This app was mentioned in
with an average of
Shamelessly plugging Signal (android, ios).
It works great, has basically all the features of hangouts/imessage/messenger, and is open source, secure and audited.
Everyone should be using this. It's a gift to mankind.
My friend group has had no problems transitioning to it (edit: well ok, the non-techies moaned about a new app but came around)
I'm enjoying using signal as my new texting app. Encrypted texts and calls to other signal users. The app handles messaging much like imessage. People who don't have the app get regular sms and it automatically switches when it can.
Not a gallery app, but I think Signal (Android, iOS) would be great for this. Built in camera, conversations are encrypted end-to-end, as well as at rest if you set a passphrase for the app. A bonus is end-to-end encrypted messages all the time, not just for photos. Encrypted voice/video calls are also supported.
The other bonus is that because all the photos are encrypted at rest within Signal, no other apps are going to be able to access them, period (unless of course you decide to export the photos to your camera roll).
I know this isn't the gallery app you were looking for, but I think it's going to be your most private/secure option.
I can't wait to be downvoted to oblivion by the Google Duo fans, but I would suggest Signal:
Signal Private Messenger by Open Whisper Systems.
Open source software, peer reviewd, has end-to-end encryption, offers private messaging and private calling.
Check it out.
I'd gladly pay $1 or even $10 if it wasnt part of facebook and didnt store my data.
Hope more people leave whatsapp and come on board to Signal
It is too bad that they didn't mention Signal which is by far the best encrypted messenging and voice chat app right now, imo.
It flawlessly integrates with your text messages, so if one of your contacts has the app your messeges are now encrypted.
Signal by Open Whisper Systems for messaging. It's like iMessage for Android and also has encrypted calls.
Handles regular sms but sends encrypted messages to friends who also use it. Also lets you send audio and video files up to 100mb. Recommended by Edward Snowden and Bruce Schneier. It's available for iPhone as well, and there's an addon for Chromium / Chrome in beta.
Everyone should be using this as their default sms app.
Signal Private Messenger was released this week for Android, complementing its iOS companion.
What is it? Signal is on one hand an excellent SMS client (material design, quick reply, color-assigned contacts), but also a private IM service. So you can send normal SMS messages to contacts without the app, or Signal messages to those who do have it.
What's so great about it? It's iMessage for Android! Like Hangouts and iMessage, it sends messages over WiFi or cellular data, so you can still send texts without cellular reception. The kicker for me is that it runs on the TextSecure protocol, so all messages are encrypted and private. If you care, Edward Snowden approves.
If the recipient doesn't have Signal, the text will send as regular SMS.
Other cool features: private phone calls with other Signal users, and an upcoming Chrome companion app to text from the desktop.
The Challenge The drawback of course is getting other people to use it, which is partly why I'm writing this post. The app works great, but the primary feature of messages over data only works if other people have the app. Check it out and give it a spin, I really think this should be the next big thing in text communications.
Private, secure, instant messaging // SMS support // Material design
Play store link
OP I'd really appreciate a shout out to Signal / TextSecure. It is a valid choice for SMS replacement even if you have nobody on your contact list who uses Signal for secure messaging.
It has no ads and is 100% open source (including server side components) and is 100% open specifications (Whatsapp has reportedly implemented the TextSecure protocol within its walled garden). I think it is the single best messaging platform out there today.
It'd be nice to see support for free and open source development in general.
If you want security, then you'll want to use Signal (formerly known as TextSecure). It's available for iOS and Android.
Nope, Here is the Android app, and there is a chrome plugin for desktop currently in beta
SMS app. It's open source and utilisies 256 bit end to end encryption between users. The most secure way to text. Get everyone to get it.
Apple App Store
Signal. It's a nice lightweight app that uses material design. You also have the ability to send encrypted SMS/MMS to others who use the app. HD voice calling is free too!
Signal. SMS with folks who don't have the app, secure private chat with those that do. Recommended by the EFF.
Signal looks pretty slick now. Readers, if you haven't tried it yet please give it a try:
On Android: [link]
and iOS: [link]
Signal or Wire. Wire's got a bit more polish on it, so you might try that. (I usually use Wire with my wife; I've got a Samsung Galaxy S5 running LineageOS version of Android; she's got an iPhone 6.)
Edit: Both Wire & Signal also have desktop clients (Windows, Linux, Mac) as well as Android & iOS apps.
Both are also free, open-source, and secure/encrypted - where these last two things are – I think – rather important.
Every time WhatsApp is down I use the opportunity to tell people about Signal.
It's nice that the most popular messaging application is E2EE (end-to-end encrypted), but Facebook can still harvest the metadata and contact networks.
Signal is actually working on private contact discovery, which is pretty cool both technically and privacy-wise!
You should assume they can see everything, same as any other ISP.
This is correct. You wouldn't know. Install signal. If you are experiencing ongoing paranoid delusions you should seek psychiatric help.
OK as someone who used textra quite a bit lately, is there a way to display a time stamp on each message that goes out and comes in? I didn't see them and I need that frequently for dealing with things for work.
I've switched over to signal and I really like it but miss the color/customization options.
Edit: Thanks guys! Damn no idea how I managed to miss that one.
It is actually the same app, previously it was named TextSecure (for texting), and redphone (for calls), but now they are merged in a single app called Signal. Here's a link from the playstore: [link]
If you are looking for a secure messaging app, Textsecure is a secure messaging app suggested by Snowden himself.
Telegram is using weak, homemade crypto.
You should use Signal instead.
>A practical cryptanalysis of the Telegram messaging protocol, master's thesis by Jakob Jakobsen, September 2015
Everyone should be using signal
Edward Snowden preporuča Signal.
Koristis inace ko sms program, a ak netko ima isto signal onda su free poruke i fully encrypted.
Signal - Secure encrypted texting/voice and video chat. Dump any text app you are using and switch to this immediately.
Signal Private Messenger. It encrypts your data. You can communicate with other people that use different apps so it replaced my default text app.
"Using Signal, you can communicate instantly while avoiding SMS fees, create groups so that you can chat in real time with all your friends at once, and share media or attachments all with complete privacy. The server never has access to any of your communication and never stores any of your data."
Signal private messenger is sort of iMessage for Android : it will send SMS messages but if the other person has Signal as well, it switches to a secure private message , just like iMessage
For you: [link]
For her: [link]
I don't think this is the official Signal app.
Make sure you're getting your app from the app store and that it's by OpenWhisperSystems
No it doesn't. Android Messages is SMS/MMS only, which doesn't support encryption.
I don't use it myself but the most recommended messaging app with encryption is Signal. Note that no matter what app you use, you'll need to get the people you message to switch to the same app if you want your messages encrypted.
Signal is generally considered the most secure messaging app. They also have an android app. That being said, if work owns the device, they also own what is one the device. Tread cautiously.
TextSecure doubles as the most trusted messenger out there right now if your contact has it too or uses an app called "signal" if he is on an iPhone.
I don't own an iphone, but the way I understood it was that it uses phone numbers saved in your contacts. If the contact also is running an ios device, then it will send over data. If they're on android or something else, it sends a regular SMS.
Signal does this and is available for ios and android. It also has calling and encrypts the messages or calls if both people are using Signal.
Please correct me if I'm wrong. Like I said, I don't have an iphone and haven't used imessage.
I think why imessage gets talked about so much is that it's there by default on iphones. I think it would be difficult to get every device manufacturer plus every carrier to not put their own SMS app as the default for android.
I've been really enjoying Signal. I haven't tested out the encrypted messaging feature yet but as far as an SMS app goes, it's great. Clean, quick and easy to use.
I use Signal. It's encrypted messaging and it has SMS fallback. It's everything I need. It's also faster than Messenger (Google default) [link]
Hijacking top comment to say that everyone should be using Signal. Texts are encrypted end-to-end, so carriers can't pull bullshit like this because they don't know what you're talking about.
I just installed signal. Supposed to be encrypted messaging if you both have the app, other wise it uses your normal sms
I really wish more people I knew used Signal (on iOS) or TextSecure (on Android).
Not sure if it can replace the native SMS app on iOS, but I use it in place of the usual messenger on Android.
I think this is a good thing. I always wanted secure messaging on the stock SMS app to work but it never has for me. WhisperPush co. also makes the Signal Private Messaging SMS app. Which operates very well as a daily/replacement SMS app, but will add end-to-end encryption when you text anyone who also has the app.
Here's the link to the app
My two brothers and cousin and I have already found an alternative place for our persistent group chat. Encrypted, too! Android app called Signal.
Granted the default messaging apps on Android aren't encrypted, but if you're worried about it you could just use something like this.
Your data is mined and shared, Apple or Google.
Also you dropped this, better go buy a new one. Iphones phones are fairly decent, so are Android phones. "Nothing works" is blatantly wrong and you know it, both types of phones have issues but if they just plain didn't work then they wouldn't sell.
Bullshit, these alternatives are way better:
I think Signal does most of what you want. I'm not sure about video chatting, I've never tried that, but as long as both of you have the app installed texts/pictures should be encrypted. For the non-tech savvy, it works just like any other messenger, including sending texts to people who don't use the app (although those won't be encrypted).
As for Linux/Windows, they have a Chrome app that's currently in open beta. You can request admittance and try it out. Since it's a Chrome app, it should run on any OS that can run Chrome (Linux/Mac/Windows).
Signal is the best one. Recommended by Edward Snowden and Bruce Schneier.
Here's a blog post for those of you who don't want to read the full report
Seconding the Signal recommendation. I use Hangouts for most things, but I am trying to bring more of my friends into Signal.
I use Signal. Apart from its secure instant messaging service, I consider it a very good SMS client and set it as my default. You can mark an SMS as read or quick reply from the notification.
They are taking steps to the right direction, but it's still pretty far away from TextSecure/Signal.
Signal's developers have two publishing channels on the Google Play Store: a regular channel and an unstable beta channel. I'm guessing that the thing that's on APKMirror was copied from the beta channel.
Signal on Android
Signal on Apple
Vetted open-source, end-to-end encrypted. Very inconvenient. How are you planning on being able to intercept the data, seeing as the program is already out there and available to compile to anyone?
I tried doing something similar without using this particular hardware. It's quite easy to see plain text passwords, but since Gmail, Yahoo, Facebook, and other popular services are encrypted, I couldn't see anything.
It's possible to create a "fake" encrypted Facebook site* to intercept encrypted passwords, but the browser will give a very big warning that the certificate is invalid. State-sponsored hackers can go around this, but normal script kiddies can't, unless the user typed [link] (instead of https) or if the user is an idiot who ignores the browser warning.
Also, a noisy neighbor who is playing loud Youtube music on WiFi can be silenced by continuously deauthenticating their laptop. =)
As for intercepting calls and SMS, I haven't tried it yet, but I do use Signal Private Messenger in case someone wants to send encrypted SMS.
* man in the middle
We should all start using Signal app. It's equivalent to Whatsapp feature wise, but with strong encryption and it does not record metadata. Please spread this among friends and family, using word of mouth. Before we know it the whole world is using proper communication channels!
This needs to be higher.
I'm slowly getting everyone in my life to start using signal for everything because of shit like this.
Not because we have anything to hide, but to help mask people that have a legitimate need for privacy.
Is this open source? Does it use end to end encryption? You can't just say it is "the most secure message app" with out explaining why it is secure.
I would argue that Signal Private Messenger for android is a more secure messaging app.
Can we all just switch to Signal? It's exactly what Allo should have been without the stupid design choices.
It's encrypted whenever you are talking with another signal user. So its fulfilling another promise that Google failed to keep.
It's open source, it has group chats and calling. I believe it merges chats just like how hangouts used to do.
You can also link it to another device using a QR code aka their desktop app. Seeing as it is Open source both for the desktop client and for the Android app you can easily have different versions built. Like a WP version or something along those lines. Why are we wanting Google to do this when its Infront of our eyes. This whole time.
Whatsapp supports calling over the internet. I assume you'll get one of those "unlimited mobile internet for a month" sort of deals anyways, right? (Watch out though: they're usually limited nonetheless: after something like 20GB you'll usually have your traffic assigned a lower priority which results in a lot lower speeds).
If you mind the NSA, GCHQ, DGSE and co listening in, maybe use signal (that one supports voice calls as well and has proper end to end encryption) instead of Whatsapp. Links for signal: Android, iPhone
I've been using Signal, created by Whisper Systems.
Privacy focussed, Snowden approved, etc. etc. etc....
It's pretty good - encrypted end-to-end when sent by data, still able to SMS those that don't have it.
Can do private calls also.
See when message delivered, see when message sent. Seamless integration wth android. No Ads. Open Source.
TextSecure from Open Whisper Systems. It's the only app Edward Snowden has explicitly mentioned as being effective against the NSA (afaik) and The Wallstreet Journal did a write up about the author a while ago.
Link to app
Link to story
Signal. Free. Open source. No bloat. Good design. Encrypts messages between other Signal users. Regular sms for everyone else.
While many use Hangouts as the default Android SMS/texting application, I would recommend using something more secure like TextSecure. It's also available for Iphones as Signal.
No. We get billed proportional to usage and per phone on the air. Voicemail access is quota exempt.
My suggestion is to install Signal Private Messenger and request your dad do as well. Internet calls are free (as in beer) when both ends are on Wi-Fi; when on LTE paying per MB is cheaper than per min. Signal Messenger has two significant advantages over regular calls: end-to-end encryption and use of the cutting edge Opus codec. Opus sounds even better than regular "HD Voice" and can compensate for variable Internet connection quality. The disadvantage is that Internet calling can be less reliable if your Wi-Fi & home Internet connection is sub-par or local LTE is weak or congested.
Allo is not meant to be a private messaging app. There are many others that are already made and quite useful (Signal). Allo is meant to be a showcase of Google's AI capabilities, and as such has a few shortcomings as a messenger (no web UI, only one device, etc.) Sure, you have the option to run incognito chats which uses the same algorithms as Signal, but then you can't get the benefit of the AI, which naturally means that that will not be your default mode of operation. This makes it perfectly reasonable as an app and as a product for users that know exactly what they are getting. Of course your data that you use it with will have to be analyzed in order to develop and improve the AI. That's how Machine Learning works. So if you expect to write privately with someone about secret matters that you don't want any other party knowing anything about- your best option is Signal (or talking 1-to-1 at the back of some shady joint), and you have that option! If, on the other hand you'd like to explore what the latest in AI tech can give you, why not try out Allo? I honestly don't get all the complaining and the noise and the clickbait title. "No matter what?" You betcha I'm gonna try it out and use it where it makes sense.
