What is Reddit's opinion of
ChatSecure?
From 3.5 billion Reddit comments
➔ ChatSecure website
By popularity on Reddit, this Service is:
28 reviews of this app found across Reddit:
> Pretty sure that Facebook and Google were not concerned about the protocol when they moved away from XMPP.
Actually the protocol was a huge problem for mobile in its original form, because it was designed around a persistent open socket (which means the device can never power down the radio). The solution was to periodically poll, which meant that you had to disable "presence" or your contacts would see you as coming online and offline all the time. Several vendors implemented push interfaces around proprietary push APIs (iCloud, GCM), and this support was eventually standardised in an extension, but not until 2015.
Unfortunately there are issues with XMPP when it comes to push messages on mobile devices. XMPP is built to have an always-on connection which is terrible on battery life:
I share your desire for standardization, but OTR has massive problems, especially when used with mobile devices. The textsecure blog has a good summary of these issues. This is the entire reason the textsecure protocol was created.
> If you log in to FB from a desktop, does that negate the wrapping effect of TF?
Absolutely. Tinfoil can't help you when you sign in on a different platform.
>Will FB see your wrapped chat history (and presumably any other data they collect) anyway?
Definitely. You are still using their mobile site, just like with any other browser. Tinfoil just keeps your session separate from other browsing sessions.
>I'm sort of stuck with it to keep in touch with my friends
You can surely communicate with your friends another way, like SMS or email. If they insist on remaining on Facebook, you can chat with an app like Chatsecure and encrypt your conversations.
Convenient and reasonably secure by default: Textsecure
Hardened, well-established crypto, but takes some tinkering: ChatSecure with OTR and TOR enabled.
ChatSecure is your best best for security and privacy:
OTR is something you want in apps along with End To End Encryption.
The Guardian Project is essentially the mobile division of the Tor Project.
There is also a fork of TextSecure called SMSSecure, which encrypts SMS messages.
The TextSecure team has addressed that here
Alternatively, you could use ChatSecure and specify whatever XMPP server you want. Combine this with Orbot and you can connect to hidden service XMPP servers for additional privacy.
OpenVPN + Orbot + ChatSecure + hidden service XMPP server is a pretty potent privacy solution for mobile
Outra alternativa: https://chatsecure.org/
Suporta OTR, ainda mais seguro que o protocolo inventado pelo pessoal do Telegram.
EDIT: Funciona com próprio chat do Google. Se tem conta no Google, não precisa criar uma nova. Ele criptografa as conversas dentro do Google Chat mesmo, ou qualquer servidor XMPP.
You can use OTR over XMPP with any good chat client. Chatsecure is a mobile app that can communicate with any other XMPP app with OTR.
Ring is also a really good encrypted messaging client. It currently supports Android, Linux, OSX, and Windows.
Actually (at least specification wise), XMPP is very well suited for mobile devices.
Try apps such as ChatSecure(iOS & Android) or Conversations(Android).
I also tried ejabberd, but always had trouble with it (not saying that is ejabberd's fault), but after switching to Prosody everything is good.
Also there is Kontalk.
But the truth is XMPP and OTR don't work very well on mobile. OTR requires you and the destinatary to stay online all the time, which is bad when one of the parts doesn't have a stable conection. OTR also doesnt support group messaging, And XMPP doesn't work with push notifications. So, this type of thing demands more battery. https://chatsecure.org/blog/fixing-the-xmpp-push-problem/
Maybe another alternative can be a ROM with TextSecure integrated (WhisperPush), like CyanogenMod or OmniROM.
It's on F-Droid, it woildn't be accepted if it was known to do fishy stuff. Run with XPrivacy and check yourself instead of spreading FUD if you don't believe.
The website is terrible because Zom, it seems, is aimed at converting silly Snapskypeapp users. There's a more serious looking branch of their app called ChatSecure. https://chatsecure.org/
I have no idea about their business model but the project is widely recognized in Free Software community, it's not yet another startup trying to sell as much of your data as possible.
