💾 Archived View for ax.flounder.online › tech › messaging.gmi captured on 2024-05-26 at 14:45:23. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
Using HTML > Markdown > Gemtext converter, will be broken
An attempt to simplfy choosing a messenger from my search for the best. My current favourite is XMPP. => ./picture/xmpp.svg xmpp logo
If there are any errors or you have suggestions please let me know.
I will prioritise messengers with:
Ease to use
Support for all major platforms
Native clients
Self-hostable servers
Ease to use
I will only list messengers with:
Encryption (unless self-hostable)
No phone number required
Consider using a privacy respecting operating system for the safety of yourself and your contact.
Key
~ = informational
¶ = in-page link
Review dot points are top to bottom by piority
Client = App, application, program
Server = service provider website
What should I use?
Consider your use case. I have listed some suggestions below.
Looking for Slack or Discord\-like grouped chat channels? Have a look at Matrix ¶
Looking for Telegram or Whatsapp\-like simple 1-on-1 or single room group chats? Have a look at XMPP ¶ or DeltaChat ¶
Looking for peer-to-peer 1-on-1 chats? Have a look at Jami ¶
Want to communicate with e-mail with an easy interface? Have a look at DeltaChat ¶
Wikipedia's Comparison of cross-platform instant messaging clients
Why should I avoid phone number services?
Why should I care about encryption?
Messages should only be able to be read by you and your peers. If anything were to be leaked from the server you would not need to worry about your messages being publicly available online.
I don't have anything to hide
You may not but your contact might
Avoid anything without a viewable client and encryption method source code. Server source code is prefered but methods that don't give the server your encryption key should be good to use (such as encrypting an E-Mail outside the servers webmail interface)
I don't know what any of that means
It's basically any messenger that is run for profit, which is probably 95% of messengers
Helpful tool: tosdr.org see an easly readable overview of a sites Terms of Service
"Privacy focused" messengers
Requires phone number, centeralized server. Not the worst but there are better choices* Wire Bought out by another company, centeralized server
Popular messengers
usemumble.neocities article
stallman article
Discord TOS overview (tosdr.org) just look at this
non-free, no encryption, paid services for common features, suspicious funding methods, electron client, alternative clients are against ToS, account lockouts for "suspicous" (no phone number regestered) activity, takes half a month for account deletion (which only removes your account name and avatar from their servers, messages remain), saving all your text and voice chat data to their servers. It's really bad
I have to use it
Use it with Firefox Discord Container to put the website into a browser container. Or use a seperate profile in your web browser for it.
To avoid electron, consider using Pidgin with the purple-discord plugin (text only). Only uses 10MB of RAM while idle!
firejail it on GNU/Linux* Telegram => /picture/telegram.png Telegram TOS overview (tosdr.org)
Server is non-free and centeralized. Telegram has access to your encryption keys* Facebook Messenger Facebook TOS overview (tosdr.org)
Accounts made with phone number without a Facebook account can't be deleted (unless this was changed)
Telegram TOS overview (tosdr.org)
Facebook TOS overview (tosdr.org)
Electron, Chromium Embedded Framework or any other downloadable web applications are slow, bloated and full of security flaws. It's basicly a seperate web browser for your programs which will eat up RAM and leave you behind on web browser security fixes because they are seperated processes from your main web browser. For something as simple and private as sending messages it is not recommended.
If you press Ctrl+Shift+i it should open a developer console. Another way is to press the Alt key, if a menu pops up at the top with something like "File Edit View Help" it likely uses electron.
--------------------------------------------------------------------------------
Protocols depend on client so I have based XMPP on Dino/Conversations and Matrix on Element. Consider Jitsi when you want to do a voice/video call or screenshare on messengers that do not have it. DeltaChat allows you to send Jitsi links from the application but I will not list it as having call features.
Encryption method/s
XMPP: OpenPGP, OMEMO: Based on a Double Ratchet and PEP, OTR & others
Matrix: ?
DeltaChat: Implements the Autocrypt Level 1 standard
Session: Session Protocol built on libsodium
Jami: TLS 1.3 with a perfect forward secrecy requirement for the negotiated ciphers for calls and file transfers. Messages are encrypted with an RSA key.
OMEMO: Based on a Double Ratchet and PEP
Session Protocol built on libsodium
Account creation difficulty
XMPP: Medium-Hard. You will need to find a client with a high amount of features. You will need to find a server with modern features.
Matrix: Easy-Medium. Popular client available (Element), others are available if needed. Default homeserver is easy to setup but not recommended, other servers are harder to find but most have modern features.
DeltaChat: Easy-Medium. Official client available. May require configuration depending on your E-Mail provider and if you are using an existing E-Mail adress or creating a new one.
Session: Very easy. Official client available. Click create and type in a display name
Jami: Very easy. Official client available. Click create, choose username (optional), choose password (optional), choose display name and picture (optional) and backup account to device storage (optional).
Logging in with another device
XMPP: Sign in with XMPP ID and password. Will need configuration to recover encrypted messages.
Matrix: Sign in with Matrix ID and password. Will need another signed in device or a recovery key/phrase to recover encrypted messages.