This would be an exercise in futility, don't even bother.
There are many more reasons why this is a complete waste of time but those should suffice.
Essentially secure email requires the entire infrastructure of email to be rebuilt with security in mind.
Hope is not lost though.
We have tools like Signal, Telegram, WhatsApp and even Facebook Messenger is offering end to end encryption options for communications. I would suggest checking out Signal but supposedly Facebook hired the Signal team to consult on their implementation for messenger. Of course, it's proprietary so we have no idea really.
For Android you might like TextSecure - it is designed to encrypt your messages so server operators can't read messages, has preferences relating to notification privacy, can be locked so no one can recover the messages without the passphrase, and is Open Source so anyone can review the source code to verify it is secure.
It is probably a good starting point, but I would suggest if you don't like it trying out a few apps to see what meets your needs.
Signal is called TextSecure on Android. Everyone should move from WhatsApp to it.
More info: [link]
Yeah, they unified everything. All apps are now called Signal for all platforms and are capable of both texting and calls.
Personally, I use Signal. It does end-to-end encrypted voice and text messaging. It's also open source; several security specialists have evaluated their code and concluded that it is, indeed, reasonably secure.
Oh, yeah. And it's free. It's maintained by a grant- and donation-supported nonprofit whose goal is to encourage the use of high-quality encryption in communications.
Maybe now is the time to convince everyone I know to use Signal Private Messenger. I am so sick of Google ignoring Hangouts. It's a great service, but their mobile app needs a serious makeover. If they are now directing people to Messenger for SMS, that probably means SMS functionality will be ripped from the application completely before too long.
Have you tried the Signal app? It sends SMS if they don't have Signal. If they do have Signal, it sends an encrypted message. To the end user, it behaves just like iMessage but it has strong encryption and works flawlessly on iOS and Android. The app works really well.
And this is why everyone needs to install and use Signal. There's no excuse not to. In a perfect world with perfect governments we wouldn't have to. But we don't live in that world. If you value your privacy you have to make an effort to protect it.
If you don't click this, you don't have the right to complain.
I really like Signal. It handles SMS as well as its own instant messaging. If you can get anyone you know to switch to Signal IM, even better.
I opted out of Instagram and Snapchat around 2 years ago. The two apps seemed like a constant piss battle of who is happiest among my friends.
Around a year back I opted out of Facebook and Whatsapp in successive months.
At first, I felt disconnected but used e-mails, google+, and skype till I stumbled across Signal Private Messenger. I made some of my friends join the app and today I have 30 friends using the app. It's very secure and has no features for status, profile pic, blue tick, and last seen. I'm very much satisfied with it.
Do I regret my decision? Absolutely not. I feel so much better since leaving Facebook and I certainly don't see myself joining it back in the future. These social media apps give us an illusion of happiness; it's almost always about showcasing your best features to your "friends" while actively hiding away from your flaws. Nobody is as happy as their social accounts tell us about them.
PS: My personal opinion is that Facebook news feed is the most unhealthy platform when it comes to mental health related issues. They're so full of shit. I'm so glad I don't have to see that shit anymore.
La bonne alternative à Telegram, c'est Signal, en plus c'est open source
To an extent same, but there are relatively easy ways like Signal to make mass surveillance harder by adopting end-to-end encryption.
Oh? What did you try? My impression was that Ubuntu Studio was decent.
You could give Signal a try. It's an app that you can use to send SMS and MMS to your friends.
The cool thing about it is that if someone else has Signal on their phone too, your texts switch from SMS to an encrypted data message. People concerned about government spying or companies selling user data like Signal because it's a secure messaging app.
Another popular app is Textra. It's not encrypted like Signal but it has more customization.
Thanks for that save.
So yes, definitely anyone looking to join the group, just PM me your phone number after downloading and installing Signal (iOS version here, android version here). It works similarly to WhatsApp or various other messaging applications, but uses encryption and is generally quite secure. While it does use data, it uses very minimal amounts of it.
If you want true end-to-end encryption, use Signal private messenger.
many other messaging apps provide encryption (like hangouts) but the keys are still owned & generated by the company, not the user.
I have not used this app before, but I would recommend using Signal Messenger. This doesn't totally answer your question, but Signal is a encryption-first messaging system that is highly regarded among security-minded Android users.
If you know about CyanogenMod's SMS encryption, "Whisper Push" - this is from the exact same company,Open Whisper Systems.
I would definitely check it out, plus it even has a desktop client.
Ich hoffe ja, das sich Signal / Signal (iOS) durchsetzt.
Signal ist im Gegensatz zu Threma Open-Source und kostenlos.
Depending on your specific needs TextSecure could be a good app for you, it offers end-to-end encryption on all messages between users of the app, and can even replace your main texting app, which adds delivery receipt function to your normal texts.
There's also an Android client, but it's named TextSecure.
More info at [link]
Signal messenger by whisper systems is free and open source and recommended by Edward Snowden.
Their home page with information and desktop client downloads.
> a different messaging app like Textra
Or Signal Private Messenger, which handles SMS seamlessly, but between users of the Signal app enables end-to-end encryption (including encrypted VOIP/video calling).
Ne pas raconter sa vie de façon très détaillée sur les réseaux sociaux, ni sur d'autres sites d'ailleurs.
Utiliser une appli qui chiffre automatiquement les appels telephoniques : [link]
Utiliser le navigateur web TOR : [link]
>Whatsapp will integrate the open-source software Textsecure, created by privacy-focused non-profit Open Whisper Systems, which scrambles messages with a cryptographic key that only the user can access and never leaves his or her device.
I remember when this happened, seems like a big deal. Now open whisper has combined secure text and voice into one app, Signal.
By the way, here are the two apps I recommended for texting:
Google Messenger: [link]
Whenever an app or software get bought out, its the beginning of the end.
>It said that in addition to appointment information and delivery notifications, it would also allow "marketing" messages.
>"Messages you may receive containing marketing could include an offer for something that might interest you," the company said.
Thats why adblock software is so unpopular and nobody uses it. /s
I'll stick with Signal (until it gets bought out too)
Off-topic, but the default Motorola SMS app is pretty awful. I'd recommend something like Signal. It looks great, and it supports encryption!
You mentioned signal. This really is the best group messaging app out there. It does most of what you mention but not all. It does have a desktop client that does sync but is still in beta and doesn't look the best.
I have been using it a while and really find it to be the best imessage like app out there.
TextSecure: Basic and simple. Open source and free software.
It automatically encrypts your texts end-to-end (and sends them over data) if the other person also uses TextSecure.
Signal is open source, just copy it, put Google sticker over it and you will have E2E IM with SMS fallback and E2E encrypted video and voice calls in one compact app with super simple UI, then build on this, not sure how hard is this to do overnight
Here's a real encrypted messaging app. It's what Snowden uses. Source
I think we use the same cell phone company. I never had a problem with them while I was deployed, but I didn't change my plan. I didn't call home using a regular phone call, though. I used Signal or Whatsapp, which let you call over data. Even on their slow international roaming data, it was still a decent call. If he's in a country where app or video calling is blocked (like I was), Signal will circumvent that restriction.
On a side note, if your husband is on a military base, he should be able to use a DSN phone to call a stateside operator, who can then forward the call to you. Someone should have the DSN number over there where he is. You can also use calling cards on DSN phones (dial the 800-number without the 1 at the beginning, I believe). Those are sold at the PX and Shoppette.
Depending on what country your husband is in, he might also be better off getting a SIM card from a local provider instead of using your stateside provider. Many people in my unit bought prepaid SIM cards that you could top up at the PX or Shoppette.
Personally, I would pursue a refund for at least the months that you paid the $15 for, since they told you the phone calls would be included. You're probably not entitled to any compensation for the months after that, since you kept calling him even after you canceled. If you bug them enough (or threaten to leave), they might give you one anyway. (I've heard that the cancellation departments have much more power to do that than standard customer service folks.)
> Naja, dafür waren ja die Leute von OpenWhisperSystems da.
Waren sie denn überhaupt da und haben am Code gearbeitet? Soweit ich weiß haben sie nur mit der Implementation der crypto-Teile geholfen.
>Natürlich hat man nie 100%ige Sicherheit, aber die kann man bei OpenSource (wenn falsch implementiert) auch nicht haben, da ja auf dem Server andere Software laufen kann.
Open source ist der einzige Weg um wiederholte unabhängige Audits vorzunehmen, es wird nichts verheimlicht, jeder kann es sich anschauen.
Telegram sollte man sowieso nicht nutzen, wenn man Sicherheit sucht. Die Crypto ist hausgemacht und genau das nicht zu machen ist die erste Regel der Kryptographie.
Signal für Android oder iOS oder geh zum Fick raus.
Take a look at TextSecure and if you want end to end encryption on calls, take a look at RedPhone.
Your first link is broken FYI. I'll add Signal Private Messenger to that list as well (recommended by Snowden himself):
This story is a gross violation of privacy.
Signal is the goto approved encrypted chat app these days. No SMS fallback though, be aware of that.
[Wikipedia entry with some more information about it]([link])
And to clarify: in end to end encrypted chats your data is worthless to anyone not the receipient
So a glitch like this might loose part of a message, but you'd never receive a wrong one and yours could definitely not be read by anyone other than the receipient
Oh, my mistake, Signal definitely does this (I just checked). And And VZW SMS app does as well.
Just opened my Messages app (I use Signal by default). Holy crap, so many missed messages......... that explains a lot. :(
Tired of this kind of thing?
If you aren't using Firefox, do so.
Install these Firefox addons: Disconnect, uBlock Origin, Random Agent Spoofer, Self-Destructing Cookies, and HTTPS Everywhere. Note that Self-Destructing Cookies will sign you out of everything when you install it. You'll have to log back in every time unless you whitelist the site.
Set your default search engine to DuckDuckGo. When you need Google, add "!sp" before your DuckDuckGo searches to send your searches through StartPage, which acts as a Proxy to Google. You'll get Google's results with none of the tracking.
Start using TextSecure and RedPhone if you're on Android, or Signal if you're on iOS. Signal can exchange messages with TextSecure users and phone calls with RedPhone users. "But what about other private messenger apps?" No. use TextSecure and Signal, and get your friends to use them too.
Critical: Learn how to do passwords properly. I don't care about your special "password algorithm" or whatever for remembering passwords on different sites. If the password came from your head, it's wrong.
Use a VPN service. Cryptostorm is a good choice. Here is a good list with more. The provider can still technically see your traffic, but these all claim to not keep logs. Compare with your ISP, who readily admits to logging everything you visit and sharing it with advertisers.
Doing just the above will substantially reduce your trackability, but will not totally protect you. Continuing from here gets more nuanced, but is incredibly worthwhile if you value your privacy or take issue with living in a society that relies so heavily on surveillance.
Check out Privacytools.io for an extensive list of privacy resources, including VPNs, browser extensions, encryption tools, and more.
Take a look at the Electronic Frontier Foundation's Surveillance Self-Defense for primers, tutorials, and guides on how to enhance your privacy online.
For that matter, learn about the Electronic Frontier Foundation.
Join a local Cryptoparty to learn how to use electronic privacy tools and to meet other people who are enthusiastic about fighting mass surveillance and other invasions of privacy. (Disclaimer: I run a local Cryptoparty.)
Use the Tor Browser Bundle. Make sure you read the warnings so you'll know how to not screw up your anonymity. Tor works better when more people use it, for a multitude of reasons. You are promoting freedom simply by using the Tor Browser.
Feeling more adventurous, needing more security, or wanting more privacy? The Tor Browser Bundle is great, but is only as safe as the operating system it's running on. Tails is a Linux-based distribution that routes all traffic for the whole OS through Tor, which means that your browsing will be anonymous, even if something exploits the browser and breaks out into your OS. Again, this is entirely dependent upon using it correctly.
Switch to Linux.
Join us over in /r/privacy for more resources.
edit: Thanks for the gold! If anyone else feels like expressing gratitude, please donate to any of these projects or orgs mentioned in this post. Many of them need money pretty badly.
Think end to end encryption should be on by default? Get Signal. Avavailable for iOS and Android. It's like iMessage for Android, handles regular sms but sends encrypted messages to friends who also use it. So even if none of your friends have it now you can just use it as your default sms app. There's a Chrome/Chromium app for desktop. Read about the security here. And it's Free Software.
It's made by Open Whisper Systems, who made the Signal protocol and who you can thank for end to end encryption in Facebook, Whatsapp and Google's Allo.
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technologist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
Here's a comparison between Signal, Whatsapp and Allo.
And some security tips for Signal
Telegram isn't secure. Use Signal if you want a proper secure messenger. It's Free Software (source here) and you can get it for Android, iOS and desktop.
Even WhatsApp is better than Telegram as it uses end to end encryption by default.
> Encryption works best if it's ubiquitous and automatic. The two forms of encryption you use most often -- https URLs on your browser, and the handset-to-tower link for your cell phone calls -- work so well because you don't even know they're there.
> Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting.
> This is important. If we only use encryption when we're working with important data, then encryption signals that data's importance. If only dissidents use encryption in a country, that country's authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can't tell the dissidents from the rest of the population. Every time you use encryption, you're protecting someone who needs to use it to stay alive."
Some russian activists Telegram account got hacked giving them access to all previous messages: [link]
Pavel himself admits security isn't a priority here [link] in response to this:
Thomas H. Ptacek
> By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
> I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
> To be clear, what matters is that the plaintext of messages is accessible to the server (or service provider), not whether it's "stored."
> It's just how Telegram works and is self-documented to work: Only their marketing copy suggests otherwise.
> If you're on an iPhone, they also send a plaintext copy of every msg you receive to Apple's servers. So not even in transit.
> For iOS push notification previews. They didn't do the work to make them privacy preserving.
It's the least of Telegrams problems but let's not forget their home made crypto even though there are better alternatives. See the take-home message here:
> We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack. At the same time, we see no reason why one should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist.
> The take-home message (once again) is that well-studied, provably secure encryption schemes that achieve strong definitions of security (e.g., authenticated-encryption) are to be preferred to home-brewed encryption schemes.
And the conclusion here:
> Abstract: The number one rule for cryptography is never create your own crypto. Instant messaging application Telegram has disregarded this rule and decided to create an original message encryption protocol. In this work we have done a thorough crypt analysis of the encryption protocol and it's implementation. We look at the underlying cryptographic primitives and how they are combined to construct the protocol, and what vulnerabilities this has. We have found that Telegram does not check integrity of the padding applied prior to encryption, which lead us to come up with two novel attacks on Telegram. The first of these exploits the unchecked length of the padding, and the second exploits the unchecked padding contents. Both of these attacks break the basic notions of security, and are confirmed to work in practice. Lastly, a brief analysis of the similar application TextSecure is done, showing that by using well known primitives and a proper construction provable security is obtained. We conclude that Telegram should have opted for a more standard approach.
> Conclusion: TextSecure is based on strong primitives that have withstood crypt analysis from the crypto community for years, and these are combined in a way that proven provides authenticated encryption. Telegram on the other hand has crafted its own encryption scheme and deployed it in an unproven state, and prior to any scrutiny from other cryptographers. We have seen this done time and time again, and rarely with good results. Take for example the smart grid meters that were shown to use terrible crypto back in April this year. Furthermore, the DH Ratchet is a very nice way of providing forward secrecy on a per-message basis with little overhead, which is an improvement over Telegram's one key per 100 messages approach.
Time to start using Signal from Open Whisper Systems
Everyone should install Signal for their calls and messages. Works on Android and iOS, there's also a Chrome/Chromium addon that's in beta. And it's free software (GPLv3).
It's sort of like iMessage for Android. The app also handles sms so it doesn't feel like a separate app, even if none of your friends have it today there's no reason not to keep it installed. iOS doesn't let other apps handle sms though so it just sends encrypted messages.
Bruce Schneier, internationally renowned security technolgist
Je ne peux que rappeler l'excellent signal qui est libre, chiffré et geré par une structure à but non lucratif
I prefer free software. Am I missing any notable apps?
Signal by Open Whisper Systems for messaging. It's like iMessage for Android. Handles regular sms but sends encrypted messages to friends who also use it. Recommended by Edward Snowden and Bruce Schneier. It's available for iPhone as well, and a browser addon is on its way.
Firefox with uBlock Origin (to block ads and malware sites) and HTTPS-Everywhere as addons.
Orbot with Orfox (beta) for browsing with privacy.
Slide for Reddit still in beta, some crashes but it's getting there.
OsmAnd Maps & Navigation uses OpenStreetMap data. Consider supporting the project by getting the paid version.
VLC for video.
Amaze as file manager.
Tinfoil for Facebook. There's a fork called Metal for Facebook and Twitter but the developer hasn't released the source yet so I'm avoiding that for now.
Material Audiobook Player
Opengur for Imgur.
You might be using <any other SMS app>, but instead you should be using Signal:
Honorable mention goes to Whatsapp which implements the same Signal protocol for E2E messaging over data.
TextSecure by Open Whisper Systems. Tell your friends with iPhone to use Signal.
It's like iMessage for Android. Works as a regular sms app for those without it and send encrypted messages to those who do have it. Also has quick reply and direct photo capture. There's really no reason not to install it even if you don't know anyone else who has it yet. Free software (GPLv3). From the website:
Wall Street Journal recently had a good article about it
Also seems to have been the only sms app that wasn't vulnerable to automatic triggering of the Stagefright bug
> Supposedly the vulnerability is in stagefright, which is the Android
framework responsible for audio/video encoding/decoding and playback.
TextSecure doesn't do any pre-processing of received audio/video
messages, so it seems unlikely that a vulnerability in stagefright could
be triggered simply by sending audio/video to a TextSecure user.
For any interested developers, they're currently paying almost $50 for accepted pull request.
Signal Private Messenger is good.
Lots of features. End to end encryption and msg over WiFi
I use Signal. Android and iOS. There's a Chrome/Chromium addon that's in beta. And it's Free Software (GPLv3).
It's sort of like iMessage for Android. It handles sms so it doesn't feel like a separate app but if both have it you're sending encrypted messages using data instead. iOS doesn't let other apps handle sms though so it just sends encrypted messages.
Some nice features besides keeping your messages and calls private are quick reply, group messaging, muting conversations, sending audio and video files up to 100mb and sending your location.
Signal: Effectively an Open Source iMessage for Android (and iOS). A drop-in replacement for Android Messages (with SMS support). On top of that communication with other Signal users (message/voice/video) is using WiFi/data and end-to-end encryption. Also supports group messages. Very simple setup and configuration.
VolumeSlider: A volume button replacement. Lets you slide your finger across the edge of the screen to adjust the volume (system/ringtone/notification/alarm). A small in-app purchase will let you configure up to four gestures (two on the left edge and two on the right). Also now has experimental support for adjusting display brightness.
Pepe DNS Changer: My no-root solution to blocking ads. I like this better than DNS66, and other ad-blocking apps, because of its simplicity. I just configured it to use Adguard's DNS servers (22.214.171.124 and 126.96.36.199). Doesn't automatically activate on boot, so I have to do that manually. Uses the on-device VPN service (like other apps) to do its thing.
Simple Radio: Probably my most used app, next after my reddit app. Just a simple Internet radio app really. The in-app purchase removes the ads, and that is worth doing in my opinion. Also has sleep timer support, for turning off the radio, if you use it to fall asleep.
Chan Burauza: A decent, good looking (after you change the theme) app for browsing 4chan, 8chan, 420chan, and Lainchan imageboards. Not sure I'm really gonna use it much, but I found it by chance and it seems pretty good, compared to other related apps. So if you're looking for an alternative to your current chan app, you should at least give this a try.
Phew, for a moment there I thought it was signal, the encrypted messaging app. Thank fuck its just twitter bullshit
Nate Cardozo from EFF had this to say:
> @durov @csoghoian @WIRED @iRowan Also as @alexstamos points out, we @EFF do NOT evaluate implementation. Only baseline "did you even try."
> @durov @csoghoian @WIRED @iRowan @alexstamos @EFF Also, it's clear that "did you even try?" answer is NO for Telegram's defaults.
Want secure messaging? Use Signal. Available for Android and iOS. There's a Chrome/Chromium app for desktop that's in beta.
Just went through my phone there. Descriptions, sites, and app/play store links included.
The Signal Private Messenger application is amazing, provably secure mobile messaging. The WhisperSystems teams code is used by WhatsApp now, although I am unsure how well implemented the WhatsApp version is.
See it as free, un-eavesdroppable calls and texts basically anywhere on the planet with an internet connection. There is even a desktop version!
Signal - iOS App Store
Signal - Android Play Store
SnoopSnitch from SRLabs effectively acts as an intrusion detection system of sorts for your cellular baseband, notifying you if it detects things like IMSI catchers (stingrays) and other attacks on your phone designed to violate your privacy.
SnoopSnitch - Android Play Store
Pry-Fi is an application (requires root) that helps you avoid tracking based on your phones wireless MAC address. A lot of stores try track customers based on their mobiles MAC address, so what Pry-Fi does is spoof it to avoid tracking. It also has a much ruder, aggressive mode, where it pretends to be loads of devices to ruin tracking data analytics :)
Wigle WiFi is a collaborative, crowdsourced, wireless mapping application. You set it up, let it run in the background when exploring new places (it does consume some battery, so I usually only run it when going somewhere new), and it generates data linking wireless hotspots to geolocations. You can then download this data to your own computer and look at it with Google Earth or whatever if you want, or simply upload it to the Wigle servers so everyone can benefit from the data you collected about the Wireless networks around.
Wigle WiFi - Android Play Store
Good advice. Here's some more.
Use free software instead of proprietary whenever possible.
Signal by Open Whisper Systems for encrypted messaging and calls.
Use strong passwords and don't reuse them. Best thing is to use a password manager (make sure it's Free Software instead of proprietary, like). That way you don't have to remember many passwords, just one. Use Diceware to make it a good one.
Keepass2Android is a good password manager. You can use it with KeePassX for desktop.
If you're a GNU/Linux user and comfortable with the command line, I'd recommend pass with Password Store (you need to use this with OpenKeyChain)
Make sure to turn on 2-step verification on Google and use Google Authenticator.
Firefox with the following add-ons uBlock Origin, HTTPS-Everywhere, and Decentraleyes.
On the desktop version Privacy Badger is also a must, but it doesn't work on mobile. None of the add-ons mentioned require any effort, you just install and forget about them.
I'm doing my best to convince people to use Signal. Works like a normal messenger but is encrypted.
As currently implemented WhatsApp is completely secure.
What the Australian government is asking for (and won't get) is for the entire architecture to be changed so that rather than having end to end encryption, the messages will be sent to the server encrypted, re-encrypted for the recipient and then sent on.
The plain-text transition in the middle will give governments the ability to intercept the transmissions by simply asking Facebook etc for a copy.
The underlying tech in WhatsApp was originally designed for and implemented in Signal, available for free for both iOS and Android, I highly recommend it.
Stick to free software as much as possible.
Use Signal by Open Whisper Systems for messaging. It's like iMessage for Android. Handles regular sms but sends encrypted messages to friends who also use it. Recommended by Edward Snowden and Bruce Schneier. It's available for iPhone as well, and a browser addon is on its way.
> Thomas H. Ptacek
> By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
> Edward Snowden
> I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
Whatsapp uses the Signal Protocol now, and is end to end encrypted by default, so it's more secure than Telegram. Don't like Whatsapp for some reason? Use Signal itself. Available for iOS and Android. There's also a Chrome/Chromium app in beta for desktop.
Signal. Works on Android and iOS, there's also a Chrome/Chromium addon that's in beta.
On Android it's like iMessage. Sends regular sms to those without it and sends encrypted messages to contacts using it. So even if you don't know anyone else who has it yet there's no reason not to use it as it's a great sms app as well. iOS doesn't let other apps handle sms though so it just sends encrypted messages. And it's free software (GPLv3).
To answer the last sentence in the article. Use TextSecure and Signal by Open Whisper Systems. Not a single app mentioned in the article will keep your messages private.
On Android it's like iMessage. Works as a regular sms app for those without it and sends encrypted messages to those who do have it. So there's no reason not to use this even if you don't know anyone else who has it yet. iOS doesn't let other apps handle sms but the same goes for any other app so not a big deal. And it's free software (GPLv3).
From the website:
Use Signal if you think your messages and calls should be private. Available for iOS and Android. There's a Chrome/Chromium addon for desktop that's in beta. Read about the security here.
You can use it as your sms app on Android, so it's great even if none of your friends have it right now.
Recommended by Edward Snowden and Bruce Schneier.
Telegram isn't even end to end encrypted by default, keeps your messages accessible on their servers, server software is proprietary, and it has homemade crypto.
> Meanwhile, Apple and Google are currently rolling out user-friendly end-to-end encryption for their customers, many of whom have demanded greater privacy protections — especially following Snowden’s disclosures.
Can someone tell me what this is about?
Speaking of end-to-end encryption, everyone should use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS.
Wall Street Journal had a story
Just a warning to anyone considering using this app. It is closed source and hence unauditable. While messages may be encrypted client-side, your only guarantee that clear-text copy is not also sent to the intermediary server and logged is the developers word.
Privacy where you must trust an unaccountable third-party is not real privacy.
TextSecure (Android) and Signal (iOS) are open source alternatives that are interoperable with one-another and do both one-on-one and group text messages, as well as sending files (photos or whatever).
As an added bonus, if you're using TextSecure it can be set to replace your default text messaging app, doing clear-text SMS messages to contacts without a compatible app, but upgrading to encrypted messages via data for those who do, which saves you needing to check multiple applications for mesages. Sadly, this particular functionality simply can't be done on iOS as Apple prohibit third party applications from replacing built-in functions.
As for encrypted voice calls, on iOS this is integrated into Signal. On Android, it's a separate app called RedPhone, which is of course compatible with the encrypted calling in Signal.
Some important caveats: While you can be confident that the content of your calls/texts is confidential when using either of these apps (unless, of course, you're sending traditional SMS messages in TextSecure), limited metadata is revealed:
Sadly, there are not really any mobile instant messaging apps that obscure metadata in addition to content, just yet. If you're on a real computer, Ricochet accomplishes this, however there are no mobile implementations yet.
For asynchronous messaging (i.e. like email), BitMessage obscures both content and metadata. There is an Android app, Bitseal in the works, but it is still in beta, hence you will need to join the G+ community and opt-in to the beta channel for it to be available in the play store (this link won't work unless you've done the above).
Everyone should be using Signal on their iPhones or the android equivalent TextSecure and RedPhone.
RedPhone (Android - phone calls)
Posting on your comment for visibility. Everyone should use Signal. It's open source, uses end-to-end encryption, and is endorsed by Edward Snowden.
Edit: I forgot to mention that Signal uses perfect forward secrecy, which is a major plus. OTR is the only other common and secure messaging protocol implementing PFS that springs to mind.
Signal. Its sms implementation just works and you can have true e2e encryption with an auditable, open source app.
I'd recommend Signal instead of Hangouts. It's available for Android and iOS. There's a Chrome/Chromium addon that's in beta. And it's Free Software (GPLv3).
And yes, it does have end to end encrypted group chats.
I'd just like to interject here. Have you heard of SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN?
Textsecure is probably the best bet right now. The protocol is open and seems sound. The only thing that bothers me is that Google can access metadata because they use their push functionality. So Google can see who you contacted when, but not what you said. Also they do not offer Binaries outside of the play store. Their reasoning is that users always should have the most current version, but still it sounds fishy, especially since they do not accept Textsecure on F-Droid.
Threema is also quite popular for some reason. It became popular after WhatsApp was bought by Facebook. But it fails the basic requirement everyone should have for cryptographic systems: It's not open source, so might be backdoored or just sloppily implemented and nobody would know.
Telegram is open source but their business uses scammy tactics like unfair "crypto-contests" rigged in such a way that they are unlikely to lose, even if the app is vulnerable.
Feelin good about having switched to Signal
Have you looked at Signal by Open Whisper Systems? It has those as well.
It's like iMessage for Android, handles regular sms but sends encrypted messages to friends who also use it. Free Software and recommended by Edward Snowden and Bruce Schneier.
Check out Signal
This is likely due to weak passwords or bad implementation. If you're the top priority of the NSA sure they'll get to you one way or another (not by breaking PGP), but mass surveillance is definitely something we can stop.
Blackberry should be avoided though.
