Hi all! I’d like to request suggestions for a secure messaging app, ideally that doesn’t require mobile phone for registration, to stay connected to my family In Russia.
The country wages war on the Internet, messengers and VPNs. Options are blocked one by one, and one can’t register in Signal because numbers that send registration confirmation from Signal are blocked…
I’d need an app that allows group chats, calls, media attachments and audio messages, easy enough for older people would be able to install. Ideally, something niche enough it won’t be blocked right away…
It’s a lot of requirements, but I hope something like this exists and would be very grateful for any recommendations.
Android / iPhone / desktop.
btw, I also host a cryptpad instance of the project https://cryptpad.fr/, this can be fine for easy chat inside a document, all in the browser, discrete as it shows just an office online tool at first glance. (end to end encrypted)
hi, here is a page i dedicate to such topic: https://mbuf.net/messaging/
hopefully it will give you some clues about what fits the best :)XMPP would work well, I would recommend Movim since it is browser based: https://movim.eu/
Thank you!
It’s a relatively complicated question with no “correct answer” but I’ll do my best to boil it down in a quick post.
Signal is probably the best option. It’s easy to use and easily the most widely-adopted, and basically sets the standard for security, with most other private messengers using the same protocol for encryption. The most common criticism is their requirement for a phone #. However this also makes it the easiest to connect with people, and it’s the reason why I regularly communicate with a dozen IRL people like family and friends. I know literally no one else who uses any other private messenger, personally. I’m not sure what you mean by “numbers are blocked”.
SimpleX is also relatively easy to use, feature-complete, decentralized and more private and resilient than Signal. Doesn’t require a phone number and doesn’t really have any identifiers whatsoever. Downsides are you need to know someone already uses it and you need to get an invite code somehow to message them. Upsides are absolutely zero spam, for the same reason.
Next is “chatmail” (DeltaChat, ArcaneChat, etc.). This has tons of cool features and is also decentralized and easy to use.
Matrix I’m going to argue is too difficult to use, both from the user and server standpoint. And I’m not going to argue about it, so don’t @ me.
XMPP is very old and mature, but also fragmented and more complicated to use, with various encryption protocols. It’s fine.
So if you’re looking to add friends and family to a new chat platform, I recommend SimpleX. Otherwise, it’s Signal.
XMPP/Jabber and Matrix both support full end-to-end encryption. Matrix has more cool modern features and slicker UI but has a brutally complex architecture if you want to self-host it. Matrix.org is available though, but since it’s pretty centralized it’s likely to get blocked. XMPP is simple and self-hostable. Both protocols are pretty niche, and except for matrix.org most of the providers that use the protocols are extremely niche. I would say XMPP is on the whole significantly more niche, though. My condolences on your family being in Russia. The warmongering fascists must be stopped. Good luck, hopefully everyone can stay safe.
XMPP is more niche but on the other side more established. It has been used by both Facebook (now Meta), Google and WhatsApp (now part of Meta) to develop their platforms on. Up until recently you could still communicate with someone on Hangouts through an XMPP client, despite only with someone that was also on Hangouts (that was until they pulled the plug on that app). It didn’t support all the features but hey, it was there.
XMPP does have some modern clients too, but indeed, Matrix has been more designed with the 2020s in mind.
Thank you! I’ll look into your recommendations and will figure out what’s more realistic/reliable. And thanks for the wishes, too!
Looks promising, thank you!
Anything other than Signal seems unadvisable from a privacy POV. Do you have a way of talking to them live on the phone, at the same time? You can try and register their Signal on a burner phone wherever you are. As they sign up, you sit on the call and give them the phone number and security code when it comes through. Unless having Signal on the phone is itself a reason to get arrested in Russia, which frankly wouldn’t surprise me either.
I don’t know if this will work. I did it on a different service using the number on a dumbphone to register for use on a tablet once.
Thank you! I might try, but I’ll need like 3 different sims for my family members - if nothing else comes up, I’ll go this route.
I fear there won’t be a solution that doesn’t cost money somewhere. Please don’t buy 3 burner phone numbers at once. I would feel bad if it didn’t work and/or you get suspected of being a criminal.
Check your current phone subscription if you have one. There might be a way to get an additional number for free or very little extra. And it might be a good backup emergency service to have just with your parents maybe even if you go down a different route for the rest.
Good point, thank you very much!
I think you’re in luck here. You can use XMPP or Matrix as the other person said, and pick from the myriad of different servers to let the authorities play whack-a-mole with them. If you’re picking XMPP, suggest them one of the clients that support OMEMO (it uses the protocol used by Signal too; edit: most apps that support it are modern and in active development). Briar is another good option, since it uses Tor, but you both need to be online in order to receive messages from each other since it uses no servers (unless they and you use something like this on a spare phone).
An option that would likely be a better fit for what you’re looking for, but which I haven’t tried yet is SimpleX.
Whatever you pick, I think it would be a great practice for you to teach them to use a panic button app such as Ripple (not sure if that’s maintained anymore though).
Wow, thanks a lot! I’ll look through the options!
You’re welcome. Stay safe!
Would something like this be relevant?
Thank you very much.
However, the problem is that Signal needs phone number registration and sends confirmation via a blocked phone number. When users are registered, it works reliably, but new users in Russia cannot register without a non- Russian phone provider.
Ah okay, I wasn’t aware of that. I hope you find a safe alternative!
I think it’s hard, and even if there is something that works, its use can probably be detected somehow, and that could get your family in trouble.
Tbh I’d probably use snail mail letters for anything private on the theory that the RU govt doesn’t have the resources to open all the envelopes, and you can use special phrases for particularly private meanings. All that stuff like media attachments is asking for trouble. You could also send microSD cards by snail mail though that might attract attention.
Remember that Osama bin Laden’s compound in Pakistan had no internet connectivity at all. If he wanted to send an email, he’d write it to a USB drive and have a guy on a motorcycle take it to a café 70 km away or something like that. Replies would be brought to him the same way. They still managed to find him and kill him in his bedroom.
Today with AI analysis of massive amounts of traffic logs, I’m sure signal ID is far easier than it was in 2011.
I’m looking for something to have a family chat with, not to run a terrorist organization:) It’s quite risky via official Russian apps that are look-through, but as long as the content of messages and calls is secured, it should be fine even if the channel itself can be identified. As of now, the usage of messaging apps per se is not prosecuted.
Tbh I’d probably use snail mail letters for anything private on the theory that the RU govt doesn’t have the resources to open all the envelopes
Hahahaha!
I’m not a Russian, rather Romanian. But I heard stories how all the mail coming from the outside was checked and “vetted for anything suspicious” at the border during communism. Since we and USSR were on the same team I suppose they did the same. And how the way the public institutions work barely changed, nowadays, given the current situation, I expect them to return to that practice.
So yeah, I wouldn’t trust snail mail with anything sensitive.
Spot on haha. I doubt they have time to read every single snail mail, but I won’t ever write anything important in a snail mail sent to Russia.
Well start with a few not-that-private letters to check for evidence of their being opened. What happens with ordinary email by the way?
Hmmm, that’s true. Probably OP checked this, but now that you mentioned it, I would do the same 😁
What happens with ordinary email by the way?
I expect it was previously appealing based on the fact that only the vendor had access (of course, now it no longer applies).
Maybe another option is to use one of the private providers that do not track you and are less mainstream than Proton. Let’s say Tuta or Mailbox.org (if they are not blocked already too). Probably encrypt the emails with PGP too for more security.
