So, I have a Threema license, but from what I’ve seen its encryption isn’t post-quantum. Signal’s encryption seems the strongest. I host my own matrix server.
Also, I kind of don’t care where the servers are or which provider it is. Everything is encrypted anyway.
You must log in or register to comment.
Of the three, Signal is the most secure. Now in about 2.5 seconds, someone is going to start screaming about the phone number requirement. This is used so that you can go from desktop to mobile with the same profile. You can set Signal to hide your phone number from everyone else but you. It’s a non-issue.
There is a reason why Elon Musk doesn’t let people post about Signal on his Nazi social network. Because it works.
It’s an issue.
You can’t create an account on desktop. You can’t create multiple accounts. You can’t create an account at all if you don’t have a phone number. You can’t create an account if your phone number’s previous owner created an account. Signal can be subpoenaed for your phone number.
Is it possible to use a number different to the one on the device you use? Seems like a simple workaround to use a throwaway SIM to set up, and then use it with that number moving forwards.
That sounds like an awful lot of work to workaround a problem that shouldn’t have existed in the first place.
You say this like username logins don’t exist
No, we know that, but people will still come scream here that you need a phone to register anyway. It’s all the time the same people. Not realizing that is the easiest onboard that all the normies are used to and an easy way to control spam accounts.
I mean if you acknowledge that user names can be used like any other website then your point doesn’t work. They don’t need my phone number. Most applications don’t need it but they do? Come on.
Signal is the most secure
[citation needed]
EVERYTHING in Signal follows an encryption or tokenization chain. Not like crypto coins but real actual chain-of-custody type encryption workflows. It uses elliptical curve cryptography where the key for each message moves forward along an elliptic curve, which are excessively difficult to guess the factors for once it is selected if you are not the key holder. This means that even if someone cracks the key for a single message you sent, they are going to have to crack the key for every other message still as each one is different. Even the metadata is encrypted by the user’s keys.
Signal doesnt have usernames in the traditional sense. It’s phone number+6 digit pin hashed into an encrypted signature.
The signal company can’t see anything you do besides account create date and last login date, even if they wanted to due to how their platform is set up.
Meanwhile, Matrix literally clones the metadata between servers when a user connects to and starts talking to users on another server, in plaintext (maybe encrypted at rest but not E2EE).
OK, and how is that different from the other chats?
You do know that at least Signal and Matrix use pretty much the same crypto, right?
And Matrix can be self-hosted, so I don’t need to worry about what they can see anyway.
On this point alone Matrix appears more secure than Signal…And Threema is Switzerland-based, so by default it’s more trustful than a USA-based company.
The metadata is really important especially if you or anyone you talk to ends up being targeted. 95% of intelligence work is mapping out adversaries’ communications networks…if you have that, you don’t need to decrypt the contents because you already know who is talking to who. The federation of metadata alone is reason to avoid matrix for anything important.
Thank you for being one person in this thread that actually read and understood my comment.
A bunch of comments repeating “Signal is the most secure because I said so” was not helpful.
I just saw your reply to me and was about to say the same thing, but they worded it perfectly. And I did mention metadata as a key point in my original post.
All the fucking people that actually know cryptography and are experts in their areas.
It’s good to be inquisitive but at some point if a person is not qualified to understand either you gotta belief some authorative figure or pay someone you trust to go review the code if you still don’t trust it.
Multiple experts have said for years that it’s solid. There’s audits out there. It’s used in the most extreme places where people need to survive and commucate securely and governments keep screaming they need backdoors because they can’t fo anything about it.
At some point the whole questioning it has to stop.
Continuing to eat garbage opinions from the internet and growing conspiracy theories eventually has a limit.
Sure, buddy.
Maybe you should read the comments you’re replying to first.
If you can’t do that much then maybe you just shouldn’t comment at all.I’ll simplify it for you:
- Did I suggest Signal is not secure? No.
- Did the OP make a claim Signal is somehow the most secure chat on the planet based on non existing sources pulled out of his ass? Yes.
Discussion quality on Lemmy starts looking like Reddit now.
Almost feels like home…
I prefer signal because it’s been the easiest one to convince my friends and family to use. I have like 8 friends on Signal, the 1 I got onto Matrix quit after a week. Matrix I treat more like foss Discord so I only use it for communities. ElementX is really nice though so I have hope that eventually it could be as smooth to use as Signal.
Self-hosted Matrix.
It still needs polish, but it’s on a good path. Meanwhile others are centralized by a single authority with an easy target painted on them for government coercion along with multiple other attack surfaces, and even information easily traced to PII. Also, not everything is encrypted. A lot of metadata is left out of E2EE. And those servers/providers have that data.
By contrast, a drop in the ocean is far more likely to not be targetted from the outset, making pretty much any matrix server (potentially with the exception of the matrix.org one, but it’s ok to treat it as a demo anyway) a really good choice in that sense.
Signal is much more polished and less fragile than Matrix, but is pretty barebones especially in terms of features for large communities. Matrix additionally has a browser client and many non-Electron desktop clients. It’s really close and depends on the use case imo. For personal messages I think I prefer Signal, for communities Matrix.
I haven’t used Threema.
I liked the Matrix because of all the kung fu karate fights, though I got to say the second one was the best, even though the third one had a Dragon Ball Z fight at the end
Signal
Post-quantum isn’t really a big problem because it will be a very long time before there are viable quantum computers (maybe never). You should focus on the very real risks of security breaks from normal negligence and design errors.
Threema seems pretty unpopular, so the risk is highest. Signal and Matrix are both popular and have a lot of scrutiny on their cryptography.
All 3 have open source clients, but Signal contains some binary blobs. Only Matrix has an open source server, though end-to-end encryption enforced by the client alleviates most of the concern of proprietary servers. All 3 support end-to-end encryption.
Threema has been audited multiple times.
Matrix because I can host it myself. I like self hosting. But I agree that it is the least polished of all.
Self hosted matrix with bridges to WhatsApp and telegram. What else…
