
Ask HN: Why does P2P encrypted messaging still suck? - xstartup
I chat with my teammates (who are ready to agree on a particular messenger)<p>So, far we&#x27;ve tried<p>1. Telegram - The problem here is that E2E encrypted messaging (secret chat) is not available on the desktop.<p>2. Tox - Works everywhere but qtox crashes randomly on Mac. Antox also doesn&#x27;t work well on Android either. Utox crashes randomly on Linux. Qtox has no way to disable notification on Linux.<p>3. Whatsapp - You always need your phone android<p>4. Signal - Message syncs is very slow if you switch between desktop&#x2F;phone often.<p>I&#x27;ve reported these issues to all these projects but it&#x27;s been a long time and nothing resolved so far.<p>The situation is still pathetic. What do you recommend?
======
Sephr
I was working on exactly this many years ago at the OFTN OSWG with an open
source project called Hum.

I stopped development after Apple got sued for secure p2p video chat with the
original version of FaceTime, seeing as Hum was also going to support secure
multiparty p2p video chat. Unfortunately VirnetX (and by extension, the US
military) owns a patent that would have made deployment of Hum difficult
without an expensive legal team.

It's not too hard to imagine that the real reason you don't see many p2p
encrypted communication platforms is US military-sponsored patent trolling.
This aligns with their mass surveillance interests.

~~~
tuxxy
Wait a minute here -- You're saying that the US military is patent trolling
with secure, multiparty chat patents?

Can you link to said patents?

~~~
asdsa5325
The person is wrong. It's a private company that has the patent, the company
works with the government. I don't know why he implies the government is
involved in the patent suit, _they are not_.

~~~
Sephr
"It's not too hard to imagine…" isn't exactly the same as saying "It's true
that…". I don't have hard evidence, but it's not hard to imagine VirnetX being
manipulated behind the scenes by the US government. Similar circumstances have
happened in the past.

------
jedberg
Money. It's not profitable to run an encrypted messaging service for free,
because you can't extract any data from the chats, and people aren't willing
to pay what it costs to maintain a good app.

~~~
aeorgnoieang
Maybe a company could allow paying customers to invite 10 of their contacts to
use the app/service for free. Or is even the potential association of all of
those people too insecure?

I otherwise can't imagine how to bootstrap a network.

Maybe users could pay to _receive_ messages.

~~~
narag
_I otherwise can 't imagine how to bootstrap a network._

Facebook started with a narrow target: students of some uni. Look for another
similar group of persons, that want privacy and don't mind spending a few
dollars.

Edit: Whatsapp (everybody here in Spain has it) was a paid app at first. They
gave one year away... eventually they made it free, around the time that
Facebook bought it.

~~~
aeorgnoieang
One problem with bootstrapping a network of users of an encrypted messaging
app/service is that info about the network of users itself arguably needs to
be secured too.

But you're still probably right overall. Marketing to businesses or teams
within businesses is probably the best bet.

------
imsofuture
Signal works pretty well for me. I mostly use it on my phone, but occasionally
on my desktop, but never had sync issues.

Matrix.org + Riot.im are a pretty solid combination. Plus, you can bridge to
IRC.

~~~
Tharkun
Last I checked there was no Signal client for most Linux or BSD distros. IIRC
they did something silly like a Debian-only package or something.

But as many others have stated, its inability to work without exchanging phone
numbers is a show stopper for many uses cases. Especially now that my country
requires SIM registration with valid IDs.

~~~
robertely
There are builds for ubuntu now. They even run an APT repo.
[https://support.signal.org/hc/en-
us/articles/214507138-How-d...](https://support.signal.org/hc/en-
us/articles/214507138-How-do-I-install-Signal-Desktop-)

~~~
culot
There's been one a couple in the AUR for a long while, too. Signal Desktop is
not too bad. The aesthetics are clunky, and it didn't seem to scale well last
time I used it, but decent overall.

------
Snawoot
Try Keybase (keybase.io). It provides usable apps for all platforms, encrypted
file sharing, git, group chats. Most important thing: it does not require to
trust keybase servers as trusted party. Trust for your partner key is inferred
from various proofs.

Disclaimer: I do NOT work for keybase, just a big fan of it.

