Is Telegram the best messaging option on Android?

>By not encrypting it allows users access to their messages from any of their devices. Open source is nice when you can get it, but it's not a must have. At least the client is open source.
Don't defend garbage implementations.

Isn't encryption server dependent?

>open-source client
>best option for multiplatform use
>not stupidly requiring you to have your phone connected to use web client like whatsapp
>native end-to-end encryption
>serverless on secret chats(which is what you'll use if you're actually worried)
>excellent group options
>>supergroups allow for tens of thousands of members
>>pinnable messages
>will implement it's own cryptocurrency with intentions to be a valid option for private use in the third world
>literally banned in certain non-free countries due to their fears of the privacy options for citizens

Ui, you prefer your ui fruitier maybe?
Yeah more or less every over-used meme terms like this means smurf in the end.

There's wire too, and I'm quite sure it won't be long till the folks from protonmail will gratify us with their message app

Logs everything you type, say, send, with no option to delete it.
You have to trust the goodwill of the owner.
Server-side source code is not open.
Cringy marketing borderline fake news on their website.
Anyway I'm quite sure telegram will be the next big messenging app, they seem to aim the likes of wechat. We'll see, nonetheless there are far better options (for the user ofc)

Yes but if you are just sending text a few seconds of delay wouldn't be a problem but other then that it's pretty secure since everything is stored locally and if you want to, you can always nuke the the "account" by deleting one or two files

> 2012+7
>Jow Forums still hasn't learned how to use GPG
Literal board of brainlets
Every messaging app is encrypted if you send your own encrypted text

Nheko and Fractal look a little bit better than the standard Riot client.

Yeah anyway, my worst problem with those matrix implementation is to bring these dumb ass normie friends of mine to btfo messenger and what's app.

I guess I'll be messenging myself and there's nothing google can do about it.

what wrong with sms bro you don't need fucking internet for that shit

privacy

Slow.

Compression of images and videos leaves me asking if I look like I know what a jpg is.

Attached: ySJqDts.jpg (503x376, 6K)

>installed Telegram
>it asks for a fucking phone number

Okay, this is epic.

This. This is where I stopped using Telegram.

Your phone number IS the account

Signal is.

I literally just deleted my telegram account after having used it for years.
Chats aren't encrypted by defaults, and the only way to get encrypted chats is to do that secret chat bullshit which doesn't save history.
And even worse is that their encryption implementation is some proprietary garbage scheme.

Signal doesn't seem to have any red flags, but unfortunately I don't know anyone that uses it.

Riot is "open source" but it has "Community guidelines" and is pushed through google cloud if the data settings are not configured properly. Crashing, lag and other bugs plague riot. Not to mention that Riot is about to start gassing left and right when they figure out who is using their stuff. Telegram uses your number and other issues mentioned in this thread, so pick your poison.

Attached: 1489955390639.jpg (960x872, 156K)

should I just make my own encryption/ messaging APP at this point?

Is there any non compromised Apps around for mobile, let alone PC?

Attached: 1495945524556.jpg (654x539, 146K)

Use GPG
Either RSA4096 or AES256 depending on if you want symmetric or asymmetric encryption
Anything else is insecure

Just make a messaging app that let's users use their GPG key to send the message
Encryption and decryption can be all done behind the scenes after they type in their master password

>Telegram the best messaging option on Android?
In terms of features, yes. Security? NO.

Just use Signal you incel

Wire. It's both secure and normie friendly. I've been able to get quite a few of my friends using it who don't even really care about the privacy features. It's just a clean chat app, and has most of the features people are used to in other apps. The only non-autists i know who use signal, use it to buy/sell drugs. Telegram, like people have said, is not secure. Any of the other options I've seen are only gonna be used by people like us. Chat clients need some level of mass appeal to actually be useful.

>SMS is outdated
Citation fucking needed.
>Open standard messengers (XMPP/Matrix) are too autistic
Do you have any actual criticisms? I would have accepted lack of adoption (normies tend to go "ugh I have to install ANOTHER app, no thanks" not realizing they could just ditch the proprietary shit, and that those apps eat less storage space than a few of their precious pictures).

This.

>The only non-autists i know who use signal, use it to buy/sell drugs
this is common here, too

No, Signal is.

>not encrypted
>not open source
>requires your phone number

fuck off back to /v/

Riot.im is better.
Wire is better.
Briar/Antox are better if you want privacy.
Telegram and Signal are botnet.
PixArt (XMPP) doesn't have any advantages because it's just a normie email clone.