> Blackberry believes in a “balanced” approach to encryption, incorporating lawful intercept capabilities, and the company prioritizes cooperation with law enforcement, Chief Operating Officer Marty Beard said Tuesday. “We very much take a balanced approach” to the issue of encryption, he told the FedTalks government IT summit, differentiating Blackberry’s approach from that of some of their competitors who are “all about encryption all the way.”
Use Signal for secure calls and messages on Android and iOS. There's a Chrome/Chromium addon that's in beta. And it's free software (GPLv3).
a VM won't help with the NSA, but it will make it much harder for windows to grab your data. Technically any system is compromised if the host is compromised, but windows needs to collect in bulk from everyone. It's unlikely they will be able to do fancy memory attacks automatically to grab your data. So using virtualbox on windows with a linux + vpn guest is good for everything but the gov.
Remember, the CISA bill is about getting businesses to give the gov data. Don't let MS have your shit and it gets harder. Same principal with VPNs, at the very least it makes it harder because everyone needs to be cracked.
Also shout out to:
Signal for messaging/encrypted calls (android, ios, desktop)
Jitsi for video calls (win, osx, linux)
Tails VM in windows to prevent MS spying but still be able to use win to play games/office. Just boot the OS from the ISO, then you can even snapshop the machine state for faster boot it you want.
Use Signal by Open Whisper Systems. You can get it for Android and iOS so far, but they're also working on a browser addon.
On Android it's like iMessage. Works as a regular sms app for those without it and sends encrypted messages to those who do have it. So even if you don't know anyone else who has it yet there's no reason not to use it as it's a great sms app as well. iOS doesn't let other apps handle sms but the same goes for any other app so not a big deal. And it's free software (GPLv3).
For secure instant messaging, use cryptocat. It's the program Edward Snowden used to communicate with journalists while in hiding.
For secure texting, use signal. That's the same encryption used by Whatsapp but in a much more lightweight app.
In the past, I'd have recommended riseup.net for secure email, but sources indicate it has been compromised, and at any rate they've switched to an invite system.
Here is a good site for creating temporary throwaway email addresses. All messages are deleted after one hour, with administrative logs deleted every 24 hours. Do keep in mind that it is not an encrypted service, and that anyone who knows the domain can access the inbox. It's best to used this service to send and receive contact info for those other two methods of communication up top rather than to actually use it for communication.
For secure web browsing, use Tor.
Also it uses homemade encryption and the server is proprietary.
> We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack. At the same time, we see no reason why one should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist.
> The take-home message (once again) is that well-studied, provably secure encryption schemes that achieve strong definitions of security (e.g., authenticated-encryption) are to be preferred to home-brewed encryption schemes.
Want secure messaging?
Signal. Avavailable for iOS and Android. There's a Chrome/Chromium app for desktop that's in beta.
Conversations is an XMPP-client for Android with support for OMEMO (based on Axolotl from Signal). There's an experimental plugin for Gajim for desktop.
Use Open WhisperSystems apps instead. TextSecure for Android and Signal for iOS.
Telegram isn't very good. To quote Moxie
> I'm a Signal/TextSecure contributor. There's been a lot of controversy over the Telegram encryption protocol, and any cryptographer that looks at it cringes.
> Beyond doubts with the protocol itself, I think the more important consideration is that most people never use it. Telegram is not encrypted by default. Users have to create a special "secret chat" with contacts that is ephemeral, and some Telegram clients don't even support that mode. Last I checked, there was no way to have group "secret chats" in any client at all.
> The result is an unfortunate situation where many users seem to think that Telegram is somehow secure by default, when it definitely isn't. Telegram even stores plaintext copies of everyone's entire message history on the server for multi-device sync.
This is one of the reasons I try to stick to free software apps.
Tinfoil for Facebook. There's a fork called Metal for Facebook and Twitter but the developer hasn't released the source yet.
OsmAnd Maps & Navigation uses OpenStreetMap data.
Signal for iOS
Signal for Android
Signal by Open Whisper Systems.
It's like iMessage for Android. Handles regular sms but sends encrypted messages to friends who also use it. Recommended by Edward Snowden and Bruce Schneier, and it's free software (GPLv3).
Slide for Reddit, also free software.
people need to use signal
~~Google Search~~ StartPage /DuckDuckGo
Firefox inclusive AddOns: uBlockOrigin / NoScript / HttpsEverywhere / PrivacySettings)
~~Gmail~~ ProtonMail OR Tutanota (or posteo)
Delete Facebook Permanently while downloading a copy of your data prior deletion.
~~WhatsApp~~ Signal [Android]] - [iOS]]
Delete permanently GiogleAccount
In case you don't need GoogleDrive etc. Anymore. Also take a look at [link] to see how much they have about you already.
Delete Instagram permanently
Delete Twitter permanently.
Want secure calls and messages? Use Signal. Available for Android and iOS. There's a Chrome/Chromium app for desktop.
Nice try NSA. do not use closed-source proprietary software people.
Use Signal, [TextSecure], ChatSecure, CSipSimple+Ostel, Xabber, Conversations,
Signal by Open Whisper Systems for messaging. It's like iMessage for Android. Handles regular sms but sends encrypted messages to friends who also use it. Recommended by Edward Snowden and Bruce Schneier. It's available for iPhone as well, and there's an addon for Chromium / Chrome in beta.
Use strong passwords and don't reuse them. Best thing is to use a password manager (make sure it's free software). That way you don't have to remember many passwords, just one. Use Diceware to make it a good one.
Keepass2Android is a good password manager.
If you're a GNU/Linux user and comfortable with the command line, I'd recommend pass with Password Store (you need to use this with OpenKeyChain).
OpenKeyChain " OpenKeychain stores and manages your keys, and those of the people you communicate with, on your Android. It also helps you find others’ keys online, and interchange keys by touching devices. But its most frequent use is in using those keys to encrypt and decrypt messages."
Tinfoil for Facebook. Wrapper for the Facebook mobile site, if you use Facebook. There's a fork called Metal for Facebook and Twitter but the developer hasn't released the source yet so I'm avoiding that for now.
Telegram isn't secure. You should use Signal instead, heres the link for iOS and Android.
With Telegram end-to-end encryption is off by default. "Secret chats" only works if both are online at the same time and you can't use group chats or desktop client. So the majority of all messages sent are not end-to-end encrypted and also kept accessible on Telegrams servers. Compare that to Signal and Whatsapp where messages are always end to end encrypted and don't store your messages at all. Also your friend doesn't need to be online and you get encrypted group chats and desktop client.
Signal renders those old IMSI catchers useless
Every intl airport in Canada is running an IMSI catcher too. If you have a certain Qualcomm chipset you can use SnoopSnitch to detect when GSM encryption is off meaning you just got MITM tower'd [link]
Skype isn't secure, there's no end to end encryption.
Use Jitsi on desktop. For mobile, use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS. Redphone is the app that handles calls on Android, but it will soon be integrated into TextSecure. No desktop client yet but they're working on it.
Wall Street Journal had a good article
Everyone should switch to Signal! [link]
Your Pixel has its locally stored data encrypted by default. Its a feature of the OS and its enabled by default. I'm not aware of any other disk encryption software for android.
If you want a messaging client that has encryption you have several choices. You can use programs like Signal or Telegram for example. You can even use BBM if you trust Blackberry.
Use Signal for messaging.
Using Free Software instead of proprietary is usually a good idea. You don't gain anything from installing those apps from F-Droid though, you're better off not allowing installation of third party apps.
Also see Snowdens advice on reclaiming your privacy.
The first step that anyone could take is to encrypt their phone calls and their text messages. You can do that through the smartphone app Signal, by Open Whisper Systems. It’s free, and you can just download it immediately. And anybody you’re talking to now, their communications, if it’s intercepted, can’t be read by adversaries. [Signal is available for iOS and Android, and, unlike a lot of security tools, is very easy to use.]
You should encrypt your hard disk, so that if your computer is stolen the information isn’t obtainable to an adversary — pictures, where you live, where you work, where your kids are, where you go to school. [I’ve written a guide to encrypting your disk on Windows, Mac, and Linux.]
Use a password manager. One of the main things that gets people’s private information exposed, not necessarily to the most powerful adversaries, but to the most common ones, are data dumps. Your credentials may be revealed because some service you stopped using in 2007 gets hacked, and your password that you were using for that one site also works for your Gmail account. A password manager allows you to create unique passwords for every site that are unbreakable, but you don’t have the burden of memorizing them. [The password manager KeePassX is free, open source, cross-platform, and never stores anything in the cloud.]
The other thing there is two-factor authentication. The value of this is if someone does steal your password, or it’s left or exposed somewhere … [two-factor authentication] allows the provider to send you a secondary means of authentication — a text message or something like that.
One more reason to use something like Signal.
I prefer TextSecure.
The apps by Open Whisper Systems. TextSecure for Android and Signal for iOS.
Out of context, most people here would assume you mean another signal
I would recommend Signal by Open Whisper Systems.
> "Signal was designed specifically for mobile devices, using a jitter buffer tuned to the characteristics of mobile networks, and using push notifications to preserve battery life while still remaining responsive. Signal is also Free and Open Source Software, allowing anyone to audit the code for correctness or help contribute improvements."
Android - Google Play Store: [link]
NO, they really don't mean Telegram.
doesn't use crypto by default
the crypto they use is "homegrown" which is a bad thing, because it is really difficult to securely implement encryption, and the telegram devs aren't crypto experts
Telegram uses "Snakeoil" tactics to distract from their shortcomings
Snowden called them out for some of it, he reccomends to use Signal btw (as does Bruce Schneier, which is probably among the top five cryptographers out there).
Don't use Telegram people, use Signal, it's free (in both meanings of the word) and also has encrypted calls over Wifi.
On Android it's like iMessage. Sends regular sms to those without it and sends encrypted messages to contacts using it. If your friends are using Android it won't feel like an extra app. iOS doesn't let other apps handle sms though so it just sends encrypted messages. And it's free software (GPLv3).
Use signal for voice and text conversations ^please?
As a counterpoint, I'd like people to consider Signal (formerly TextSecure) [link]
All of these are free software.
Signal by Open Whisper Systems for messaging. It's like iMessage for Android. Handles regular sms but sends encrypted messages to friends who also use it. Recommended by Edward Snowden and Bruce Schneier. It's available for iPhone and desktop (as a Chrome/Chromium addon).
Orbot with Orfox (beta) for browsing with privacy.
Slide for Reddit still in beta. Used to crash a but haven't had any problems lately.
For those wanting to ditch e-mail, here are the services I have switched to that are easier than PGP and e-mail for most people.
XMPP + Off-The-Record - I use pidgen and chatsecure as clients. You can run this over Facebook or Google accounts to make it easier to convince friends/family to use it. I have switched all of my close friends to this.
Textsecure - Not really a good replacement for e-mail, but for the ones who can't understand option 1 in my family I just installed this. They don't even know its there or what it is. My messages are at least encrypted to them now.
Bitmessage - I have pretty much moved to this for 'e-mail'. Works well. For anything super secretive I still encrypt it with PGP first and then send it. I am waiting for this to be audited and studied a bit more, although I am sure its fine.
Pond - This is pretty new and haven't tested it. Looks promising.
Since the NSA leaks, I have all but completely dropped e-mail. I still use it for registering on websites and such. I even still send the occasional PGP encrypted mail, but I prefer these other options now. XMPP + OTR is easy, more secure, and deniable. Something GPG/PGP doesn't offer. Move to that for secure communications for now.
My advice would be to first focus on low effort solutions.
Install the apps by by Open Whisper Systems. TextSecure for Android and Signal for iOS. Signal is TextSecure+Redphone, not just for calling, and Redphone will be integrated into TextSecure soon. Those are the best tools we have for secure communication on phones. Ask the people you communicate with the most to install that as well. For Android this is easy as TextSecure replaces their SMS app, sending regular SMS to those without TextSecure and encrypted messages to those who do. There's really no good reason not to install it, and everyone reading this should do it.
This doesn't solve all your problems but it's the most bang for buck.
Install the apps by by Open Whisper Systems. TextSecure for Android and Signal for iOS.
Then start reading [link]
Hopefully this will migrate more user towards signal.
Signal has a Chrome app that works well enough and you get the added bonus of mobile apps (Android / iOS).
Does the link not work for you? Here's the post that I was linking to.
Telegram isn't secure. Whatsapp still uses end-to-end encryption for all your messages, unlike Telegram. You should recommend Signal instead, heres the link for iOS and Android. Open Whisper Systems who made Signal were also hired to implement the Signal Protocol for Whatsapp, Google Allo and Facebook Messenger.
Signal. Avavailable for iOS and Android. There's a Chrome/Chromium addon for desktop that's in beta.
> Still, is there any point in taking these precautions
Some more tips from Snowden.
Install Signal in its place:
Use Signal by Open Whisper Systems as your default sms app.
TextSecure by Open Whisper Systems seems to have been safe all along.
For those new to TextSecure
Signal is your friend. Android link
Signal (Play Store / App Store)
Hoccer (Play Store / App Store)
Bei Hoccer braucht man keine Telefonnummer angeben und kann Kontakte per QR-Code und Kamera hinzufügen.
Signal. Avavailable for iOS and Android. There's a Chrome/Chromium addon for desktop that's in beta. Read about the security here.
Signal. It's available for Android and iOS. There's a Chrome/Chromium addon that's in beta.
Even better. Signal.
No. What is your threat model?
You can encrypt your messages with Signal by Open Whisper Systems
You can browse anonymously with Orbot and Orfox (beta). Or at least gain some privacy/security by browsing with Firefox with the following add-ons uBlock Origin, HTTPS-Everywhere, and Decentraleyes.
You can avoid proprietary apps and use free software.
But a mobile phone is a tracking device
Switched to signal as my messaging app as soon as I read this.
Everyone should be using Signal.
time to switch to Tor. Tails. Signal. Facebook is on hidden service. Secure email communication, Tutanota. Secure IM, Ricochet.
Meh. Yah if you care about privacy, use Signal
Signal Messenger, which uses OpenWhisper
Telegram isn't secure. If you want a secure messenger use Signal. Available for iOS and Android. There's a Chrome/Chromium addon for desktop that's in beta. If you don't want to use GApps in the future you can check out Libre-Signal but it probably won't be as good.
Signal lets you do this.
Signal Private Messenger is pretty good
This is why you use Signal available for Android and iOS. This is a fully open source (client and server side) software whose code Whatsapp says they implemented.
It's made by Openwhisper Systems
The Play Store URL has "thoughtcrime" in it: [link]
Why not use TextSecure / Signal by Open Whisper Systems instead? If you're using Android it handles regular sms as well so you don't have to switch apps when you want to talk about something sensitive, all your communication with your wife will be private all the time.
Unlike Threema it's free software (GPLv3) so the source code is available, and it doesn't cost anything. Also it's recommended by these people:
I'm sure we'd all love to have/see your notes once you're all done.
FSF and EFF have definitely helped to push me left over the years until I ended up here. This is particularly true in regards to copyright, IP, etc (and I work in film/tv to top it all off).
Anyway, you need to consider your audience before we can help here - something it seems like you're already acutely aware of. If these are tech savvy people, then dig into what sets FOSS apart from open source and closed alternatives. Dig into the nitty gritty history and explain why I get yelled at every time I say linux instead of GNU/Linux.
If these are not tech savvy people, ease them into why not having control of their stuff is potentially a bad idea and why (easily usable) FOSS is a better option. Use lots of analogies such as the difference between "licensing" a car you bought and actually owning it and being allowed to tinker and repair it yourself. In my experience, analogies are the most important part of explaining tech to non-tech people.
While you're at it, get everyone on Signal/TextSecure!
So what kind of audience is this?
Only Android-to-Android, though. As of Apr 30, WhatsApp messages from or to iPhones are still without E2E encryption.
In the meantime, I recommend using Signal on iOS and TextSecure on Android.
I just want to let every Android user here know about easy, auto-encrypted communication with their phones.
Firstly, there's Off-The-Record (OTR) messaging. It's available in:
TextSecure (for SMS messages)
Xabber (for Facebook chat, and any other XMPP chat). Just a side note here: You can use Pidgin (Windows download here) and Pidgin-otr-plugin (Windows download here), for encrypted Facebook chat using OTR on your PC. And yes, you can use OTR to communicate from a PC to a phone.
Now, for electronic communications outside of messaging:
You can install RedPhone alongside your normal phone app to have encrypted phone calls. Just dial their number with Redphone for the call to be encrypted.
For Tor: install Orbot and Orweb, and just use Orweb whenever you want to browse through Tor. Super easy.
You can use APG and K-9 Mail for encrypted email, but many of you probably don't use email these days to communicate with friends and dealers.
Also, yes, the person you are trying to contact through one of these apps also needs the same app to be able to communicate back.
I use Signal, which does just that. But you have to trust the end point, which you wouldn't on a company owned device.
Signal Private Messenger
Not of that one exactly, but Signal is a great open-source messenger that is basically like WhatsApp (WhatsApp uses the same encryption as them, except that Signal doesn't have any known backdoors and is open-source): [link]
Along with the newly discovered backdoor, there are other issues with WhatsApp:
>When you first set up WhatsApp, you’re encouraged, but not required, to share your phone’s contact list with the app. This helps the WhatsApp service connect you with other users quickly and easily. A WhatsApp spokesperson confirmed to me that the company retains contact list data, which means that WhatsApp could also hand over your contact list in response to a government request.
>Signal users must share their contact list with the app in order to find other users — in WhatsApp, this is optional but recommended. But Signal doesn’t directly send your contact list to the server. Instead, it uses what’s known as a cryptographic hash function to obfuscate phone numbers before sending them to the server. (It also truncates the hashed phone numbers, if we’re being precise about things.) The server responds with the contacts that you have in common and then immediately discards the query
I can only recommend Signal, been using it for about 2 years now, and it's just as easy to use as WhatsApp. Contacts are connected automatically and it can also be set to your default SMS app, which may also store your SMS encrypted.
Closed source implementacija ma i najbolje enkripcije ne znači nikakvu sigurnost kad ne znaš kako se zapravo barata ključevima. Ovo može biti backdoorano bez da to itko zna (a budući da je Facebook vlasnik WhatsAppa, vjerojatno i jest).
Ako Facebook ima back door u ovo, onda i državne agencije imaju back door. A kako je to vrlo lijepo rezidentni luđak za informacijsku sigurnost John McAfee rekao: "Pristup resursima neke državne agencije kriminalcima je moguć jednostavnim mitom nekom uhljebu."
Tko hoće kvalitetnu zamjenu za SMS i ostale messengere, najtoplije mu preporučam Open Whisper Systems i njihov messenger Signal (iOS / Android / desktop).
There's a browser addon too.
> I'm pretty sure every IM has my information and my message history
Except Signal. (iOS) (Android)
Use Signal by Open Whisper Systems as your default sms app. As an added bonus you get encrypted calls and messages if your friends also use it.
As far as I know Signal was the only sms app that wasn't vulnerable to Stagefright, even before the bug was announced. That's the nice thing about using apps where security is a priority.
Signal for iOS
> why does it need "Device & app history", which includes access to my (Chrome) browsing history, or my call log?
This is a result of Android's silly permission system. The only permission it has from that list is READ_LOGS, which it needs for call log access for the RedPhone integration, and that permission is grouped under device & app history. If you drill down into the permissions (or click "view permissions" from the play store webpage) you'll see that it only lists "read sensitive log data". It doesn't have access to browser history.
I posted this elsewhere but it posting here too:
Signal looks pretty good to me. Its open source and it seems that some heavy development is happening on all the fronts ios, android, chrome extension, and the server itself.
For those curious about securing their communications, Whisper Systems publishes numerous simple-to-use strong-encryption-powered communications applications, such as Signal for iOS and for Android platforms. They also publish Private Calling for iOS and Android.
These applications prevent communications from being eavesdropped upon in transit, which causes law enforcement to have to go through whatever legal or extralegal process they have available to directly wiretap and search the device you're using (usually that would require a warrant, issued by a judge).
If desired, manually verifying the key fingerprints used by others is straightforward, and the systems generate and handle their own keys.
For those wondering about TextSecure by Open Whisper Systems
just use Signal.
>Itsestäni se tuntuu enemmän tältä.
Rätinä linjalla oli joskus 50 vuotta sitten merkki siitä että joku kuunteli välissä. Tänä päivänä "näppituntuma" digitaaliseen salakuunteluun on about sama kuin vertailisi saman standardin mukaisten, 100€ ja 100 000€ HDMI-kaapeleiden kuvanlaatua hifikaupassa (aivan sama onko kaapelin häiriö desibeli sinne tai tänne jos aikasarjan tuottamat, virheenkorjausta seuraavat bitit ovat identtisiä).
Salakuuntelun mahdollisuus selviää speksejä tuijottamalla ja speksit verifioimalla. Eli jos WhatsApp on kätkenyt sovellukseen takaportin, sitä ei ole laillista selvittää (kts vastaukseni alla). WhatsAppia on kuitenkin ilmeisesti kehitetty pitkään samassa konttorissa kuin Signaliakin, eli devaajat ovat Signalin kehittäjien kuten Moxien kanssa päivittäin tekemisissä. Voisi kuvitella että Moxie on suht kärryillä siitä mitä koodissa tapahtuu, mutta tästä on mahdoton varmistua.
Lähde toimitloille on Google Play sivu jossa osoitteeksi on merkattu 650 Castro Street, Suite 120-414, Mountain View, California 94041-2055, sama kuin WhatsApp:n entinen osoite.
650 Castro Street, Suite 120-414, Mountain View, California 94041-2055
Jos kaivaa vähän speksejä Signal protokollasta niin avaintenvaihto on tosiaan, Diffie-Hellman. Klassinen MITM onnistuu toki jos käyttäjät eivät kytke turvallisuusilmoituksia päälle ja tarkista turvakoodeja. Turvallisuusilmoitusten pois päältä oleminen on suoranainen skandaali jolta mainstream-tietoturvayhteisö tuntuu ummistaneen silmänsä.
Vaihtoehtoja on siis kolme:
Blokkaamaton varoitus näyttää ainoastaan viestin puhekuplien välissä että "salausavain vaihtui". Blokkaava varoitus estää uusien viestien lähettämisen ja vastaanottamisen kun avain vaihtuu, kunnes käyttäjä hyväksyy uuden avaimen (ja mielellään varmistaa sen heti perään, tai ainakin mahdollisimman pian).
Kun WhatsAppin asetus on kytketty päälle (Asetukset -> Tili -> Turvallisuus -> Näytä turvallisuusilmoitukset tjsp), klassinen MITM voidaan sen jälkeen havaita vertaamalla turvanumeroita tökkäämällä keskustelussa käyttäjän nimeä, valitsemalla "Salaus", ja tarkistamalla että molemmilla näkyy sama numerosarja. Numerosarja näkyy nykyisin mukavasti desimaaleina eli se on nopea lukea puhelimessa. Huomattavasti turvallisempi ja nopeampi tapa on kuitenkin silloin kun näkee kasvotusten se, että tökkää numerosarjan alta "Skannaa koodi" ja skannaa QR-koodin. Riittää että toinen skannaa QR-koodin. Jos turvanumerot on oikein, viestejäsi ei lueta jos
1) WhatsAppissa ei ole takaporttia joka tekee turvanumeroista silmänlumetta
2) NSA / Supo pakkokeinolain puitteissa ei etähakkeroi älypuhelintasi. Snowden sanoi asian hyvin: Älypuhelimen voi hakkeroida yhdellä tekstarilla.
3) Kvanttitietokone ei murra WhatsAppin salausta
Ok, here’s all the apps I’ve collected so far
PEP (Pretty Easy Privacy)
If you were looking for links
Try using Signal instead
> lack of anything better.
> If what you said was true you wouldn't be able to get Signal on FDroid. (Noise)
Signal is not on F-Droid.
> That's incorrect, the Signal client for Android and iOS are 100% FOSS.
It is not 100% FOSS if it has Google Play Services blobs, as GPS blobs are proprietary, not FOSS. One of the reasons why it is not allowed on F-Droid. Though Moxie, the creator refuses to have it anywhere but in the Play Store, until recently this year. Moxie now provides the app on their website, which is pretty hidden and calls it the DANGER ZONE... because '[link]' goes directly to the Play Store, you have to have the direct link to that apk page. Moxie refuses to put it on F-Droid due to not trusting signature verification from F-Droid. Another reason why Moxie does not want people to download it everywhere else, is because Moxie wants to actually see how many users download Signal, and F-Droid doesn't track (it was in one of the issues on GitHub).
> That's incorrect, Signal has been designed to work perfectly without Google Play Services.
But the app still has those blobs inside it's code. The only way to register the app is to not have Google Play Services or MicroG installed on the phone. If you have MicroG installed, it'll give an error during registration, you can install it after though. Moxie probably won't have this fixed because he doesn't really care for the users who don't use Google Play Services as much. It took him FOREVER to agree to have it be able to not use Google Play Services. Issue from 2013, and did not give any other options until 2017 March 13. People kept pestering Moxie by creating issue after issue after issue on GitHub to get him to do this. And yes, if the app detects that you don't have Google Play Services, it'll fallback to web sockets instead of GCM. Why not just make the app not use GCM at all to get Google off of the app? Just need to remove those blobs and it'll be all good, since it can run without GCM & GPS. An app about privacy & security but uses Google...
> That's also incorrect, you can choose to run Signal on it's own and not use it as your default SMS client.
Sorry, I meant that you can run Signal on it's own, AND have it be an SMS/MMS fallback if you want to.
More info in the forums that helped push Moxie to release outside of Google Play, but he is still against people downloading it from the website.
Also, the app forces you to register your phone number too... so Idk if it's considered private.
There was LibreSignal, a true FOSS version, but it was abandoned.
Edit: Grammar & spelling
Signal ticks most (if not all) of those boxes.
You could try Signal.
Join the Signal master race!
Telegram isn't secure. Use Signal if you want a secure messenger. It's Free Software (source here) and you can get it for Android, iOS and desktop.
If you guys are concerned about privacy, check out Signal.
You mean something like this: [link]
Signal's latest (Android) update was March 31, 2016, so there is a lag: [link]
Use free software instead of proprietary whenever possible. Don't allow installation of third party apps. Buy Nexus next time if you don't have one now, so you get updates (including security updates).
Telegram is unsafe.
Blackberry should be avoided.
See Snowdens advice on reclaiming your privacy.
> The worst offenders are the messaging apps like WhatsApp and TextSecure. They have huge lists of permissions that allow them to rip everything off your phone.
It's called Signal now, and it's free software so you don't have to assume anything. See [link] for an explanation of all the permissions used. Check the source code yourself if you don't trust Moxie or these guys:
Private messaging. Your cert is worth nothing privacy-wise. You're trusting a third party to guarantee the integrity of your PGP public key. You'll want to start verifying the public keys of your peers in person. PGP isn't the current recommendation for encrypted messaging. I highly recommend you switch to messaging over clients that use OTR-protocol between computers and to Axolotl protocol (Namely, TextSecure / Signal apps) when using smartphones for communication.
~~If you're against this and want to follow the lead of our minister for communications:~~
~~Grab the app wickr~~ or maybe not...
Here are some links others provided for secure communications:
eff scorecard of text apps
also there's prism break which is truly excellent, specifically on instant messaging
Or even better, TextSecue. [link]
> temporary texts like SnapChat or any number of end-to-end encrypted messaging apps?
Snapchat is not secure or even encrypted. Most name brand messaging apps (or programs) are not secure either (refer to the other link).
If your looking for a truly secure method of communication you should ditch the cell phone. If you must use a cellphone then use an app like secure text for the android or signal for the iPhone (the iPhone is far more secure than the android). However, keep in mind that maintaining opsec with a phone is very difficult and requires a great deal of discipline. I don't have the time to write out all the precautions necessary to take when using a phone, but trust me there are many.
Personally, I would suggest using a computer purchased from criagslist w/ cash for secure communication. The computer should have an HDD not an SSD since HDD is older and better understood. If your looking for synchronous communication (like IM where both parties are online), I would recommend pidgin w/ OTR wiki. On the other hand, if you prefer asynchronous communication (like email where both parties do not have to be online together) you shouldn't even consider email; instead stick with pond.
edit: added a word and period.
Oh sorry, Missed the encrypted part. The only encrypted one I know is textsecure but no idea what it's like for features.
You are looking for TextSecure.
Did someone say not leaving a trace? You mean like a live system created by the makers of TOR?
Ah, decoding hashes. There's an app for that! (<More than that actually!) Matter of fact, there's even a live system built for (limited) cracking of hashes!