~~~
diafygi
I've tried, but it still doesn't support yubikeys/smartcards. So people send
me messages on keybase chat, but I can't decrypt them :(

~~~
cjbprime
Hi, I work at Keybase. There actually is some Yubikey support. But it's not
relevant here, because chats use per-device keys, not your PGP key.

~~~
diafygi
Right, so how can I decrypt the chats you sende email notifications about if
my base pgp key is on a smartcard?

~~~
cjbprime
It will just work. Your PGP key isn't a "base" key, the device keys are. Your
PGP key is only used for PGP operations.

[https://keybase.io/blog/keybase-new-key-
model](https://keybase.io/blog/keybase-new-key-model)

------
Boulth
Did you consider XMPP with OMEMO? I'm running my own server for family and
friends, we use [https://conversations.im](https://conversations.im) in mobile
and Gajim or [https://dino.im](https://dino.im) on desktop. Everything runs
well including encrypted group chats.

~~~
pspeter3
Is there a server you recommend?

~~~
ge0rg
Ejabberd and prosody are the most widely used ones. For prosody you should
also consider using the community prosody-modules repository that adds many
modern features. I'm running prosody 0.10 on a server for my app users, with
multiple hundred connected clients simultaneously.

------
niksakl
1\. Telegram - Not p2p

2\. Tox - p2p

3\. Whatsapp - Not p2p

4\. Signal - Not p2p

Putting the above aside: If Tox doesn't work for you, your best mobile-
friendly options are: 1) Signal and 2) as others have mentioned Matrix - if
you want a self hosted and federated solution.

[edited: addendum] i now realize you probably mean p2p-encrypted messaging.
Damn semantics of non-formal languages!

~~~
itakedrugs
How do you call P2P that is strictly without any third party?

~~~
dilippkumar
p2p strictly implies no third parties.

If there is a third party involved, you are not p2p.

~~~
itakedrugs
so if other users (not part of the conversation) are used as temporary servers
so that messages get delivered even if the sender or receiver are never
connected at the same time, what would it be called?

~~~
dilippkumar
AFAIK there isn't a modern word to describe the common architecture that you
describe.

About a decade ago, the phrase "hub-and-spokes network" was thrown around to
describe an architecture with a central server that acted as the mediator. The
term "p2p" became popular in this context. (

Napster, bittorrent, tox are all "p2p" because they don't connect to single
server. Skype is not "p2p" because all packets go through the skype servers.

~~~
sliken
Skype used to be p2p, except for the original auth/login. But since then
microsoft bought the company and push everything through their servers.

------
smehtaca
I find Wire(wire.com) to be well designed and usable, especially their mac
client. Only issue I have with Wire is having no anonymous sign up and having
to rely on a central server to add contacts but the former can be worked
around by using a temporary email.

I take issue with having to provide a cell phone number for Signal. I just
hope Tox clients get more polished and more usable as every client I've used
except toxic has been terribly buggy.

~~~
grumdan
In addition, their server-side code is open-source and they claimed that
federation support is something they are considering to add:
[https://github.com/wireapp/wire/issues/160](https://github.com/wireapp/wire/issues/160)

Overall, I'm also not a big fan of Signal's hostility to federated protocols
([https://signal.org/blog/the-ecosystem-is-
moving/](https://signal.org/blog/the-ecosystem-is-moving/)), so I'm more
optimistic about Wire in the long run.

~~~
kiliankoe
Just want to add onto this that pretty much everything Wire makes is open
source. The backend (written in Haskell no less, which continues to amaze me),
the desktop app and the mobile apps.

------
ken
At one company where I worked, we ran our own IRC (+SSL) server, and it worked
great. Depending on your exact requirements and use cases, that may or may not
qualify as "p2p encrypted".

~~~
walrus01
Seconding this. You can lock down an irc server pretty thoroughly if it is for
company internal use only. First, put it in private IP space that is only
accessible from a VPN connection (properly setup openvpn for instance). Have
unique vpn public/private keys per device so you can revoke access to a stolen
laptop or phone granularly. The ircd server host OS should have no public
facing IP. Also configure the ircd to only listen for sessions from a certain
range of IP space. Once people are on the vpn, have them ssh into a shell
bastion system and run irssi + screen (or tmux) from there, connect to the
ircd.

