It's incredibly difficult to keep people from using insecure technology.

After the whatsapp facebook aquisition many of my friends looked for something different. So they choose Threema and Telegram. Which are both horrible.

Please guys. Use TextSecure [0].

[0] https://en.wikipedia.org/wiki/TextSecure

I'm another enthusiastic vote for TextSecure; those guys work on TextSecure because they love the core problem of doing secure comms right, and it vividly shows in their architecture and the way they write about it.

The problem is that TextSecure is not seriously trying to be the next messaging app, and Threema and Telegram are.

It would be nice if there was actually anything better than Telegram I could recommend to my friends, but there just isn't.

moxie has openly invited devs to use TextSecure as a backend.

TextSecure still doesn't have an iOS client. ;(

Even if you don't feel iOS devices are trustworthy, as long as it's limited to the Android-only world, it's not going to gain a wide adoption.

It looks as they welcome serious development contributions, here's the github of TextSecure-iOS:

https://github.com/WhisperSystems/TextSecure-iOS

They also experiment with alternative currency contributions:

https://whispersystems.org/blog/bithub/

I think what I've never found is a honest description how much exactly we have to trust their server (on various levels, from the security aspects to the uptime aspects), and what would be the possibilities for involving other servers.

What's the consensus on CryptoCat? So far that seems the best secure candidate on iOS.

When people ask me directly, I tell them to avoid Cryptocat, in a spirit similar to the one I used in the 90s when telling people to avoid Sendmail.

I can't use TextSecure on my new Android device because it's not available on the Amazon App Store - it's only available on Play.

The people I communicate with are on iOS where there's no TextSecure client.

But the bit I dislike about TextSecure and whatsapp is that it's based on a phone number bound to the contactlist of your Google Play Android phone. I see a very strong movement towards kik messenger among my peers because usernames are so easy to deal with and share around in semi-public places.

>Please guys. Use TextSecure.

Believe me, I would love to.

But I don't have an Android phone, and even if I did, not all my contacts have one.

The reason WhatsApp is so popular is exactly this, it just works and it works on all mobile platforms.[1]

[1] http://blog.textit.in/your-path-to-a-$16b-exit-build-a-j2me-...

People are working on iOS version.

But as OP point out, iOS and Android are not the only platforms, there is also S40, symbian and Blackberry, which is where whatsapp shine.

I have WP8, as do most of my contacts. Right now I'm stuck with WhatsApp whether I like it or not.

>I have WP8

That's really your problem though.

It's even more difficult when alternatives are so scarce. For example TextSecure doesn't exist for iOS.

I also doesn't exist on non-gooogle play devices, because the author thinks that getting software from somewhere else than walled garden is "repeating the desktop mistake all over again" [1]

There might be iOS version, but there very likely never will be web version, or FxOS version or desktop version or anything like that.

Which is really sad, because unlike Telegram authors, TextSecure's author is very good with crypto.

[1]: it's a long read: https://github.com/WhisperSystems/TextSecure/issues/127

Actually they've announced there's a web and browser-addon version in the works, so we might be able to get it on PC.

Devs are working on a version for iOS.

What's the problem with Threema? This looks fine to me: https://threema.ch/validation/

Threema seems to be using http://nacl.cr.yp.to/ for anything crypto related.

It's not open source, so it can't be trusted.

NaCl is open source. The client software itself is considered to be open sourced.

Regardless, if you think that way you can also not trust the TextSecure binary you've downloaded frome the Play Store nor the Android phone you're using.

I guess you've trust someone or start building your own hardware, mobile phone OS and instant messenger and make everyone else use it as well, otherwise there's no one to communicate with. However, those people will be in the same dilemma:can they trust you?

I wish people would not just downvote when they disagree, but state why they disagree.

This is bad advice. If your friends was happy with WhatsApp they don't care much what it the most secure messenger but probably want to use it on iOS or chat with friends with iPhones.