Lacks features and privacy, requires a SIM card.

>Riot UI is shit
It looks like every other messaging app stop being retarded.

Has anyone tried the Conversations client?

why are you autists so worried about privacy to the point where you can only use chat clients that allow encrypted messages. you probably don't even have any friends to talk to in the first place, the government doesn't give a fuck about your gay erp chats get over yourselves

>implying whatsapp doesn't make a 3mb image a 3kb image

>Has anyone tried the Conversations client?
We use it for the Jow Forums xmpp chat

It's already proven that they log ur chats no matter what private chat you choose

>uses google services unless you install the version without google services

Attached: ynblr.jpg (604x452, 26K)

Threema

guys, this dude fucks chicks left and right

>that one autist in the thread who just learned what GPG was and decided to spam the thread with "DUDE GPG LMAO"

> this dude fucks chicks left and right
> normies
No.

So, email?
Also,
>not using curve25519 and chacha20-poly1305

>Do you have any actual criticisms?
XMPP is a fucking nightmare on mobile, especially when using it on with multiple devices/with otr as you would if using it as a Telegram replacement.
Matrix/Riot is electron garbage and their e2e encryption has been in beta for two years with no actual release in sight.
Also adoption is absolute garbage, as you already said.

Fair enough.

It's Jewish/scamware. Use PixArt.

I personally like Silence but nearly all the other ones here are good. The key with messaging apps is no make sure that they are not a botnet which is pretty easy to do if you know what you are looking for.

Attached: logo-header.png (510x120, 13K)

hmmMMmm

Attached: imessage.jpg (700x467, 29K)

Based but my bubble is green

>russian botnet
>good
hahahahahaha good one OP

Anyone here used rocket chat? Wa reading tyr website and it has some self hosting option? Dunno.

how is official telegram vs telegram x?

how secure could signal be when it asks for your real phone number to just work? why cant I just input a username and password??

This, I call people up at 3AM to yell memes at them.

here's to vouching for a Jow Forums authored encrypted messaging app
come on Jow Forums, it'd be pretty awesome if we built this

we're talking about end users here man. these things should be encrypted by default and the end user shouldn't have to put in much work: privacy should not be proportional to your technical knowledge about this specifically

none of us would be able to agree on it

github.com/signalapp/Signal-Android/issues/1085

well probably the most interested would be the most botnet paranoid, who just also happen to be the same who'll probably be better with encryption and security layers, as well as FOSS users

this is actually very interesting, but again, as an end user with not enough technical knowledge about security and encryption(who'll probably never truly achieve this level of knowledge) I can't do shit but trust the fact that it's open source. unfortunately, almost nobody uses SMS nowadays and it's very limited feature-wise, so I'd only be using it for sensitive conversations.
but I want all my conversations to be private, right? otherwise there's no point.

Yes.

> I can't do shit but trust the fact that it's open source.
Generally this is a good indecator as to the security of a piece of software. Generally code licensed under a GPL is more secure as its FOSS.

If your interested in learning more about cybersecurity take a look at /cyb/ + /sec/.

>signal is botnet
What? Why

>that website
Holy shit, that looks nothing like your typical GNU application.

>sync the private key or use a mega like password encryption system
There, you fucking retard. Stop regurgitating the blatant lies and excuses you heard from telegram if you have no idea what you're talking about

Anyone have the github issue link where the author gets called out for renaming his project into the word used to call a muslim mosque or something?

Needs a SIM card. Needing botnet to be used is the equivalent of being a botnet.

I mean anything encrypted by a 3rd party is insecure
Your security is not their priority in their business plan
You can send encrypted text through any method and retain your encryption. Email is good and you can use plug in like enigmail on thunderbird to streamline gpg encryption to make it a seamless and automated
The user should be somewhat knowledgeable in security. It's one of the most important parts of computing
You don't need to know the fine details about the algorithms, but you should know how to encrypt some text.
Maybe make a keyboard that let's the user highlight text and replace it with encrypted text from an algorithm that they choose. Also allow them to highlight encrypted text and decrypt with a password or their private key
Maybe even automate it by formatting the text to say
----Algorithm----
And then automatically decrypt with a preset for that algorithm.
I think I found a new spring break project that I'm gonna do

Tox already exists, though.