~~~
giggles_giggles
This doesn't protect users from snooping by the IRCD admin, which is what e2e
encryption/p2p chat is about -- removing the ability of the service provider
to see the content of the private messages between users. IMO IRCD in no way
qualifies as "encrypted p2p chat".

~~~
ken
That's why I said it may or may not qualify. What's the threat model? What's
the usage environment? (It's "encrypted p2p" between two users if one of the
users is also the admin.)

For example, if the _purpose_ of this requirement is to keep a business team's
communications out of the hands of other businesses, then local IRC+SSL
accomplishes that, even though the local administrator can still snoop on it.
Being able to say that company secrets never left the company was a big hit
with our investors, and it didn't matter that it was technically possible for
our sysadmin to snoop on them because he had physical access to all our
workstations anyway.

If you don't have a trusted administrator, all is not lost. Each user can run
their own ircd on the same VPN. It's less convenient to set up but any IRC
client can handle multiple servers. Again, it depends on your requirements.
(Are there 5 users, or 5000?)

Like any other technology, IRC can be used as part of a secure system. It has
the advantage that it's free and easy to run yourself. Without knowing more
context, though, it may or may not be practical.

------
aaronharnly
Well, iMessage is end-to-end encrypted and works smoothly on both mobile and
desktop. Caveats apply, of course: supports OS X and iOS only, is not open
source and its protocol is not publicly available for audit.

OP’s post indicates they need support for Android mobile and Linux desktop, so
it won’t fit their bill, but it’s a viable option for some.

------
rapsey
> Ask HN: Why does P2P encrypted messaging still suck?

Because no one wants to pay for it.

~~~
tibbon
Also, no one's asking to have it paid for.

I've noticed over the past few years that a lot of things go un-made because
there's an assumption that no one will pay for something if it's done really
well.

The reality is a _lot_ of people will pay for something if it's done really
well.

I'd easily pay $10/month for Facebook, if Facebook really had some way to shut
off 100% of its marketing-based data things that we're all so worried about.

Thing is that people became allergic to asking outright for money from
consumers a while ago. I used to buy software, and I still will if someone
actually makes great software!

(I pay for all sorts of services that actually ask; Dropbox, a password
manager, Spotify, Netflix, extra space on Gmail, etc. Provide an actually
great service, make it a reasonable price and I'll pay!)

~~~
woolvalley
threema.ch exists if you want a paid encrypted chat client

Things that are free get about 10x more adoption than non-free equivalents,
and chat clients are software that have network effects.

~~~
pnutjam
[https://spideroak.com/semaphor/](https://spideroak.com/semaphor/)

SpiderOak is a good company.

I've had a free storage account with them for years. I didn't log in for 3
years and when I logged in my data was still sitting there, safe and sound.
Pretty nice for a free tier.

------
lhlmgr
I use Wire, which is a neat p2p encrypted messenger: \- with an open source
app / server \- you don't need a mobile phone and you can use a desktop app \-
Voice call works perfect (really good alternative to skype) \- no random
crashes at all \- (a colleague of mine diskussed some 'minor' issues on
twitter - and they fixed in within few days)

------
ReAzem
Did you try Ring? ([https://ring.cx](https://ring.cx)).

Ring is comparable to Tox, but it has much less bugs.

Full disclosure: Ring dev here. I can answer questions.

Keep in mind that some of the platforms you have listed here are not
decentralized. When using a fully decentralized system like ring, you must be
willing to compromise on some functionality.

~~~
romwell
Never heard of ring, looks very interesting!

Questions:

1\. Who is developing Ring? Is there a company behind the software? Who are
the people?

2\. Is it really truly P2P? Does it require servers or known supernodes? If
so, what guarantees that those are up? (E.g.: Skype used to be somewhat P2P
until MS changed that, and banned old clients from logging in - is that
scenario possible?)

3\. What is the UI framework based on? (i.e. is it another Electron app?)

4\. Bittorent Bleep looked promising, until it was suddenly no more. How are
you going to keep Ring afloat? What's going to ensure it's there in 5, 10
years? (As much as I don't like Skype, everyone I need to (video)chat with has
been there for 15 years)

Thank you!

~~~
ReAzem
1\. Ring is a GNU project (see
[https://www.gnu.org/manual/blurbs.html#ring](https://www.gnu.org/manual/blurbs.html#ring)).

It is mainly developed by Savoir-faire Linux. A free software consulting
company based in Montreal:
[https://savoirfairelinux.com](https://savoirfairelinux.com)

2\. It is fully decentralized. OpenDHT is the backbone of the network. Calls
are made using the sip protocol and are initialized with ICE
([https://en.wikipedia.org/wiki/Interactive_Connectivity_Estab...](https://en.wikipedia.org/wiki/Interactive_Connectivity_Establishment)).

Some situations require extra nodes: \- If ICE can't open a connection with:
ip-to-ip, UPNP, udp hole punching, it will revert to using a TUN/STUN server
hosted by Savoir-faire Linux. Note that you can configure your own TURN/STUN
server in the Ring settings.

\- The first time that Ring connects to the network, it needs a "bootstrap
server". A bootstrap server isn't really a super node, it is just a "know
active node". Every DHT-supporting bittorrent client supports this. Note that
you can point ring to another bootstrap server in the settings.

\- Ring uses an optional blockchain (ethereum) based service to register
usernames. This isn't part of all ring nodes by default. It has to be
installed separately and then you must point your ring client to it. You can
chose not to use usernames if you want and call people with their full RingID
instead.

3\. We have several clients, all of them use native frameworks. \- GNU/Linux:
GTK \- Android: native android libraries \- Mac: native mac libraries \-
Windows UWP: native UWP libraries \- Windows win32: native win32 libraries \-
IOS: native ios libraries

4\. Ring (sflphone) was released in 2004. At first, it was a SIP softphone
app. It only became decentralized a few years ago. However, the app still
supports SIP.

The development has been generously funded by Savoir-faire Linux since 2004
and there is no plan to stop. Savoir-faire Linux has taken every step to
ensure that Ring remains free. Joining the GNU project, (2016) was one of
these steps: \- [https://lists.gnu.org/archive/html/info-
gnu/2016-11/msg00001...](https://lists.gnu.org/archive/html/info-
gnu/2016-11/msg00001.html)

------
n1000
Did you consider [https://threema.ch/en](https://threema.ch/en) yet? I have
been using it for years and it is great (iOS and Android). The developers keep
adding new useful features to stay on par with Whatsapp etc. For instance,
their web chat is currently in beta.

------
michelledepeil
I've recently moved to wire after looking for a chat app capable of exactly
this. It's quite good, sync is fast an effective and even group calling is
acceptable.

Only problem is that it currently doesn't allow you to send yourself stuff,
making it less useful than telegram was...

------
rhizome
Signal on Android(app)/Debian(desktop) always syncs for me within a few
seconds, and both my connection and DNS suck.

------
kodablah
Some general notes (I don't have recommendation). Many people see those
options as not something to build on, but rather use. I.e. there aren't many
p2p encrypted communication frameworks, and they especially don't solve
anonymity + discovery well. Also, I think not enough developers care about
making it really easy to self-host (i.e. bust NAT and serve from home) with
read mirroring. Myself and I'm sure a gazillion others have side projects
trying to tackle these things. You just have to wait until one catches on :-)

~~~
no_identd
Here's your solution, 181 pages worth of it:

[https://grothoff.org/christian/habil.pdf](https://grothoff.org/christian/habil.pdf)

Bonus: Briar could run on GNUnet, which would speed up interest in secushare
development, which currently occurs at a... well, unexciting rate.

Also, I wish Briar would implement double ratcheting WITH metadata encryption.
At the moment, it has no double ratcheting, but because the transport layer
works differently this seems less concerning as they use good crypto
algorithms, but it poses an issue to secure interdevice message sync. I only
point the 'WITH metadata encryption' part out because SignalProtocol[!] lacks
it.

A point against both Briar and Signal: I can't specify my preferred encryption
method and parameters.

------
Aaronn
Maybe I'm missing something but you asked for P2P messengers but listed a
bunch of messengers that aren't P2P? The only one you've tried that is P2P is
Tox right?

------
nmgsd
The issue becomes very difficult when you need to preserve message history
reliably and allow account usage across devices. Because key management
becomes tricky and clunky and there's no easy UX ways around it.

For ephemeral messaging like a SnapChat type use case, you can EASILY provide
p2p encrypted. For services like Telegram and FacebookMessenger, their feature
list requires cross device syncing, historical archiving, and those features
don't play well with rotating keys, perfect forward secrecy, and other e2e
encrypted messaging techniques.

------
jamesgeck0
I've occasionally seen delays of ~10 minutes between message sent and received
with Signal; even upwards of 30 minutes sometimes.

It's a shame; the app has a very good user experience otherwise.

