
Ask HN: What encrypted chat application to choose? - sjustinas
I have been using Google Hangouts for IM until now, but recently became interested in an app that would ensure privacy of my conversations.<p>I have looked at several solutions, however, there doesn&#x27;t seem to be a clear leader amongst them. There has been talk about Telegram&#x27;s crypto protocol being broken, while TextSecure seems to only be available for Android. Desktop client is a must for me.
======
losvedir
I'm no expert here, but in terms of HN love, TextSecure is the clear leader.
tptacek (founder and former leader of security company Matasano) seems to
support it, and it's developed by a legitimate security researcher, Moxie
Marlinspike. moxie, in turn, I've seen supported by cperciva (all around
genius and developer of tarsnap).

Now, take this all with a grain of salt since this is all just HN celebrity-
worship / appeal to authority, but I don't really know what else to go on, not
being a security researcher myself...

That said, as far as I know TextSecure is Android only, as you say, but I
believe I read that both a desktop and iOS version are under active
development and nearing release.

Wasn't it recently partnered with WhatsApp? Does that mean if you use WhatsApp
between two recent android clients it's encrypted? If so, WhatsApp might be an
option for you.

But it doesn't seem like that's the case, though, since I've used TextSecure
and there's some (necessary) complexity in the interface to generate and share
a key, as well as notifications about whether your messages are loaded in
memory unencrypted. I haven't noticed any of this with WhatsApp.

------
phelmig
A good start would be EFF's Secure Messaging Scorecard. They measured all
existing solutions using 7 security features(from end-to-end encryption to
open source and public reviews).

A few solutions fulfill all requirements (e.g. Telegrams code hasn't been
publically reviewed while TextSecure was).

One problem is though, that many open source solutions aren't available for
iOS due to issues between Apple's ToS and the GPL.

[1] [https://www.eff.org/de/secure-messaging-
scorecard](https://www.eff.org/de/secure-messaging-scorecard)

~~~
tptacek
The EFF scorecard is technically unsound and not a good place to start. It
actually caused a small controversy among crypto and security people when it
was released.

~~~
atoponce
To clarify, the most criticism that the EFF secure messaging scorecard had
was:

* CryptoCat got a perfect rating, despite it's long history of insecurity, attack vectors, and questionable audits.

* Skype got rated more favorably then is likely the truth. It has since been corrected though.

* PGP got buried as a recommendation.

* A good number of tools were missing on initial release.

The big issue with the scorecard is the lack of rigid definitions, such as
code audits. Developers will audit and review each other's code all the time.
But most won't qualify that as a "security audit". So, does a security audit
require a cryptographer to audit the code? A third party security agency? How
in depth do audits go? Are there any standards or "best practices" to go by
when auditing crypto code, or is it just a rubber stamp?

With that said, it does list (incompletely) a good set of tools that you can
investigate, that you may not have heard of.

------
pearjuice
>Tox is a free and open-source, peer-to-peer, encrypted instant messaging and
video calling software. The stated goal of the project is to provide secure
yet easily accessible communication for everyone.[1] The Tox Foundation took
part in Google Summer of Code 2014.

[https://en.wikipedia.org/wiki/Tox_(software)](https://en.wikipedia.org/wiki/Tox_\(software\))

[https://tox.im](https://tox.im)

------
aw3c2
Privacy against whom? What is your threat model? What platforms must be
supported? What level of technical knowledge do your contacts have? Sadly
those questions are still relevant.

~~~
Spearchucker
My take (I doubt this exists, and won't use chat until it does) -

 _Privacy against whom?_

Privacy against all parties not participating in an exchange. Also, I will not
use an app that uploads my contacts. This suggests that contacts are added
manually, probably using an email address as an identifier, with mutual
authorisation.

 _What is your threat model?_

Information disclosure, spoofing, tampering and non-repudiation. The threat
tree might include elevation of privilege. Denial of service is also
important, in that I want it to use decentralised servers - if one goes down
(or is taken down) another server picks up the load. New servers should be
easy to add by anyone.

Side note - servers are preferable to me, so that messages get through when
one or more parties in an exchange are offline.

 _What platforms must be supported?_

All the platforms my contacts use, so Windows, Windows RT, and Windows Phone;
OSX and iOS; Android; Linux. A nice-to-have fall-back is a browser-based
client.

 _What level of technical knowledge do your contacts have?_

Enough to install the app, register and log in.

------
andrey-p
I've had some experience using Pidgin's OTR plugin [1] via Google Chat. It's a
bit clunky for everyday use but it does the job.

[1]: [https://otr.cypherpunks.ca/](https://otr.cypherpunks.ca/)

~~~
Kadin
Yeah the OTR plugin is really nice. I think it has suffered from some serious
not-invented-here syndrome in terms of not being baked into Pidgin as a core
feature (which it should be).

