Especially for the less tech-savvy among us?
The real alternative to Signal for myself is SimpleX. The project is still in his beginning but it’s the best instant messaging we could have once polished finished
firstly , why do you want to replace Signal?
As a centralized system, nothing has been shown to improve on Signal yet. For decentralized systems, I haven’t seen anything better than Matrix yet? SimpleX is slightly more secure, but harder to spin up and easier to break.
Session… there have been multiple articles written on how it is flawed and untrustworthy.
“Harder to spin up”? Hard disagree. Matrix’s main server implementation is very resource-heavy, and alternatives like Conduit are not full-featured (and broke in some ways for me when interacting with mateix dot org). Meanwhile Simplex servers are pretty light and aside from a couple errors in the documentation that took a while to figure out, it has been easier than Conduit. And unlike Matrix, it has never broken for me so far.
Matrix is not decentralized but rather federated and distributed. Also synapse (matrix sevrer) have poor performance, especially when you federate your instance to others.
What do you mean poor performance ?
My synapse used to run on a 5€/mo VPS besides other stuff and ran fine and now runs on one of my on-premise servers (and not even my fastest, just some old ryzen 2700) with A BUNCH of other stuff besides it. Multiple users, a bunch of large federated rooms, bridges to other messengers … And it just runs fine with 0 issues.
Are you talking about running a synapse server for like a thousand people or on absolute potato hardware or what is the issue ?
I’m not running a Synapse server myself so I can only speak on behalf of people I know who are. From what they told me they love the matrix protocol but it’s not the same for the synapse implementation. A non-federated server can have somewhat great performance but a federated one was not worth it for them so they decided to switch to another alternative. They are not running for thousands of users more something like 40 I would say and while I don’t know their server specs, I assume it’s not a potato though.
Session is an Australian conpany afaik. The entire app reeks of entrapment. Australian laws are all about no privacy for you.
They recently relocated to Switzerland, after the AFP visited an employee, unannounced, at their home.
what in the fucking dystopia are they doing.
I think that SimpleX is more innovative and ground-breaking than Session.
But it’s a difficult concept for the average person to not have an account, but everything is device oriented. Same problem with people not using gpg for email. Having to maintain a thing similar to a private key that’s not memorizable like a username and password and back that up in case your device is lost. Is a big hurdle for many. And then additionally having to share a qr code or link through some external means for someone to connect with you rather than just telling them to download an app and enter your username HSS always been difficult.
So, IMHO, Signal has the best implementation possible with the level of usability that many nontechnical people expect in a chat application, even if it’s not the most secure. I am interested to see how SimpleX solves these issues in the future, though.
Of course it is, that’s the innovating part of it ! My opinion was that I rather use SimpleX if I wanted to switch away from Signal, if not I’ll simply use Signal not Session. But my threat model isn’t everyone’s.
I think as people will be more educated on cryptography in there digital lives we will have better UX to the point of it not be as difficult as sending on e-mail in the late 80s. Innovation like Bitcoin, nostr, U2F, passkeys etc… will be more accessible over time. Today sending a message on Signal is infinity more easy, secure and private than the majority of e-mails of the 21th century.
Yeah, I just meant people are used to decades of using meaningful usernames. Having to use a cryptographic key has traditionally made it very difficult to get enough people to adopt to make it worth adopting yourself as a technologically savvy person. I never would have used Facebook in a million years if it wasn’t for the fact that it was the only place I could get in touch with many people. Having to build your networks in-person is tedious for many people and sharing the codes securely through other means is cumbersome if you don’t have an existing method for sharing.
Just like HTTPS needs several layers to make it work and still relies on an untrustworthy and corruptible thing like DNS to verify the destination and it’s keys are the thing you’re expecting to connect to. There’s no secure way to share the route to your device electronically in a user-accountless system with no secure, trusted middleman translating names to addresses unless you do it in-person.
Use separate profile for different devices. Make a group when you chat with others.
Grr! Ok, but damned if I could get that to work! It seems like you can’t use the desktop and mobile client at the same time! You have to scan a QR code to switch between them! And it has issues with firewalls and VPNs! Old and clueless here, maybe part of the problem. 🙁
I just have two identical but independent profiles. They also double as my remote copypaste buffer.
