Https://conversations.im is the go to app for this on Android right now.
Free for F-Droid users but small up front fee for Google Play users. Also you have to either pay to use coversation.im's server or use another's, or set up your own on your computer.
You can see why the best option isn't at all the most normie friendly.
I'm not saying that centralized services are bad, but...
this shows why centralized services are bad. Signal, Telegram, WhatsApp, Skype, it doesn't matter, they're all centralized.
XMPP with OMEMO encryption has no central authority, no central server, and is properly end-to-end encrypted. Create your ID on one of the many XMPP servers in existence today (or host your own!), and start having truly encrypted, decentralized chats with anyone else on the XMPP network!
For Android, Conversations is an absolutely superb XMPP app, available on Play Store and F-Droid. If you want end-to-end encrypted chats on a truly decentralized network, join the XMPP network today and start chatting.
It's never going to take off because people like signing in with their phones, but I'd like to give a plug for XMPP with OMEMO encryption on top. I use https://conversations.im/ for it and it's wonderful, my wife and I use it, and I have a few more friends on there too. Simple to set up an account on a server, and if you like you can host your own. I like the idea of using a domain as ID.
Otherwise yeah it's all about Signal. It's not federated but it's a start and people seem to like it.
> Signal and the like really go a long way to make using the app more familiar to people who are used to texting and social apps already.
This is one of the big points, I think. Regardless of technical merit, we are comparing apples to oranges when we compare a protocol to an app. The audience of an app is comprised of ordinary smartphone users, whereas the audience of a protocol is going to be the people that make those very apps.
To that point, /u/rualt, I'll point out that XMPP has somewhat found its place in the modern world of apps: Conversations, Zom, and Cryptocat are all modern, somewhat mainstream messaging services. They are a perfect apples-to-apples comparison to Signal, with the main underlying difference being the use of XMPP+OMEMO instead of the Signal Protocol. They are worth checking out and comparing with WhatsApp or Signal by anyone that's looking to migrate with their friends to a new messaging service for whatever reasons. (In fact, Conversations or Zom may be exactly what you're looking for OP, since they are available on mobile and use usernames instead of phone numbers.)
Man I wish Signal was good for both security and privacy. You can't run it without google play services, so while its the best at what it does for security, its no help to those who seek privacy.
Seems like encrypted XMPP is our only solution. https://conversations.im for the quality app.
If you are happy with creating accounts etc I can vouch for Conversations. You don't use a phone number like with Telegram/Signal though.
It's XMPP with OMEMO, and the client is good.
It's a message encryption you can use with Jabber so only you and the contact you're chatting with can read the messages. Without it they are stored unencrypted on the server.
But I would recommend using OMEMO (a different encryption) over OTR, it has a lot more features and allows for multiple clients to read and send encrypted messages at the same time.
You know what I mean. You install Riot and it has a default server which you think will work fine, but it doesn't. It's horribly slow and unusable. So then you have to go digging for some other public server that doesn't suck, and there's no way to do that without just trying them one by one, creating new accounts each time.
I said "screw that" and decided to run my own server. Except after trying several different implementations, I couldn't get even one of them to start at all, much less configured for federation.
As I said before, Matrix is a good idea, but it's so early in the development I could not possibly recommend it to anyone for daily use. If you want something like that, use xmpp. The xmpp protocol is overly complex but at least the servers and clients are full-featured, stable, and relatively easy to run. I was able to easily run ejabberd myself and connect to it from android with conversations.im, and interact with other clients on linux etc.
I was mostly being tongue-in-cheek because the initial remark was quite inane (zulip being older than matrix and all that).
The best thing matrix did so far was having money, which enabled them to grow their applications in the direction they wanted, without outside pressure or lots of constraints, and also enabled them to do quite a lot of marketing. That's not a bad thing, of course, and I'm happy for them they can do so.
But I do get bitter when people say that XMPP is fragmented (which is true, to a certain extent) and third parties are unreliable: because the XSF won't write software, all XMPP software is third-party; the only open-source XMPP client I know of that has a (1) full-time developer on it is conversations (ok, possibly xabber too but they don't communicate much), and being only 3 years old it's already the most popular XMPP client I have seen. What has always been lacking for broader adoption is marketing along with a layer of polish, putting aside people who reject XML for no real reason, and IRC people who won't ever move except if their IRC server dies.
