
Ask HN: Best encrypted messaging app atm? - sprafa
Donald Trump getting elected I am no longer playing around, my life is going full encrypted.
======
mrbiber
At the moment, Signal and Wire seem to be the best options. They have open-
source clients, end-to-end encryption, are easy enough to use that even less-
computer savy people can be realistically convinced to use them and they seem
to offer decent protection for metadata (not technical, but policy-wise).

There are, however, some upcoming developments which will change the situation
in the next couple of months:

1) The main matrix.org client, Riot ([https://riot.im](https://riot.im)) has
end-to-end encryption now in beta. This will offer Signal-strength encryption,
but in a decentralized, e-mail-like system with federated servers. This will
create an ecosystem where people are no longer dependent on the goodwill (and
solvency) of a single entity to use a good, encrypted messaging app.

2) Briar ([https://briarproject.org](https://briarproject.org)) is a new
(Android-only) app, designed for people with an especially high need for
privacy. It works without central servers (through Tor hidden services, but
hides the complexity of that), even works when the internet is down (e.g. when
mobile networks are shut down during a protest) via Bluetooth and direct Wi-Fi
connections, and it offers extra features, like a panic button that deletes
all your data. It's in beta at the moment, with a planned release early next
year.

TL;DR: Use Signal or Wire for now, but be ready to switch to a better system
when available.

~~~
sprafa
I've heard Signal has US Government backing, which makes me scared for an NSA
backdoor. Any idea about this?

~~~
lorenzhs
Where have you heard this? I wouldn't question Moxie's integrity lightly, his
track record is impressive.

~~~
geofft
Wikipedia says that Open Whisper Systems has received a significant amount of
funding [1] from the Open Technology Fund, run by Radio Free Asia [2], a US-
government-run propaganda organization.

Of course, this is the arm of the US government that very actively _doesn 't_
want back doors, because they operate in territories controlled by other not-
necessarily-friendly governments. They need communications to be reliably
secret, and they have no need to tap those communications. It's the same
reason that government funding for Tor isn't inherently a problem for Tor's
security, and you see other parts of the US government, like the FBI, trying
to hack it.

It's definitely worth worrying that the government could decide that this part
of its mission is no longer worth funding. But it isn't likely to be a risk of
back doors. (Especially compared to all the other usual risks, notably simple
bugs like Heartbleed and Weak DH.)

[1]
[https://en.wikipedia.org/wiki/Open_Whisper_Systems#Funding](https://en.wikipedia.org/wiki/Open_Whisper_Systems#Funding)

[2]
[https://en.wikipedia.org/wiki/Radio_Free_Asia](https://en.wikipedia.org/wiki/Radio_Free_Asia)

------
lorenzhs
Security people recommend Signal a lot (e.g.
[https://medium.com/@thegrugq/signal-intelligence-free-for-
al...](https://medium.com/@thegrugq/signal-intelligence-free-for-
all-5993c2f72f90), Snowden uses it and repeatedly recommended it:
[https://twitter.com/Snowden/status/661313394906161152](https://twitter.com/Snowden/status/661313394906161152),
...). Personally, I use it all the time and it's nice. Most of the initial
problems have been sorted out, so I encourage anyone who's had trouble with it
before to try it out again.

It has text (one-on-one and groups) and voice calls. Things that could use
improvement: group management, switching to a new device. It doesn't have some
of the features some people like (stickers and whatnot), but personally I
don't care much about those. Video calls would also be nice.

~~~
pmlnr
Encrypted video calls will crush mobile CPUs in my opinion, but indeed it
would be nice to have one.

~~~
krrrh
I'm curious if you have some real insight on this, because my understanding is
that Facetime video calls are end-to-end encrypted, and the battery drain
seems to be pretty minimal even on older devices.

~~~
lorenzhs
What's your definition of "pretty minimal"? FaceTime has noticeable battery
usage in my experience, but it's not excessive. I'm not sure how it compares
to unencrypted video chat, but I doubt it's much higher. Crypto is typically
accelerated in mobile devices these days. I would guess that the screen and
network (Modem/wifi active all the time) are the battery-draining bits, and
while encoding and encryption don't help, they're hardware-accelerated. That's
only a guess, though, and I'd appreciate it if anyone had data on this.

------
blyuher
Signal ([https://whispersystems.org/](https://whispersystems.org/)) got a good
score from EFF. You may find this guide helpful -
[https://medium.freecodecamp.com/tor-signal-and-beyond-a-
law-...](https://medium.freecodecamp.com/tor-signal-and-beyond-a-law-abiding-
citizens-guide-to-privacy-1a593f2104c3#.3m4hd3g96)

edit: clarification

~~~
lorenzhs
That article recommends Tor for browsing without mentioning the dangers
involved. Malicious exit nodes are not hypothetical. It's easy to make
mistakes with Tor, so I'd be wary of a general recommendation to use it.
People who know more about this than me seem to agree:
[https://twitter.com/thegrugq/status/797608924606173184](https://twitter.com/thegrugq/status/797608924606173184)

edit: I'm also unsure about the warning against fingerprint authentication. I
use Touch ID with a long passcode and consider that the best trade-off. It
prevents everyday attempts to get into the phone and offline cracking. The
passcode is required after a longer time of inactivity. If you're paranoid you
can touch your pinky against it five times in predictable situations (border
controls etc). It's not perfect, but I think it makes the best tradeoff
between convenience and security for most "normal" people.

~~~
adrianN
The exact same dangers exist with normal browsing. Intermediate nodes on your
route can do whatever they want unless you use proper encryption. In fact,
things like sniffing your traffic are routinely done by $ThreeLetterAgency.

~~~
lorenzhs
Your argument is a classical example of "correct in theory, wildly misleading
in practice". As you can see on
[https://trac.torproject.org/projects/tor/wiki/doc/badRelays](https://trac.torproject.org/projects/tor/wiki/doc/badRelays)
(list isn't updated any more, so the real list is likely much longer) or
[http://www.cs.kau.se/philwint/spoiled_onions/techreport.pdf](http://www.cs.kau.se/philwint/spoiled_onions/techreport.pdf),
there have been several cases where relays actively interfered with user
traffic in a malicious way. Malicious exit nodes are used to MitM connections
and sniff sensitive data.

Note that Tor doesn't mitigate the three-letter agency problem, as they can
just sniff the exit node's target (I certainly would, there's bound to be lots
of interesting traffic there).

------
pmlnr
This is a vague question: it depends entirely on the protocol you're about to
use. I'll try to give a few answers anyway.

First of all, if you want total encryption, you'll need to make sure your
connection is encrypted and secured as well (meaning following you back is not
trivial), so the whole messaging should go through Tor[1].

There are plugin solutions for bitlbee[2], for Pidgin[3], and many other
clients supporting OTR and similar encryptions.

If you want all-in-one solutions, you probably should look at Tox[4], which is
a protocol, not just an app, built to be encrypted by default. It's
complicated and nasty to use and set up, but it's pretty secure.

Other ideas might be drawn from the prism-break Communications list[5],
listing apps like Chatsecure[6] or Xabber[7], both encryption-capable jabber
apps.

[1]: [https://www.torproject.org/](https://www.torproject.org/) [2]:
[https://wiki.bitlbee.org/bitlbee-otr](https://wiki.bitlbee.org/bitlbee-otr)
[3]:
[https://developer.pidgin.im/wiki/ThirdPartyPlugins#Securitya...](https://developer.pidgin.im/wiki/ThirdPartyPlugins#SecurityandPrivacy)
[4]: [https://tox.chat/](https://tox.chat/) [5]: [https://prism-
break.org/en/protocols/](https://prism-break.org/en/protocols/) [6]:
[https://chatsecure.org/](https://chatsecure.org/) [7]:
[https://www.xabber.com/](https://www.xabber.com/)

~~~
pmlnr
Downvoted? Sometimes I don't understand people. Please give a reason.

