qui Oct 4, 2024
Tuta

Given the recent Telegram scandal, we've updated our review of WhatsApp alternatives. 👉 https://tuta.com/de/blog/best-whatsapp-alternatives-privacy

What's your take? Should we drop Telegram completely? 🤔

Which is your favorite replacement for WhatsApp?

Die besten WhatsApp-Alternativen in 2024 | Time To Go Private! | Tuta

Es gibt viele Messaging-Apps wie WhatsApp. Hier ist ein Überblick über die besten sicheren Alternativen: Signal, Threema, Telegram, Element, Wire, SimpleX, Session, und mehr.'

Tuta
Oct 4, 2024 at 1:41pmWeb
Show threadtekhneOct 4, 2024
@Tutanota @simplex SimpleX !
Show threadbazil ⏚Oct 4, 2024
@Tutanota #simplex SimpleX is the best !
Show threadulixesOct 4, 2024
@Tutanota @simplex SimpleX
no ID's like other apps 👍
Show threadtootbruteOct 4, 2024
@ulixes @Tutanota @simplex SimpleX no phone number required! glad to see SimpleX finally getting some love.
Show threadstavpupOct 5, 2024
@ulixes @Tutanota @simplex Did StartX receive funding from Twitter founder Jack Dorsey?
Show threadAdam WysokińskiOct 4, 2024

@Tutanota > Should we drop Telegram completely?

Yes.

Show threadGuy on the runOct 4, 2024
@adam_wysokinski @Tutanota
No. Just move it down to the bottom for (later) reference.
Show threadKaya 🇪🇪Oct 4, 2024
@Tutanota Hasn't Element had multiple security audits? Why is it an X on that front?
Show threadℍ𝕠𝕨Oct 4, 2024
@kaya @Tutanota https://element.io/blog/tag/security-audit/ they passed the audit yeah, 3 minor issues.
Security audit - Element Blog

Own your conversation.

Element Blog
Show threadtethreOct 12, 2024
@kaya @Tutanota maybe not a "complete" audit of all the apps and all the servers? but yeah, the X is a bit mean 🤷‍♀️
Show threadtethreOct 12, 2024
@kaya @Tutanota also "anonymous" and "pseudonymous" are 2 different words with different meanings 🧐
Show threadFoxleOct 4, 2024
@Tutanota YES!
Show threadJacketOct 4, 2024
@Tutanota I use #signal, I love it. I use it to talk to people that I know IRL. I have session setup. The reasoning was that if one day I need a private conversation with someone I know only from the internet I wouldn't give my phone number. Signal recently added a way to connect with someone without a phone number so I don't need #session anymore but I still have it in backup. I was interested in #element cause if I understand it's more a replacement for things like teams and I'm looking for a platform to do projects with my friends. I think I will go with a self hosted #mattermost. I will check out the others here. It's really interesting. I don't know how secure this one is but there is #jami that is peer to peer. @Jami @session @element
Show threadnictakiegoOct 4, 2024
@Tutanota finally, but you still haven't updated signal and others
Show threadAdamOct 4, 2024

@Tutanota

It's extremely generous to say an app that requires providing your phone number is "anonymous", especially while giving an app that doesn't require any PII the exact same rating. 🧐

Show threadPyraOct 4, 2024
@Tutanota telegram is not open source IIRC
Show threadOrca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Oct 4, 2024
@Tutanota Yes please drop Telegeam. It's even less secure tham WhatsApp, at least your message content is not stored on server in plaintext.
Also I'd like to drop Threema, too:
https://www.schneier.com/blog/archives/2023/01/security-analysis-of-threema.html
Security Analysis of Threema - Schneier on Security

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between different sub-protocols. As another, we demonstrate a compression-based side-channel attack that recovers users’ long-term private keys through observation of the size of Threema encrypted back-ups. We discuss remediations for our attacks and draw three wider lessons for developers of secure protocols...

Schneier on Security
Show threadSkyper 💻🎧☕📖Oct 5, 2024

@Orca @Tutanota I was about to talk about this research work. The researchers have been interviewed by @nadim:

Cryptography FM: Episode 22: Three Lessons from Threema: Breaking a Secure Messenger!

Episode webpage: https://www.cryptography.fm/22

Media file: https://chtbl.com/track/1E9A46/aphid.fireside.fm/d/1437767933/ab43586a-0143-48c8-af78-ac9dc4316514/856b33dd-f3d4-4e22-9d17-bfccafe87e75.mp3

Episode 22: Three Lessons from Threema: Breaking a Secure Messenger!

Threema is a Swiss encrypted messaging application. It has more than 10 million users and more than 7000 on-premise customers. Prominent users of Threema include the Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz. Threema has been widely advertised as a secure alternative to other messengers. Kenny, Kien and Matteo from the ETH Zurich Applied Cryptography Group present seven attacks against the cryptographic protocols used by Threema, in three distinct threat models. All the attacks are accompanied by proof-of-concept implementations that demonstrate their feasibility in practice.