XMPP has yearly base specs, it's called "compliance suites", but enforcing them on clients and servers would be quite tricky, if only because distributions don't update that often.
As a side note, XMPP has had flawless offline messaging for more than a decade already, on all servers & clients I can think of, but that's a nitpick and there are certainly a lot of areas needing improvement (like archive management, what matrix was essentially designed for), most of them currently in the middle of getting it.
I would check out syncthing. It requires no servers, and is fairly simple to setup. It's encrypted. I have this set up with my family, and its easy to drag on drop on desktop, or share your photos from your phone directly to a folder that is setup to sync with everyone else's devices.
Edit: My family also has conversations.im setup and we have a group chat where we post photos and chat with each other. I highly recommend it.
XMPP would be OK for you, I think. From time to time such cases are mentioned, there was a discussion about this some time ago, but since that post there were many news in XMPP world like
anyway, I'd always recommend XMPP, when an IM solution is needed.
The lack of per-default e2e encryption at Telegram stems from technical limitations. For example, you need to sync the WA desktop web-client with your mobile-app because of that. Also, WA backups are stored unencrypted afaik. At telegram, you can use the web-client normally, but secret chats are only available on the device of origin.
The solution to this is... a bit more complicated. :D Check out Conversations - it supports OMEMO encryption which has been somewhat of a breakthrough for the underlying messaging protocol Jabber/XMPP. It's a bit more complicated to use because you have to create an account at a suitable server-provider - similar to email.
If you literally want to use email you could give Delta Chat a try. But I don't know how well this project is going.
DeltaChat utilizes PGP heavily. And, as others noted, XMPP messengers (such as Conversations coupled with OpenKeychain) can use PGP, although if you decide to use XMPP then OMEMO is more attractive option (forward-secret and less software to install for users).
Didn't have any problem setting up Conversations (Android) and Gajim (PC). It's just as easy as setting up an email account and using and email client like outlook or thunderbird.
There are plenty of good servers to pick up https://conversations.im/compliance/
Nutzt Conversations! Es ist sehr gut. https://conversations.im/
Die Sparfüchse unter euch können es auch (legal) kostenlos über fdroid ziehen: https://f-droid.org/en/packages/eu.siacs.conversations/
Nö conversations ist ein 1a mobile xmpp Client. Stromverbrauch ist (obwohl es eine eigene Verbindung zum xmpp Server offen hält) minimal, es unterstützt ein paar XEPs die speziell für mobiles Instant Messaging entworfen wurden und es unterstützt mehrere Verschlüsselungsverfahren (OTR, PGP un das Highlight: OMEMO <- Das ist quasi das Signal-Protokoll)
Ich teste das gerade mit deren xmpp Server und ich bin positiv überrascht. Push geht, Dateien senden geht, Voice Messages gehen. Und man hat keinen vendor-lock-in.
He's a fairly well known and respected computer security researcher, I use the same algorithm in conversations, though it's rewritten and called OMEMO, along with an open source xmpp server.
Tails is planning to remove Pidgin and add Dino.im as the default chat app. Dino supports OMEMO.
You can, however, install and use it right now in Tails if you follow this tutorial: https://t-hinrichs.net/DinoTails/DinoTails_buster-backports_v2.html
Read the TailsOS docs for more info. For a features comparison: https://conversations.im/omemo/ (scroll to the bottom).
And if you really want to dive deep: https://xmpp.org/extensions/xep-0384.html
TailsOS is designed for Journalists, Activists, Whistleblowers, and High Security Use Cases.
So the following description is not good for TailsOS.
“Wicker offer good enough privacy for most of the people”
Something like the “conversations app” or any open source multi platform messenger using OMEMO or the Signal Protocol would a better fit.
For most platforms/OS’s I’d recommend the Signal App.
But the problem with recommending the signal app which is the poster child for widespread adoption of private messengers, is that it uses Phone Numbers for registration. So in terms of protecting metadata, which is one of the key focuses of TailsOS, Signal unfortunately is not a good fit.
TailsOS currently comes with PGP integration & Pidgin, which is compatible with OTR over IRC.
All of which is good but a tad limited in terms of features and encryption uses.
For that reason I’d recommend using OMEMO encryption. Which allows any client app to use and be interconnected. For instance three people who use the following three different apps can still all talk to each other. - ChatSecure - CoyIM (Desktop) - Conversations
https://conversations.im/omemo/
It’s the same principle behind The Matrix Protocol for Riot.im. But encryption isn’t as much the focus with the Matrix Protocol and it’s encryption is still in beta (experimental).
It's a client for xmpp/jabber decentralized (federated, so it's more like servers talk to servers in the network, not p2p) protocol, has by default strong end to end encryption and in general long history of being robust and secure messaging platform.
Conversations comes as a package with option to make a paid account on their own server ($6/year), but you can use other servers just fine (everything is transparent and open source).
More about XMPP:
You can use jabber/xmpp accounts with any client and there is one for every platform and device.
Conversations is my favourite. Uses federated XMPP (old fashioned Jabber), but optimised for mobiles. Works brilliantly and you can run your own server. No phone number required.
I don't mind that Signal using phone numbers as it makes it easier to find your friends and because they use private contact discovery. Unfortunatley I can't use Signal as it's unreliable. It does not properly retry messages that were not sent the first time.
Not a single mention of Jabber/XMPP in this thread?
The only weaknesses are push issues on iOS clients (thanks a bunch, Apple) and not the easiest to get started with.
[1] but if you want it, check out Kontalk
[2] but most servers support registering through a web interface, where you can add an email for recovery
I don't know why we keep reinventing the wheel on instant messaging. Use Jabber/XMPP and enable OMEMO, voila, encrypted messaging. Jabber is also a web standard and it's federated. You can be on X server and still communicate with someone on Y server. You can also use the same Jabber account on multiple devices and it will all sync up properly.
Here's the Jabber app most people recommend: https://conversations.im/
On desktops you may use Gajim with the OMEMO support plugin.
If PM ever comes up with an instant messaging feature I bet it would be based on Jabber.
They didn't need to switch Gtalk to a new protocol, XMPP is eXtensible. Extensions were written to make things more mobile-friendly (Conversations implements them for a modern Android experience).
They could also have written their own extensions to implement any features they wanted while keeping the core messaging protocol. A lack in XMPP isn't what motivated Google to switch, they simply thought their market-share would be enough to ensure they'd end up as the dominant silo-ed messaging service. A move that spectacularly backfired on them.
Not all end-to-end encryption causes such effects.
"The OMEMO encryption /oˈmiːmoʊ/ (OMEMO Multi-End Message and Object Encryption) gives you all the advantages you would expect from a modern-day encryption protocol like Future and Forward Secrecy and deniability while allowing you to keep the benefits of message synchronization and offline delivery."
Website: https://conversations.im/omemo/
Security audit: https://conversations.im/omemo/audit.pdf
I too recommended this to many friends and used it for 3 years at least. Heck, I bought extra licenses for each device out of goodwill.
I would love to see Cerberus go open source (app and moreso server) but continue to provide their services. That way the people who are skilled enough can run their own version of Cerberus, and Cerberus itself will continue to sell its service. Members of open source community may contribute towards security and feature enhancements. There's definitely a successful model for this; https://conversations.im/ have done this.
Check out the omemo enabled xmpp clients like conversations (free on fdroid) on android or chatsecure on iOS. It's open, federated, and improves on signal's encryption.
Good luck getting other people to use it though!
Also check these apps out /u/akrystakore
There are a lot of good (open source, free, good encryption) messengers missing. For me Conversation is far superior to all the others. It's free on F-Droid and the encryption options it offers just beat any other messenger.
That's the good thing about standardized protocols. You don't have to have the same app on every platform. Different vendors can cater to different platforms and their apps can still talk to each other. On Android there is Conversations. On Windows/Linux there is Gajim.
O Signal não é a melhor solução, pois utiliza serviços da Google e requer um número de telemóvel. Depois o Signal não é federado, o que implica que todos os contactos tenham de utilizar os mesmos servidores.
Como alternativa, é recomendado o conversations.im que é federatado (utiliza o protocolo XMPP) e que oferece o mesmo tipo de encriptação que o Signal via OMEMO. Os teus contactos não necessitam de ter o mesmo aplicativo para falar contigo, apenas utilizar o mesmo protocolo, acabando assim com a necessidade de instalar vários aplicativos de comunicação.