------
urza
As an alternative to Signal, I would also recommend Threema.

Mobile only, paid, end-to-end encrypted with in-person verification. Team and
infrastructure is based in Switzerland

[https://threema.ch/en/](https://threema.ch/en/)

~~~
nickik
The major reason why we (IT group in Switzerland) are not using it as much, is
because they are still not providing a Desktop Client.

~~~
Siimteller
Have you looked into Wire as an alternative? Also HQd in Switzerland, E2EE
with multi-device and desktop support + open source.

Happy to walk you through it (I'm siim@wire.com).

------
jaboutboul
Check out the EFF's Secure Messaging Scorecard:
[https://www.eff.org/node/82654](https://www.eff.org/node/82654)

Personally I use Signal and Whatsapp from that list.

~~~
pmlnr
Whatsapp as secure messaging? Sure.

~~~
Madsn
You may be interested in: [https://whispersystems.org/blog/whatsapp-
complete/](https://whispersystems.org/blog/whatsapp-complete/)

------
jedisct1
I like [https://wire.com](https://wire.com) and
[https://threema.ch/en](https://threema.ch/en)

~~~
libeclipse
Wire was in the middle of a shitstorm a while back iirc because it falsly
advertised that it encrypted everything end-to-end, when in actual fact only
text was so.

~~~
libeclipse
Here's a source: [http://www.pcworld.com/article/2855745/new-communications-
ap...](http://www.pcworld.com/article/2855745/new-communications-app-wire-
tones-down-encryption-claims.html)

My mistake. Text isn't end-to-end, only calls are.

~~~
CmdSft
The current Privacy page[1] seems to indicate that, at least now, text, image
and voice is end-to-end encrypted.

[1]: [https://wire.com/privacy/](https://wire.com/privacy/)

------
mrmondo
Signal has had several independent security reviews and has come out on top
each time.

------
sgt
I am under the impression iMessage is pretty secure and I use it extensively
as most of my friends and colleagues have iPhones.

Refer to
[http://www.apple.com/business/docs/iOS_Security_Guide.pdf](http://www.apple.com/business/docs/iOS_Security_Guide.pdf)
which specifies that RSA 1280-bit keypairs are used, and the private key is
held on the device. So in terms of transit - the protocol should be secure.

The only remaining option would be to question whether iOS is secure/insecure.

Apple claims: "Apple does not log messages or attachments, and their contents
are protected by end-to-end encryption so no one but the sender and receiver
can access them. Apple cannot decrypt the data."

~~~
hannob
> I am under the impression iMessage is pretty secure

Why's that? (I'm asking seriously, because I don't understand how people get
this impression.)

iMessage has some very fundamental design flaws that led to this attack:
[https://blog.cryptographyengineering.com/2016/03/21/attack-o...](https://blog.cryptographyengineering.com/2016/03/21/attack-
of-week-apple-imessage/)

The attack is not super-spectacular, but the more worrying thing is that the
design is not sound. They use an ad-hoc crypto construction that fails to
follow usual best practices. And they haven't really fixed it, they just put
some duct tape over it to avoid the attack.

~~~
sgt
Yes, but all software may have bugs. The attack you referred to was fixed in
9.3, and going forward there are no known attacks as far as I know. I think
it's safe to assume a lot of people out there are continuously trying to break
the iMessage crypto. For attacks that are not disclosed to the public (e.g.
intelligence agencies that would like to keep it secret), this can really
apply to any of the other competitors including Signal.

------
metafex
Check this comparison table: [http://öä.eu/bac.html](http://öä.eu/bac.html)
(or the full paper at /bac.pdf)

------
justanton
Surprised that no one has mentioned Telegram
[https://telegram.org/](https://telegram.org/) so far:

Encryption, fantastic stickers, photo editor, tons of interesting channels,
probably the best bots platform out there.

\+ all mobile platforms and desktop version (as well as web based)

You can also find it's code on github.