Cryptography FM
Show threadOrca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Oct 5, 2024
@Skyper @Tutanota @nadim Ohh thanks, will listen to it ​
Show threadSimonOct 4, 2024
@Tutanota signal
Show threadSKOct 4, 2024
@Tuta Matrix! on a self hosted server.
Show threadLaberpferdOct 4, 2024

@Tutanota I see a big error to call messengers like Telegram or Signal to be "anonymous" when they require at least an active SIM card to set up an account

Getting an anonymous SIM is impossible in most countries now

Show threadGurleen KOct 5, 2024
@Laberpferd I thought you could just give people a Signal username and hide your phone number from your profile. Isn't this enough anonymity for the average threat model? Also, do we know whether Signal links usernames to phone numbers in their backend?
Show threadLaberpferdOct 6, 2024

@gkcan
My red line is earlier, that i dont want to verify with name; address; face photo to get a SIM card that links together all i ever do in my life

Very different threat model

If i would have an anonymous SIM card (or a more than one for seperate parts of work and personal life) i would have not so many issues to share their numbers with selected peer groups

Show threadGurleen KOct 19, 2024
@Laberpferd SimpleX seems to be getting really good and probably fits your threat model well.
Show threadKAMØFOct 4, 2024
@Tutanota What do you think of @Jami ? It has the advantage that it does not require servers because it is peer to peer.
Show threadLucOct 4, 2024

@Tutanota I wouldn't call signal anonymous, as it requires text message activation. The move to usernames was a huge improvement and makes it *possible* to use it anonymously, but I would guess most people don't.

That said, nice infographic! Glad to have a friendly survey glance of cool, privacy-focused, technologies.

Show threadAngelo SchirinziOct 4, 2024
@Tutanota Telegram video calls are e2e encrypted. And you can have also e2e chat.
Show threadshrugg1eOct 5, 2024
@angeloschirinzi @Tutanota Correct! ☝️
Show threadaoeuidhtnsOct 4, 2024

@Tutanota The most salient property is probably governance model and diversity of funding. Telegram can be leveraged easier because it is privately owned and top-down. It is harder to pressure an elected board esp. if members are in different countries. The technical component has to be solid, but that doesn't mean much if one person controls everything; c.f. the xz backdoor.

I'd suggest replacing the 'anonymous' column with 'requires PII'.

I prefer Matrix, but haven't heard of some of these.

Show threadAdventureTenseOct 4, 2024
@Tutanota Just a note that Signal is tied to a phone number. For that reason it can't be installed onto a computer or a tablet as a standalone option, only as an extention of a smart phone. Doesn't seem completely anonymous to me.
Show threadnotsoloudOct 4, 2024

@Tutanota
You're missing a very important column: Is it possible to join the network by running your own SERVER?

Any network that depends on a centrally controlled server has a single point of failure. (Yes, this is a recommendation of Element/Matrix.)

Also, ideally, identities should be possible to migrate like they (sort of) are on Mastodon and friends.

Show threadMbinguOct 4, 2024

@Tutanota signal is not anonymous. The phone number can be associated with your name.
I think part of the evaluation process should be the location of their servers.

Teleguard from swisscows has absolutely no association with your phone number and their servers are in Switzerland.

Show threads3nnet.deOct 4, 2024
@Tutanota Signal
Show threadCwr1981Oct 5, 2024
@Tutanota SimpleX
Show threadVibuda NimsaraOct 5, 2024
@Tutanota Telegram video calls are End To End Encrypted and Telegram client apps are FOSS.
Show threaddavourakOct 5, 2024
@Tutanota Session
Show threadDominic HuntOct 5, 2024
@Tutanota I would want to add @briar to the list. Not my daily go to but a great option when the cellular network is unavailable.
Show threadAdam WysokińskiOct 5, 2024
@Tutanota Re Telegram and SimpleX https://arstechnica.com/tech-policy/2024/10/neo-nazis-head-to-encrypted-simplex-chat-app-bail-on-telegram/
Neo-Nazis head to encrypted SimpleX Chat app, bail on Telegram

App swears there’s no way for law enforcement to track users’ identities.

Ars Technica
Show threadAdventureTenseOct 5, 2024
@Tutanota Session!
Show threadOlle Mille AndreassenOct 9, 2024
@Tutanota I think that you should drop Telegram completely. After the arrest of the Telegram founder, the founder agreed to hand over IP addresses and phone numbers from users who use his encrypted messanging platform to authorities on legal request. Here is the full privacy policy of Telegram: https://telegram.org/privacy?setln=en
You can find this info in section 8 in privacy policy.
Also Telegram is not end to end encrypted for audio and video calls, and for messages you need to enable it manually.
Telegram Datenschutzerklärung

Eine detaillierte Erklärung der Apple Datenschutzhinweise für Telegram findest du auf dieser Seite Für Nutzer, die auf…

Telegram
Show threadTutaOct 10, 2024
@OlleAndreassen Thank you for sharing!
Show threadOlle Mille AndreassenOct 31, 2024
Ved fortsættelse på Telegram for at aktivere ende til ende krypterede beskeder, skal du aktivere det ved at klikke på start hemmelig chat for den valgte kontakt. Sagen er, at du skal aktivere det på hver enkelt kontakt. Desværre er den hemmelige chat mulighed ikke tilgængelig på Telegram til desktop.
Show threadkotoOct 10, 2024
@Tutanota certainly no telegram, if possible. but it became more than just messenger, unfortunately.

if it should be a channel, i guess matrix kinda works. maybe with Chinny client?

if (open) group chats, matrix as well. also signal, but the problem with signal is that it requires phone number (even if you can hide it).

if private messages, signal and matrix; simpleX seems nice, even though i didn't try it. threema is not free, so not everyone will be able to use it.

signal and matrix have their problems, but they're WAY better than telegram kremlingram.

don't know about wire and session much, can't really say anything about them.
Show threadkotoOct 10, 2024
@Tutanota there's also briar, but as i understand, not many people use it? but i like briar. it has forums and blogs 
Show threadTutaOct 10, 2024
@koto Thank you for sharing!