Hacker News new | comments | show | ask | jobs | submit login
Ask HN: What encrypted chat application to choose?
46 points by sjustinas on Dec 20, 2014 | hide | past | web | favorite | 26 comments
I have been using Google Hangouts for IM until now, but recently became interested in an app that would ensure privacy of my conversations.

I have looked at several solutions, however, there doesn't seem to be a clear leader amongst them. There has been talk about Telegram's crypto protocol being broken, while TextSecure seems to only be available for Android. Desktop client is a must for me.

I'm no expert here, but in terms of HN love, TextSecure is the clear leader. tptacek (founder and former leader of security company Matasano) seems to support it, and it's developed by a legitimate security researcher, Moxie Marlinspike. moxie, in turn, I've seen supported by cperciva (all around genius and developer of tarsnap).

Now, take this all with a grain of salt since this is all just HN celebrity-worship / appeal to authority, but I don't really know what else to go on, not being a security researcher myself...

That said, as far as I know TextSecure is Android only, as you say, but I believe I read that both a desktop and iOS version are under active development and nearing release.

Wasn't it recently partnered with WhatsApp? Does that mean if you use WhatsApp between two recent android clients it's encrypted? If so, WhatsApp might be an option for you.

But it doesn't seem like that's the case, though, since I've used TextSecure and there's some (necessary) complexity in the interface to generate and share a key, as well as notifications about whether your messages are loaded in memory unencrypted. I haven't noticed any of this with WhatsApp.

A good start would be EFF's Secure Messaging Scorecard. They measured all existing solutions using 7 security features(from end-to-end encryption to open source and public reviews).

A few solutions fulfill all requirements (e.g. Telegrams code hasn't been publically reviewed while TextSecure was).

One problem is though, that many open source solutions aren't available for iOS due to issues between Apple's ToS and the GPL.

[1] https://www.eff.org/de/secure-messaging-scorecard

The EFF scorecard is technically unsound and not a good place to start. It actually caused a small controversy among crypto and security people when it was released.

To clarify, the most criticism that the EFF secure messaging scorecard had was:

* CryptoCat got a perfect rating, despite it's long history of insecurity, attack vectors, and questionable audits.

* Skype got rated more favorably then is likely the truth. It has since been corrected though.

* PGP got buried as a recommendation.

* A good number of tools were missing on initial release.

The big issue with the scorecard is the lack of rigid definitions, such as code audits. Developers will audit and review each other's code all the time. But most won't qualify that as a "security audit". So, does a security audit require a cryptographer to audit the code? A third party security agency? How in depth do audits go? Are there any standards or "best practices" to go by when auditing crypto code, or is it just a rubber stamp?

With that said, it does list (incompletely) a good set of tools that you can investigate, that you may not have heard of.

So what are your recommendations?

The problem with that report is that it's more of an assessment than a report. EFF didn't (or couldn't) evaluate or grade the technical merits of any of the chat systems. For example, a professional audit was merely a binary state - there either was one, or there was not. The results of the audit were not considered.

There will have to be a more thorough follow-up at some point.

>Tox is a free and open-source, peer-to-peer, encrypted instant messaging and video calling software. The stated goal of the project is to provide secure yet easily accessible communication for everyone.[1] The Tox Foundation took part in Google Summer of Code 2014.



Privacy against whom? What is your threat model? What platforms must be supported? What level of technical knowledge do your contacts have? Sadly those questions are still relevant.

My take (I doubt this exists, and won't use chat until it does) -

Privacy against whom?

Privacy against all parties not participating in an exchange. Also, I will not use an app that uploads my contacts. This suggests that contacts are added manually, probably using an email address as an identifier, with mutual authorisation.

What is your threat model?

Information disclosure, spoofing, tampering and non-repudiation. The threat tree might include elevation of privilege. Denial of service is also important, in that I want it to use decentralised servers - if one goes down (or is taken down) another server picks up the load. New servers should be easy to add by anyone.

Side note - servers are preferable to me, so that messages get through when one or more parties in an exchange are offline.

What platforms must be supported?

All the platforms my contacts use, so Windows, Windows RT, and Windows Phone; OSX and iOS; Android; Linux. A nice-to-have fall-back is a browser-based client.

What level of technical knowledge do your contacts have?

Enough to install the app, register and log in.