Mais informação sobre privacidade e segurança online em r/chapeubranco.
Conversations. It's on an open standard (XMPP), source code is open, you can buy it in Google app store or get it for free from F-droid. And it's encrypted using OMEMO (double ratchet algorithm) used in whatsapp/signal/redphone.
Is the new cryptocat compatible with others XMPP+OMEMO clients, such as Conversations ? https://conversations.im/
To be more specific, which features are interoperable with other clients. Encrypted chat only ? Forward security too ? File sharing ?
You can try XMPP/Jabber: Check out Snikket on both Android and iOS if you want to set up your own server, or use Conversations on Android and Siskin on iOS to connect to any existing public XMPP server.
OMEMO (runs over XMPP) has been audited:
OMEMO is supported by a lot of XMPP clients:
Otherwise you miss an entire open real time communication infrastructure (XMPP).
A não ser que o espaço amostral tenha sido o suficiente para levar uma dessas várias candidaturas de esquerda melhor para o debate político. Melhor opção conversations.im Alguém esperava algo diferente por parte da esquerda de achar que sabe o que acontece nos bastidores.
I use XMPP/Jabber for this. OMEMO gives you end to end encryption. For you sender you will find all kinds of programming libraries to send automated messages. On my phone I recieve messages via https://conversations.im/
I always get confused between an implementation and a standard, like
I wonder what is the standard related to Signal.
Eigentlich gibt es ja schon alles was man braucht. Z.B. OMEMO-verschlüsselt über Conversations schreiben mit einem x-beliebigen Jabber-Account.
Currently I'm using XMPP, running ejabberd + a fork of conversations.im + conversejs.org in standalone mode and embedded into roundcube. The most recent version of conversations has support for video calls, and if correctly configured, ejabberd can handle file sharing just fine.
Ich schreib lieber meinen eigenen Messenger dann können die mich mal mit ihrem Verbot. Hat für mich spontan höhere Erfolgsaussichten als meinem Abgeordneten zu erklären über was er das eigentlich abstimmt.
Conversations.im xmpp messenger support videocall
>Is it possible to use XMPP or Jabber to make calls? And if so/not what is the best to make calls with?
Yes. It works
PGP is often used in conjunction with XMPP. Example Dino.im and conversations.im XMPP has a shortage of good messengers on desktop and mac and ios. If you create a user-friendly client, this will be highly appreciated.
I found links in your comment that were not hyperlinked:
I did the honors for you.
^delete ^| ^information ^| ^<3
If you read the audit for OMEMO. The OMEMO impelementation of the signal protocol is horribly botched. The fact that they seam to be flaunting their documented failure without any assurances that the flaws found have been patched is disturbing.
For instance the the OMEMO implementation undermines forward secrecy: "Combined with the fact that the signed prekeys never get removed/updated, this means that there was no forward secrecyfor PreKeySignalMessages"
1) Select server from xmmp-servers.404.city
2) Create account
3) Download conversations.im or other xmpp client from omemo.top
3) Done
Excellent guide, but let's take a step back, obviously for secure communication, not for texting friends but for a very secure and critical communication, you should not use a smartphone, as you indicated, the only way is to use the Tor network, but with XMPP and OMEMO encryption, for example an application like Gajim offer this.
Also Tox through Tor proxy is a good solution but the encryption is experimental, I use Tox for now because I've encountered some problems with OMEMO, Tor messenger is not longer maintained:
https://blog.torproject.org/tor-messenger-beta-chat-over-tor-easily
Whonix, Tails and Qubes OS are great solutions for securely connecting to the Tor network, you can use Gajim or Tox in these operating systems.
If you just want a reliable test I recommend you create an account on the conversations.im server. Disclaimer I co-run that server; the service is 8 Euro / year after a 6 month free trial. No cancellation required. But it will make a reliable test.
If you want a different server this service is keeping track: https://compliance.conversations.im/test/turn/
People will say Signal but I argue XMPP is better and here's why:
The disadvantage of XMPP is that it doesn't really hide or encrypt metadata.
Same. Told literally everyone to switch to wire because I don’t have & nor do I want to use a phone number, otherwise Signal would be absolutely perfect.