Designing malware? That's quite the commitment! Choose a programming language (I've heard Assembly is good for malware design, though a bitch to learn) and look up the mechanics of some of the worst malware created, their origins, their creators and their purposes. (Remember, history repeats itself--never think that a virus and its meaning are obsolete because of its age!) Get an idea of how malware works, follow some feeds, find some forums, and never forget that even something as simple as a Wikipedia entry can help you gain insight into the jargon of the elusive hacking community.
Now, if you're looking for tools, you might have to go some dirty places. Places where you can retain complete anonymity. Places like the deep web! Only accessible through anonymization browsers like TOR, it's where all of the Earth's scum goes to meet. Sounds jolly, eh?
disclaimer: the deep web is a very dangerous place. I do not encourage going to it. But in reference to doing things discretely (and hosting discrete servers), I thought I'd include this.
But the deep web is for things that are blatantly illegal and destructive. If you're hacking for positive purposes, you can always put every effective vulnerability tester, cracker, sniffer, mapper etc. on the planet into the most advanced operating hacking operating system on the planet and call it "penetration testing"! And download it for free! Legally!
Too scared for the deep web, but want to dabble in anonymous chans, mailing lists, and just awesome sites without breaking laws? Great! I suggest checking out bitmessage, (which includes its own chans scattered in various places and even a subreddit), various sites like hak5, Hacker News, Hacktivismo, and Darknet, and of course just talking with people with similar interests is always a good (though sometimes risky with people you don't personally know) route.
Wait though! You can't just talk about things like hacking and semi-legal things without raising a few eyebrows (especially if you're looking for doing some truly evil things)! If you've had your ears open, you know that the government is monitoring us more than ever before. (ever. like ever.) So, wanna talk with your homies without raising suspicion(or leaving any legible trace)? ENCRYPT EVERYTHING! From emails to instant messaging to texting to phone calls to IM across devices to files and folders! Honestly though, you don't really need to encrypt everything you're doing if you aren't doing anything malicious, but it's always good to have these tools on hand if you're going to be talking with people who prefer privacy.
When you speak of how to debug malware, things like reverse engineering (finding how code works by breaking the warranty(not applicable to malware of course)and finding the source code) aren't my territory but you can always virtualize a disposable operating system (called a virtual machine) and run the malware within it to observe its effects. If you're looking for legitimate tutorials and such, go to sites like Lifehacker(yes, seriously) and HowToGeek for simple things and other forums like the ones listed above for the more complicated ones. (Validity speculation regarding searches for clickbait topics can usually be settled by searching on Lifehacker or HTG, i.e. Lifehacker isn't gonna bullshit you on the top 10 Linux distros, they're nice; HTG is comprised of, well, geeks; and of course Hak5 is a hivemind of enthusiasts.)
I cannot recommend Signal highly enough.
I use Signal.
What about Signal. Open source, has a ton of security focused features and what whatsapp steals it's code from.
Use Signal Private Messenger instead.
If we are really just talking basis stuff:
~~Chrome~~ Firefox inclusive AddOns: uBlockOrigin / NoScript / SmartHTTPS-revived / PrivacySettings)
~~Gmail~~ ProtonMail / Tutanota
~~WhatsApp~~ Signal [Android] - [iOS]
I really tried to narrow it down to five basic things even a regular Windows10 user can do. If someone decides to leave Gmail and GoogleSearch behind, of course I would also recommend to permanently delete the Google Account but maybe the person still has to use GoogleDrive or other services for his work so who knows. Same goes with deleting Instagramor Twitter.
I don't want to be credited:)
you can start using (and convince the people around you) to start using something like Signal, which provides E2E encryption, and is otherwise pretty robust, features wise as well.
Settings => Privacy:
Settings => Notifications:
As a bonus it uses an encrypted protocol and that's its main use, but that should be negligible battery-wise and it is otherwise pretty simple, minimal and lightweight app. If it is set as the default SMS app, it can be used for SMS too: it will fallback to SMS if the recipient does not have Signal.
Another suggestion: [link] - but I've never used it. Play has only the paid version, free version is available on F-Droid.
Also use something like Signal (Apple/Andriod ) that prevents the Cell Account holder from reading you SMSs
Edit: For those unfortunately that need to be extra paranoid: get a old/refurbished phone ($40-$50 range) and use it over wifi only to do stuff like email and chat, you can even make calls with google voice . Keep the phone hidden and secure. If it's found, Deny all knowledge and remotely wipe it.
Signal - it is the best app for video, call, and text. It uses end to end encryption. It was designed to be very easy to use. It works on phone and desktop. Also, it is free.
> I'd like to take this time to let you know that you can use signal messenger.
> On your Android device, you can even make it your default texting app, and use it like imessenger.
> While nothing is perfect, by using signal and encouraging others to use it as well, it will become that much harder to read private messages, and now, even audio calls.
Signal is excellent. Everyone should use it. [Here's a link to the wiki article about it.]([link])
Signal on Google Play
Signal on iTunes Store
Here's the developer's homepage. Their home page prominently features endorsements for Signal from Edward Snowden, Laura Poitras, Bruce Schneier and Matthew Green.
Everyone should use [Signal Private Messenger.]([link])
Signal is nice [link]
I just use ChatSecure but i found some similar apps. i stayed away from Facebook, Instagram, Whatsapp, Skype....
Signal Private Messenger (Free) – Android, iOS
Secure, free and easy to use, Signal Private Messenger is my favorite secure texting app overall. And while it’s simpler, it has plenty of features that power users will appreciate. That includes the ability to set up encrypted groups for private conversations with your entire work team. And while most secure messaging apps require both parties to be using the same application for encryption to work, Signal Private Messenger sets itself apart by working with standard SMS text messages, as well as SMS picture messages.
play store: [link]
ChatSecure: this is one of the most secure messaging services around. The app uses open-source, publicly auditable encryption libraries to keep your private business messages private. It’s really flexible, letting you choose between connecting via your existing Google account, or creating a new account on a public XMPP server. Users who want even stronger security can connect to ChatSecure from their own private server. And unlike with many rival apps, ChatSecure doesn’t require your phone number of any other personal data to get started.
apk here: [link]
Gliph is a secure messaging service that you can use on all of your computing devices. When you're on the go, use the iOS or Android app on your smartphone. When you're at the office, use the Gliph desktop app so you can send and receive messages using a mouse and keyboard. Another key feature is "Real Delete," which lets you permanently delete a message from both the sending and receiving device, as well as the Gliph server, whenever you choose. You can also attach a pseudonym to your main account at any time, so you can use a screen name for personal chatting and switch back to your real name for professional communications.
Wickr Me: this is a secure messaging app that lets you set an "expiration date" for every message you send. That way, you don't have to worry about a third party inadvertently reading private communications that are left on a contact's smartphone. Meanwhile, the app features end-to-end encryption for all messages, and it lets you remove metadata from individual messages, such as the time it was sent, as well as geo-location data.
apk here: [link]
Signal does exactly that. Has end to end encryption to other users of the app, and has a great appearance too.
Signal, here's the link for iOS and Android.
A great reason to start using Signal, my Aussie friends :D
As someone who's never used iMessage... what's the difference between that, and say something like Signal?
Actually, it might not be. Something I hadn't thought about is that someone could get into your Telegram account with nothing but your SIM card and your 4-digit passcode(you authenticate via your phone number and a 4-digit code - no password). Other than that, Telegram does offer end-to-end encryption. And the UI is a little better than Wickr, imo.
Doing a bit more research, I came across Signal(iTunes App Store, Google Play Store) by Whisper Systems. If you check their website, they have an endorsement from Edward Snowden. I'll be checking this one out, myself.
>Use anything by Open Whisper Systems. - Edward Snowden
But yeah, they basically all do the same kind of thing. Any of these will be a lot better than using plain SMS, iMessage, or phone calls. Signal allows for encrypted VOIP calls, apparently. That might be a useful feature for someone who actually wants to speak anonymously.
I've been happy with Signal: [link]
Use Signal by Open Whisper Systems as your default sms app. As an added bonus you get encrypted calls and messages if your friends also use it.
I see. Signal now supports encrypted phone calls! I use it for that and it's great, in addition to being used for encrypted text messaging. Snowden uses Signal and recommends it: [link]
 Signal for iPhone/iOS: [link]
 Signal for Android: [link]
Dann rate ich mal weiter Antworten: sichere Kommunikation (Chat und Telefonie) für jedermann gibt’s mit Signal für iOS und Android. Und hier sind ein paar gute Artikel von Micah Lee (Snowden-Vertrauter) zu den Themen Passphrases, Laptop-Verschlüsselung, sicher chatten, und VMs zur Schadensbegrenzung bei Sicherheitsproblemen.
If you want an app that cares about your privacy then you should use Signal.
The purpose is to protect other people by creating noise, protect other people (if you have direct contact with an activist) and make it very, very expensive and hard for the NSA to collect data on a massive scale.
>For me this becomes a balance between the effort and complexity of adding on and maintaining these systems v. the degree of protection provided for others. I'm not sure if that balance weighs in favor of protection and added effort right now.
That is a very good point. A lot of this can be very intimidating, especially for 'casual' internet users (don't mean that in a negative way). It is probably the largest obstacle the privacy movement has to overcome, and honestly I don't know if it can. :(
Either way, there are some very easy things you can do on your own. You can:
Use Firefox and make the changes recommended on the site.
Use the 'Disconnect', 'ublock orgin' and 'HTTPS Everywhere' add-ons.
You can think about using one of the encrypted email services for very private or personal emails.
You can not use Google (For me this was 10X more daunting than any of the really technical stuff, and it was a lot easier than I thought)
You can make the IOS or Android]([link]) app Signal your default text app, and encourage your friends to use it. It works all on its own with no set up, and automatically encrypts/decrypts messages sent to other users using signal as their default app. People who don't use it just receive a regular SMS message. Of all the message apps I use, this has the best UI in my opinion.
You can (and should, because it makes your life so easy) use a password manager like the ones recommended (but I use lastpass and it's random password generator. Don't hate. Best one IMO) and use two factor authentication on your important accounts.
And if you use win10 turn off all the crazy tracking stuff
All that would do a lot (I added the password part just to protect you though, it's good protocol) and would maybe just take 30 minutes? Other than that, just staying informed is what everyone in the privacy movement wants. It's very easy to ignore or forget that almost literally all of our data is being collected in various PRISM programs leaked by Edward Snowden.
I still have facebook, still play Civ V on steam, still call my mom using skype if I am overseas (she can barely turn on a computer, so she gets a pass). So you don't have to make huge changes. Just small lifestyle choices. (but if you are involved in any activist activity, this guide is not comprehensive enough)
This is probably due to weak passwords or bad implementation. If you're the top priority of the NSA sure they'll get to you one way or another (not by breaking PGP), but mass surveillance is definitely something we can stop.
Ed ha falle su falle dal lato della sicurezza. Whatsapp non credo sia messa meglio. L'unica app del genere estremamente sicura è Signal della Open Whisper Systems.
Yeah its for CDMA. I recently switched to a different messaging client called signal. Everything works great with it. I can send and receive pictures and group messaging works well.
I dont know if signal will work for you but it works great for me and a couple other people on ting with MMS issues.
I'm running the current CM 12.1 nightly on my sprint S3 on the ting network. I would recommend upgrading to CM 12.1 at least.
Here are some links of what I would flash:
The only issue is that MMS doesn't work with google messenger or the stock messaging apps. I discovered that signal is the only thing that actually works 100% of the time.
My data works great with this setup.
"How to make modern communication more personal and private?"
Easy, use Signal instead of proprietary niche messenger apps that claim to give you privacy but don't.
I recommend signal.
Here's the article about it. Whatsapp integrated code from TextSecure, which is available for Android and iOS both. It's also fully open source and security audited.
Either way this goes, it's going to be a win for personal privacy.
With everything the NSA does, even the french government had the 'benefit' of legal spying on all communication 4 months before the attacks but they couldn't prevent it and it turns out the terrorists were just using dumb phones and regular text messages.
Meanwhile, what the spying is actually used for is to keep ministers in check and spying on trade partners.
The 'encryption benefits terrorists' is bald faced lie and they're attacking the very foundations of democracy by using their spy tools to gather blackmail info on ministers and other supposed allies.
I hope your court eventually comes to its senses and I hope the people realise what they're really after.
Hell, even the US can't stop terrorist attacks with all their spying, their secret courts even found that information gathered this way didn't even contribute to uncovering any plots, let alone stopping any. Besides all that, it was ruled unconstitutional by judges who had access to NSA secrets to review.
Encryption is freedom. Anyone trying to undermine it is trying to take absolute control and power for themselves.
Imagine how powerful it is to have blackmail on every politician in power?
It's an encrypted sms client. With material design :D
Typing AES-256 by hand into my cell phone? Ain't nobody got time fo' dat.
I know yo ass better be talkin' 'bout Signal.
> it would need to be unencrypted (at google servers) before the recipient can access it
Basically this. Even if the information was encrypted on your device, it would need to be decrypted at some point to allow someone/anyone (even someone with a flip phone) to view the message.
How Apple provides secure messaging is by going through the iMessage network among other iPhone users. Google has something similar with Hangouts but it's adoption rate is far lower and even then you have to select Hangouts and not SMS when contacting other Android folks.
A potential solution is to have everyone you want secure;y message to use an app like Signal. It's multi-platform and apparently Edward Snowden endorses it for secure communications. Sign up is easy and uses your existing phone number.
That's true, I do. I'm sure there are literally millions like me. At the least, 1 - 5 million
Quem faz questão de segurança e privacidade pode usar o Signal.
Signal is an encrypted messaging app. Works well and has Material Design.
Text seure, renamed it.
Textsecure - I have enough friends who use the service that it's worth making it my primary msging app.
for Android users: TextSecure
No end to end encryption is unacceptable in 2015. Everyone should use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS.
Free software, made by people who know what they're doing and recommended by Snowden.
Wall Street Journal had a good article
Use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS.
Wall Street Journal had a good article about it
It's called TextSecure for Android and Signal for iOS.
Edit: He also created an encrypted VoIP app called RedPhone for Android. AFAIK Signal also handles VoIP for iOS.
De meilleures alternatives :
Développé par Open Whisper System :
Développé par The Guardian Project :
L'avantage de ChatSecure qui en fait l'application la plus sécurisée pour moi est le fait de pouvoir choisir son propre serveur XMPP (alors que celui de TextSecure est centralisé), et de pouvoir utiliser l'application en passant par Tor.
