For an visualisation of how the popularity of chat clients increases roughly in proportion to how much of your information is given to unaccountable third parties, see the EFF chat scorecard
tl;dr There are too many chat programs which aspire to security and not enough secure anything else, and we can't persuade people to use even the secure chat clients, let alone the same chat protocols. Building them is hard and no one is doing it right. The ones that exist are often awful - gossip is that pidgin/adium/libpurple is broken and full of security bugs. Anyway it leaks information about your contact list to the server.
Everyone use Signal, or just meet up face-to-face. In a Faraday cage. UPDATE: Thanks to Australia mobile chat clients are no longer secure.
Instant-ish messaging via text and telephony.
The ephemeral nature of chats turns out to be potentially much more practically secure than email, at least if you do it right.
Skype, however, does not do it right; rather, it is an NSA honeypot, and not even an especially usable one.
There are attempts to do it right below as regards confidentiality, but refer also of course to the problem of jurisdiction.
Trumping end to end encryption
Currently, the NSA can tap into a broad range of communications, but have no means to compel communications to be in a form they can monitor. This is likely to change; after all, they will need to be able to hunt down those involved in, or providing support to, terrorist groups like Black Lives Matter and Friends Of The Earth, not to mention the President's extensive list of enemies. As such, it is quite likely that, at some point during Trump's first year, end-to-end encrypted messaging systems will be required to provide real-time plaintext to the security services. (Things have already been moving slowly in this direction, and will only accelerate under a president who has expressed admiration for autocrats and a brutishly Hobbesian view of how power works.)
Similar laws are already in force in more established autocracies such as Russia and Turkey. The difference is that American companies, subject to American law, provide many of the communications systems used worldwide, such as Apple iMessage, WhatsApp and Signal. These are likely to be compelled to provide the US homeland-security authorities with the plaintext of all messages coming through them, in real time, and to make whatever changes are necessary to their architecture to achieve this.
With iMessage, this would be theoretically easy to do. iMessage messages are encrypted from end to end, so Apple have no means of reading them, but each message is encrypted several times with the public keys of each of the recipients' devices (i.e., if you're sending one to someone with an iPhone and an iPad, your iMessage client will encrypt it with the public keys of both of their devices). Once they are legally compelled to do so, Apple could just quietly add an extra key, whose private key is held by the NSA iMessage ingestion gateway. Given that the entire iMessage system is closed-source and completely under Apple's control, Apple could push this to all users, without worrying about rogue clients that feed the NSA junk.
UPDATE: This playbook is being used by Australia to break encryption.
- General theory of Off-The-Record chat
Mobile: Signal (Formerly redphone):
Free, worldwide, encrypted voice calls for iPhone and Android by“Open Whisper Systems”. Does not disclose message content, in principle. Does not disclose contact list.
Signal uses your existing number, doesn’t require a password, and leverages privacy-preserving contact discovery to immediately display which of your contacts are reachable with Signal. Under the hood, it uses ZRTP, a well-tested protocol for secure voice communication.
Signal was designed specifically for mobile devices, using a jitter buffer tuned to the characteristics of mobile networks, and using push notifications to preserve battery life while still remaining responsive. Signal is also Free and Open Source Software, allowing anyone to audit the code for correctness or help contribute improvements. The project even pays out a percentage of donated Bitcoin for every merged pull request.
Seems super cool in that it is open, friendly, widely used etc. Not as polished, reliable or easy as more mainstream clients. Does not leak your contact list.
The Signal algorithm is apparently used in iMessage and Whatsapp, although how can you tell in these secretive closed-source apps? Whatsapp, at least, breaks the security of the protocol in aid of convenience, and uploads your contacts to suspect 3rd parties.
CoyIM is a new chat client that is safe and secure by default: no settings to change, no plugins to install, no computer configuration to change.
Not yet audited. Do not use for anything sensitive… CoyIM is a standalone chat client that focuses on safety and security. It is a self-contained program that runs on Windows, Linux and macOS. CoyIM only supports one chat protocol - XMPP (sometimes known as Jabber). CoyIM has carefully picked and chosen the features that are necessary to create a good chat experience, while keeping the attack surface of the system to a minimum.