I've had some experience using Pidgin's OTR plugin [1] via Google Chat. It's a bit clunky for everyday use but it does the job.

[1]: https://otr.cypherpunks.ca/

Yeah the OTR plugin is really nice. I think it has suffered from some serious not-invented-here syndrome in terms of not being baked into Pidgin as a core feature (which it should be).

It has been included in Mac OS X's Adium client for many years, which probably means that it has the largest installed base of any end-to-end encrypted chat client, other than Skype. (Although I don't know if Adium automatically enables it, but at least it doesn't require another download and a clunky plugin enablement.)

I would recommend tox. If there is any other decentralized, open source, fully encrypted chat service I would recommend that as well.

Use a OTR-able client like Pidgin. OTR is protocol-agnostic and works over most IM protocols.

I've never successfully been able to get pidgin otr to work in Ubuntu. Have any links to a step-by-step tutorial?

Install the pidgin-otr package, enable the plugin, use it.

I'm with you. Not having both a desktop client and a mobile one is a large impediment to using many of these apps. Your best bet is something that uses OTR right now, probably, such as Pidgin on desktop with ChatSecure on mobile, or CryptoCat (but it seems it still only has an iOS version right now).

I'm waiting on TextSecure to gets it own desktop version (hopefully with video support as well), but I haven't seen any updates on that for half a year, so it's probably going to take at least another 6-12 months to be done.

I use usually Threema, but since you want a desktop client Word isn't bad. Still in beta though (I think)

For something more like encrypted anonymous email (that keeps sender and receiver location hidden), there's: http://voluntary.net/bitpost/

Are there any practical examples of Telegram's protocol being broken?

According to their docs, the server can MITM encrypted chats.


After that, if both clients trust the server software,

>Are there any practical examples of Telegram's protocol being broken?

Telegram has a $300K reward for anyone able to break it and demostrate it.

I would recommend http://prism-break.org, where you can find a comparison between free alternatives for popular software.

First, know your adversary. Is it your ex-wife, your ISP, some disgruntled hosting provider employees, or law enforcement? That will help you narrow down your choices.

Second, for an email-like replacement, you may want to look into Bitmessage. It's decentralized, trustless, and end-to-end encrypted. Unfortunately, it may be vulnerable to some attacks: https://bitmessage.org/forum/index.php?topic=1666.15

For a live chat-like replacement, you may want to look into Tox. It is also decentralized, trustless, and end-to-end encrypted. It is designed to be a Skype replacement. However, this thread regarding a security audit and the software it uses is slightly concerning: https://github.com/irungentoo/toxcore/issues/121

Both Bitmessage and Tox are wet behind the ears, so-to-speak. PyBitmessage, the main client, is written in Python. As such, the proof of work needed to calculate for each message is not optimized. Attackers have written clients in C to take advantage of Python's weakness to flood the network. Until the main client is also written in C, and the PoW algorithm is designed to take advantage of it, I'm sure there will be other network flooding problems on the Bitmessage network.

uTox and Venom seem to be the most used Tox clients, but I have had trouble getting uTox and Venom to actually work with video. Further, when both parties are using uTox, in some situations, while my video and audio testing work fine, the other party cannot see me or cannot hear me. I use uTox for signing PGP keys, so I've used it a number of times, and it's probably 50% at this point when it Just Works.

Both Bitmessage and Tox, however, have not had a security audit of the code.

Also, OTR and PGP have proven to be reliable, stable, secure, and enjoy large communities. With PGP, you can end-to-end encrypt your email, and with OTR, you can end-to-end encrypt your live chat, although video and audio are not supported. It doesn't matter about your email or chat provider either, and software exists for Windows, Mac OS X, GNU/Linux, and BSD for both.

Freenode also offers TLS-supported IRC servers, including hidden servers on Tor. Although Tor has been getting some press lately of the FBI successfully taking down pedophiles and drug markets, these are all due to mistakes by the end users, and not insecurities with Tor itself. So, Freenode on Tor might be a good one-off solution, where you just need to chat quickly, without registering for accounts, and staying hidden. See https://freenode.net/irc_servers.shtml#tor

Finally, if you're not familiar with the EFF Secure Messaging Scorecard, you might want to take a look at it: https://www.eff.org/secure-messaging-scorecard. There are a lot of clients there, including the various security margins of each, so that might be of interest.

retroshare is all you need!!


try cryptocat

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact