💾 Archived View for gemlog.blue › users › yellow › 1612715438.gmi captured on 2024-05-12 at 16:52:48. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-04)
-=-=-=-=-=-=-
About this gemlog entry.
This gemlog entry was written by Thilo Buchholz and may be redistributed under a CC-BY-SA 4.0 license.
Find me elsewhere:
Within the recent month, particularly after WhatsApp's announcement and subsequent postponement of its updated privacy policy, thousands of users started migrating messengers. Whilst within the blogosphere known to me there are many examples of people arguing intensely for or against a certain instant messaging protocol, I haven't found one introductory article to the world that is instant messaging services. This article aims to fill that gap.
There are 3 different architecture philosophies of instant messaging services.
Centralized messengers are e.g. WhatsApp, Signal, Telegram, Threema, Facebook Messenger, Instagram, Snapchat: There is one provider, and one application for the service. Everybody who communicates with somebody communicates via the servers of that provider. That doesn't mean that those messengers are all the same: Some, like Discord and Instagram, are entirely unencrypted - the service provider (i.e. the company) can read and use everything you write. Some, like Telegram and Signal, publish the source code of the apps – that means that everyone can see and verify what the app does on your phone. Some, like Threema and Signal, are always end-to-end encrypted. Some collect more metadata – e.g. the data when, with whom, how long, where you communicate – and some less. And so on and so on. Still, there are very privacy-friendly messengers among those – most popularly Signal and Threema, followed by messengers with a smaller user base such as Wire and Wickr. But if any of those messengers implement a feature you don't like, you're screwed. All of those messengers are app-reliant: You need to access the application of the service provider, otherwise you're excluded from messaging other people.
Federated messengers are messengers which rely on a fully open protocol (think of 'protocol' as 'language'). The two existing protocols are XMPP and Matrix. Their main principle can be compared to email: You can register an account at any server (or host a server of your own), and communicate with any other account on any other server. Think of it like sending an email from your Gmail account to your friend's Yahoo account: There are no limits as to how you can communicate, and if you dislike Gmail, you can just switch to any other email provider and send an email to your friend from your new address. Likewise, you are free to choose any app you like to use your account (people generally speak of apps as 'clients'). Similar to how you can access a Hotmail email-account from different clients (e.g. the Gmail app, Apple's email app, Mozilla Thunderbird, ...), you can access your XMPP or Matrix account through different clients or simply access your account from the web browser. There are people who prefer XMPP and people who prefer Matrix, I personally think that XMPP is the better protocol whilst Matrix offers an easier user experience for people who are new to federated messenger protocols.
Peer-to-peer messengers don't rely on servers altogether – they just rely on one common protocol ('language'). Briar, Jami, Tox , and RetroShare are all examples for this. Among the three groups, they provide most anonymity and security. However, this also means that you need to add your contacts manually – as your identity is protected, you can't simply be identified by your phone number. On the other hand, they provide the comfort of not being able to fail. There is no server which can go offline and you don't need to place your trust in the availability of the service on a specific provider. You will always be able to message your contacts – in some cases even without needing an internet connection.
I included links for further reading below.Â
Do you have any questions left? Or do you want to practice communicating on the federated and distributed platforms? Do you need help in picking a server or getting started? Don't hesitate to reach out to me.
On these websites, you will find general advice that I personally deem valuable on how to become a digitally sovereign citizen:
'privacy-respecting' list on github
In general, I am hesitant to share videos, as they can often get very lengthy and can have a strong personal bias. However, I think that this video explains the differences between the messengers in more detail really well, so if you're up to learning more, listen in:
Video: "Best Secure Instant Messaging Apps for 2021" on YouTube
Examples are Gajim, Conversations, Quicksy, Siskin, ChatSecure, Dino, ...
More information on the XMPP protocol
Examples are Element, SchildiChat, ditto, NeoChat, FluffyChat, ...