Classification of secure messengers. New projects.

Man

Man

Professional
Messages
3,038
Reaction score
561
Points
113
d4er2ypb8e__cimngx61abrlszg.png


Nowadays, it is difficult to imagine normal life without reliable, secure communications. Previously, secure messengers with encryption were used mainly in business, the military, the financial sector and other sensitive areas, but now they are in demand absolutely everywhere, including ordinary citizens who want to calmly communicate with each other on any topic, without fear that someone else will accidentally see their messages.

Standard functions of secure messengers are confidentiality, integrity, message authentication and protection from outsiders, that is, from forgery, deletion or insertion of messages.

The most advanced tools support perfect forward secrecy (session protection with ephemeral keys), including backward message security and post-compromise protection.

Roughly speaking, backward message security means protecting the data exchanged before the secret key (device) was lost, and post-compromise protection means that security can be restored after an attack.

All this is done in end-to-end encryption (E2E), which allows data to be transmitted securely even through an untrusted, insecure server, including over open channels.

List of secure messengers​


All existing messengers can be called secure to some extent and classified according to different criteria. For example, someone cares only about end-to-end encryption, while others also care about decentralization. Someone will also take into account ease of use, because a program with a complex interface will not be available to a wide audience, which means you will not see all your colleagues, friends, and relatives in it.

Here is one of the options for subjective classification based on this list:

Level 1. For beginners​


  • Signal. The most famous messenger with reliable end-to-end encryption, uses advanced cryptographic protocols, many functions, a clear interface, open source. The main drawback is the binding to a phone number during registration. Another drawback is that all traffic goes through a central server in the US jurisdiction (since the company is registered in this country) with all the ensuing circumstances.
  • Molly. An independent fork of Signal for Android that does not require SMS for registration. At the same time, the client is compatible with the Signal network, that is, it allows you to exchange messages with users of the standard messenger.

Level 2. Better protection, but centralized​


  • Threema: an easy-to-use open-source messenger from Swiss developers. Doesn't require a phone number or email address when registering. The downsides are the lack of direct privacy and automatic deletion of messages.
  • BlackBerry Messenger: Canadian messenger, paid, aimed at corporate users.

Level 3. P2P, decentralized​


  • Twin.me: P2P communication, where only a signal server is needed for coordination, but the messages themselves are sent directly from one device to another. No data is required for registration, but the ID is tied to a specific device. One of the disadvantages is the inability to transfer an account (keys and messages) to another device.
  • Snikket (XMPP): A more advanced option for users who can set up a server. The XMPP server itself is based on Prosody, the Android client is based on Conversations, and the iOS client is based on Siskin. Group chats are supported. Messages are stored on the server, so they are not lost if the client device is lost, although this can be considered an additional security risk. The OMEMO protocol is used for encryption.

Level 4. Alternative networks​


  • Briar. A peer-to-peer messenger that connects devices via the Tor network. Each device has a unique onion address, so the entire system works without central servers or other infrastructure. Disadvantages include less functionality than other messengers, the presence of clients only for Linux/Android, and the inability to transfer an account to another device.
  • OnionShare: another secure messenger (chat server) that works via Tor. The server can be set up under any OS, and the Tor browser is used as a client to connect to the server.

Level 5. Experimental (for enthusiasts)​


  • Session: a decentralized private network that runs on top of the Lokinet onion routing networkand uses the Signal protocol for encryption. The project is new, experimental, but promising.
  • SimpleX Chat. A new project that meets all the criteria for secure decentralized communications, except for peering through a proxy server. Otherwise, it is an extremely paranoid system. It is positioned as the first messenger without user IDs, even without random numbers, which “dramatically improves privacy” since an outside observer (for example, a provider or advertising agency) cannot de-anonymize users and link them to social network profiles even after long-term traffic monitoring. There is a console client and other pleasant surprises.

    m1r6wkhdcobrvkffpehqhxwsqtq.jpeg

  • Cabal: a new messenger on the Dat protocol. You create a "group" (cabal). In essence, this is an encrypted database that is copied by everyone to whom you give the public key. The project is still at a very early stage, so it is unknown how well the security will be implemented.

On this subjective four-point scale, only two of the listed messengers meet all the security criteria: Briar and SimpleX Chat.

hrlocmhiqh0lib7pwmsdhaoqrxo.png


This subjective review does not include some well-known projects, including Element/Matrix, which is considered the best in its class by some criteria. Therefore, we have added a sixth, highest level of secure messengers/protocols.

Level 6. Best Messengers​


In this table you can find a more complete classification of all known messengers and communication protocols. Here the assessments are binary: YES/NO. According to this scheme, the top ten messengers/protocols look like this:
  1. Element/Matrix
  2. XMPP
  3. NextCloudTalk
  4. Wire
  5. Jamie
  6. Briar
  7. Tox
  8. Kontalk
  9. DeltaChat
  10. BitMessage

Fragment of the general table: To the above classification, we can add a recently published report analyzing seven possible attacks on Threema cryptographic protocols. The authors emphasize the importance of their research in light of the fact that this Swiss messenger is used by the Swiss military and some officials, including German Chancellor Olaf Scholz. Even before our work began, it was known that Threema has neither reverse message security nor post-compromise security. The study showed that some other security properties are also not met. The work highlights the difficulties that developers face in creating secure messaging systems, since it is very difficult in principle to protect against all possible threats, including unknown ones.



It should be added that German government services use BundesMessenger, a special fork of Element, as a standard messenger, and a similar client, BwMessenger, has been developed for the Bundeswehr.

Experience shows that end-to-end encryption is becoming an increasingly popular option for IM. Perhaps this useful practice will be implemented in the future by the most popular messengers, including Telegram (where it is currently implemented only for special “secret” chats), Viber and WhatsApp.
 
You must log in or register to reply here.

Similar threads

Man
Choose from the five most private and secure messengers
Replies
0
Views
94
Man
Man
Man
Anonymous Messengers: The Best Solutions for Confidential Communication
Replies
0
Views
253
Man
Man
chushpan
How does VPN work
Replies
1
Views
87
Man
Man
Friend
Decentralized Messengers: Choosing the Safest Way of Communication
Replies
0
Views
190
Friend
Friend
Man
Secret Correspondence. Choosing a mail service with the best protection.
Replies
0
Views
134
Man
Man
Back
Top