TL;DR: ChatSecure > TextSecure/Signal >>>>>>>>>>>>>> le reste.
There's a Google Summer of Code proposal to add support for Axolotl encryption (as used by TextSecure & Signal). Hopefully someone will implement it.
I experienced this problem... But with an LG phone... Couldn't figure out how to fix it and somebody suggested I started using this encrypted texting app Called Signal and it solved all my problems.
I'd recommend Signal.
WhatsApp uses the protocol of Signal, so you get WhatsApp-like messaging, BUT you can also send text messages in the SAME chat! So you have a seamless texting and "online messaging" experience.
Linkme: Signal Private Messenger.
Source code: [link]
Consider using the free, open source Signal app for encrypted communications.
Switch to Signal for all messaging.
Try getting your contacts to use Signal or Whatsapp.
Sorry. I deleted the guide a while back. If you want to read it, I linked the guide.
I'm not sure what you're talking about or why you're brining up our lord and savior... Or why you sound so salty. Calm down.
A simple Google search yields plenty of third party messaging apps. Here's the first one that came up: [link]
I use Signal.
It's a text app. If you and someone else use it, texts are private. I'm sure the description can explain it better.
yes true, but you could use Signal to send it encrypted.
Message Application ba sa Android? Try Signal
Use a VPN(windscribe is good). Preferably stay off home WiFi at all times, turn off Bluetooth, location services, anything that you could possibly transfer data over. I wouldn't be too worried about what he can see when you're just browsing the web.
If it's a possibility at all he has installed something on your phone I would suggest factory resetting it. Then get a cheap smartphone on your own plan and keep it hidden(never ever connect this phone to your Wi-Fi at home he will be able to see that you connected a new device and go looking.).
If you are looking to privately contact someone with absolutely no possible way of him intercepting look into the app Signal after factory resetting your phone.
My final suggestion is to video tape him when he's saying that he can see what you're doing and attempting to mentally torment you. Not only is he admitting guilt, it's only going to make you look better when it comes to your word vs his in the divorce. Mentally tormenting people like this is a huge red flag for mental illness.
Signal - encrypted messaging app.
Only works if both users share pub keys, otherwise it works typically.
Get Pocket - offline webpage app.
Signal, especially if you're concerned about privacy. It's been great as my texting app though.
Well let's survey what you mean/what are your goals...
Do you want your communication to be encrypted?
Do you want your communication to be completely anonymous?
Do you want your communication to be inter operational with traditional phone systems?
If the answer to all of those things is yes? Give up now, because you're not getting it. It's just an impossible thing, because this system (the phone system) is set up the way it is in part to give the people in charge (think phone companies/government) the power to control it; so you have to be okay with prioritizing some things over others. The first thing I suggest you do is familiarize yourself with the laws in your country/target country/where your communications will flow.
For my purposes, I'll assume you're an American. The most relevant laws are the Communications Act of 1934, Communications Assistance for Law Enforcement Act of 1994, and the Telecommunications act of 1996 - these things mandate that phone companies put in place the infrastructure for monitoring calls, record certain data, and permit certain type of technical implementations (think standards).
Back to your question, if you want to have your calls encrypted, that's easy through the use of Signal - but that's not the only app out there and certainly shouldn't be the one you use just because I recommend it.
Now, if you want to prioritize anonymity, most certainly the solution is utilizing a VOIP system through TOR. You can read up more about this elsewhere, but I'll tell you that our federal friends are really good at identifying/recording traffic like this.
Now if you want to be able to call just any old phone with little setup and the most anonymity possible -- I think your solution is to put on a bulky jacket, a baseball cap, some white gloves, and go to a local payphone on a bike. You'll expose your location (think city/state) and possibly even the phone you called from, but you'll remain relatively anonymous.
great idea, here's a list of gapps I found that could be a starting point for such a list (source: Open GApps):
Having never installed gapps myself, I'm not sure which gapps people usually install on their ROMs, and which ones people usually try to replace if they don't install them
Signal Private Messenger sends and receives to and from other Signal users via data (WiFi/Cell Data), but can send/receive SMS messages if the other user doesn't have Signal installed.
It's also end-to-end encrypted (edit: when both parties are using it) and there's no complicated special setup process or anything.
Also, it's endorsed by Edward Snowden.
I use it and almost all my friends do too. It was pretty easy to get them on board when I showed them how it ran on my phone. It's simple, quick, and does the job well.
if i could make a recommendation...both of you, use Signal instead
apple - android
not only will your data be encrypted automatically, but as a byproduct this will almost certainly never happen
If you are on IOS: [link]
If you are on Android: [link]
And even better if you are on Android, use the FDroid store for a FOSS version which doesn't rely on Google Play Services. This FOSS version is a fork and is maintained by the CopperHead OS team (makes a hardened android OS for security applications) and is called "Noise": [link]
Finally, below is a link to their website. It's trustworthy as the app and its crypto are open source and developed by a well-regarded developer, Moxie Merlinspike, and even endorsed by Edward Snowden.
EDIT: Fixed link.
Use Signal to encrypt all of your text and voice.
It's Signal specifically, and it's pretty much the only app that does this in my experience. Definitely been making sure the sync is off and even waiting a minute or so before leaving the android settings page where that toggle is, only to find it re-enabled a day or so later. Unfortunately there's nothing in the app's settings menu related to it so I'm stuck outright denying it contact access via android settings app permissions page.
Only thought is it's related to the permission it requests called "Toggle sync on and off" but unfortunately that's not revocable in android.
Tor is not end-to-end encrypted, instead it encrypts the moving data from node to node. Now VPN is entirely a different mechanism that encrypts your data from your device to VPN server (which you can't really trust).
This, using Tor is enough though (if you can bear the latency it comes with).
On top of that, you can use services that offers end-to-end encryption, for e.g., Mailfence for emails, Signal for messaging.
Most of the stupid security issues can be simply covered by using TFA and secure and private solutions. For e.g. you can use services that offers end-to-end encryption, (both on web & mobile devices) for e.g., Mailfence for emails, Signal for messaging.
Signal (messenger) is my solution here. But sadly still not enough friends on it to leave other messengers behind.
Thanks mate. Are you planning on adding support for Signal by Open Whisper Systems
Never mind. It works.
no hope left....
And I think it's good for PGP on the whole - as there shouldn't be that sort of 'powerful' bruteforcer - that can crack PGP encoded messages.
Though for ease-of-use (for the next time) - you can use services that offers end-to-end encryption, for e.g., Mailfence for emails, Signal for messaging.
Signal does both. Use it as a better SMS app until you get enough of your circle of friends on to use it as the most secure data messaging app
At least in my circles, a lot of people use Signal (25-30 contacts), it is bound to your phone number, so you will instantly see who in you contact list has it installed.
For the lazy on Android mobile
Why is nobody using signal? It's almost the same as messenger but your texts are encrypted. Sounds like a no-brainer for me.
Signal has a browser client that syncs with mobile.
Please add Signal to SMS!
Also, the encrypted-SMS fork, Silence! (it's a shame they removed SMS encryption in Signal)
You might want to give Signal ([link]) a shot. It have a Chrome extension that allows you to message from your browser. Not necessary to use, but it is also available on iOS.
I think it was a problem with the app I was using. I tried it from Signal Private Messenger. I just tried it from Gmail and it worked.
Thank you so much for the quick response and the video was really helpful.
Honestly, I can't stand it. It has so much bloat and the "connected devices" that's supposed to allow your messages to be delivered to other devices didn't work half the time.
I also use Signal as my SMS client and convert everyone I can to its encrypted messaging.
Definitely don't cheat on the weed, man. You'll need a messaging app and a dialer that allows you to do that.
I suggest you ask your provider to switch to signal which still uses your phone number but use data instead of your sms.
Then you could disable notifications for that app in particular.
Signal sends messages over WiFi as data. Also if your sending to someone else using Signal then your messages are encrypted.
I recommend Signal from Open Whisper Systems. The app and protocol are free open source software and it offers private, encrypted communications.
Textra is ad-supported
Whatsapp es closed source tmb.
El unico open source encriptado y bueno es el signal ([link])
Thanks, I don't use actual texting though haha. I use Signal with that person, so its not exactly texting, but encrypted messaging. Still works the same way as texting, and you CAN use SMS from the app, but I don't think Textalyzer would work in my case.
Anyone else use Signal? I've never owned an iPhone or even used iMessage but from what I understand Signal is pretty close. You can set it as your default SMS app and if someone doesn't have the app it just sends normal SMS. If someone does have the app, it sends a secure message seamlessly.
It's more security focused and open source unlike iMessage and Whatsapp and I believe the only thing it stores on its servers is your phone number so the app can determine whether to send secure or normal SMS.
Well, the whole "SMS integration" is basically what it needs -- that's what would effectively make it "Google's iMessage." Without SMS integration Allo is DOA.
If you're unfamiliar with iMessage, that's Apple's default texting app, but if you're messaging other iMessage users (ie, other iPhones) it sends messages as e2e encrypted messages that are readable on all your Apple devices (ie, you can respond from your Macbook). With iOS 10 it added additional features that Allo has touted (like stickers and other silly junk). (EDIT: As an aside, this is how Signal -- which Allo's E2E encryption is based on -- works on Android, including SMS integration.)
This, in my opinion, is the functionality that Allo needs to be successful. This goes hand in hand with the idea of "messenger unification," which I think is absolutely necessary but Google seems to be adamant about shooting themselves in the foot over, again and again.
They're making a replacement for Hangouts but also ensuring everyone that Hangouts isn't going anywhere? What sense does that make? The better message would be, "here's how we're transitioning from Hangouts to Allo/Duo."
Just download Signal? It's checked all of those boxes for quite some time now. It's also open source.
It isn't all that difficult, you know to quit WhatsApp.
I mean how does it make you feel getting equipped with knowledge like this thanks to the internet and then looking at Mark Zuckerburg threatening the very same internet and fooling all of us by saying he wants to "bring connectivity". He's a perfect example of a modern day corporate bully. His arrogance is banked on our denial to change.
It isn't unimaginable at all, to quit WhatsApp, Facebook and Instagram(He owns all thee). I used to invest a lot of time in Facebook and Whatsapp until I couldn't sleep at night because I couldn't come to terms with myself after coming across everything he does.
It has been well over 6 months since I got off Facebook, 4 months since I deleted WhatsApp and over a year since I deleted Instagram. I guess it just takes time to find something better.
PS: I suggest you use Signal Private Messenger
Yes the feature is it setting but I don't know if it will for Fi messages but you can give it a shot.
Telegram isn't secure. Whatsapp still uses end-to-end encryption for all your messages, unlike Telegram. The best alternative if you care about privacy is Signal, heres the link for iOS and Android. Open Whisper Systems who made Signal were also hired to implement the Signal Protocol for Whatsapp, Google Allo and Facebook Messenger.
Here's what I was linking to:
A bit late, but a great time to start using Signal, my Aussie friends. :D
Also the iOS version
Isn't this idea like signal ([link] )? If the person you are messaging has the app, use the app's service to send the message. If not fallback to sms?
Facebook stores messages indefinitely on their servers, AFAIK there's no way to remove them even if you delete them or delete your account. The same is probably true for twitter.
>Few months ago I made the mistake of talking about drugs and Deepweb over social media messages. I know big mistake you don't have to tell me.
If you are a drug user and not a dealer, you have nothing to worry about from messages alone. LE don't have the time to arrest every single person who talks about drugs or darknet markets on the internet.
If you value your privacy, use end-to-end encryption for your messages. I recommend using signal (iOS, android)
Using Signal, you can communicate instantly while avoiding SMS fees,
You might try installing Signal for Android and setting it as your default messaging application. It works well.
Not gonna join but how anonymous is this ? Never used Telegram, heard only bad things about it's encryption n stuff unlike Signal which has end to end encryption and doesn't store your conversation logs on their servers.
<strong>Signal Private Messenger</strong> - Free - Rating: 87/100 - Search for "Palabre News" on the <strong>Play Store</strong>.
Looks like a Signal clone?
The dad selling GPS trackers could mean he's a genious with them, or just a salesman. Every phone has a GPS tracker in it, so it's just a matter of tracking it.
As for messaging I suggest this app for android or (their Apple version) (which Edward Snowden actually endorses lol) to ensure you can communicate with each other privately. It can stop a lot of programs from seeing messages, but if she gets hold of his physical phone, it won't do much use (unless you delete them).
If it's an Android phone, the easiest way is to go onto Google Play, look at the installed programs and google any that you don't know, or look like they might track it.
On my phone I personally have put the Cerberus app on it. Which allows me to turn it on/off remotely, record video or audio, take photos, read phone numbers, track it and all sorts of other stuff remotely. Yes, if I left my phone in your house, I could use it as a recording device for audio/video/photographs.
If they don't have it in google play, then look through the application manager for any suspicious programs.
If he has an iPhone a lot of stuff is natively doable to track it, but there are programs like Cerberus on it that allow people to go through it remotely like they had it in front of them.
As for other apps you might like, PixelKnot allows you to write a message, then hide it in a photo that both of you need to know the password to unlock (plus both have PixelKnot). It's done by The Guardian Project, who I think are pretty good with free open source privacy apps.
Phone security isn't that hard, but having your own phone, with a password lock, different passwords to all your accounts (I use Lastpass to do a majority of my passwords with 2 factor authentication) that you don't share with people, will generally protect you from what most mums and dads (or partners) would be able to do to snoop.
Also, in case you didn't know, it's dead easy to record snapchats and do screen shots of pictures, so remember that when sending sexy stuff. Also, if you question him on the programs, if he is recording those snaps, then he might not want to show you what he has on it. The big one seems to be Casper which allows you to download and record all snapchat videos and photos, but if you're not careful will get your snapchat account banned. So if he has had to change his snapchat account on more than one occasion you might have reason to be worried.
The biggest and easiest way to record snapchats is to load the story, go into airplane mode, then screen shot the snaps as you go through, then force quit it and it doesn't notify the other person you have taken a screen shot.
So just be careful about those pics you send him. If you really have to send him boobs, or your vagina, don't have your face or distinguishing marks in the pics.
As for the dog, we know that's bullshit and it's up to him to put his big boy pants if he wants to bring it. Sounds like she got it specifically so she could use that excuse.
Any questions about your phone stuff, let me know as it's a hobby of mine (phone and app security).
> It's a modified version of Whatsapp
What the fuck? It's a whole different software/service with similar functionality.
> with greatly improved encryption
Read: , , .
Though WhatsApp is a closed-source software so you can never be sure it doesn't do anything malicious.
Signal (for iOS) is a more secure alternative encryption-wise, but it has its flaws as well.
> not that there's anything wrong with that to begin with
When it's used metaphorically, it describes a pretty pathetic behaviour. Whether or not there's anything wrong with being pathetic is up to you to decide.
> and people would claim that Signal had been hacked and wasn't secure
People that use an unofficial program that contains malware and blame anyone other than the creator of that program or themselves should cleanse the gene pool by ceasing to exist.
It's just an excuse for, as I've said before, a vendor lock-in.
They can do whatever the fuck they want, but there's a reason, their userbase is only 2x times bigger than that of a single XMPP client: Xabber, Cisco Jabber, maybe there's something else I do not know about what all the cool kids use. And 100 times smaller than that of Telegram.
OK, not built in but otherwise pretty much the same.
In most of the world, people don't use SMS anyway though, but of course that's meaningless if your friends and family do.
>If you're worried about Facebook not reading your messages, don't worry about that. WhatsApp currently has the best encryption you can get in a instant messaging service.
False. Signal has the best encryption out of all the messenging services.
> It's not perfect, but it's definitely a ton better than the competition.
Its not better than Signal
>Facebook no longer holds the keys, you can be safe.
You're right, they just own WhatsApp and have no interest in collecting the data of 1 billion users, surely they won't spy on you in the future, assuming they aren't already.
WhatsApp still leaks a fuckton of metadata.
WhatsApp is still closed source.
Signal is still the ONLY secure messaging service.
>If you don't use it because fuck facebook, that's not a valid reason
Facebooks entire mission as a company is to destroy online privacy. If you think WhatsApp is secure, then stop reading their press releases.
Signal is an encrypted messenger made my open whisper systems. It is on android, iOS, and has a desktop app through chrome. However I am much more partial to firefox, so would rather just have a desktop application similar to telegram.
open whisper systems: [link]
signal for android: [link]
signal for iOS: [link]
there github: [link]
> "Building on the renowned immediacy, reliability and security inherent to BBM, the new release provides unmatched level of privacy and control to BBM users without any subscription fees," said Matthew Talbot, SVP, BBM at BlackBerry. "Keeping control over the messages and content that they share, BBM users can be ensured that what they share is always theirs to control."
Use Signal if you think your messages and calls should be private. Available for iOS and Android. There's a Chrome/Chromium app in beta for desktop. Read about the security here.
If you want an end-to-end encrypted messaging solution, you could try Signal. That also has a Chrome client (which is much less awful than a couple of months ago) although that is still in closed Beta IIRC.
Edit: I'm aware this isn't a complete replacement for PB but I find it less hassle sometimes and it is secure.
If you care about your privacy, you should be using end-to-end encryption anyway.
Edit: I recommend Signal (iOS, Android)
Signal by Whisper Systems is more secure.
TL;DR: Use Signal by Whisper Systems
> Pavel Durov, founder of secure messaging app Telegram
Telegram isn't secure. If you want a secure messenger use Signal. Available for iOS and Android. There's a Chrome/Chromium addon for desktop that's in beta.
That's what I was going to ask about. /u/Castrox, does
I like Signal
I got enough of my frequently texted friends to switch to Signal to use it and I really like it
My preferred SMS application is Signal. If you are texting someone with the same app, the conversation is encrypted. Plus it has Material Design.
Use Signal for calls and messages on Android and iOS. There's a Chrome/Chromium addon that's in beta. And it's free software (GPLv3).
To quote Moxie (who made Signal)
> Here's the situation: people hem and haw about Telegram's cryptography, but what we should really be talking about is that Telegram is not using end to end encryption by default. Telegram stores your entire plaintext message history server-side. There is nothing worse when it comes to privacy, but it's very easy to write slick clients when they're just views onto the server and all the logic happens there.
Optional security is dumb. How about doing end to end encryption by default and giving people the option to turn it off for when they absolutely don't want the contents of their messages to be private? Silly when you think about it like that right?
Their server software is proprietary and the source isn't available.
The obvious answer is that they were followed.
If they're smart they'd use Signal.
> Signal is also free and based on a business model that doesn't require eventually being able to interfere with your privacy and mine your data.
Apple App Store
Google Play Store
(quoted from HN discussion)
My solution to this was to use the Chrome/Chromium addon (in beta) for Signal. As an added bonus I get secure messaging. Works on Android and iOS. It's sort of like iMessage for Android. The app also handles sms so it doesn't feel like a separate app, which makes it really easy to convince people to use it. And it's Free Software (GPLv3).
It only works if your contacts also use Signal though. I have almost all my contacts using Signal but if you're not able to convince your friends and family it won't be a solution for you.
Gotcha. Chatsecure definitely works. Signal is heavily recommended here too.
>Soweit ich weiß haben sie nur mit der Implementation der crypto-Teile geholfen.
Dann haben Sie doch am Code gearbeitet
>Open source ist der einzige Weg um wiederholte unabhängige Audits vorzunehmen, es wird nichts verheimlicht, jeder kann es sich anschauen.
ich bin wahrscheinlich der erste der nach Open-Source schreit, aber man kann nicht leugnen, dass man keine Garantie hat die richtige Software läuft bei denen auf dem Server. Bei E2E hat man weniger das Problem, aber auch da hat man ohne deterministic builds kein Wissen ob überhaupt die richtige Software später auf dem Gerät läuft.
>Signal für Android oder iOS oder geh zum Fick raus.
Ja klar Signal ist super und auch viel besser als WhatsApp, nur jemand nutzt es
De todos modos la opción superior es Signal.
Tools you can use to disrupt surveillance. How to be safer with all your online activities.
Use Signal messenger on your Android phone and iPhone
Use Tor Browser [link]
Pay with cash
Its called "signal" now and its available for android and for iOS
The software is called "signal" now and its available for
Check out Signal, it's like iMessage for Android. If your friend doesn't have it you send regular sms, if both are using it you send encrypted data messages.
It's also available on iOS, but since Apple doesn't allow other apps to handle sms it only sends encrypted messages. Same thing with the desktop client that's in beta.
Recommended by Bruce Schneier and Edward Snowden.
Signal - End-to-end encrypted SMS, and voice calls
I have installed it, and sent invite to my friends, still waiting for some of them to try it out with me.
TextSecure is now Signal on both iOS and Android, it's what I recommend to everyone. It now includes secure voice calling.
Well how complicated is installing an app on your and any accomplices phone and verifying a few keys in person? Trivial in my eyes. Mass communication surveillance is completely useless and only hurt people with "nothing to hide"
What does work is good old policework and having some willing informants. Buuut no, mass infringing on private communication is much more effective! s
If you're paranoid, use the text secure app.
that's not a very useful suggestion since it doesn't exist and there isn't an AI capable of doing this in the near future. More useful would be the reddit copy-pasta with all the links to open source security software. At the very least, try this for text and phone. They make iOS apps as well.
Everyone should use Signal by Open Whisper Systems. You can get it for Android and iOS so far, but they're also working on a browser addon.
On Android it's like iMessage. Works as a regular sms app for those without it and sends encrypted messages to those who do have it. So even if you don't know anyone else who has it yet there's no reason not to use it as it's a great sms app as well. iOS doesn't let other apps handle sms though so it just sends encrypted messages. And it's free software (GPLv3).
Yea, on iOS it is called Signal and includes both Redphone and TextSecure in one application.
All of which are developed by
Telegram is not secure.
Use this instead:
The fairly recent axolotl ratchet protocol implementation was done poorly in WhatsApp, possibly on purpose. WhatsApp is also closed source, which means you have to trust everything they say 100%. Regarding the trust, well, Facebook owns WhatsApp and they want to use WhatsApp to replace their messenger. How do you think Facebook will make money? Finally, "The Fappening" didn't happen all at once, it happened over time, with some big scores here and there. The massive collection of nudes were taken through various unsecure apps and some cloud servers that people commonly use, like Kik, SnapChat, WhatsApp, and other common ones. As for the cloud servers, since I mentioned it, Apple iCloud and Microsoft OneDrive.
Much of what the others have replied with is true as well.
Some may recommend TextSecure/RedPhone for Android and Signal for iOS. They are by the same group and work together. They're good enough as long as you and your friends use them. You should also set a password to locally encrypt the texts. TextSecure implements the axolotl ratchet protocol properly, unlike WhatsApp.
I also recommend Tox, but you need to use Tor or a VPN with it because of the decentralized BitTorrent way it works. Tox supports messaging, voice, and video. Basically, it's like Skype, but open source and encrypted with all your data on your device or computer, instead of on some cloud servers.
Nee, dan gebruik je TextSecure en RedPhone voor Android of Signal voor iOS. Allemaal opensource en van Open Whisper Systems.
Yes, unless you use end to end encryption your messages aren't private. Use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS.
Yes but for that you need end to end encryption. That's the only thing that works, so changing operators is useless.
Use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS. Redphone is the app that handles calls on Android, but it will soon be integrated into TextSecure.
You really ought to just use TextSecure.
>2.) With TextSecure now coming standard on CM (as I understand it), if I remove all GAPPS and Google functionality, will TextSecure no longer work due to it's reliance upon Google Play?
TextSecure is an advanced end-to-end encryption protocol as well as a free and open-source encrypted instant messaging application for Android which uses that protocol.
CyanogenMod doesn't come with the TextSecure application, but with the TextSecure encryption protocol as an opt-in feature. It's contained in a system app called WhisperPush. The TextSecure application (which is distributed through Google Play) requires GAPPS, but the WhisperPush system app that comes with CyanogenMod doesn't require GAPPS.
If you want to enable the TextSecure encryption protocol on CyanogenMod, you need to open WhisperPush and register your phone number with the Cyanogen team's server. The Cyanogen team runs their own server for WhisperPush clients, which federates with Open Whisper Systems' server so that users who have registered through WhisperPush can exchange end-to-end encrypted push messages with each other and with users who have registered with Open Whisper Systems' server through TextSecure or Signal .
Textsecure is another cool alternative. It'll handle SMS and is fully open source and has material design.
It also give you the ability to send encrypted messages over your data connection and wifi.
The best secure messenger right now (yes, better than Telegram and all the others)
On iOS it's called Signal which also has eencrypted calls (over wifi and data connection), they'll merge this on Android too in the future.
Both can be found on the Open Whisper Systems website
No one has mentioned TextSecure as an SMS app replacement? Secure, transparent end-to-end encryption for your texts. It just works, and it's so easy that even my mother uses it.
Encrypted messaging that works in the background so on your end, it looks like regular SMS. The drawback is that both people need it so it only works with other OPO users that have it enabled. And other people that use TextSecure.
Just adding links to Signal.
Signal. It uses Open Whisper Systems encryption. Handles sms/MMS, has better encryption when you and person you are texting both use signal, self-destructing messages, gif support, and more.
Just install Signal. It has SMS integration.
Consider signal [link]
Yes: Signal by Whisper Systems
Signal by WhisperSystems allows you to encrypt/password protect the application and also lets you mute individual conversations or block the contact
Telegram isn't secure. Use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS.
I do have a Facebook only because my last employer asked for one (for some reason it was a job requirement). However I don't use any form of Social Media, and completely block it.
Now when it comes to communication apps, I've substituted WhatsApp for Signal (Android version IOS version). It can be rather dodgy when it comes to connection, but I still find it pretty good.
How about when this happens we delete it from our phones after copy-pasting our contacts "I don't want facebook indexing my conversations with you, and neither should you. We are all hoping to Signal next, see you there! (link)"?
Changes come at a price and we're somehow at fault here too.
Here OP try this app
lol he has an iPhone, doesn't he?
First of all, read this
> Is it safe to also browse this sites in tor while viewing illegal sites (with all scripts disabled) or can my unique pattern of 10-15 same sites leave a sort of fingerprint since they definitely have me on record of visiting these 10-15 sites while using regular web browser?
This shouldn't be a problem.
> If I access these videos using tor with scripts allowed how anonymous am I really?
There's a risk that you won't be anonymous and it's not recommended. That said if you don't use Tor there's a guarantee that you won't be anonymous. In my opinion it's still better to use Tor Browser with scripts allowed than not using it at all, but I'd be interested to know if anyone disagrees with this.
> More importantly, IF I use tor with scripts allowed for pron, THEN forbid all scripts, THEN exit tor completely, THEN reopen new tor session AM I as safe as before for browsing political content or has my security been compromised by browsing for porn with script allowed previous session.
Most likely you'll be ok, but if you want to be sure you should use [link] when allowing scripts.
I would also recommend that you use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS. Ask your friends and family to do the same. On Android it handles sms as well so it works just like a regular sms app when sending messages to people who don't have it, and if your friend does have it the messages are encrypted. You can change the settings to delete older messages as well which might be a good idea.
E' bastato creare una lista broadcast in whatsapp e avvisare tutti i miei contatti che stavo migrando su Signal ( [link] ... c'è anche per iOS dovesse servirti) che è un alternativa gratuita, open source e molto più sicura (googla ed informati se non mi credi). Ora, in un mondo in cui la gente è capace di creare un ca__o di gruppo whatsapp per ogni singola stron_ata, credo che CHIUNQUE sia in grado di fare quello che ho fatto io ... quindi dove sarebbe la cazzata? Io non so se e quanto scopi, non mi interessa, ma quello che so per certo, perchè me ne hai dato una prova lampante, è che prima di scrivere non rifletti, tantomeno provi ad informarti un attimino su un argomento che evidentemente NON conosci.
It's called sms 'delivery report', it's a feature baked into sms but not necessarily sms applications.
I don't know your device or the app you use for sms messages, but I can offer you a suggestion that'll work on ios and Android.
Settings > SMS and MMS > SMS delivery reports (Enabled)
I'd highly recommend this app, it's got all the features I've needed from a messaging app plus it allows for end to end encryption to other Signal users.
Downvoted because you did not do any research.
More Facebook owned nonsense!?
Why even bother with it when there's Signal available for both Android & iOS..?
You're better off staying with Whatsapp than switching to Telegram. But use Signal for calls and messages on Android and iOS if you care about privacy. There's a Chrome/Chromium addon that's in beta. And it's free software (GPLv3).
To quote Moxie (who made Signal) on Telegram.
Their server software is proprietary and the source isn't available. Also see the last three twitter links if you don't want to go through all links.