Replying to Avatar Priv

Better than Signal?
Avatar
Jacob | Five Eye Tea 1y ago

It's more decentralized and anonymized than Signal, but it's not run by a non-profit, and it's definitely not nearly as tested as Signal. Honestly, there's not a whole lot that will get me to move away from Signal as my main encrypted messenger, but I do like to experiment with Session and SimpleX for a little bit of anonymous chatting.

I'd say it's a decent option if your threat model requires anonymity moreso than security and confidentiality. Signal still has the most proven track record and strongest encryption standards so far.

Reply to this note

Please Login to reply.

Discussion

Avatar
Priv 1y ago

In my country WhatsApp is omnipresent. Not using it means that I cannot even contact customer service or buy from the majority of digital stores because they do not use a land line anymore. Yet, I am the 0.00000001% stubborn without it. I try to bring people to Signal where I have 5 contacts at most. It would be hard to move people away from WhatsApp to yet another platform unless it’s utterly appealing.

Avatar
FreedomTech 1y ago

Mexico is like this... everything runs on WhatsCrapp, even businesses.

Avatar
Jacob | Five Eye Tea 1y ago

Yeah, WhatsApp isn't great, but I understand why people use it. I just try to convince people who do use it that Signal has the feature set that they're looking for with much better security and they don't have to tie it to their Meta account. It's still better than people using SMS or even Facebook Messenger, though. Unfortunately, a lot of people that I know use both of those no matter how hard I try to get them to join Signal.

Anyways, major respect for holding out under that social pressure. 🫡

Avatar
Priv 1y ago

It’s not difficult though. I just love it. When people ask me for my WhatsApp and I say I don’t have it they get in awe. Some ask how do I survive, others how do I talk to other people, how to I get things done, etc. I say I call. They look at me with a wonder expression for half a second when they remember that phones do call and then change to that of course expression. I just love these interactions lol

Avatar
Jacob | Five Eye Tea 1y ago

I remember getting somewhat of a similar reaction back in the day when I said that I didn't have Facebook. I eventually caved and got Facebook, but I wish I didn't because now I want to get rid of it, but I can't since some family only communicates that way 😂 But yeah, I have noticed that people do seem to get shocked if you don't have whatever the trending social media is. I say that I don't have TikTok and I get some Gen Z'ers looking at me as if I'm insane haha

Avatar
Priv 1y ago

The contrary happens to me. When I say I don't have facebook they immediately asks what about your "instaaaaaa" which I also do not have. The usual curious expressions follows but many times it is replaced by admiration. Many people I interact with say exactly what you just said, I wish I could be like you, but family.... to what I always reply well, my family knows my number 😂 Exceptions exist. This lady that works on my shooting range needed to contact me for some documentation. When I said I din't have WhatsApp she got angry saying how do you expect to be contacted. I always answer the same: when I need to contact someone, I find my ways. If someone is interested in contacting me, either they will find a way or it is not of my interest, hence, not my problem. That one got very mad.

Avatar
Jacob | Five Eye Tea 1y ago

Well, the thing about the number is that I only give that out to friends and family that I know won't bug me all the time 🤷‍♂️😂 But also, in a way, I would say that using Messenger is definitely a *little* bit more secure than using SMS, considering the fact that SMS is completely unencrypted, whereas Messenger does encrypt in transit and is now partially end-to-end encrypted.

It's not ideal either way, but unlike a criminal tapping a cell tower, Meta can only do so much with my data in a legal way. So yeah, at the end of the day, if I can get a person using Signal instead of Meta's chat apps, that's great, but I will still take WhatsApp or Messenger over SMS.

Avatar
Priv 1y ago

I have 3 SIM cards. 2 in a dual-chip dumb phone and 1 in my company issued iPhone. I share one of my dumb SIM numbers to stores and people I deal with in the street. The second dumb SIM number I share with online stores or whoever needs to reach me when I am expecting an online purchase. Both have redirects to my real number that only my family knows. In my iPhone I have two do not disturb rules. One 24x7 that only allows incoming calls from family. Another 8x5 that allows incoming calls and notifications from teams and work directory. Everything else is routed from those two numbers (Street and Internet). Rarely I am annoyed by anyone. It’s very neat and not relying on virtual numbers or anything that breaks. It is a setup I’m using for 7 years with great success. And yeah, I ignore all SMS as they are usually always SPAM.

Avatar
Keychat 1y ago

Simplex chat also uses the Signal Protocol for end-to-end encryption of messages.

Avatar
Jacob | Five Eye Tea 1y ago

I did know that, but does it use the post-quantum addition that Signal recently created? Genuine question, I don't know.

Avatar
Keychat 1y ago

I think so.

https://simplex.chat/blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.html

Avatar
Jacob | Five Eye Tea 1y ago

That's good to know for sure, thanks. That basically leaves only one more concern: the anonymity aspect.

On Session, they use onion routing based on nodes run by volunteers who stake the Oxen (soon to be Session Token) cryptocurrency. Meanwhile, on SimpleX, I don't know what maintains the anonymity. It appears to be based on SimpleX's servers, but how does that keep people anonymous? Because, if that is how it works, their servers are inevitably seeing the user's IP bouncing around. Compared to the onion routing, that seems like a relatively weak form of anonymizing users, even without the ID metadata.

Then again, I'm definitely not an expert, so I could be completely misunderstanding how all of this works. I know a lot of people say that SimpleX is more decentralized than any other messenger, but I'm not sure how that is the case if SimpleX themselves are running the servers.

Avatar
PlasmaGuardian 1y ago

Session is not very decentralized as Tor because it requires imvesting ~$1000 in a token (which is being replaced soon...) to run a node. Tor nodes can be ran by anyone. Session downgraded their encryption based on incorrect statements: https://getsession.org/blog/session-protocol-explained

Anyone can run the SimpleX servers, there's many other public instances you can use instead. IP address is indeed an identifier, but not part of the messaging protocol itself. You always have to expose your IP address to third parties, it's just your choice who sees it (SimpleX servers, VPN, Tor, etc).

Tor is also fully supported with in-app SOCKS proxy support and effectively kill switch for not connecting directly to non-onion servers, as well as .onion server mirrors. They wrote about it here: https://simplex.chat/blog/20240604-simplex-chat-v5.8-private-message-routing-chat-themes.html

Avatar
Jacob | Five Eye Tea 1y ago

Interesting info, you've given me a lot to read about. Thanks!

Avatar
PlasmaGuardian 1y ago

Does Keychat use post-quantum encryption?

Avatar
Keychat 1y ago

No, Keychat uses the same libsignal codebase as the Signal app.

Avatar
PlasmaGuardian 1y ago

Signal added a post-quantum key exchange: https://signal.org/blog/pqxdh/