~~~
__derek__
The last I read was that Telegram was not secure. Is that not the case?

~~~
dylz
IIRC telegram secret chats are somewhat fine, all normal chat and group chat
is insecure

Correct me if I'm wrong though

~~~
__derek__
Reading more about it, I think you're right.

------
Siimteller
I've found
[https://www.securemessagingapps.com](https://www.securemessagingapps.com) to
be an interesting source of comparison. The author seems to actively update it
based on crowd-submissions.

There's also [http://öä.eu/bac.html](http://öä.eu/bac.html) (based on
[http://öä.eu/bac.pdf](http://öä.eu/bac.pdf) thesis) but I've emailed with the
author and he said that he's not keeping it up to date.

------
desfan
I personally like Wickr ([https://www.wickr.com](https://www.wickr.com)).
Although they're not as open as Signal, they've also passed several security
reviews and I do like their transparency reviews
([https://www.wickr.com/about-us/blog/2016/08/01/wickr-
transpa...](https://www.wickr.com/about-us/blog/2016/08/01/wickr-transparency-
report4))

~~~
aorth
A recent post about Wickr's bug bounty program painted them in a pretty poor
light. The company appears to have invited security researchers to contribute
to a bug bounty program and then, after researchers found and reported dozens
of issues, the company fixed the bugs and never paid or credited the
researchers.

[https://www.vulnerability-
db.com/?q=articles/2016/10/27/wick...](https://www.vulnerability-
db.com/?q=articles/2016/10/27/wickr-inc-when-honesty-disappears-behind-vcp-
mountain)

------
yousifa
I am working on a messaging & email encryption platform (for the reason you
mentioned) which will finally make encryption easy to use for non tech savvy
people. It is based on PGP, source will be available. If anyone is interested
in helping, giving feedback or learning more send me an email (in my bio or my
username at gmail.com)

~~~
luxpir
Can you tell us all more here?

~~~
yousifa
Sure,

Situation: Us "techies" know or easily can learn how to set up encryption and
protect ourselves, the general public will not. Everyone needs encryption but
most will only use it if: -their friends are using it -it is so easy a cave
man can do it -it is beautiful

Complication: Current products are hard to use and are built for hackers.
Encryption products need to build in vitality and understand the use cases of
most users. To be successful this must be built with usability and UX first,
not security methods first. Sormthing pretty decent that people use is much
better than a great system that most people don't use.

Solution: Browser plugins that act like they are a part of the current email
experience. Beautiful phone apps that give users the same functionality that
they are used to having with much better security. More info below, this is my
current thought process and work, not perfect I'm sure, would love input.

UX: Most users use email via browsers and default phone app. Initial plan is
browser plugins + standalone phone app. Browser plugins exist for pgp but are
too complex for the general public to understand and set up and require a user
to get the recipient's key. We streamline the process by just having the user
click "encrypt", enter a passphrase (will get to this in tech section), and
click send. We take care of setting up the recipient with their account if
they don't have one to be able to view their message. As for mobile messaging,
users will enter their passphrase when launching the app and then be able to
freely message, call, video chat until the switch to another app or exit.

Tech: Encryption using private/public key pairs according to pgp spec, of
which implementation is gpg. Encryption/decryption happens on device or
browser. We host last known good info for user public keys to prevent MITM
attacks and will only use other sources if we don't have info of a user.
Private keys are stored on our platform for cross device compatibility and so
they are not stored on the users device. However these keys will be
encrypted/decrypted on the users device using symmetric key encryption
implemented as a complex passphrase.

~~~
yoasif_
Have you looked at what Pretty Easy Privacy is doing?

[https://www.prettyeasyprivacy.com/](https://www.prettyeasyprivacy.com/)

They have iOS and Android clients, along with a subscription available for
Outlook (Windows), and planned desktop versions for Apple Mail, Thunderbird
and Web Browsers (Safari, Mozilla, Chrome and IE).

~~~
yousifa
It seems they only have an outlook plugin. I can't find their mobile apps.

