Whats the preference to work on SFOS whatsapp, telegram or signal?

+1 for XMPP

Improvement for Matrix would also be nice, something about encryption is broken in Sailtrix - I sometimes can’t even read my own messages…

1 Like

Yottagram / Telegram

Telegram all the way for me

I wish Whatsapp would work natively as alot of my less tech interested friends use it, Ive gotten some to switch to Signal which is great, but most living outside Europe have never heard if Signal and are very dependent on Whatsapp instead

In the end, it’s all three for me:

  • Telegram - best native clients on Sailfish, hence my primary choice (unfortunately, none of the native clients implement folders - I have tons of Telegram channels, and in the desktop clients, folders are a great help). My own family and one organisation I’m a volunteer in use it, so the most important communication is covered. Also, Telegram has the best desktop clients, which are vital to me as I use clients across many devices (biiiig usability drawback of WhatsApp, for example). Until recently, Telegram also was the only of the three with a decent channel implementation, though WhatsApp has caught up by now.
  • Signal - for those amongst my family/friends/acquaintances who use it - by far the smallest group, though very slowly growing. The native client is decent, but for some odd reasons, it seems the favourite target of the out-of-memory-killer and I need to restart it at least once a day…
  • WhatsApp - unfortunately, there are several organisations I’m in (for example two choirs) that use WA for communication. Not a chance of changing that. For that reason, I keep an old Android-phone (LineageOS) at home to run WhatsApp, so I can access it at least on some other devices using the web-client. Added bonus: that way, WA does not get near my main address book - the one on the Android phone only contains people of whom I know that they are on WA. And everybody who contacts me on WA gets told that I only very infrequently check WA and that they cannot expect fast responses.
4 Likes

It is the Matrix maintainers which broke their own encryption: Older Matrix clients also show these issues.

As Jolla, they do not think backward compatibility in their software-ecosystem is of any importance, hence they feel free to make disruptive changes at any time in the expectation that third party app maintainers are continuously adapting to these changes.

1 Like

Telegram (Fernschreiber)

4 Likes

I heard Signal is the safest.
I love the engagement and huge work that @rubdos and @direc85 are making.
I’ll switch to Whisperfish (Signal) when stabilized (perhaps already the case? have to check).

In the meantime, using Fernschreiber (Telegram) mainly, which is almost perfect, out of missing audio calls, I’d say.

4 Likes

Yes, by far. Telegram is being very deceptive. See e.g. the latest Tweets by Matthew Green, or any other authority on the matter. https://twitter.com/matthew_d_green/status/1788517414692372588. WhatsApp is not being that deceptive, but they’re also far from state-of-the-art in privacy-enhancing technology. Signal sets the standard, the others sometimes follow.

It’s not only OOM, it’s also my ability to introduce many bugs :wink:

Thanks :slight_smile:

Our current recommendation, if you want to use Whisperfish, is to install Molly (the Android app) or Signal Android (the official Android app), and register Whisperfish as linked device. That way, you have the best of both worlds. Whenever WF fails, you can open your Android app, but usually you’ll just have the native experience.

8 Likes

I doubt that. Look who are in the Signal board members and their history.
I doubt any of them are safe. Why they require a phone number to register?

2 Likes

I won’t duckduckgo that for you but serious research normally puts Signal on top, mostly followed by Threema.

I am sure I am not on top of these things, but here’s my thinking:

Telegram minus: not E2E by default
Telegram challenge: non standard encryption
Telegram plus: verifiable builds. large communities, as long as you don’t need E2E

Signal minus: non-verifiable builds (does that apply to Whisperfish?),
Signal challenge: standard encryption, multi-player chats
Signal plus: E2E by default

Matrix: I am pretty ignorant, maybe it has E2E like Signal (also with multi-player chats) and verifiable builds.

Whatsapp: A binary executable that says it is using E2E. Just ignore. Why is this even mentioned is beyond my understanding. There are reverse engineers that monitor it if it still using signal protocol… how could that go wrong…?
Whatsapp minus: backups.


Why is standard encryption or not both a challenge?
Well, because previously standard encryption was made to be broken. Does it mean that using non-standard is better? No, neither…

Why is multi-player chats a challenge?
Because this is an attack vector.

Why backups are a minus?
Because you don’t have to key in a password when you restore them… get it?


Shady references:

  • Referencing the board Signal problem is probably this: Signal’s Katherine Maher Problem | City Journal
  • What instant messenger is painted with grim usage, is also the best for privacy. If you never heard of a coup d’etat on Whatsapp, you should know why.
6 Likes

@vlagged, you missed XMPP (“Jabber”) with OMEMO, e.g. by Coversations client in an Android runtime environment.

As with Matrix and its clients, server and clients are verifiable, hence these two are the only solutions I would ever trust. But with XMPP it is a lot easier to run an own server, as there are two well established FOSS implementations (ejabberd and prosody) and XMPP servers are federated (like email servers) by default, hence one can use any running server to chat with users on any other server.

