mirror of
https://github.com/privacyguides/privacyguides.org
synced 2024-11-10 13:13:35 +01:00
Downrank messengers without PFS (#1999)
Co-Authored-By: mfwmyfacewhen <94880365+mfwmyfacewhen@users.noreply.github.com>
This commit is contained in:
parent
d67dcaea11
commit
242894c291
@ -7,7 +7,11 @@ These are our recommendations for encrypted real-time communication.
|
|||||||
|
|
||||||
[Types of Communication Networks :material-arrow-right-drop-circle:](./advanced/communication-network-types.md)
|
[Types of Communication Networks :material-arrow-right-drop-circle:](./advanced/communication-network-types.md)
|
||||||
|
|
||||||
## Signal
|
## Encrypted Messengers
|
||||||
|
|
||||||
|
These messengers are great for securing your sensitive communications.
|
||||||
|
|
||||||
|
### Signal
|
||||||
|
|
||||||
!!! recommendation
|
!!! recommendation
|
||||||
|
|
||||||
@ -40,38 +44,7 @@ We have some additional tips on configuring and hardening your Signal installati
|
|||||||
|
|
||||||
[Signal Configuration and Hardening :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/)
|
[Signal Configuration and Hardening :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/)
|
||||||
|
|
||||||
## Element
|
### SimpleX Chat
|
||||||
|
|
||||||
!!! recommendation
|
|
||||||
|
|
||||||
![Element logo](assets/img/messengers/element.svg){ align=right }
|
|
||||||
|
|
||||||
**Element** is the reference client for the [Matrix](https://matrix.org/docs/guides/introduction) protocol, an [open standard](https://matrix.org/docs/spec) for secure decentralized real-time communication.
|
|
||||||
|
|
||||||
Messages and files shared in private rooms (those which require an invite) are by default E2EE as are one to one voice and video calls.
|
|
||||||
|
|
||||||
[:octicons-home-16: Homepage](https://element.io/){ .md-button .md-button--primary }
|
|
||||||
[:octicons-eye-16:](https://element.io/privacy){ .card-link title="Privacy Policy" }
|
|
||||||
[:octicons-info-16:](https://element.io/help){ .card-link title=Documentation}
|
|
||||||
[:octicons-code-16:](https://github.com/vector-im){ .card-link title="Source Code" }
|
|
||||||
|
|
||||||
??? downloads
|
|
||||||
|
|
||||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=im.vector.app)
|
|
||||||
- [:simple-appstore: App Store](https://apps.apple.com/app/vector/id1083446067)
|
|
||||||
- [:simple-github: GitHub](https://github.com/vector-im/element-android/releases)
|
|
||||||
- [:simple-windows11: Windows](https://element.io/get-started)
|
|
||||||
- [:simple-apple: macOS](https://element.io/get-started)
|
|
||||||
- [:simple-linux: Linux](https://element.io/get-started)
|
|
||||||
- [:octicons-globe-16: Web](https://app.element.io)
|
|
||||||
|
|
||||||
Profile pictures, reactions, and nicknames are not encrypted.
|
|
||||||
|
|
||||||
Group voice and video calls are [not](https://github.com/vector-im/element-web/issues/12878) E2EE, and use Jitsi, but this is expected to change with [Native Group VoIP Signalling](https://github.com/matrix-org/matrix-doc/pull/3401). Group calls have [no authentication](https://github.com/vector-im/element-web/issues/13074) currently, meaning that non-room participants can also join the calls. We recommend that you do not use this feature for private meetings.
|
|
||||||
|
|
||||||
The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest/). The [Olm](https://matrix.org/docs/projects/other/olm) cryptographic ratchet used by Matrix is an implementation of Signal’s [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet/).
|
|
||||||
|
|
||||||
## SimpleX Chat
|
|
||||||
|
|
||||||
!!! recommendation
|
!!! recommendation
|
||||||
|
|
||||||
@ -96,39 +69,7 @@ Currently SimpleX Chat only provides a client for Android and iOS. Basic group c
|
|||||||
|
|
||||||
Your data can be exported, and imported onto another device, as there are no central servers where this is backed up.
|
Your data can be exported, and imported onto another device, as there are no central servers where this is backed up.
|
||||||
|
|
||||||
## Session
|
### Briar
|
||||||
|
|
||||||
!!! recommendation
|
|
||||||
|
|
||||||
![Session logo](assets/img/messengers/session.svg){ align=right }
|
|
||||||
|
|
||||||
**Session** is a decentralized messenger with a focus on private, secure, and anonymous communications. Session offers support for direct messages, group chats, and voice calls.
|
|
||||||
|
|
||||||
Session uses the decentralized [Oxen Service Node Network](https://oxen.io/) to store and route messages. Every encrypted message is routed through three nodes in the Oxen Service Node Network, making it virtually impossible for the nodes to compile meaningful information on those using the network.
