPP.
Top 5 Messengers Video: • 5 BEST Messengers For ...
Secure Messaging Chart: www.securemessagingapps.com/
00:00 Introduction
00:41 Project Funding
01:25 End-to-end encryption? (E2EE)
02:05 Default E2EE Settings
02:46 Is it FOSS? (Open Source)
03:50 Public Transparency Report?
05:04 What information required to register?
06:48 Metadata Collection
08:54 Encrypted cloud backups?
11:23 Timestamp & IP Logs?
12:02 Security Audits?
13:40 Onion Routing?
14:17 Destructing Messages?
15:47 Recap & Summary!
🔐 Our Website: techlore.tech
🕵 Go Incognito Course - to learn about privacy: techlore.tech/goincognito
🏫 Techlore Coaching - to get direct support: techlore.tech/coaching
💻 Techlore Forum - to connect with other advocates: discuss.techlore.tech
🦣 Mastodon - to stay updated: social.lol/@techlore
We cannot provide our content without our Patrons, huge thanks to:
BRIGHTSIDE, Clark, Ente, Larry, Afonso, Boori, Brad, Casper, Cookie, Floyd, JohnnyO, kevin, love your content, NotSure, Poaclu, x
🧡 Join them on Patreon: / techlore
💚 To see our production gear, privacy tools we use, and other affiliates: techlore.tech/affiliates
💖 All Techlore Support Methods: techlore.tech/support
#messenger #privacy #security 
Наука
It's bragging time! What's your favorite messenger? Leave them below 🔽🔽
Fix 1: Telegram technically has a transparency report, but it's suspiciously empty. Make of that what you will: t.me/transparency
Fix 2: Session has made a thread with some fixes, including how they (properly) handle cloud backups: twitter.com/session_app/status/1447812389928275972
Matrix and briar ftw
Signal for SMS protection and Matrix/Element for chatting with others
You need to add that "hat" to your merch line.
Status, not even in your video.
No. It's basically moving your SMS messages from your message app to arrive in Signal. SMS using Signal does not make it more secure at all.
The biggest hurdle is nobody stops using whatsapp. Wtf can i do, i just sit alone in my private messenger with nobody xd.
Cuz WhatsApp is the best 😎
Show them this video
Get new friends lol
Same. I deleted WhatsApp and not even that made convinced all of my friends to switch…
Same
“Never transmit anything electronically that you cannot explain to a jury in a fair trial. Facts don’t matter in a kangaroo court.”
"It is facebook run" or "It is facebook, run"?
Yes.
Wow
Wow! Can't even begin to think about the amount of time/work it to produce this comprehensive comparison. Great video!
For a split second my brain was like: never heard about that SMS messenger before >.
Lmao
Unbelievable the amount of time and care you've invested in this. Thank you! I appreciate this channel.
Matrix has encrypted cloud backup (with the option to keep encryption keys backed up encrypted as well)
I have Signal, Telegram, XMPP, Matrix Element, and Briar. And SMS of course.
Ive enabled and configured all that I can to maximize security and privacy.
I also have separate apps for RSA encryption. I can copy/paste encrypted messages into any of these apps.
Im impressed by Session though; I might look into that now.
Do you know the app called Chomp?
You red carded Session for not having encrypted cloud backups. Session has no cloud back ups... Messages are stored encrypted in decentralized node swarms. Probably should turn that one green and add a whole new criteria to your list.
Exactly
Are these nodes for permanent storage?
If so, combined with no PFS the encryption seems to be broken by design
@Necro Nemesis
Session doesn’t store any messages locally on your device?
But does it exclude itself from whole device iCloud and Google One backups? I think that's what they're talking about.
@@climatechangedoesntbargain9140 no, they are only stored on servers for 2 weeks. Long enough for the message to be delivered to an offline recipient.
The only problem with this, is; even when you set up your disappearing messages setting, they only delete off of your device. They stay on the server for the entire two weeks.
So, if you recover your account, all messages that you have received in the last 2 weeks will come flooding back, where they were disappearing messages, or not.
However, they’re currently addressing this problem after a lot of backlash. I and a lot of others gave them hell for it in their community everyday until they finally said they were gonna deal with it.
As for the backup, you should be able to check this yourself by logging into your cloud backup and seeing if the messages are being stored, or not.
WhatsApp does unencrypted cloud backups to either iCloud or Google Drive depending on your device.
Session seems cool
One thing not mentioned in this video is how the data is stored on the users phone. In the UK the police mainly use the method of seizing phones and searching them (rather than any form of remotely monitoring traffic). A far more low tech, but effective method. I feel that none of the messaging apps do anything to protect against this.
You need an up to date phone with a 13+ #/symbol/character password to make brute force attacks difficult. Ensure e2e msgs are deleted and no metadata or cloud backup on your msging app. However there is no true safety with information online or on your phone. You can just do what you can to make it difficult to retrieve information and most importantly omit truly sensitive info to prevent it from being seen. I’ve heard signal has been actively trying to patch or rework security exploits that Cellbrite has used to retrieve info from users. But again no true safety online and the privatization of phone cracking means you never know just how far along they are.
Each app has the liberty to implement Application Level LocalDatabase Encryption.
Whatsapp or Telegram doesn't encrypt the local contents but Signal, Session, SimpleX, Wire does. (IDK about Blockchain-based/Tox/XMPP clients and pretty Sure Matrix Clients doesn't have one)
At least on Mobile.
This is so that even if the phone was bypassed via BFU 0day (which is very very very unlikely) then the feds still need to crack an extra layer.
Telegram has a self destruct timer you can set on all messages
Honestly I delete Whatsapp I thought nobody's gonna talk me anymore but believe me real people who love you will do it from different platforms or call you directly
Exactly
I would love to know more about Matrix's leakage issues, as this is the first I have heard of them, and it's currently the messaging service I prefer
Briar is the way to go! They are trying to develop an iOS and Desktop Application.
I really love Briar. I hope they come through with the iOS app. Some of their posts sounded skeptical about the prospect.
The tox protocol guys are also there if anyone wanna check that out
The lack of an iOS app is my biggest issue with Briar. So many people use iPhones (at least in my circle) so trying to use an app no one can download is a problem. Thanfully signal is cross platform and I've managed to get a few people on board with it.
Using Silence for SMS does provide end to end encryption, a fork of the original Signal project. It encrypts locally, sends, then decrypts. Both parties have to use it though. Development halted since SMS can only do so much but it's still valid.
I'm missing in this overview the location of HQ/datacenter,
to know if it is GDPR-compliant or is the data available for NSA
and which law/regulation is applicable.
Started switching to session some time ago, still have use for messenger and WhatsApp but generally session feels the same only secure, just waiting for voice.
Session: best by test!
Thank youuuu :-)
Nicely done.
Small recent change to Signal: you no longer need a phone number to add new people to your account with the new usernames. (You do still need it register though.)
Another semi-recent change to Signal: the spam filter is not open source. They wrote a blog post about this. The calls to and from and thereby the data going in and coming out still are, but the exact criterea with which they filter spam is not open source (for obvious reasons). (I don't think this needs an edit.)
Awesome video overall, thanks for all the effort you put in! 🌟
Amazing way to overview such a complex topic
very clean and clear presentation
I would have included that not all of them are free
Very helpful overview. Thanks
Thank you, I learned two things in this video, check.
WhatsApp has encrypted cloud backups but not by default and pushes (but doesn't require) users towards an option where Facebook stores the key (but totally doesn't have access honest gov).
hands down best video on the topic
Great work! Thank you
WhatsApp backup is not encrypted. They even warn you that if you decide backing up you messages in the cloud, they will be stored as plain text. Not encrypted and easily to be read.
A close one between Signal and Session. I feel like Signal is for between friends, while Session could be for some people whom we wouldn’t keep in touch with them for a very long time. Also, there is sth called Perfect Forward Secrecy. Does it matter? Thanks.
Yes it matters
Not in session. Because, session mitigates those vulnerabilities in other ways.
Anonymous account creation, onion routing, metadata minimization, etc.
Thanks Techlore. I don't trust any of these apps, not one but i trust you. Never sell your Channel out. Over time people will come to you only.
so what do you use then, mail by pigeon? im sure Signal or Session will work fine unless your activity trying to overthrow the government.
So for me the question boils down to this: What's the most secure messanger(s) that ALSO support RCS (or at the very least MMS). While getting everyone I chat with onto a new app would be the ultimate long term goal, that's not going to happen for a while so I need something that can still use the old non/less secure protocols. Any suggestions?
I don't think there is any FOSS that supports RCS yet. Might wait a couple more years.
Google isn't releasing their RCS protocol api for third party apps
Google Messages have E2E encryption and E2S encryption, comes by default in most Android phones, and can be downloaded on the Play Store if it didn''t come stock with your phone. But if you hate Google with every fibers of your being, using a google product may not be for you.
Thank you for the time and endeavor.
You should add to this list the OLVID. It is French
For iCloud, I thought there was a difference between phone backups and messages backups. I have my Settings -> iCloud -> Messages off. But it's still in my blob backup IIRC.
Aha... I still miss s Wire review in your videos! Could you do it in the future?
I do believe that, as of December 2022, Telegram no longer requires a phone number. Please correct me if Im wrong. I saw a comment about that after a recent update.
is threema really safe? voice calls, video calls, send chats, photos and videos?
I can't find a complete review anywhere about the security of the thremaa application.
I hope my question is answered. Thank you
The Session messenger is the most secure and anonymous but it is slow and doesn't have audio and videocalls:(
I don't want options. I want 1 secure app that's compatible with encryption for other apps a well.
14:22 Btw, Briar now has this in their latest update on the 24th of September.
Any review on Status Private Messenger? Available on iOS, Android, PC, Mac, Linux.
The problem is that 90% use whatsapp 10% use signal, no one uses the rest.
Wish I could give more than 1 like.
How can we ensure FOSS services are using exactly same backend codebase to the one that is public on their GitHub? I understand that we can reproduce and directly compare client using the code they published however is there same way to the backend side?
How does it matter if the context was Client-Side E2EE that is technically verifiable? Does the backend do some magic?
We can't really ensure that. This is why it is important to design a messenger that doesn't trust the server, at all.
Telegram fails this test quite badly. It's not a secure messenger any more than Facebook is.
Weird question on XMPP;
Can you send an email (from a gmail address) to an xmpp address?
Asking for a friend
Email and XMPP are different protocols altogether.
Useful video.
According to this data (thank you by the way) it seems that Session is the best choice especially now since they addressed the cloud backup issues?
If you are ok with the privacy laws of australia and that this country is a part of the big five eyes... yes it's good. But if not use better signal or threema
@@AlphaProductionCss, but in this case, because the NSA, Signal is as worse as Session then…
I'm even moooore confused... Thanks 👍
What about Olvid ?
And session vs autralia laws, is it safe ?
YES. The source code is open and the messages aren't stored with session.
I've got a xmpp on my phone (conversation) but can't seem to work secure chat on iPhone 12. Please could anyone help out a noob like me
Facebook censors private chats, blocks URLs and locks accounts for sending some private images that are considered bad by image detection.
The chart on the website says session has no audits while it says in the video it does, maybe it needs to get updated?
Yep, it does. Reference: getsession.org/session-code-audit
OK this is a very nice video I really love this content
What's up with Matrix metadata? Thought it was the cool new way.
Telegram supposedly stores data in the cloud in the encrypted form. The encryption key is split into parts stored across different jurisdictions. Thanks to this approach users don't need to think of manual backups and also get dozens of impressive cloud features while at the same time this allows Telegram to refuse data disclosure requests from a legal standpoint. The details are clearly explained its privacy policy as well as FAQ.
@Resident Zero , my description applies to regular (cloud) chats. When it comes to secret chats, their primary focus is security, consequently the data of secret chats isn't stored in the cloud and is end-to-end encrypted. Also secret chats offer a few extra features for security. BTW, 1:1 calls use the same kind of E2EE as secret chats.
I've been trying to find some video even addressing this approach to encrypting messages but all of the RUclipsrs just keep harping on about E2EE. Telegram chose their approach because true E2EE makes for a terrible user experience. I want full sync between all my devices and desktop and the ability to get my message history back of I switch device, this makes Signal a terrible choice for me sadly.
@@KjellEilertsen , agree.
@@KjellEilertsen It's the neverending problem of technical privacy and convenience.
@@KjellEilertsen Threema handles local storage and backups better than Signal does.
Particularly on iOS Signal is fairly terrible for backups.
Why is it a problem to not have encrypted cloud backups if u r using message destruction??
Talking about Session here
@@EmmanuelDeligeorges Session has no backups at all, so it shouldn't be a problem.
What about Jami?
Good comprehensive vid! What do you mean when you say “the backup is end-to-end encrypted”? Do you mean that the backup is encrypted by a key that is on your device? Because technically when you upload your backup, one end is your phone and the other end is the cloud server. As long as it’s an https connection it’s always gonna be “end-to-end encrypted”
Means that when you backup, for exemple your whats app messages, facebook can decrypt your backup and read them, because they posses the key to do so.
For end to end encryption on backup, lets say you scwitch phones, and want to backup all your conversation, you will receive an encrypted backup that only you posses the key to decrypt.
Witch is the best app to use to avoid law enforcement?
Which best secure app you prefer
Xmpp is available over onion routing idk why it was said it isn’t here.
Why is Wire always omitted from these?
Did Threema change any of its parameters recently concerning privacy?
It has been advertised recently in this spec ops movie and I am concerned if they are going mainstream which might affect the privacy parameters of the app. Excellent Video Btw, thank you.
Also can you specify what "Closed server " means for threema?
Terminal list
5:20 - This is the part im concerned about when Snowden said he uses Signal, but in order to use Signal you have to register a phone number.
Why would Snowden give away his phone number like that, knowing that the NSA can track any phone number to its exact location within 5 feet as Snowden also said. 🤔
Buy a SIM card with cash and give as little information as possible (mint in the US), register on Signal, remove the SIM card… problem solved
Virtual phone number, my dude.
you wish that telegram would have transparency report ??? why ???