~~~
thaumasiotes
Delays of minutes or hours also occur in WeChat and plain old SMS. They are
incredibly annoying, but it's not obvious to me that we can blame Signal here?

------
datenwolf
> The situation is still pathetic. What do you recommend?

XMPP/Jabber + OTR

~~~
iod
Yea I second that, and have been doing this combination for years. For the
client programs:

    
    
      Pidgin with OTR - Linux/Windows
      Adium with OTR - Mac
      ChatSecure/ZOM - iOS/Android
    

Used on top of some XMPP service underneath such as Cisco Jabber.

~~~
datenwolf
On that matter: Can anybody recommend XMPP clients that support
GSSAPI/SASL/Kerberos user authentication?

I'd really love to implement thorough self hosted SSO infrastructure that
authenticates against a crypto token (Yubikey, Nitrokey, GPG smartcard). Doing
this for e-mail and SSH logins is straightforward (BT;DT). And the Prosody
documentation is promising with that respect, so the server side should be
doable as well. But on the XMPP client side all I can find are some maillist
posts where people supposedly got it working with Pidgin, but no howtos or
similar to be found.

One thing that I also want to implement is kerberized OAuth and OpenID;
however there are only very few services where you can actually log in with
something other than Google, Twitter or Facebook – StackExchange used to offer
login via custom OpenID, but they removed that a few years ago.

------
pmlnr
XMPP + OMEMO. Cross-platform, multiple client, works fine.

------
X-Istence
I have been using Keybase.io for a lot of the chatting I do with friends, and
it works great across multiple platforms.

~~~
phaer
To clarify: Keybase.io, like Signal, Whatsapp and Telegram above, is encrypted
but not P2P - all of them rely on centralized servers.

~~~
SpaceLab_
and thats where the vulnerability is, in the centralized servers

~~~
aianus
The only vulnerability introduced by the servers at keybase is denial of
service. I believe the protocol and clients are open source and there is no
need to trust their servers for the key distribution part either (keys are
cryptographically verified from a variety of sources like DNS, Twitter,
Reddit, HN for each recipient)

------
tscs37
I wouldn't call three of those p2p and one of them doesn't even deserve the
description "encrypted".

The probably is that the proper p2p encrypted messaging tools have a UI that
either absolutely sucks or they have other, similar problems. Problems you
have when you can't afford a UI/UX designer.

------
jalayir
I think part of your question is, why does every p2p app not work on all
platforms equally well. This is true of pretty much 90% of apps and software -
they don't work on all platforms equally well. This is because of conscious
design and business decisions taken by the builders.

------
enricotal
[https://status.im](https://status.im) is great, it uses ethereum whisper
protocol
[https://wiki.status.im/Whisper_Messaging](https://wiki.status.im/Whisper_Messaging)

~~~
nosuchthing
Who would want to store their private messages on a public database?

Not to mention needing to buy ETH some how and than paying for every message?

~~~
gravityblast
You don't need ETH to send messages on whisper. And Whisper doesn't store your
messages on the blockchain.

[https://github.com/ethereum/wiki/wiki/Whisper](https://github.com/ethereum/wiki/wiki/Whisper)

~~~
nosuchthing
Interesting protocol, thank you for sharing and correcting my
misunderstanding.

    
    
      Uncertain-latency Not designed for RTC.
    