I need a messenger that is userfriendly and easy to use for non tech people and also includes voice and audio chat (= iMessage replacement). I know how to use xmpp and besides messaging with a few tech people I have to admit it still sucks regarding different platforms/OS‘s And especially regarding user friendliness & voice&audio. Privacy-wise XMPP is fantastic and I think Daniel did alread an amazing job with the https://conversations.im app for Android! That app is truly easy and fun to use, even for beginners. I’m excited for https://dino.im as well because they focus on design and usability.
I assume Tox technology will never take off? Can’t someone just fork Wire Messenger??
>but I don't see an offline message save and forward feature.
That seems so unfortunately: Currently there is no support for offline messaging. (Source) Though the ticket was 3 years ago. So I guess, both need to be online to send messages instantly.
> Advantage XMPP/OMEMO , I guess. How are these message clients getting away with assuming the user is online all the time ? People who are sensitive to message privacy and anonymity are definitely not constantly connected to the internet.
XMPP is somewhat decentralized or to be exact, federated. So offline messages can be sent (source). What OMEMO does may fit your threat model as well:
>The OMEMO encryption /oˈmiːmoʊ/ (OMEMO Multi-End Message and Object Encryption) gives you all the advantages you would expect from a modern-day encryption protocol like Future and Forward Secrecy and deniability while allowing you to keep the benefits of message synchronization and offline delivery.
The app is free if you download it from Fdroid store:
https://f-droid.org/en/packages/eu.siacs.conversations/
it doesnt require phone num. it supports tor (you need to install orbot app as well https://guardianproject.info/apps/orbot/)
OMEMO is a double-ratchet [multi-]end-to-[multi-]end encryption algorithm which also allows for multi-user group chatting, file transfers, etc. It's an application of the Signal protocol adapted specifically for XMPP, and on the IEEE XMPP taskforce standards track. Though it's still marked as experimental, it's been audited and in use for around 5 years now by a wide variety of client and server implementations. OTR is considered obsolete and has been replaced by OMEMO. Pidgin supports OMEMO via a plugin same as OTR. This and more is all mentioned in the wikipedia article linked in the original post. Hope that helps.
If you are on Android, I can suggest you Conversations which is free in F-Droid and it uses OMEMO which I think is supperior to OTR. I don't know if ChatSecure seems to also use OMEMO.
the fragmented nature is the biggest weakness, thats definitly true. The xmpp eco system is highly based on usecases.
Gajim for example is the leading Windows/Linux client featurewise, developped by people introducing new problems to the client they want to solve. Thus Gajim is able to thrive in many different cases, but could be lacking in cases people are not that interessted in.
Clientwise xmpp has a lot to offer, the most used client is Conversations or one of its many forks and it is quite comparable to Whatsapp in its feature set.
Gajim: feature rich but the ui is not really as nice looking gajim.org
Dino: not quite as feature rich but really really fancy looking dino.im
Conversations: best Android Client out there conversations.im
​
The history management part is not that obvious what you mean by that. I could try to explain that to you if you further specify your question a bit.
I always like to pop into these threads and shill for XMPP with OMEMO encryption.
I use it with https://conversations.im and it's been wonderful. No voice yet though which puts it a notch below some other options I guess.
Just gonna hop in here and shill a bit for XMPP with OMEMO encryption. It implements the signal protocol, is federated, and it's been around for ages.
You can use on a service like https://conversations.im/ or you can host your own. It's great, I use it every day with a group of friends, and my wife and use it all the time to chat on our own server.
Oh i mean to add if you are REALLY paranoid then just create a TOR hidden service with conversations.im and use PGP on you and your end point person's phone. Unless someone grabs their phone it is encrypted thru the TOR network never ever even hitting the clearnet due to the tor service XMPP server then further E2E secured with PGP that you and your friend have. Pretty plain and simple. Though Threema, Wire, and Signal are much easier to setup and just fine. Also XMPP does not do voice.
Which one do you use. From what I remember conversations.im was a sorta: light version of XMPP right?
So I am wondering what more ' advanced ' apps you might reconmend as well.
signal overall = best for sure, calls and texts. Do like most tech women do and use a voip number to register signal then it's fine. There are sudo and many other services to give you an anonymous number to use. I like signal and then I really just love conversations.im xmpp with PGP not Omemo. Just because I think omemo hasn't been thru enough tough stuff yet. It's probably fine but using a hidden tor service with xmpp and PGP keys.......I mean that is pretty much as good as it gets for texting.....not calling of course.