The whole point of E2EE is that it's encrypted and decrypted by sender and receiver, respectively, and not the service provider. Signal, WhatsApp, Telegram (secret chats only), Matrix (encrypted rooms only) and GPG all provide that.

You're still relying on their implementation
Companies In the past have given out their keys to governments. Best way to prevent that is to have your own key that the service doesn't know about

>what's OMEMO?

Yo *do* have your own key that's only on your device on all of them (assuming they're not directly lying). The service provider does not have a copy of that encryption key and, if you lose your device and have no key backups, you lose access to all encrypted messages.

With 200k max members and interoperability across devices. It already comfy desu

absolute garbage
I've genuinely tried using xmpp on mobile and desktop, and it just isn't there yet.

to be honest, I _am_ interested, I'm just not at a point in my life which I can dedicate the amount of work and time necessary to be proficient in it. But I'll probably study some of it when I actually have the time.
Also, worth mentioning I'm feeling cheated because I was sold on Telegram specifically for it being OSS, so learning the server-side code isn't is quite a bummer.
Guess I'll stop trusting it then. Then again, it's hard enough to find a userbase for telegram around here, so Signal and the other 'better' alternatives are probably even less viable.
guess I'll keep being watched then

back in my day this was called GNU Ring
when did they even change it?

>(assuming they're not directly lying)
that's the problem. you can't tell whether they're lying or not because of closed source software

The only closed source one on that list is WhatsApp. It is of some note that Signal's dev helped them implement the E2EE.

I think XMPP shows the most promise, tbqh.

probably because it was too generic a name or the ring video doorbell threatened them

I think it's nicer knowing that you're encrypted with something like gpg at like layer 7.5 so you don't have to worry about the security of your chosen app. No matter what it's secure even if it's http

Do you even realize that GPG is an app just like the clients for E2EE chat networks are?

> app
Program
And you missed my point
You can post messages to your friends that are encrypted on here and it's still secure
You have to use a specified messaging app that is open source to be secure if you do It your way.
No matter what I'm secure with gpg
With your chat apps you have to rely on their implementation and be limited to one place.
What if your friend wants one chat with you through IRC?
What if it's through sms? Email? Skype?

>> app
You used "app" in the first place:
>so you don't have to worry about the security of your chosen app

What if your friend wants to chat without using the GPG app to decrypt messages? It's the same issue, the only difference is transport.
Also, you're moving the goalposts. The initial issue was whether GPG would be more secure by default than protocols that support first-class encryption and the answer is usually no (fuckups like Telegram excluded).
In fact, it's possible that such a program would provide *additional* security by enforcing better encryption algorithms, enable more secure trust management, not leak metadata (conversation sender, recipient, subject, data length, etc.) all over the place, enforce sign+encrypt instead of just encrypt, etc.

By the way, if you want encryption within messages passing over an existing chat service (IRC, SMS, etc.), look up OTR. Also supports auto-detection and relatively unintrusive encryption capability advertisement to peers.

Gpg does let you sign and encrypt and choose your algorithm
If your friend doesn't use it, make him. Friends don't let friends have a unsigned key

Good luck getting everyone to use decent algorithms in GPG.
If your friend doesn't use $e2ee_chat_service, make her. Friends don't let friends use services that leak metadata all over the place for anyone to see.

Have you ever used GPG?
It's not hard at all to choose a decent algorithm.
I think RSA2048 is default and 4096 is paranoid unbreakable (for at least another 40-50 years)

I have.
First off, ECC > RSA. 2048 bit RSA is roughly equivalent to 224 bit ECC (112 bit symmetric key). Also, ECC is faster.
No reason not to use Ed25519/Curve25519 and ChaCha20-Poly1305 these days.

I'm not trying to say that you shouldn't use the apps you mentioned
I'm trying to say that you shouldn't rely on someone else's encryption. The only person you can trust with your data is yourself.
The lastpass hacking should be a good example. Use something like keepass with a good encryption and key derivation algorithm and you'll be more secure

>I'm trying to say that you shouldn't rely on someone else's encryption. The only person you can trust with your data is yourself.
And these apps do that in a similar way to the GPG app: the data is encrypted with local keys on the client. The server never sees plaintext nor keys, just like GPG.

> post cool telegram channels that you frequent

The problem with most apps is that it's all behind the scene where as with gpg you can acii armor it and know that what you're sending are "random" bits and a copy of your text isn't vein cached or sent to a server along with it