Yes SimpleX isn’t mature from a UX perspective and that is due to it’s innovative approach. If you need to have device sync and don’t want Signal, Session could be a better optioon to you.
Am I right tho about having to scan QR codes to go back and forth between desktop and mobile on SimpleX, or am I just 😵💫?
I don’t use SimpleX on my computers
Briar doesn’t even use a central server, all connections go through tor
Briar doesn’t make sense to me because you’re trading a central server for a central service… If tor is down, you can’t message. It’s the same POF as cellular, which is insane to me.
tor is decentralized, if someone’s tor server goes down you just go to another.
You’re missing the point. Of course tor is decentralized, but the tor protocol can be locked at which time you have no connectivity at all… Your super secure messenger doesn’t work. It makes no sense.
“the tor protocol can be locked” ?
Unless you obfuscate tor traffic, it’s trivial to block it via any number of IDS products. The entirety of public tor exit nodes are publicly available: https://check.torproject.org/torbulkexitlist
Here’s tor exit node blocking in production with 14 lines of bash…
It’s significantly easier than you’ve obviously been led to believe. When it becomes not easy is when someone understands the protocol and understands how to circumvent these measures, but I can assure you that 99.8% of all tor users don’t fall within that category…
Bridges are trivial to use tho. And even if they get blocked too actively, a lot of people in such censored regions have a VPN anyway (although I still don’t have an understanding whether a VPN decreases Tor’s security if used like this.
oh sure, but you can get around these blocks and this sort of block is ultimately always a possibility short of building your own network infrastructure. and as blocks like that become more common it becomes more common to circumvent them too.
“significantly harder than youve been lead to believe”, no, you just werent clear in your description of the problem. if your problem with tor is “governments can play whack-a-mole blocking ips and traffic” there is no technology which doesnt have that as a downside.
but you can get around these blocks
They create a better ad, so they create a better adblock, which forces them to discover anti-adblock methods, which forces adblocker’s to adapt, which forces anti-adblocker’s to adapt, ad infinitum.
This isn’t anything new. Of course you can circumvent these blocks, but they can always adapt to make them useful again. It’s not a good argument at all.
I used to think session is a way to go, but now…well simplex is literally all you need for communication with anyone
Not sure, I’ve never used session but I think less tech savvy people would want to use signal because it is similar to Whatsapp, which they are used to.
You can easily re-roll usernames in Signal, and profiles in SimpleX. I couldn’t find an equivalent feature in Session.
The main turnoff for me is that it is essentially impossible to selfhost - you use random nodes from the network, and to host such a node, you have to lock up a whole fortune (last time I looked I remember it being around $1500, might’ve changed) in their own cryptocurrency. They do promise returns, but I am skeptical - where would they take so much money to guarantee compensation for everyone within a sane amount of time? They claim it is against a Sybil attack, but it seems to me that it would be a lot easier for a government/company to have more nodes in a situation when “competition” is reduced like this.
Selfhosting is kind of hard and labor intensive for some of us; had a lot of trouble trying to set up NextCloud on my QNAP (if that counts as selfhosting), and finally gave up.
Fair - I was referring to the fact that here it isn’t even an option.
Also, XMPP or Simplex are very easy to set up, Nextcloud is indeed more complicated.
First impression: why another messaging system?
It may be fine, but what does it bring that Signal/Briar/Matrix/XMPP+Omemo doesn’t have? Does it use existing standard protocol or encryption that’s compatible with other messengers, to avoid fragmentation?
I think it has tor routing by default, so different in that way?
Briar use Tor by default as well for Internet connections, so I don’t think Session is unique in that way. And both appear decentralized.
A difference is that Briar is Android-only, whereas session is available on more platforms https://sourceforge.net/software/compare/Briar-vs-Session-vs-Signal/
It’s good that people are working on privacy-preserving tools. But I wish they’d coordinate to avoid fragmentation. Work on common/standard messenging protocols, so that people can talk to each other even using different software.
Currently it feels like going back to the 1990s-2000s, with ICQ/AIM/MSNM being all incompatible, and every single one being unable to communicate with a large fraction of your contacts.
Fair, I’ve never used Briar, so I was mostly responding to the others. I complete agree though, the fact that there are so many is super frustrating.