​
ok so if this is centered around baseband issues and modem...........then why not do what many EFF journalists do and use an ipod touch with no baseband, download ONLY apps like conversations.im, openkeychain, tutanota, signal, wickr........TOR browser, orbot, a VPN like mullvad that is just an anonymous number creatd while on an .onion service. Then connect via mifi or other hotspots? This is the official protocol for most agencies.
​
Or this is just an opinion of mine throwing it out there. I have several honor and hauwei phones (too many actually LOL) selling a few on ebay but they are all bootloader unlocked before they cut it off. They use their own baseband and own modem hardware. They use android, so root it and install lineageOS. The issue I'm throwing out there is do you really care in the US as a citizen if they chinese can 'potentially' get access to some shit via an exploit like these? They don't give one shit about us as individuals and they surely don't care about any US crimes we commit or privacy we want from our own gov't. Hell they sell nearly ALL the fent to the US now right in bold face to US opposition. Don't you think it's odd and quite a coincidence that they are pushing ever further to ban Hauwei/honor phones that they for some 'odd' reason don't trust? I think it's because the kirin SoC is not their's to fuck with and they don't want that. They didn't care when it was a little company, but now 200 million a quarter in sales they care. But seemingly don't give a shit about one plus, xiaomi and others that use QC hardware........so what do you guys think?
I'd recommend XMPP with OMEMO encryption for text messaging and files, but voice calls over XMPP is basically broken, so you have to use something different.
Recommended clients: Conversations for Android, Gajim for Windows/Linux, ChatSecure for iOS.
I really would like to see something come of this: https://conversations.im/omemo/
It still falls short in the sense of allowing you to send unencrypted messages, thereby opening you up to the possibility of unintentionally sending confidential data over an unsecured channel. It also seems buggy when logged in with multiple devices, and depending on your platform, you have to run different clients, and some work better than others.
Believe it or not... the majority Copperhead work is actually ported from other projects (OpenBSD, PaX, grsecurity, etc.) and applies to only a very narrow threat category: memory corruption attacks. We perform lots of "real security R&D" and have funded many audits, including the only cryptographic audit of OMEMO. In fact, we worked closely funding the developers of OMEMO before it was even called OMEMO.
Armadillo Phone is the only phone with deniable block-level encryption. We've integrated multiple passwords (secure password, decoy password, wipe password) directly into Android. We also use hardened SCRYPT paramters that mitigate "chip-off" attacks, as our password generation is hardened and it's done completely in software. I could continue listing the nuances between the applications you listed (we use pinned TLS 1.2 connections, video calling, randomized subjects etc.) but you seem to be dismissive about the "apps and gimmicks we can do for ourselves". We've pioneered commercial mobile hardware security by phyiscally inspecting phones, disassembling them and removing sensors. Armadillo Phone also invented the concept of using pre-packaged wireless anti-theft beacons to physically secure devices.
If you want to build a patchwork "secure phone" by stitching together various off-the-shelf parts, that's great but it will probably work a lot worse than you think and expose yourself to extra attack surface. Not to mention be difficult to use. Armadillo Phone is a reliable turnkey solution you simply give to a user, and they can use it anywhere in the world without having to worry about installing apps, changing SIM cards, roaming fees or pressing the wrong button and compromising your security.
"push support" funktioniert technisch so dass Google/Apple-API eine Verbindung im Hintergrund offen hält.
Genau das gleiche kann XMPP natürlich auch und das braucht auch nicht viel Ressourcen wenn es richtig konfiguriert ist. (faktisch benötigt Conversations weit weniger Datenverbrauch/Batterie als viele andere Chatclients - obwohl es im Hintergrund läuft)
Aber ja, es gibt Erweiterungen die das tun.
Das einzige "Problem" ist dass iOS Anwendungen verbietet im Hintergrund aktiv zu sein. Das ist aber ein Designfehler dieses Betriebssystems - und Clients auf diesem System müssen dann halt Daten über Apple-Server leiten.
siehe auch: https://conversations.im/#optimizations
The german OMEMO protocol and the german client Conversations.
https://conversations.im/#security https://conversations.im/omemo/
Swiss alternative:
Threema Work
Do you mean 100 or several hundred?
