this post was submitted on 07 Feb 2025
352 points (98.9% liked)

Technology

61916 readers
2133 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
352
Time to get serious with E2E encrypted messaging (techcrunch.com)
submitted 1 day ago by Morys@lemmy.ml to c/technology@lemmy.world
106 comments fedilink hide all child comments
 

I currently use Telegram for my friends and family, but have reluctantly come to the conclusion that the UK Government is either reaching agreement for backdoors with messaging services, or is trying its hardest to.

I'm also on Element/Matrix. Before I try to get my contacts to join me on there, should I be aware of any privacy issues or is that a good place to head?

(page 2) 50 comments
sorted by: hot top controversial new old
[–] Xanza@lemm.ee 16 points 1 day ago* (last edited 1 day ago) (1 children)

I currently use Telegram for my friends and family, but have reluctantly come to the conclusion that the UK Government is either reaching agreement for backdoors with messaging services, or is trying its hardest to.

Unless you start an encrypted chat, Telegram chats are not E2E.

I’m also on Element/Matrix. Before I try to get my contacts to join me on there, should I be aware of any privacy issues or is that a good place to head?

Host your own Matrix node, and then you don't have to worry about prying eyes. Realistically, instead of worrying about the protocol, worry about the content of the text. Use PGP to encrypt your own text and send it over clearnet. Who cares at that point.

[–] ITGuyLevi@programming.dev 11 points 1 day ago

Definitely host your own node! It's trivial for a server admin to add a hidden bot to every chat and while it's still E2EE, an unknown party could still have a copy and key to read it.

Really good talk from DEFCON 32 about the service "Anom" by Joseph Cox (sorry for the lack of a link, at lunch, on mobile and about to get back to work).

[–] mox@lemmy.sdf.org 19 points 1 day ago* (last edited 1 day ago) (8 children)

Matrix is good for private general messaging. The fact that it's decentralised means it can also withstand things like government-ordered shutdowns or back doors, since there is no central point that controls the whole network.

Two things to be aware of:

  • Some non-message bits (e.g. room topic text and membership) have not yet been moved to the encrypted channel, so those could be read by the administrator of a homeserver that participates in your chat room. Since most people care primarily about keeping the message content private, this is an acceptable trade-off to get all the things that Matrix offers.
  • The upcoming Matrix 2.0 features and design choices simplify the UI and fix some occasional errors. It might be worth waiting until this stuff officially lands in the client apps before bringing your contacts to Matrix, for a better experience all around.
[–] unexposedhazard@discuss.tchncs.de 6 points 1 day ago

As long as you onboard them with the ElementX/SchildichatNext(better fork of element) mobile client, their experience and setup should be fairly future proof. Its still changing and growing for sure but the most important stuff is finally working now and the new call systems is a huge improvement.

But yeah if you want zero metadata, your only choice is P2P stuff like Briar.

load more comments (7 replies)
[–] Korhaka@sopuli.xyz 11 points 1 day ago (3 children)

I think at this point it would be funnier to just use something obviously unsecure like discord but share your public key with the other user and then send encrypted text.

[–] KingRandomGuy@lemmy.world 2 points 22 hours ago* (last edited 22 hours ago)

I used to do something like this before Signal became a thing. We used to use OTR via the Pidgin OTR plugin to send encrypted messages over Google Hangouts. Funnily enough, I'm pretty sure Pidgin supports Discord, so you could use the exact same setup to achieve what you described.

It was pretty funny to check the official Hangouts web client and see nonsensical text being sent.

[–] Gumus@lemmy.world 5 points 1 day ago

I guess a vencord plugin for that wouldn't be that difficult to do

load more comments (1 replies)
[–] thann@lemmy.dbzer0.com 9 points 1 day ago (1 children)

No proprietary software can truley provide secure messaging

[–] ricdeh@lemmy.world 13 points 1 day ago (1 children)

Matrix is not proprietary. The protocol is FOSS, Synapse server is FOSS, Dendrite server is FOSS, there are FOSS clients, Element is FOSS too afaik.

[–] Blisterexe@lemmy.zip 2 points 1 day ago

can confirm, element is foss

[–] shortwavesurfer@lemmy.zip 8 points 1 day ago (1 children)

You may want SimpleX. You can still self-host your own server if you wish, but it doesn't have nearly the metadata issues of matrix and encryption keys are stored in a database that you back up instead of constantly breaking

[–] floofloof@lemmy.ca 3 points 1 day ago (1 children)

Last time I tried Simplex, the desktop app was incompatible with the mobile app. Do you know whether this has been fixed?

[–] shortwavesurfer@lemmy.zip 2 points 1 day ago (1 children)

I haven't personally tried it, but I think there's a setting in the mobile app for using it with a desktop. So I assume it is fixed, but I won't swear to it.

[–] schmurian@lsmu.schmurian.xyz 4 points 1 day ago

It works. You either have to link it with your mobile app or you use it standalone with a different user/id

[–] hamsterkill@lemmy.sdf.org 5 points 1 day ago (1 children)

The two encrypted messaging platforms I currently suggest are XMPP or Matrix. Both are usually fine and are decentralized. The main thing with them is to either self-host or choose a server you trust to set up an account — which applies to the Fediverse in general.

[–] curious_dolphin@slrpnk.net 4 points 1 day ago (1 children)

Out of curiosity, is there anything stopping you from suggesting SimpleX? How does SimpleX compare to XMPP or Matrix?

[–] hamsterkill@lemmy.sdf.org 5 points 1 day ago

Mostly just that it's still pretty new and thus hasn't been as polished or scrutinized yet. Haven't tried it myself. For the sake of the OP's question, it may also be notable that it's a UK company.

[–] muntedcrocodile@lemm.ee 3 points 1 day ago

I've heard good things about simplex give it a look

[–] Shortstack@reddthat.com 2 points 1 day ago

There’s also Wire

E2EE and can be used as desktop or phone app interchangeably. No phone number required for signup.

Family has been using this for years now

load more comments
view more: ‹ prev next ›