Signal is 100% open source man, you're thinking of WhatsApp.
Discussion
oh my b
It's cool. Easy mistake. WhatsApp implemented the Signal Protocol in their app but as you said it's closed source. Their particular implementation also leaves metadata unencrypted. Signal itself is the most secure E2EE messenger around.
I'm a big fan of conversations.im
That's a good one too. And decentralised if you setup your own XMPP server. OMEMO is based on the Signal Protocol too. Very good.
what are your feelings on threema and simplex?
Threema has a lot of vulnerabilities in the implementation of the NaCl cryptography library last I heard - basically the cryptographic algorithms it uses are good but they've been implemented in a sloppy way, leaving it open to side channel attacks (exploits to bypass the encryption without needing to break the encryption itself).
I have been meaning to look into SimpleX, seen it mentioned on Nostr a fair bit, I'll try getting around to looking into the details and testing it this weekend because I've been curious. But as of right now, can't give an opinion on something I haven't tried.
No - signal is not the most secure Messenger!
All traffic of the SignalApp goes over the clouds of Google, Amazon, Microsoft & Cloudflare. And they say: "Thank you stupid Signal Users for your MetaData"
Check:
www.securemessagingapps.com
Rate the security:
🟩 = 3
🟨 = 1
🟥 = 0
Results:
1. Threema = 85 = the most secure one
2. Session = 79
3. Signal = 77
4. Element / Matrix = 59
5. WhatsApp = 34
6. Telegram = 29
7. Apple iMessage = 25
8. Facebook Messenger =25
I still don't like signal tho. don't remember why lmao
Probably because it requires a phone number, that’s my guess at least.
Ninja'd me on this one haha.
Yeah that's the only problem with it.
Only thing I don't like about Signal is you must use your phone number. No username option.
That's why I mentioned Session as an alternative, it generates a public key instead.
Yeah I have given up on signal in favor of session. Signal is a great app for most people but for evading digital profiling, not so much.