The only thing about these awesome apps is that your friends have to use them as well for you to be able to switch successfully.
Is there anyway to encrypt messages without using an app?
cool research bro
Any opinion on Surespot security?
Session FTW
Shame he didnt any of review the tox protocol messengers. Oh well, c'est la vie
What about Jami???
Does Windows know what I'm doing in the Session messaging application?
At best windows logs your keystrokes. It doesn't necessarily mean it knows what you're talking about but Microsh1t certainly knows you use Session
How about Jami?
why do i feel tis was filmed before the whatsapp content moderation news this week?
It wasn't. The ongoing WhatsApp news is referenced in the metadata section of the video, but events are still unfolding so didn't want to jump to any conclusions. Reference for people to be up-to-date on what's happening: www.propublica.org/article/how-facebook-undermines-privacy-protections-for-its-2-billion-whatsapp-users
XMPP is the most free and most open.
Sir is yandex messenger secure ?
i don't use any except telegram. Time to move on to Session and Briar.
You should have made a recommendation for the best app, and explained your choice.
AMAZING video
Good Video 👌
Session .... For the time being or signal
Session or Threema.
I'm running calyx and wish signal would work without micro g.
Ji which app i can use
"let me in plz"
🤣
WhatsApp specifically states that backups are NOT encrypted... at least the last time I reviewed it which was around the beginning of 2021.
they are not END to END encryted. I will be suprised they dont encrypt their servers at all lol.
Briar can work without internet so it's the most secure, simple.
No Jami?
Whatsapp not now but the end to end backup will came in the beta
I love Threema but I strongly dislike their support team. Here’s my 2 cents about Threema:
- Metadata is pretty much limited to just the date of creation, last login, creation of revocation keys that’s pretty much it. I don’t give them my PIIs so there’s that. I’m certain these don’t qualify as “some”, but rather conditionally, and minor ones otherwise.
- Threema support informed me that it is not possible to verify what’s happening in the server even with the server code, so…?
Clearly he favoring Signal here lol Signal should be have "some" rather than "minor". Giving your phone number to a messaging app and called it secure and private is like saying FB messanger Secret chat is secure and private because it has e2e
- Threema support informed me that it is not possible to verify what’s happening in the server even with the server code, so…?
I think you mean if the server code is open right? If that's your mean, then threema support is right! you can't verify what the server of your messaging do even they release the source code. Because they just can put other code on their server completely different on their open code. Best example is Signal server code! It's open to every one.. BUTT they can't use it lol
@@narahinampas6430 To be clear, you can use the server code, but when you do that only the users on your Signal servers can be reached.
I don't understand why you are concerned about the server.
The things the server can do are:
1) deliver your encrypted data to the proper place.
2) log your connection metadata.
3) log your encrypted data.
When the encryption is robust against attacks, and you take steps to protect your connection metadata then the server misbehaving isn't really a worry.
Honestly I use Facebook messenger but really only for work and chatting with close friends
what about Viber ?
early gang
Briar looks the bomb but I can't find it in the Apple App Store?
Android-only unfortunately. Some iOS limitations make it challenging to host a P2P-based application on the App Store. This video didn't cover usability and the pros/cons of each messenger from a usability POV. Our top 5 messengers video touches on this more.
If you want privacy don't download stuff from the apple store.
In fact throw away your iphone and get another smartphonr
If you get a Google Pixel phone you can install Calyx OS or Grapheme OS on it, both operating systems that are promoted by this channel and are far more private than iOS or other Android builds. It's not too hard to install but you'll need some technical knowledge.
0:33 Nice tinfoil banana hat there, Henry! 😂
WhatsApp uses Signal's encryption protocol, right? And that's open-source. I still don't use it because the metadata is collected and sent to Facebook, but at least the encryption is good, right?
Correct. In theory of course, and assuming it's being implemented properly.
Supposedly yes but at the end of the day you need to trust that Facebook won't push a build to your location that doesn't have it, straight up ignore the protocol, take data by other means, etc... Which I'll never do lol
Well, give a glance to recent fine to Facebook about it
Do you trust whatapp to not hold private keys? i dont
@@techlore Does Windows know what I'm doing in the Session messaging application?
WhatsApp Android's backs ups now have encryption though Google Drive.
I do not understand why registering an account is a problem if it works. I was not able to open a Facebook account for years now.
You have also to register a WhatsApp account if you want to use WhatsApp, you just can't choose a password.
The phone number can be a big problem, easily because my phone number is registered by my ID.
Virtual phone number.
What about rcs?
Looks like session is best
Signal phone number is one thing, but the other is that you are required to have a primary account on an Android or iOS device, no other OS. This is duopoly business is gross and basically means you can't ditch a smart phone or try an alternative OS to use it.
Any of these work without google services?
I know Session, Signal, and Threema all do.