DeltaChat: Sign in with E-Mail and password, configuration will be needed if you do not have a backup. Will need to input a set of numbers from another signed in device or a deltachat account backup to recover encrypted messages.
Session: Enter recovery phrase and a display name to use
Jami: Load account profile from device storage
Censorship
XMPP: Account can be deleted by server admin. You can be banned from group chats by group moderators
Matrix: Account can be deleted by server admin. You can be banned from group chats by group moderators
DeltaChat: E-Mail account can be deleted by server admin. You can be removed from group chats by group moderators (I believe)
Session: Onion routes could be blocked by server administrators or your local network connection. Only group creator can remove users from group chats
Jami: Contact server, proxy, bootstrap and TURN address could be blocked by server administrators or your local network connection. You are able to configure them to different URLs. Group chats currently unavailable
Briar:
Contact ID
XMPP: username@domain.name
Matrix: username:domain.name
DeltaChat: username@domain.name
Session:
Jami:
Attachment limit
XMPP: P2P 1-on-1 with XEP-0166 Jingle: Unlimited, server upload is server dependent. Expiry date is server dependent
Matrix: Server dependent
DeltaChat: E-Mail server dependent. Usually 10~MB
Session: ?
Jami: Unlimited
Metadata leakage
XMPP: host server knows your IP unless the server supports a tor address
Matrix:
DeltaChat:
Session:
Jami:
soon
XMPP:
Matrix:
DeltaChat:
Session:
Jami:
--------------------------------------------------------------------------------
Why protocols?
Protocols are good for messengers as there is no one point of failure. A protocol can't be taken down or become bankrupt like a single server, for example: Wikipedia's list of defunct instant messaging platforms
Wikipedia's list of defunct instant messaging platforms
--------------------------------------------------------------------------------
My recommended clients:
Windows: Dino unofficial alpha Windows builds
Android: Conversations (download from F-Droid)
GNU/Linux: Dino
Untested: iOS: Chatsecure, monal.im
Untested: Mac: monal.im
Web: conversejs.org
unofficial alpha Windows builds
Servers picked at random with many features (full complience, see below for info)
trashserver.net 🇩🇪 Germany
hookipa.net 🇩🇪 Germany since around 2007. 100MB attachment limit, lasts for 30 days. Deletes after a year of inactivity
xmpp.social 🇩🇪 Germany since around 2007
jabbers.one 🇩🇪 Germany. 50MB attachment limit, quota 200 MB, lasts for 10 days
openim.de 🇩🇪 Germany
anonym.im 🇩🇪 Germany
jabber.lqdn.fr 🇬🇧 France
chinwag.im 🇦🇺 Australia since 2015
xmpp.is/.chat/.co/.cx/.fi/.si/.xyz 🇷🇴 Romania
lightwitch.org 🇮🇹 Italy
xmpp.is/.chat/.co/.cx/.fi/.si/.xyz
e2e.ee/.wtf/ee.e2e.ee/noarchive.chat 🇳🇱 Netherlands Free usernames must be more than 8 characters
riotcat.org 🇩🇪 Germany / Click jabber. Need to request account Can only register from within a client!
e2e.ee/.wtf/ee.e2e.ee/noarchive.chat
Avoid:
creep.im 🇬🇧 France, United Kingdom. Can only register from within a client Requires a captcha to contact creep.im users
sum7.eu
\*\*OMEMO allows the client to automaticly end to end encrypt messages and attachments to another client with OMEMO with any compatable server.
The higher server complience is for a server, the more modern features you will be able to use with a client, if compatable. These features include
\*Both users servers must have the same features to be compatable with each other
https://kill-9.xyz/no\_category/xmpp XMPP servers comparision
https://privacy.flounder.online/article\_xmpp\_guide.gmi Guide: Start Chatting With XMPP (Very Easy)
https://kill-9.xyz/no\_category/xmpp
https://privacy.flounder.online/article\_xmpp\_guide.gmi
Pros
\+ Extremely lightweight
\+ Been around since 1999, used and proven through many corperate services (WhatsApp, Zoom, Google and Apple mobile push notifications and many more, check the sidebar)
\+ No file size limit on 1-on-1 chats using peer-to-peer Jingle (XEP-0166)
\+ Ability to edit messages
\+ User text and avaiabilty statuses
Cons
\- Hard to "start using". The user needs to know that there is no main client like other services
\- Link previews aren't common on clients
Informational
~ E-mail like contact addresses: name@server.com
Unofficial alpha Windows builds Official Website
Unofficial alpha Windows builds
Pros
\+ (Currently a pull request) Optional link previews
\+ Supports calls
\+ Connect multiple accounts at the same time
\+ Low RAM usage on Linux ~30MB
Cons
\- Doesn't encrypt new conversations by default (there are pull requests to fix this)
\- High RAM usage on Windows alpha ~60-100MB
Informational
~ GTK interface
~ Still in beta
https://axia.neocities.org/img/chat/dinoscreenshot1.png
\--------------------------------------
F-Droid Website Github
The best XMPP experience, developer constantly pushing XMPP forward
Pros
\+ Supports calls
\+ Connect multiple accounts at the same time
\+ Embedded audio file player
Cons
\- Non F-Droid users will be put off by it costing money upfront on Google Play, making it harder to migrate people to it
\- First launch prompts to create an account on the conversations.im instance which is free for 6 months then paid. Might confuse people to think XMPP is a paid service.