At first glance, this looks like a client broadcasts the Whisper to another
server which than places it in a cache and might forward to more clients if
enabled. Eventually the cache is cleared and there's no telling if the message
will propagate successfully in any given time frame?

~~~
adambbb
More or less it's how you described it. The current implementations broadcast
messages to all connected peers supporting the protocol every a few hundreds
of milliseconds.

It's also true that there is no confirmation that the message reached the
recipient (in order to provide dark routing). This can be built on top of
Whisper in a separate communication protocol.

------
olejorgenb
[https://liberapay.com/matrixdotorg/](https://liberapay.com/matrixdotorg/)

[https://www.patreon.com/matrixdotorg](https://www.patreon.com/matrixdotorg)

------
petecooper
>3\. Whatsapp - You always need your phone android

Really? I have iOS here, WhatsApp works fine here and the web app version
([https://web.whatsapp.com/](https://web.whatsapp.com/)) also works fine.

~~~
seddinbad
you can't use whatsapp web when your phone is not on the same network

~~~
apotheothesomai
In case anyone is interested, the phone plus web combo was apparently the
final solution to the thorny problem of establishing identity with the web
client without requiring any more info on the user beyond the phone number.

All bets are off, now that it's FB's beast, but the two device solution was
intended as a privacy feature, afaik.

I sat next to Pasha Sadri, the web client lead, for 4 months before the
acquisition. He mentiond the problem a few times.

The fact it took another 2 years to get the client out seems to indicate that
multiple problems were solved in other ways.

------
mempko
Two words: Key Management

And of course nobody wants to pay for it. Also we need to aim higher than just
p2p messaging. Shameless plug. [http://firestr.com](http://firestr.com)

------
kuon
I use Wire (wire.com). It's good with a few downsides:

\- Cannot send things to yourself.

\- Sometimes buggy with video calls

\- I would love a bit more customization client side, like being able to have
a more compact interface on the desktop

------
ge0rg
Briar seems to be an interesting p2p encrypted chat and forum system.

------
jonknee
It's difficult, even the richest company in the world hasn't figured out
proper sync of their encrypted messaging platform and they only support their
own operating systems!

------
johnhenry
Lack of efficient fully homomorphic encryption -- as soon as we crack that, we
can start injecting ads into encrypted messages and it will be profitable
enough to make not suck.

------
tombert
I use Signal every day as my primary IM client. I haven't had any real
problems except the occasional having to reset my keys.

------
derefr
How about running the Telegram or WhatsApp mobile apps on your desktop using
an Android virtualization layer (e.g. BlueStacks)?

~~~
compsciphd
At least in the pass, one couldn't easily (if at all) run whatsapp on multiple
devices. Even if one would run it in bluestacks, it be only a desktop
solution.

------
pcunite
Startups like PreVeil are trying to address this with servers that don't have
access to your data.

------
boisebenkline
Try [https://forsta.io](https://forsta.io)

------
simlevesque
I use JMP.chat which is basically XMPP + OMEMO + a phone number.

------
prabhaav
We are building a p2p decentralized application that uses WebRTC for real time
chat, video, etc

You can try it at www.stealthy.im. Would love your feedback!

Also, we have a super secure version called "Snowden Mode" for the privacy
enthusiasts!

~~~
stevenicr
Looks neat - like it checks a lot of boxes I am looking for. Does not seem to
tell me of I can host all the code on my own servers or if this is a kind of
closed source saas thing you are trying to make happen. It may answer "does it
have perfect forward privacy" with some of the terms I am not familiar with,
or not, not sure.

~~~
prabhaav
Thanks Steve, the underlying auth/storage technology is open source:
[https://github.com/blockstack](https://github.com/blockstack).

We are planning to open source our code in due time.

One of the cool aspects of our tool is there are no servers involved.
Everything runs client side and the lookups are done with de-centralized
zonefiles on the blockchain.

------
arzt
mainframe is attacking this issue
[https://mainframe.com/](https://mainframe.com/)

------
Nuzzerino
What about RetroShare? I realize the software can feel a bit janky at times,
but I've heard many good things about its p2p privacy features.