It has been included in Mac OS X's Adium client for many years, which probably
means that it has the largest installed base of any end-to-end encrypted chat
client, other than Skype. (Although I don't know if Adium automatically
enables it, but at least it doesn't require another download and a clunky
plugin enablement.)

------
syoc
I would recommend tox. If there is any other decentralized, open source, fully
encrypted chat service I would recommend that as well.

------
blueflow
Use a OTR-able client like Pidgin. OTR is protocol-agnostic and works over
most IM protocols.

~~~
diafygi
I've never successfully been able to get pidgin otr to work in Ubuntu. Have
any links to a step-by-step tutorial?

~~~
ultramancool
Install the pidgin-otr package, enable the plugin, use it.

------
higherpurpose
I'm with you. Not having both a desktop client and a mobile one is a large
impediment to using many of these apps. Your best bet is something that uses
OTR right now, probably, such as Pidgin on desktop with ChatSecure on mobile,
or CryptoCat (but it seems it still only has an iOS version right now).

I'm waiting on TextSecure to gets it own desktop version (hopefully with video
support as well), but I haven't seen any updates on that for half a year, so
it's probably going to take at least another 6-12 months to be done.

------
hutattedonmyarm
I use usually Threema, but since you want a desktop client Word isn't bad.
Still in beta though (I think)

------
stevedekorte
For something more like encrypted anonymous email (that keeps sender and
receiver location hidden), there's:
[http://voluntary.net/bitpost/](http://voluntary.net/bitpost/)

------
wrboyce
Are there any practical examples of Telegram's protocol being broken?

~~~
maxerickson
According to their docs, the server can MITM encrypted chats.

[https://core.telegram.org/techfaq#man-in-the-middle-
attacks](https://core.telegram.org/techfaq#man-in-the-middle-attacks)

 _After that, if both clients trust the server software,_

------
dandelion_lover
I would recommend [http://prism-break.org](http://prism-break.org), where you
can find a comparison between free alternatives for popular software.

------
atoponce
First, know your adversary. Is it your ex-wife, your ISP, some disgruntled
hosting provider employees, or law enforcement? That will help you narrow down
your choices.

Second, for an email-like replacement, you may want to look into Bitmessage.
It's decentralized, trustless, and end-to-end encrypted. Unfortunately, it may
be vulnerable to some attacks:
[https://bitmessage.org/forum/index.php?topic=1666.15](https://bitmessage.org/forum/index.php?topic=1666.15)

For a live chat-like replacement, you may want to look into Tox. It is also
decentralized, trustless, and end-to-end encrypted. It is designed to be a
Skype replacement. However, this thread regarding a security audit and the
software it uses is slightly concerning:
[https://github.com/irungentoo/toxcore/issues/121](https://github.com/irungentoo/toxcore/issues/121)

Both Bitmessage and Tox are wet behind the ears, so-to-speak. PyBitmessage,
the main client, is written in Python. As such, the proof of work needed to
calculate for each message is not optimized. Attackers have written clients in
C to take advantage of Python's weakness to flood the network. Until the main
client is also written in C, and the PoW algorithm is designed to take
advantage of it, I'm sure there will be other network flooding problems on the
Bitmessage network.

uTox and Venom seem to be the most used Tox clients, but I have had trouble
getting uTox and Venom to actually work with video. Further, when both parties
are using uTox, in some situations, while my video and audio testing work
fine, the other party cannot see me or cannot hear me. I use uTox for signing
PGP keys, so I've used it a number of times, and it's probably 50% at this
point when it Just Works.

Both Bitmessage and Tox, however, have not had a security audit of the code.

Also, OTR and PGP have proven to be reliable, stable, secure, and enjoy large
communities. With PGP, you can end-to-end encrypt your email, and with OTR,
you can end-to-end encrypt your live chat, although video and audio are not
supported. It doesn't matter about your email or chat provider either, and
software exists for Windows, Mac OS X, GNU/Linux, and BSD for both.

Freenode also offers TLS-supported IRC servers, including hidden servers on
Tor. Although Tor has been getting some press lately of the FBI successfully
taking down pedophiles and drug markets, these are all due to mistakes by the
end users, and not insecurities with Tor itself. So, Freenode on Tor might be
a good one-off solution, where you just need to chat quickly, without
registering for accounts, and staying hidden. See
[https://freenode.net/irc_servers.shtml#tor](https://freenode.net/irc_servers.shtml#tor)

Finally, if you're not familiar with the EFF Secure Messaging Scorecard, you
might want to take a look at it: [https://www.eff.org/secure-messaging-
scorecard](https://www.eff.org/secure-messaging-scorecard). There are a lot of
clients there, including the various security margins of each, so that might
be of interest.

------
drethemadrapper
retroshare is all you need!!

------
Sling
IRC.

------
lyonsntl
try cryptocat