I use Signal as well, but keep an eye on the ChatSecure and Conversations devs (https://chatsecure.org/blog/), they are working on bringing good usability, decentralized push messaging, and the Signal encryption protocol to Android, IOS, and OSX XMPP clients.
Not that I know of, but you can check out the QKSMS project on github for inspiration on how to go about doing something along those lines.
qe: ChatSecure is also open-sourced.
To be accurate, Signal (like recent versions of Textsecure before it) will not do end-to-end encryption of direct SMS messages. What it really does is end-to-end encryption of messages relayed by Signal's servers over mobile data, with the phone# used as a user ID. The app's interface is basically doing double-duty of non-encrypted SMS, and encrypted mobile-data messaging.
Signal's dependence on Google services is worrying to me. To be blunt, I don't trust either Open Whisper Systems or Google. But then, I'm one of those paranoid nuts who uses Cyanogenmod without Gapps, so feel free to think of me as a tinfoil hat type. I won't take offense, I'm used to it.
If you want true direct end-to-end encrypted SMS and are using Android, there's a fork of the Signal-predecessor Textsecure called SMSSecure. No mobile data needed, no servers, no registration, no IDs, no Google. All you need is a mobile plan that does plain SMS.
But I'd argue that one of the best solutions of all is Chatsecure (no connection to anything above despite the similar name), an end-to-end encrypted XMPP client. You can use any XMPP server you like, you don't need to register with a company's centralized servers and give out your phone# like you do with Signal. And it works very well when combined with Orbot, the TOR Android client.
I've heard good things about ChatSecure which is on both iOS and Android. I have no personal experience with it, but I've spent a few hours today looking into different options for secure instant messaging clients. The one thing I know for sure is OTR is a solid protocol. Any chat client you get should be using OTR. ChatSecure uses OTR over XMPP and also allows you to use Tor.
That uses Google Cloud Messaging and requires a phone number as your identity. ChatSecure is a drop-in iOS app compatible with the Tor Messenger because it does the exact same thing: XMPP+OTR over Tor.
Disclosure: I haven't used it personally and cannot attest that it doesn't DNS leak, etc. when using Tor.
This transition between a computer and a phone is still a little complicated. Telegram is cross-platform, but their crypto scheme is flawed.
You can try ChatSecure, which uses XMPP. But currently it doesn't support push notifications, which can be a problem under iOS. https://chatsecure.org/faq/
On the computer, you can stick with Pidgin with the same XMPP account as in ChatSecure and OTR.
The best option in terms of securing message for iOS is Signal, but they don't have a PC version.
They should probably use ChatSecure. Everyone else should use TextSecure/Signal though, even the ChatSecure people recommend it.
> If you don't require XMPP/OTR/Tor compatibility, you should really try Signal for iOS. The 2.1 update is great!
Do NOT upgrade if you are on a Text Secure version v2.6.x or before
If you do, Moxie (lead developer) has removed SMS Encryption after v2.6.x
This release log information is NOT visible on the Google Playstore when you try to upgrade. Moxie the Moron doesn’t want people to know he has removed the SMS Encryption after v2.6.4 otherwise no one would upgrade.
Since Moxie (the utter Moron) has removed SMS Encryption (for no real reason except to cement a deal with WhatsApp) after version v2.6.4, there is no point using Text Secure any more
Moxie the Moron has put self interest using an open source platform ahead of maintaining E2E SMS Encryption for all
I suggest to ‘uninstall’ Text Secure and use the more stable Open Source platforms
Chat Secure (Open Source) - E2E IM Encryption – more feature rich and stable than Text Secure. Can be downloaded and installed with the Google Playstore (unlike crappy Text Secure) https://chatsecure.org
SMS Secure (Open Source) - E2E SMS Encryption Can be downloaded and installed with the Google Playstore (unlike crappy Text Secure) https://smssecure.org
Plonk! … there goes my uninstall of Text Secure after 3 years
Hope to never use another of your products Moxie the Moron !!!
Do NOT upgrade if you are on a Text Secure version v2.6.x or before
If you do, Moxie (lead developer) has removed SMS Encryption after v2.6.x
This release log information is NOT visible on the Google Playstore when you try to upgrade. Moxie the Moron doesn’t want people to know he has removed the SMS Encryption after v2.6.4 otherwise no one would upgrade.
