Reply to post: Re: Which one should I use!! -NONE-

'Trust it': Results of Signal's first formal crypto analysis are in

anon9045839452

Re: Which one should I use!! -NONE-

I cant believe no one has recommended CHATSECURE yet!

-Open Source

-Runs on Android, iOS; (download from apple app store, F-Droid, Google Play, guardian project website and source code on github)

-awesome OTR protocol that has deniability with no digital signatures and perfect forward secrecy with strong 256 bit AES encryption

-Uses xmpp protocol so you can use one of any of the many public or private xmpp servers, or use facebooks or google servers to communicate, or use your own xmpp server

-compatible with other platforms that use xmpp and OTR such as pidgin (when plugin has been added), tor messenger, adium, Jitsi as well as others

-SUPPORTS TOR!

-SQLCipher for securing local device

It kinda kicks more ass on android than it does on iOS cuz it doesnt stay well connected to the other user compared to how awesome it works on android. Also i find the iOS device doesnt work with the built in tor feature. The Tor feature is buggy on iOS when connected to an android instance using tor.... but droid to droid both using tor seam to work great

its cross platform compatibility means that a PC or Mac user (or someone using a desktop *nix distro) can easily talk to someone using chatsecure by using tormessenger or pidgin with otr installed.

I dont use signal because i cant seam to install it on my ipod touch and iphone as it needs a newer version of iOS. I also dont think I trust it now that I have read some of the other comments in this thread. The dev of signal doesnt inspire confidence in the implementation of the crypto and a lot does appear to be media hype in the last few months.

The voice features that signal has are cool - as are other features it has. Chat secure has a "walkie talkie" kind of voice chat feature, even tho it doesnt explicitly advertize this. Im not sure how chat secure secures the audio, but signal uses zrtp which is cool.

I also dont particularly like that you cant choose where your data is routed with signal - it only supports using their servers. open whisper systems does not open source the server side of the signal service.

Signals centralized servers also store all public keys, provide key exchange, and hold the contact lists for its user base. I dont like this

Atleast with chat secure you can chose what servers you'd like to use. Signal apparently has servers in 10 countries to help handle its loads with the user having no control over what countries (and thus, jurisdictions) you end up mingling with.

With chatsecure you can allow only a connection through a public or private and optionally password protected and SSL encrypted xmpp server in whatever jurisdiction that you deem to be the the most secure in your particular situation and both clients can be using tor if you want.

If you dont find a server you trust, then you can even set up an xmpp server yourself using the software of your chosing, hardening the communication and server to your own level of comfort and nessesity you think you might need. Even set it up and password protect it, authenticate connecting users, wrap all communication in an extra layer of encryption and use a VPN in a country with a language barrior and with no jurisdiction, extradition treaty and on another contenent than the country you are in. All running on top of a tor hidden service. Signal users cant do that

Oh, and chatsecure allows you to create a one-time 'burner' user account if you think it might be necessary to use an account only once to communicate with some one

Chat secure also had a half brother at one point called textsecure. They were almost twins at the time, but textsecure allowed OTR over SMS... something that is no longer supported since signal took over the unofficial fork. too bad... OTR over SMS would be super handy to some people in some countries that dont have data and only have SMS....

Redphone is now Signal. This kind of sucks too because it worked on older versions of iOS and now some of my friends who have older apple hardware can no longer get redphone. Signals compatibility with only newer iOS versions have actually made it so LESS people can chat securely via SMS/textsecure and Redphone no longer being hosted by the appstore or google play - if you want it on an older version of iOS then too bad.

Tinfoil at says that it a conspiracy to slowly make it harder for more devices to be compatible with strong encryption - but more likely its just the app developers not even contemplating the effects of ignoring back compatibility with older OS software/hardware and its effect on the masses of non-techie users abilities to safely use strong crypto to protect their privacy

Im not saying OWS or signal or the devs of signal are bad, or are short sighted or are evil privacy hating NSA spooks... but if you want to donate to a secure app, support chatsecure. Its better in almost every way

https://chatsecure.org/

https://twitter.com/chatsecure

https://github.com/ChatSecure

https://www.facebook.com/chatsecure

https://itunes.apple.com/us/app/chatsecure

https://play.google.com/store/apps/details?id=info.guardianproject.otr.app.im

you can donate to chatsecure here: https://www.coinbase.com/checkouts/1cf35f00d722205726f50b940786c413

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021