~~~
yoasif_
Mobile apps linked here: [https://www.prettyeasyprivacy.com/get-pep-
mobile/](https://www.prettyeasyprivacy.com/get-pep-mobile/)

~~~
yousifa
Click on the App Store button. It just says "coming soon"

~~~
yoasif_
Ah, I hadn't noticed (I've installed the Android app).

------
nye2k
Kodex ([https://kodex.im/](https://kodex.im/)) FHE. Client side keys only.
Open source here
([https://github.com/kryptnostic/krypto](https://github.com/kryptnostic/krypto))

------
martygwilliams
zyptonite.com has some great features. Group messaging, group voice calls and
group video calls are hard to come by in the "paranoid encrypt everything"
world that we seem to find ourselves. That being said, one of their most
recent updates hosed my account so badly that I just switched to Signal.

I've also used Wire and I really liked it, but I had the same problem. The
update to the new technology broke it in such a way that I can't actually
message anyone anymore. If Wire can get their ducks in a row, I might switch
back.

------
ASmith__
Retroshare's private messaging tools, upgraded to coco20 end-end and able to
be routed optionally via I2P as well as via Tor anonymous networks. Retroshare
also has a optional VOIP plugin.

------
tmaly
I use WhatsApp. I know it says end to end encryption, but I do not know how
good that aspect of it really is. How is FB making any money from it if
everything is encrypted?

~~~
Jaepa
Onboarding non-US users to Facebook (Brazil & India particularly) & using
address book contacts & metainfo from encrypted communications to create
social graphs.

I've never really understood the argument of well its Facebook so obviously
they are lying. They are getting a lot of value out WhatApp, and the blowback
on Facebook would be pretty significant if they were lying and found out.

------
hiram112
I've been successful in getting a few friends to use Blackberry Messenger.
It's polished, has a lot of useful features, and is now free.

------
mordnis
I see no one recommending Ring. Is there something particualrly wrong with it?

------
agounaris
Aren't all of them encrypted now? I'm using telegram

~~~
donkeyd
WhatsApp is also encrypted, but it does share your data with Facebook. So
while end-to-end encryption always sounds secure, it not always is.

~~~
sprafa
Yes, this was what led me to now look for an alternative to WhatsApp.

------
sidcool
What about WhatsApp which is end to end encrypted

------
bert2002
Signal for sure.

------
thinkMOAR
Doesn't say to require to be instant messaging, so my best suggestion: A
pigeon with sd card tied to its leg with PGP encrypted data.

~~~
pmlnr
Never underestimate the bandwidth of a station wagon full of tapes hurtling
down the highway.

—Tanenbaum, Andrew S.

------
biokoda
The most secure app is Biocoded:
[https://biocoded.com/home](https://biocoded.com/home). The reason we claim it
is the most secure is:

\- Encrypted local on-device storage. We have an always-on mechanism and never
store the entire local storage decryption key on the device. It's half on the
device and half on the server. In case of lost or stolen device, all data is
still safe. In fact you can effectively "wipe" your biocoded app data even if
the device is offline by deleting the server part of the decryption key.

\- We allow private servers (not for free).

\- Double ratchet algorithm for communication.

~~~
Foxboron
Where is the source code?

~~~
ChoGGi
"Biocoded source code, security protocols and implementations are audited by
independent security agencies. Open source is not a guarantee or even an
indicator of security. For sensitive governmental and corporate use, open
source solutions are often dismissed outright."

[https://biocoded.com/faq#0](https://biocoded.com/faq#0)

~~~
huhtenberg
> _Open source is not a guarantee or even an indicator of security._

This is true.

> _For sensitive governmental and corporate use, open source solutions are
> often dismissed outright. "_

But this is a false argument. Open source solutions aren't dismissed because
they are open source per se, but because they generally lack predictable
longer-term support.

~~~
biokoda
> But this is a false argument.

Not for governments. Some are pragmatic, others will not even consider it if
open source.

~~~
huhtenberg
Got an example?

That is, of a government entity that explicitly rejects software products made
by recognized (for-profit) companies _because it 's an open source._