Informational
~ No embedded picture viewer or video and gif playback
~ Many different forks if you dislike certain features
=> /img/chat/conversations2.jpg
=> img/chat/conversations1.jpg
=> /img/chat/conversations2.jpg
\--------------------------------------
Pros
\+ Nice interface
\+ Plugin to preview image URLs
\+ Connect multiple accounts at the same time
Cons
\- Doesn't support calls on Windows. Perhaps consider using Jitsi (open source in-browser voice and video calls)
\- Doesn't encrypt new conversations by default
\- High RAM usage ~100MB
\- Some issues with sending attachments
\- Long Chat log timestamps on each message
=> img/chat/Gajimtabbed-chat.png
--------------------------------------------------------------------------------
Official server (matrix.org) is not recommended as it is slow and bans users randomly. Also has also been hijacked before.
My recommended clients:
Android and iOS: Element
Desktop: Element, until there's a better native alternative
Web: Element
Cons
\- Chat rooms and spaces (Element's grouped chats) can't be deleted
\- Heavy to run for server owners, meaning less servers will be able to host their own server
\- Potentially shady history
Informational
~ Modern chat gimick bloat such as emoji reactions and stickers
~ Some servers require an E-Mail address to register (can be removed after registration)
Notes on privacy and data collection of Matrix.org
Element is the most popular and feature rich client available for Matrix, but it uses electron
Pros
\+ Spaces lets you group chatrooms between other users, similar to Slack or Discord
Cons
\- Can only handle one account unless you use workarounds
\- Android client is over 100MB
Informational
~ You need to keep your encryption key if you do not have another logged in device which may be difficult to remember or weak if you don't use a password manager
~ Visually similar to Discord, often concidered a good alternative
(old screenshot)
=> img/chat/riot-web-large.png
\--------------------------------------
Cons
\- Electron
\- Can only handle one account
Informational
~ Beta
~ More Slack/Discord style interface than Element
=> img/chat/cinnyscreenshot.png
--------------------------------------------------------------------------------
Website FAQ (well documented)
DeltaChat is an e-mail client with a traditional messenger interface. It automatically encrypts when messenging another DeltaChat user. Different clients are possible but I haven't tested them, for example adbenitez/deltachat-cursed
Pros
\+ Compatability with E-Mail, something almost everyone already has
Cons
\- Slow. Upon pressing send it takes Gmail to Outlook 5-12 seconds to receive
\- Doesn't work with two-step verification login on E-Mail accounts except Gmail on phones, you need to create an "app password" from the your E-Mail provider settings. Solutions to this are well documented but consider this if you have less tech-savvy contacts. Some E-Mail providers also try to scare you out of using app passwords for being only used by "insecure apps".
\- Questionable usage of funds
\- Press enter to send is not default on desktop
\- Chat bubble design doesn't work well on desktop computers
Solutions to this are well documented
Informational
~ No voice or video calls, intergrates Jisti links for calls
~ First message to new contacts are unencrypted because encryption files need to be exchanged
~ Using an existing E-mail address could be bad for anonymity. Consider what information about your E-Mail address is available on the internet when talking to people, especially if your E-Mail address is on haveibeenpwned
~ GIF attachment autoplay
~ May have issues with attachments if your servers attachment download limit is low. 10MB is ususally the recommended limit
~ Supports multiple accounts but only one at a time
~ Some E-Mail providers might not allow sending .exe or zips with .exe (I don't know if the encryption fixes this)
=> img/chat/deltachatscreenshot.png
--------------------------------------------------------------------------------
Website TOS overview (tosdr.org)
Pros
\+ Optional support for link previews
\+ Promises to hide your IP
Cons
\- Plans to make clientside features paid in the future (See: Session: Session Pro and beyond)
\- Feels sketchy
\- Currently does not support voice or video calls
Plans to make clientside features paid in the future
Informational
~ Uses random 66 number and letter ID codes for adding contacts. Example: 056fc434103b82d15...
~ Android application optionally uses google services for push notifications. Can be disabled on first launch
=> img/chat/sessionscreenshot.png
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Gives me too many problems. I am checking the progress the program is making because it has great potential
Pros
\+ No limit on attachment size
Cons
\- Unrelyable on mobile right now, need to adjust settings to not drain battery life
Informational
~ Peer to peer, no servers
~ Accounts are stored in local files
=> img/chat/JAMI_Conversation.jpg
--------------------------------------------------------------------------------
Only for Android and (soon) desktop computers. Focuses on being unable to be censored
--------------------------------------------------------------------------------
rocket.chat (official web/Electron)
https://snikket.org easy server software
XMPP Server (Prosody)
the final redpill: you have to use what your friends use
