
Ask HN: Secure async conversations for non-tech people - ColinWright
I was recently in an email conversation between 10 to 15 people in which some delicate issues were discussed.  As it progressed I became progressively uncomfortable ... it only takes one mis-typed email address and the entire conversation could be leaked.<p>Usually people will just hit &quot;Reply-All&quot; and it&#x27;s OK, but someone might accidentally add an address list to the CCs or BCCs, and the result is horrible.<p>But what alternatives exist for non-technical people to have an extended async conversation?<p>All comments and suggestions welcome, and thanks for reading.<p><i>Edit:</i><p>Adding information about the context here.<p>Many of the people involved don&#x27;t have a smart-phone, and certainly couldn&#x27;t go through the process of linking an app to a laptop&#x2F;desktop machine. Sometimes it&#x27;s tough getting them to use email &quot;properly&quot;, which is why I have concerns over them using email for confidential conversations in the first place.<p>They have email, they have browsers, they are almost invariably using laptops or desktops and not phones, and they are technically inexperienced.  I&#x27;m guessing that anything suitable would have to be browser based, but I&#x27;m open to other ideas.<p>Thanks.
======
kvn_95
Secure communication is unfortunately still difficult for non-tech people.
Most of the "easy" ones are tied to a smartphone, like Signal.

However if the goal is to prevent accidental leaking by using reply-all or
adding an email address by mistake, then I think encryption features are nice-
to-haves rather than a must-have. It's a _very_ nice to have, but for non-
techies and for your specific use case, usability is probably more important
at this point.

I would thus recommend either:

* Discord ([https://discord.com/](https://discord.com/)), easy group voice chat should you need one

* Slack ([https://slack.com/](https://slack.com/)) using a free account, but they limit the number of messages for free accounts. May not be a deal-breaker for you.

* Element ([https://element.io/](https://element.io/)) which was formerly Riot.im, and is encrypted and have more security features vs. the other two. Probably the most secure here.

All of them have their pluses and minuses, but all of them can be opened in a
browser and require no smartphone. I suggest you pick one that you feel is
easiest for your group to register and use, and provides the feature set that
you require.

With regard to Discord, please make sure to read [0] before making any
decisions :)

[0] [https://cybernews.com/privacy/discord-privacy-tips-that-
you-...](https://cybernews.com/privacy/discord-privacy-tips-that-you-should-
use-in-2020/)

~~~
muzani
A lot of these are used in games for security. I've heard of Snap being used
for security too, but I have no experience with that.

Discord roles are pretty messy for this though, to the point that secure
conversations are often brought into a group chat or multiple separate
servers.

------
upofadown
>it only takes one mis-typed email address and the entire conversation could
be leaked.

Then perhaps the people involved should be encouraged to trim all the old junk
from the bottom of their messages... for exactly the reason you have
described.

A discussion between 15 people is inevitably going to get leaked to some
extent no matter what the medium. Sometimes you can break things into smaller
discussion groups.

You could set up a private web forum. That's probably it for web based stuff.

------
auslegung
I’d recommend Signal [https://www.signal.org/](https://www.signal.org/). I
think any of these options are going to require either configuration which
could be complicated, or an app download which is often simpler.

~~~
ColinWright
Many of the people involved don't have smart-phone, and certainly couldn't go
through the process of linking an app to a laptop/desktop machine. Sometimes
it's tough getting them to use email "properly", which is why I have concerns
over them using email for confidential conversations in the first place.

They have email, the have browsers, they are almost invariably using
laptops/desktops and not phones, and they are technically inexperienced.

I don't think Signal would be an option, but I don't know it well, and I could
be wrong, so I'd be happy to be corrected.

Thanks.

~~~
auslegung
Signal must be setup on a smartphone before using it on desktop. What you
listed in your reply is important for people to know to properly answer your
question. You should consider updating your question. Good luck! Nothing else
comes to mind that is simple and desktop-only.

~~~
ColinWright
I've just added it to the question ... thanks.

To be honest, I don't think there is anything that's robust, non-tech
friendly, easy to set-up, and reasonably secure. It doesn't need to be secure
against state-level actors, just against people accidentally copying in
someone unintentionally.

------
lfoooo
Maybe Wire [https://wire.com/en/](https://wire.com/en/) ?