It also has built-in support for Tor, OTR and TLS. The Tor support allows users to become anonymous while chatting, OTR makes end-to-end encryption of communication possible, and TLS adds another layer of encryption for the communication with chat servers. These features are not plugins or extras in any way.
CoyIM is implemented in Go. Many other implementation languages open up the door for a large number of attacks; we try to minimize those risks by using Go.
Does not leak message content but AFAICT does leak your contact list.
iOs: Chatsecure > ChatSecure is a free and open source messaging app that features OMEMO > encryption and OTR encryption over XMPP. You can connect to your existing > Google accounts or create new accounts on public XMPP servers (including > via Tor), or even connect to your own server for extra security. > > Unlike other apps that keep you stuck in their walled garden, ChatSecure > is fully interoperable with other clients that support OMEMO or OTR and > XMPP, such as Conversations (Android), CoyIM (Desktop), and more.
See the old but intriguing security audit * Mobile: Wickr is not open source but looks interesting because it has trendy cryptographers backing it. Claims not to disclose message content or your contact list.
is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide “non-content” data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs.
Desktop/mobile: Cryptocat is an open implementation of OTR for text chat.TBC
Desktop: tox is a chat protocol and implementation
Tox is a free-as-in-freedom, peer-to-peer, end-to-end encrypted, distributed, multimedia messenger. Using existing technologies such as dispersed networking and strong cryptography, Tox can provide a superior instant messaging experience than current market offerings. Files can be shared as fast as you and your partner's Internet connection allows, audio calls are instantaneous, and there are no arbitrary limits to how many people you can have in a group conversation.
Favoured client seems to be qTox.
group communications are nice to have if you have more than one friend. Dissent is one fashionable open-source attempt to provide that with good academic credentials. No released products yet, though:
Dissent's technical approach differs in two fundamental ways from the traditional relay-based approaches used by systems such as Tor:
Dissent builds on dining cryptographers and verifiable shuffle algorithms to offer provable anonymity guarantees, even in the face of traffic analysis attacks, of the kinds likely to be feasible for authoritarian governments and their state-controlled ISPs…
Dissent seeks to offer accountable anonymity, giving users strong guarantees of anonymity while also protecting online groups or forums from anonymous abuse such as spam, Sybil attacks, and sockpuppetry. Unlike other systems, Dissent can guarantee that each user of an online forum gets exactly one bandwidth share, one vote, or one pseudonym, which other users can block in the event of misbehavior
Dissent offers an anonymous communication substrate intended primarily for applications built on a broadcast communication model: for example, bulletin boards, wikis, auctions, or voting. Users of an online group obtain cryptographic guarantees of sender and receiver anonymity, message integrity, disruption resistance, proportionality, and location hiding.
Desktop: Jitsi is an open-source desktop skype-ish client.
Desktop: Hello is the new firefox one. How does that work now?
Mobile: blackphone is a whole secure mobile device.
Frequently Asked Questions
OStel is a public testbed of the Open Secure Telephony Network (OSTN) project, an effort with the goal of promoting the use of free, open protocols, standards and software, to power end-to-end secure voice communications on mobile devices, as well as with desktop computers. Both are concepts from The Guardian Project.
matrix is more of a messaging layer for the internet, at lower level than a chat solution per se. Specifically, it aims to
[provide] an open universal communication layer perfect for VR calling, messaging and collaboration, powering immersive experiences for conferencing, tourism, entertainment, telepresence, e-learning, etc. […]Matrix is that missing signalling layer for WebRTC. If you are building VoIP into your app, or want to expose your existing VoIP app to a wider audience, building on Matrix’s SDKs and bridges should be a no-brainer.
pidgin/adium/libpurple works for what it is worth but is probably insecure because of bugs and deprecated and leaks your metadata (citation required). Does not disclose message content if you choose the right settings but does leak your contact list. Probably if you are using this, you want to use
Where does keybase fit in all this?