Since Moxie (the utter Moron) has removed SMS Encryption (for no real reason except to cement a deal with WhatsApp) after version v2.6.4, there is no point using Text Secure any more
Moxie the Moron has put self interest using an open source platform ahead of maintaining E2E SMS Encryption for all
I suggest to ‘uninstall’ Text Secure and use the more stable Open Source platforms
Chat Secure (Open Source) - E2E IM Encryption – more feature rich and stable than Text Secure. Can be downloaded and installed with the Google Playstore (unlike crappy Text Secure) https://chatsecure.org
SMS Secure (Open Source) - E2E SMS Encryption Can be downloaded and installed with the Google Playstore (unlike crappy Text Secure) https://smssecure.org
Plonk! … there goes my uninstall of Text Secure after 3 years
Hope to never use another of your products Moxie the Moron !!!
Ich habe weder Smartphone noch WhatsApp, von daher kann ich nicht wirklich mitreden... aber was spricht nochmal gegen XMPP mit OTR? D.h. ChatSecure
^^Von ^^fehlenden ^^Offlinemessages ^^mal ^^abgesehen ^^-.-
Due to WhatsApp using an implementation of the Signal protocol I'd classify it as "moderately trustworthy". Certainly better than SMS or most other proprietary messengers.
However, an open source alternative such as Signal or ChatSecure would certainly be vastly preferable.
Do NOT upgrade if you are on a Text Secure version v2.6.x or before
If you do, Moxie (lead developer) has removed SMS Encryption after v2.6.x
This release log information is NOT visible on the Google Playstore when you try to upgrade. Moxie the Moron doesn’t want people to know he has removed the SMS Encryption after v2.6.4 otherwise no one would upgrade.
Since Moxie (the utter Moron) has removed SMS Encryption (for no real reason except to cement a deal with WhatsApp) after version v2.6.4, there is no point using Text Secure any more
Moxie the Moron has put self interest using an open source platform ahead of maintaining E2E SMS Encryption for all
I suggest to ‘uninstall’ Text Secure and use the more stable Open Source platforms
Chat Secure (Open Source) - E2E IM Encryption – more feature rich and stable than Text Secure. Can be downloaded and installed with the Google Playstore (unlike crappy Text Secure) https://chatsecure.org
SMS Secure (Open Source) - E2E SMS Encryption Can be downloaded and installed with the Google Playstore (unlike crappy Text Secure) https://smssecure.org
Plonk! … there goes my uninstall of Text Secure after 3 years
Hope to never use another of your products Moxie the Moron !!!
I have no idea where you're getting information that TextSecure/Signal is compromised. It's considered the gold standard of mobile messaging encryption. If you're looking for IM style messaging with OTR support (such as Surespot) then ChatSecure is considered the best option.
Additionally, while the latest version (7.2) of Truecrypt was released under suspicious circumstances (possibly suggesting a warrant canary), 7.1a (the previous version) has just completed a full security audit and passed with flying colors.
There remain no better options than these two programs.
Any XMPP (because of history often called "Jabber") client with a good implementation of OTR (Off The Record) will do. ChatSecure (https://chatsecure.org/) is available for both Android and iPhone. For Android there is also a direct Apk-File for download (https://guardianproject.info/apps/chatsecure/). OTR uses strong encryption and is considered to be secure. Also with OTR over XMPP, there are many clients available for normal operating systems, so you can use the same account on different devices. Just don't loose or give away your private key ;-)
There are plenty of XMPP apps for both systems(just search the app stores for XMPP or Jabber). The one I have right now is Chatsecure and it's free and available on both. XMPP can do VOIP, but I don't know of any stable iOS or Android clients that do it. XMPP is actually a standard protocol for instant messaging. Ejabberd is the most commonly used server, but there are a couple others.
For general secure chatting over the internet, wouldn't you be better off with something like ChatSecure? Then you can chat with anyone on any platform where there is a XMPP client with Off The Record. I think that is pretty much all the platforms...