------
morpheuskafka
Wire is pretty lit, e2e on all devices.

------
coretx
For noobs like the OP Http://crypto.cat is something to look at. (XMMP/OMEMO
for idiots.)

------
smilesnd
Because networking is difficult with a lot of unknowns, P2P is a resource hog
with many security issues, and encryption in itself is a beast.

A lot of the video game studios would love to use P2P instead of having to
invest in infrastructure that cost money. Destiny is a example why they
shouldn't. Destiny P2P system shows on average that anything over 5 users
causes major lag in data transfer. Users home networks are equip for handling
data coming to them, but not for data being pushed out. Same thing for cell
phones they are design for small burst of data going out not constant data
being uploaded. P2P is to much a resource hog when it becomes a time sensitive
data transfer.

The other problem Destiny prove to be a issue with P2P is a small security
issue with ddosing. You beating someone in a video game well a instant ddos
and bam lag spikes. Lag spike in a P2P system are murder because they are
instantly felt by all.

Another unknown issue with networking is routing you never know how or where
your packets are being sent. If one user packets are for some reason being
routed through Uganda then every user might have to send the same package 3 or
4 times each time till it reaches them. You would be surprise how many packet
drops happen between isp and networks. This is even a bigger issue with P2P
because a packet drop is multiple by the amount of users.

And finally we get to the fun world of encryption. It is fun because it is
simple to say all the terms that make it sound encrypted and secure but it is
a iceberg of hell and dog poop. Creating secure channels while creating
encrypted message while insuring that the end party are a trusted end users
while ensuring all the algorithms used are up to date and solid is horribly
boring and tedious. Did you know that if you compress something then encrypted
then you just broke your encryption? That is because compression algorithm has
a repeating pattern that makes it easier to break encryption. It is little
things like that and more why you need a whole security team of red and blue
team when you ever use the word encrypted.

Also to the other problem you eluded to cross platform. Making anything cross
platform is it's own major heart break issue. When you toss in phones as well
(I run in corner screaming and crying thinking about it). You might say
something like java can handle it all, but it doesn't. You still need to test
everything over and over again. Every computer can be running a different
version of the Java virtual machine each having its own different bugs. Then
you get to the realm of cell phones on top of creating a desktop app, and I
would just walk away. I would charge someone billions to handle that kind of
dev work.

The situation isn't pathetic it is a iceberg problem. The amount of complex
problems that come with creating a stable P2P cross platform encrypted
solution that is easy for end user to use, and doesn't compromise in certain
areas would cost millions of dollars upfront to build.

------
DavisBobby
Y'all not using Digital Note? (XDN) Been incredible for me.

------
TXCSwe
I run Telegram on my desktop? Also i use WhatsApp on my iPhone.

~~~
uph
Telegram doesn't use end-to-end encryption by default. It's marketed as a
secure messenger, but it's comparable to Facebook Messenger or Google Allo.

~~~
xstartup
As I've mentioned in the post above, telegram simply does not have "secret
chats" available on Desktop.

So, if you use Secret chat on mobile and go to desktop, you'll not see it!

Switching back and forth between secret and not secret is troublesome
especially when the other side doesn't know if you are on desktop or mobile to
check availability for secret chat.

~~~
michel-slm
Which desktop client did you try? The official Mac client, at least, has
secret chat just like the mobile clients (I just used it yesterday)

Note that Telegram secret chats are end to end encrypted (default chats are
not) but you're still dealing with the Telegram server (not peer to peer)

~~~
xstartup
I tried arch linux one.

------
friendlysurfer
Try Peerio.

------
dbsvsv
Isn't there a client by John McAfee?

------
web007
If you're an individual or organization in opposition to a state / stage
agency then certainly it makes sense to find an app to protect your
communication without a third party being involved.

Short of that, consider if you actually need "P2P encrypted messaging" \- if
you're doing business-type things then you should probably use a business-type
messaging solution. Slack is pretty good. IRC is fine if you're slightly more
paranoid, it just doesn't have UX on par with a commercial solution.

Find any HIPAA-compliant messaging product and you'll get most of what you
actually need (vs think you want), but be prepared to pay much more for it
than for a regular chat client.