See also: XMPP | XMPP Software

5 Likes

Yottagram is a native SFOS client and actually recognises folders. You have to set the folders up on another, non-native client, but when done Yottagram displays all the folders along the top of the screen. Selecting that folder then displays only the users, groups or channels in that folder. A partial solution perhaps?

2 Likes

Thanks for the pointing of XMPP / OMEMO @olf.

Unfortunately, though I joined a Jabber server a long time ago, it quickly became not-so-useful to reach my contacts (when GTalk and other proprietary messengers jumped ship) and I didn’t even experience the Sailfish integration - but understand it is not OMEMO if I recall correctly…

Also, I mentioned Matrix because I kind of use it, but I did not imagine it being a P2P chat app, but more like communities that were once driven on IRC (and today Slack or Discord and others joined). I will take it more seriously for person to person chat from now on indeed! Considering there are at least two ways of reaching Matrix 1 (Sailtrix and Hydrogen Web) this is indeed a good place to be.

(And instead of a later edit to my previous “rant”: I just want to say that I am not a researcher and only wrote the above with my gut feeling. Some people here may know more of the inner workings of the stuff, I am very open to use this way to learn)

2 Likes

On the topic of XMPP, if you like curses apps, irc, irssi, and XMPP, you can try profanity, recently appeared on Chum.

4 Likes

Alternative links: https://nitter.poast.org/matthew_d_green/status/1788517414692372588
https://farside.link/https://twitter.com/matthew_d_green/status/1788517414692372588 (reload if error)

Thank you for this information (also the article linked in the tweets). I never considered Telegram, but recently I did. After reading this I’m back to not considering it.

3 Likes

I agree with your points. Signal has verifiable builds for Android (afaik), not for iOS. See that thread by Matthew, he explains that. I’d also add “deceptive marketing” to the list for Telegram (see e.g. Matthew yesterday at https://twitter.com/matthew_d_green/status/1789690133765091532 / https://nitter.poast.org/matthew_d_green/status/1789690133765091532, the whole thread is interesting btw).

@calinutzzz, Session seems rather cool indeed. They also do some deceptive marketing (I follow them on Twitter and I have a weekly to bi-weekly facepalm), but it’s nowhere near the level of Telegram.

Re., Threema, I’d stay clear of them too. See e.g. this very ugly story https://nitter.poast.org/ThreemaApp/status/1612349998837940226 / https://www.twitter.com/ThreemaApp/status/1612349998837940226, where Threema was defaming some cryptographers after working with them to patch a bunch of vulnerabilities. There doesn’t seem to be anything wrong with their current claims, but that’s the best I have to say about them.

Some more plus points for Signal: Signal does not know about group composition, nor about who is messaging who. Only Session can claim the same point, but that’s mostly by accident.

I sadly have to agree with this. Only (mostly?) Meredith seems believable. If it was not for her being president, I’d be more scared.

Long story short: spam prevention. Short story long: they’ve been changing their registration procedure the past two years to remove this dependency. The main refactoring work is done, and I expect them to allow you to register with an email address around this year. That’s not a promise by them, and not by me either, but we’ll see!

Matrix… I don’t know. I haven’t studied any recent versions, but it’s already itchy that sometimes keys don’t sync, there’s quite a bit of key management burden pushed to the user, … Doesn’t feel right to me. I stated in my talk at the SFOS meetup in Lausanne that I like to use it for regular “business” communication, but I wouldn’t use it for any intimate conversation.

EDIT: More evidence against Telegram: The Most Backdoor-Looking Bug I’ve Ever Seen
EDIT2: Seems like there’s some developments around the Signal board of directors on Twitter too now; https://twitter.com/kaepora/status/1789991606059208718 (https://nitter.poast.org/kaepora/status/1789991606059208718)
EDIT3: Threema is getting involved too! https://twitter.com/ThreemaApp/status/1790070819659317469 https://nitter.poast.org/ThreemaApp/status/1790070819659317469
EDIT4: The article that Threema posted here above is actually pretty good. Chat Apps, Government Ties, and Transparency – Threema They seem to leave out some important details w.r.t. any modern additional privacy protection, but I’ll let that pass as “out of scope for the article”.

6 Likes

All this fiveeyes vs fsb drama seems to confirm xmpp+omemo is the right choice

9 Likes

XMPP. I think @ron282 project to port Kaidan to SailfishOS GitHub - ron282/harbour-kaidan: Simple and user-friendly Jabber/XMPP client for every device and platform is very good. Recently, Kaidan developers commented in the Kaidan XMPP support room that they are working to bring multi-user rooms in the next version and more future features like calls and video calls, so SailKaidan can take advantage of it and finally have a good XMPP client in SailfishOS.

8 Likes