>OMEMO was developed for Signal messenger, and apparently it set a new standard for end-to-end encryption (some claim it's even better than PGP because of forward secrecy).
I think you're confusing OMEMO with the Double Ratchet algorithm. The Double Ratchet algorithm was developed by Moxie Marlinspike and Trevor Perrin for TextSecure in 2013. (TextSecure was later renamed as Signal.) Andreas Straub later took the Double Ratchet algorithm and used it to develop OMEMO as a Google Summer of Code project in 2015 for an XMPP client called Conversations. As far as I know, none of Signal's developers have ever been involved in the development of OMEMO. Today, OMEMO and several other encryption protocols are built on the Double Ratchet algorithm (or a modified version of it).
OMEMO is better than OTR for XMPP purposes
Schau dir mal Conversations an.
Das ist ein XMPP-Client für Android, der per OMEMO auch Nachrichten an Offline-Nutzer verschlüsseln kann und damit quasi ne gute WhatsApp-Alternative ist.
Einzige Nachteile (die mir jetzt einfallen):
Ah, gotcha. I don't think that's possible with how Signal is built right now :/ There was some talk of them allowing it in the future IIRC but that hasn't gone anywhere. The best option I've seen is like you said, run a Jabber server with something like https://conversations.im/ and it looks like they are looking into adding voice & video calls.
>E2E encryption actually works with group chats and your messages still sync across multiple devices (NONE of the competition can do this as of writing)
Conversations? In fact, everything you listed can be done on conversations, except the last one.
Thanks for help. I guess the link i provided was listing XMPP servers (both of them support XEP-0280 and XEP-313). And since Conversations app is supposed to support those 2 as well, i guess i might as well submit an issue ticket on their github.
Using OMEMO is as easy as just selecting it and is the default encryption method for Conversations and will be enabled by default for ChatSecure. Verifying is the same process as it is on Signal.
I admit I was probably wrong to think that it wasn't anymore secure than OTR beside the usability features it introduces, but I got that impression from their proposed XEP document.
Can you elaborate on why it's more secure?
you can not verfiy that. and it is not about that, facebok makes money with META data and the fact they can perfectly build ghost profiles because everyone uploads their complete phonebooks with almost EVERY sensitive data a person can have to effin facebook server... and guess what, they use this shit.
using messenger with a phone book sync to companys that want your data to sell it etc. is so dumb, and i blame whatsapp for it because they made this as the first company IIRC. it was first a good idea and so easy to use. But we had messenger years before where you just use an account without providing data from OTHER people to shady companys and you were somehow anonymous at least.
no it came to the point, where every company builds their own walled garden to get as much data as possible.
Guys, wake up, use standards like xmpp/jabber etc. they do have perfect encrtyption too and easy to use too. even whatsapp is based on xmpp, as google talk was and facebook chat etc. why do you think they use(ed) it? because its good.
Telegram não é aconselhado, embora os clientes seja de código aberto, és forçado a utilizar os servidores do telegram, ou seja, eles tem acesso ao logs das conversas. Utiliza um cliente XMPP/Jabber, como o conversations.im, chatsecure ou pidgin.
Pensa em protocolos em vez de serviços. Serviços como o WhatsApp, Facebook Messenger, Viber, Telegram, WeChat, BBM, etc utilizam protocolos proprietários que faz com que obrigues a todos os teus contactos migrarem para esses serviços, para reforçar o efeito da rede e monetizar a user base. Já deves ter ouvido alguns dos teus contactos a dizer que não utiliza a app X porque os seus amigos não estão presentes. Este é o motivo da popularidade do WhatsApp e do Facebook Messenger, a sua user base, porque em termos de features não são nada de especial, muito pelo contrário.
O XMPP/Jabber como é um protocolo aberto e federado não sofre deste problema, cada pessoa tem a liberdade de hospedar o seu servidor/serviço e continuar a falar com os teus contactos. De forma muito resumida, é o equivalente ao funcionamento do email mas para o chat.
Have you tried Conversations?
It is excellent. Battery life isn't a problem and it has OMEMO encryption which is based on Moxie Marlinspike's Double Ratchet Algorithm used in redphone/signal/whatsapp.