deleted
this post was submitted on 16 Dec 2023
28 points (91.2% liked)
Privacy
34247 readers
1037 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
The "truly private" req really smells with "I have no threat model and don't know what am I doing"
Yeah. What does privacy mean?
Does it mean nobody knows what you're saying? Doesn't mean nobody knows that you're talking? Doesn't mean nobody can tell two people have engaged in a conversation?
In addition to direct observations, you can make indirect inferences from many of those characteristics.
If I can observe your peer to peer traffic I know who's talking to who.
If I can observe your network, onion routing layer, I can determine who is talking to who with high probability
If I can see network traffic at all, I can determine who our members of a group, if the group messages are delivered simultaneously.
If you allow for servers that can't read your messages (Tor nodes and such), "serverless" messaging is quite possible. All the layers of encryption and redirection aren't great for latency, but there's no reason two phones can't be connected over Tor/Veilid.
The problem in practice, I think, is notifications. To receive notifications, you need to be online all the time. To be available on Tor all the time may help deanonimze you so you also need to shake up your connections every now and then, which requires some CPU heavy recalculations and key exchange from the network as connections are reestablished.
deleted
https://www.privacyguides.org/en/real-time-communication/
https://www.securemessagingapps.com/
Peer to peer messaging is rare, but briar as you identified is pretty good. Though android only.
The trouble with peer to peer is it isn't very private as the people you message see your connection directly, except with briar
simplex uses relays/servers, but incoming and outgoing messages are configured to pass through separate servers. you can see this in the network settings
Not exactly what you're looking for, BUT the best bet would probably be jabber/xmpp. There is a server involved but you can be that server with a ras pi or an old laptop, or VPS, and with OMEMO e2ee, the server can't see message content only "bob sends X to john." And as the server owner you can keep no logs and trust yourself.
Session doesn't store logs on a central server. They are encrypted and stored on lokinet.
Anyway other options are: Jami, Signal or Molly and maybe matrix. Keep in mind Briar will drain battery a bit and doesn't receive notifications offline unless you setup a dedicated device
Meahtastic and LoRa actually meet your requirements
https://www.youtube.com/watch?v=EAQI2ZSmxPU
Peer to peer messaging, line of sight.
It's been stuck in "coming soon" hell for ages, but VeilidChat may be of interest to you.
TorChat is rather clunky, but any privacy respecting chat app without an intermediate server will be. Is a bit like Tor but with some improvements, so running a chat protocol on top of it should work better.
Note that there is an app called "veilid chat" out there that doesn't seem to have anything to do with the people writing code on the Veilid network.
Thanks for the sharing @skullgiver@popplesburger.hilciferous.nl
I've check VeilidChat for the moment indeed it is just a network framework... so no apps ready yet (unless I'm mistaken )
The negative point is that the developer use exclusively google tech for it !! ( Dart, flutter )
So why peoples that want to fight for freedom use the Sauron tool !? it baffle me...
Have you looked in to Jami?
no ! thanks ! look promising too.
I'll try it and give my review... but is it require to make a "jami" account on their server !??
As I understand it, the account is on your machine only. If you delete your profile, it's gone, unless you made backups. But I may be mistaken.
I think your mistaken... Can someone confirm ?
So I was eager to test Jami, but on Windows it require Windows 10.. so no way --> https://itvision.altervista.org/why-windows-10-sucks.html
anyway I gave a quick try on a test machine (win10) But I got , not matter what I entered
Too bad because it had on paper, a lot of nice features..
On linux, too bad they don't provide (yet) an AppImage...
A little update.
I've just tested simplex on Android.
it's very well thought out ! The features make sense. UNFORTUNATELY it's not P2P ! all the messages pass by their servers :'( with Briar it's P2P.... weirdly they claim their way is better than P2P ! any comment on that ?
In my point of view, if messages are stored somewhere it's mean the can be process[^1] !
Cheers.
edit: lemmy link to their community !simplex@lemmy.ml
[^1]: Copied, analyzed, cracked (Brut force or what ever)
It sounds like you're assuming that everything you put out there isn't already being stored.
Thank you very much @jet@hackertalks.com & @Quexotic@beehaw.org
The EFF article is really interesting for everyone. ( I was aware of this )
Indeed no one should assume that his packets are not intercepted along the road. But conceive an software that on top of that, specifically route the traffic trough his server not make it better (on the opposite in my opinion)
Even if the owner of those server do not process the data... ( This is relying on blind trust) those servers might be breached. (in addition to the systemic data recording, like in the EFF article )
Let put it simple, is SimpleX offer on the actual Internet (can't wait the next gen, GNUnet or anything similar) a similar level of Trust & privacy than Briar ?
I've did some more digging.
and Briar still remain better at security level !
The big downside of SimpleX is that it's not P2P and IP correlation by watching your traffic is possible.
SimpleX recommend to use Tor on top of it with for example Orbot. That's a good idea, but not the best to convince none-tech folks to adopt it. (it's already so hard to change peoples habit... ) Tor should be embedded.
As soon Tor is embedded I will migrate to it. SimpleX have nice thought features and it's easy to use.
I don't know.
Direct peer-to-peer connections giveaway your IP address to the person you're communicating with. Meaning anybody observing the network can see two people are specifically communicating with each other. Briar attempts to get around this by using Tor to obscure it.
But briar is using Tor as a relay, just like simple x does. The architectures are very similar from that lens.
To your threat model, ideally data does not rest on the network, but you have to assume any data that hits the network is being recorded by a bad actor to be analyzed later.