Practically speaking, not all of your counterparties will have the necessary motivation or technical skills to implement the various options and you may have limited leverage in convincing them to switch platforms. On the other hand, if all parties are willing to make the required effort, more privacy can be achieved by using a decentralized platform, such as I2P-Messenger, Ricochet IM, or Tox. OMEMO is not backward compatible with OTR so your contacts will need an OMEMO-supported client. Since neither protocol supports the “invisible” status, it’s advisable to strengthen your own anonymity by using a separate XMPP account per contact and also by using Whonix’s stream isolation feature to ensure that each contact receives a new Tor circuit. However, with the possibility of asynchronous communication, it’s no longer necessary to remain logged on at all times nor is it required to schedule chats using an out-of-band channel. Like OTR, OMEMO suffers from metadata exposure. (It’s also on Tor Messenger’s to-do list.) Support on other clients, like Jitsi, is forthcoming. It is currently implemented in Android via Conversations and ChatSecure, and on the desktop via Gajim. OMEMO is the Signal Protocol adapted for XMPP. The Signal Protocol was developed to address these issues and is gaining acceptance on mobile platforms via closed (non-federated) ecosystems such as Signal, Whatsapp, and Facebook Messenger. OTR’s shortcomings include lack of group chat functionality, no asynchronous communication, and prior to V3, lack of encrypted file transfers. Kopete (modular, C++) / Telepathy: heavy KDE dependencies Stable release 6 months behind schedule and many important issues are still unresolved. Tor Messenger (xmpp/libotr only, JavaScript): Client-Server Instant Messengers (IM). Gajim (xmpp/pure-python-otr, Python): Client-Server Instant Messengers (IM) The next generation of IM clients tend to use memory-safe languages and modular protocols.ĬoyIM (xmpp/otr only, Go): Client-Server Instant Messengers (IM) Coupled with the fact that it is written in C/C++, which is relatively less safe than higher level languages, one would expect a fair number of memory-corruption bugs - and history has not disappointed. It is huge because it supports 14! messaging protocols out-of-the-box. Libpurple has roots going back to 1998 and AOL Instant Messenger. The developers have also been negligent when it comes to privacy issues. It is unsafe given its track record: Īdium (libpurple, C): As noted by Adium has also had a buggy past, for largely the same reasons as Pidgin. Pidgin (libpurple, C): One of the most popular cross-platform desktop IM clients. You’ll notice a pattern with some popular clients listed first: In parentheses is the name of the XMPP/OTR implementation followed by the language that it’s written in. You’ll need to choose an IM client that supports OTR. You must understand that OTR is a server-based protocol and as such, exposes significant metadata to the server. If you require a widely-adopted, reasonably anonymous solution, then your only option is to use a platform based on OTR. Additionally, many of these platforms are closed-ecosystem if not closed-source. While mobile encrypted chat platforms are increasing in popularity, and while they may offer secure transmission of content it is difficult to be confident that your anonymity is protected given the numerous fingerprinting and tracking methods used by iOS and Android. The level of security and anonymity an instant messaging platform provides should be the ultimate criteria for deciding which one to use.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |