1. 5

A little while back, my spouse asked for a secure messaging app. TextSecure has a nice feature set and seemed to fit the bill, but experience as of late has shown them to have near-weekly services outages of up to an hour. They also saw fit to remote encrypted SMS from the application, so there’s no good fallback other than to… wait.

I’m curious if the Lobsters crew have any preferred alternatives. WhatsApp and Telegram come to find (the security of the latter being dubious). Are these reliable? One nice feature of TextSecure is that it also functions as an (unencrypted) SMS client, and most of the competition appears to be standalone messenger services.

  1.  

  2. 3

    I use Telegram, not by choice. Text secure has been removed from F-droid., and I refuse to install any google app (including google play) on my phone.

    I don’t use Telegram for encryption, I use it because it’s the only open source messaging app à la whatsapp available on f-droid. If you want to use it for security reasons, I wouldn’t recommend it.

    I’m in the process of switching to Conversations with my own XMPP server and OTR.

    1. 3

      Telegram has been extremely reliable for me, both in terms of their entire service, as well as delivery of individual messages through varied network conditions.

      I wouldn’t suggest it for someone who must hide their words from a hostile government, but I also wouldn’t assume it’s an open book either. I won’t deny that the crypto contest has been run in a strange way, but the contest has never been the only means through which one can attempt a practical attack on the protocol. That is to say, the lack of a two-device MITM opportunity on the contest has never stopped someone from setting one up and attacking that. Not everyone stops when the cash opportunity is gone. Gov'ts certainly won’t.

      That said, they have updated the protocol in the past. I don’t believe they think it’s flawless; they do appear to scrutinize concerns.

      In terms of mass data collection privacy, it’s better than plaintext on the wire with history storage at a huge corporation, but in terms of personal security privacy it deserves a strongly critical eye.