|
|
||||||
|
|
||||||
[:octicons-home-16: Homepage](https://getsession.org/){ .md-button .md-button--primary }
|
|
||||||
[:octicons-eye-16:](https://getsession.org/privacy-policy){ .card-link title="Privacy Policy" }
|
|
||||||
[:octicons-info-16:](https://getsession.org/faq){ .card-link title=Documentation}
|
|
||||||
[:octicons-code-16:](https://github.com/oxen-io){ .card-link title="Source Code" }
|
|
||||||
|
|
||||||
??? downloads
|
|
||||||
|
|
||||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=network.loki.messenger)
|
|
||||||
- [:simple-appstore: App Store](https://apps.apple.com/app/id1470168868)
|
|
||||||
- [:simple-github: GitHub](https://github.com/oxen-io/session-android/releases)
|
|
||||||
- [:simple-windows11: Windows](https://getsession.org/download)
|
|
||||||
- [:simple-apple: macOS](https://getsession.org/download)
|
|
||||||
- [:simple-linux: Linux](https://getsession.org/download)
|
|
||||||
|
|
||||||
Session allows for E2EE in one-on-one chats or closed groups which allow for up to 100 members. Open groups have no restriction on the number of members, but are open by design.
|
|
||||||
|
|
||||||
Session does [not](https://getsession.org/blog/session-protocol-technical-information) support perfect forward secrecy, which is when an encryption system automatically and frequently changes the keys it uses to encrypt and decrypt information, such that if the latest key is compromised it exposes a smaller portion of sensitive information.
|
|
||||||
|
|
||||||
Oxen requested an independent audit for Session in March of 2020. The audit [concluded](https://getsession.org/session-code-audit) in April of 2021, “The overall security level of this application is good and makes it usable for privacy-concerned people.”
|
|
||||||
|
|
||||||
Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technicals of the app and protocol.
|
|
||||||
|
|
||||||
## Briar
|
|
||||||
|
|
||||||
!!! recommendation
|
!!! recommendation
|
||||||
|
|
||||||
@ -157,6 +98,77 @@ Briar has a fully [published specification](https://code.briarproject.org/briar/
|
|||||||
|
|
||||||
Briar supports perfect forward secrecy by using the Bramble [Handshake](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md) and [Transport](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) protocol.
|
Briar supports perfect forward secrecy by using the Bramble [Handshake](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md) and [Transport](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) protocol.
|
||||||
|
|
||||||
|
## Additional Options
|
||||||
|
|
||||||
|
!!! warning
|
||||||
|
|
||||||
|
These messengers do not have Perfect [Forward Secrecy](https://en.wikipedia.org/wiki/Forward_secrecy) (PFS), and while they fulfill certain use-cases that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of **all** past communications.
|
||||||
|
|
||||||
|
### Element
|
||||||
|
|
||||||
|
!!! recommendation
|
||||||
|
|
||||||
|
![Element logo](assets/img/messengers/element.svg){ align=right }
|
||||||
|
|
||||||
|
**Element** is the reference client for the [Matrix](https://matrix.org/docs/guides/introduction) protocol, an [open standard](https://matrix.org/docs/spec) for secure decentralized real-time communication.
|
||||||
|
|
||||||
|
Messages and files shared in private rooms (those which require an invite) are by default E2EE as are one to one voice and video calls.
|
||||||
|
|
||||||
|
[:octicons-home-16: Homepage](https://element.io/){ .md-button .md-button--primary }
|
||||||
|
[:octicons-eye-16:](https://element.io/privacy){ .card-link title="Privacy Policy" }
|
||||||
|
[:octicons-info-16:](https://element.io/help){ .card-link title=Documentation}
|
||||||
|
[:octicons-code-16:](https://github.com/vector-im){ .card-link title="Source Code" }
|
||||||
|
|
||||||
|
??? downloads
|
||||||
|
|
||||||
|
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=im.vector.app)
|
||||||
|
- [:simple-appstore: App Store](https://apps.apple.com/app/vector/id1083446067)
|
||||||
|
- [:simple-github: GitHub](https://github.com/vector-im/element-android/releases)
|
||||||
|
- [:simple-windows11: Windows](https://element.io/get-started)
|
||||||
|
- [:simple-apple: macOS](https://element.io/get-started)
|
||||||
|
- [:simple-linux: Linux](https://element.io/get-started)
|
||||||
|
- [:octicons-globe-16: Web](https://app.element.io)
|
||||||
|
|
||||||
|
Profile pictures, reactions, and nicknames are not encrypted.
|
||||||
|
|
||||||
|
Group voice and video calls are [not](https://github.com/vector-im/element-web/issues/12878) E2EE, and use Jitsi, but this is expected to change with [Native Group VoIP Signalling](https://github.com/matrix-org/matrix-doc/pull/3401). Group calls have [no authentication](https://github.com/vector-im/element-web/issues/13074) currently, meaning that non-room participants can also join the calls. We recommend that you do not use this feature for private meetings.
|
||||||
|
|
||||||
|
The Matrix protocol itself [theoretically supports PFS](https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#partial-forward-secrecy), however this is [not currently supported in Element](https://github.com/vector-im/element-web/issues/7101) due to it breaking some aspects of the user experience such as key backups and shared message history.
|
||||||
|
|
||||||
|
The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest/). The [Olm](https://matrix.org/docs/projects/other/olm) cryptographic ratchet used by Matrix is an implementation of Signal’s [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet/).
|
||||||
|
|
||||||
|
### Session
|
||||||
|
|
||||||
|
!!! recommendation
|
||||||
|
|
||||||
|
![Session logo](assets/img/messengers/session.svg){ align=right }
|
||||||
|
|
||||||
|
**Session** is a decentralized messenger with a focus on private, secure, and anonymous communications. Session offers support for direct messages, group chats, and voice calls.
|
||||||
|
|
||||||
|
Session uses the decentralized [Oxen Service Node Network](https://oxen.io/) to store and route messages. Every encrypted message is routed through three nodes in the Oxen Service Node Network, making it virtually impossible for the nodes to compile meaningful information on those using the network.
|
||||||
|
|
||||||
|
[:octicons-home-16: Homepage](https://getsession.org/){ .md-button .md-button--primary }
|
||||||
|
[:octicons-eye-16:](https://getsession.org/privacy-policy){ .card-link title="Privacy Policy" }
|
||||||
|
[:octicons-info-16:](https://getsession.org/faq){ .card-link title=Documentation}
|
||||||
|
[:octicons-code-16:](https://github.com/oxen-io){ .card-link title="Source Code" }
|
||||||
|
|
||||||
|
??? downloads
|
||||||
|
|
||||||
|
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=network.loki.messenger)
|
||||||
|
- [:simple-appstore: App Store](https://apps.apple.com/app/id1470168868)
|
||||||
|
- [:simple-github: GitHub](https://github.com/oxen-io/session-android/releases)
|
||||||
|
- [:simple-windows11: Windows](https://getsession.org/download)
|
||||||
|
- [:simple-apple: macOS](https://getsession.org/download)
|
||||||
|
- [:simple-linux: Linux](https://getsession.org/download)
|
||||||
|
|
||||||
|
Session allows for E2EE in one-on-one chats or closed groups which allow for up to 100 members. Open groups have no restriction on the number of members, but are open by design.
|
||||||
|
|
||||||
|
Session does [not](https://getsession.org/blog/session-protocol-technical-information) support PFS, which is when an encryption system automatically and frequently changes the keys it uses to encrypt and decrypt information, such that if the latest key is compromised it exposes a smaller portion of sensitive information.
|
||||||
|
|
||||||
|
Oxen requested an independent audit for Session in March of 2020. The audit [concluded](https://getsession.org/session-code-audit) in April of 2021, “The overall security level of this application is good and makes it usable for privacy-concerned people.”
|
||||||
|
|
||||||
|
Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technicals of the app and protocol.
|
||||||
|
|
||||||
## Criteria
|
## Criteria
|
||||||
|
|
||||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||||
@ -174,6 +186,7 @@ Briar supports perfect forward secrecy by using the Bramble [Handshake](https://
|
|||||||
|
|
||||||
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
|
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
|
||||||
|
|
||||||
|
- Should have Perfect Forward Secrecy.
|
||||||
- Should have open-source servers.
|
- Should have open-source servers.
|
||||||
- Should be decentralized, i.e. federated or P2P.
|
- Should be decentralized, i.e. federated or P2P.
|
||||||
- Should use E2EE for all messages by default.
|
- Should use E2EE for all messages by default.
|
||||||
|
@ -421,10 +421,10 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
|||||||
<div class="grid cards" markdown>
|
<div class="grid cards" markdown>
|
||||||
|
|
||||||
- ![Signal logo](assets/img/messengers/signal.svg){ .twemoji } [Signal](real-time-communication.md#signal)
|
- ![Signal logo](assets/img/messengers/signal.svg){ .twemoji } [Signal](real-time-communication.md#signal)
|
||||||
- ![Element logo](assets/img/messengers/element.svg){ .twemoji } [Element](real-time-communication.md#element)
|
|
||||||
- ![Session logo](assets/img/messengers/session.svg){ .twemoji } [Session](real-time-communication.md#session)
|
|
||||||
- ![Briar logo](assets/img/messengers/briar.svg){ .twemoji } [Briar](real-time-communication.md#briar)
|
- ![Briar logo](assets/img/messengers/briar.svg){ .twemoji } [Briar](real-time-communication.md#briar)
|
||||||
- ![SimpleX Chat logo](assets/img/messengers/simplex.svg){ .twemoji } [SimpleX Chat](real-time-communication.md#simplex-chat)
|
- ![SimpleX Chat logo](assets/img/messengers/simplex.svg){ .twemoji } [SimpleX Chat](real-time-communication.md#simplex-chat)
|
||||||
|
- ![Element logo](assets/img/messengers/element.svg){ .twemoji } [Element](real-time-communication.md#element)
|
||||||
|
- ![Session logo](assets/img/messengers/session.svg){ .twemoji } [Session](real-time-communication.md#session)
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user