Just FYI. While Bitmessage is not a fast option (anti-spam proof-of-work per message may take a couple of minutes), it is a remarkable example of a very secure messaging tool in every aspect. Its design even gives you better privacy than Tor.

More info: https://bitmessage.org

The idea behind Bitmessage is that messages are fully encrypted (including recipient's address) with per-message random DH key derived from recipient's key. Then message is transmitted to everyone in a p2p network. Every node tries to decrypt the message with its key and if it succeeds - that's the message for them. If not, it passes the message to other nodes. Propagation time is quick, but to prevent DoS, each message goes with an expensive one-time proof-of-work proportional to the message size. Another measure is artificial separation of messages and nodes in "streams" so that message is only propagated within a smaller part of the network. As network grows this will not hurt privacy, but will keep amount of data flowing around in check. Bitmessage in principle is like email (that is checked every few minutes, not seconds) rather than real-time chat. But the idea could be brought to real-time chats too if we solve DoS and bandwidth issues in a different way.

How do you initially learn a recipient's key? That seems to often be the problem point.

How do you learn someone's username or email? They tell it to you. Actually, in Bitmessage they tell you an "address" which is a compact hash of a pubkey. Then, p2p network uses special kind of message "what's the pubkey for this address?" which allows your client to find out the pubkey.

An address looks like this: BM-orkCbppXWSqPpAxnz6jnfTZ2djb5pJKDb (this one belongs to an echo server). People who got used to Base58-encoded Bitcoin addresses will find this familiar.

Is it forward secure yet?

It's not because DH key generation is not interactive. You generate a random cofactor pubkey alone, which will be used together with the recipient's privkey to produce a shared secret from which AES key is derived. So if the recipient's key is leaked, all their messages would be recoverable.

So, that's a privacy level worse than that of OTR, right?

It depends on the context. If your OTR is going through a central server or a compromised Tor route, adversary can learn who you are talking to. E.g. Adium OTR plugin sends encrypted messages, but identities of Alice and Bob are in the clear to NSA.

Bitmessage does not do any OTR tricks (I myself do not think OTR is very important), but guarantees anonymous routing probably even better than Tor: every message is routed to everyone randomly without any particular route whatsoever. In addition, protocol can be extended to wrap messages with some random person's key, so you get double-clouded routing.

So, Bitmessage might give you even better tangible privacy over Tor, while not giving any of disputable value of OTR.

PS. Why I think OTR is of little value.

OTR is a trick Alice uses to release signing keys after talking to Bob. Bob can retain the info on his disk and be interrogated, but Alice sort of "proves" that anyone could produce that data, so she's innocent. In other words, OTR is not about hiding any information, but about telling the court that "i was smart, you can't prove it was written by me". Logically OTR makes sense, but without being tested in court (which is not a department of logic) it's worthless. And I believe, when it comes to a trial, your adversaries will have plenty of parallel construction in addition to judge's "common sense" to invalidate any trickery that your might have employed. In other words: if you talked to Bob and his data is taken by NSA, you are doomed, with or without OTR.

EDIT: I meant "deniability" part of OTR. "Perfect forward secrecy" is indeed valuable, but not implemented yet.

Please guys, Use AlternativeChatAppNoneofThePeopleIKnowAreOn.

The real problem with all of these oh-so-secure-much-better-alternative-chat-apps is that nobody uses them. What's a communication network when there are no communicators? Just a network.

Unless X or Y gets better traction than WhatsApp, you will just be "that guy" who refuses to use WhatsApp and is instead on some novelty app nobody else uses. Though tinfoil insults are passé, they will bring them back just for you.

Really makes me wonder why some of these existing clients don't just implement the OTR stuff that is already pretty standardized on desktop clients.

http://en.wikipedia.org/wiki/Off-the-Record_Messaging

edit: looks like Xabber and ChatSecure both support it on Android.

1. Because you need to have a session open at every time 2. Because OTR appends the key for the next message on every single message, so if A is sending several messages after each other while B is offline all of them will be encrypted with the same key.

TextSecure fixed both of these issues but is otherwise based on OTR. You should really look into it.