I think Signal is the most private messager so far

[offshoreisfun]

1)First of all , it has the most open source codes among the other apps which are encryption protocol ,the client application source code and the servers while the other apps only open part of the codes , so we are unable to vertify wherther they are as privacy as they claim as ( for example ,Mark Cuban's app Dust claims that all message will be deleted from the server 30 seconds after they had been send)


2)it doesnt store a copy of your message in the server as the intercept said .While telegram store your message in their server.

3)It requires Sms vertification , but it allows Voip nunber to vertify , so the only personal info that will expose is your ip address , but this is a common problem among all messager.

thats why I think it is the most private messager so far

 

[GiGoGo]

3)It requires Sms vertification

Are you sure of this point? I didn't have to verify

 

[JohnLocke]

Thread moved has no relevance to the forum, please post in the proper forums in the future

 

[offshoreisfun]

Are you sure of this point? I didn't have to verify

Yes, it requires.

 

[Martin Everson]

Signal is US company is it not? I would not trust any U.S developed product open source or not. Use whatever the U.S does not want you to use as that is the one that most probably offers the best privacy .

 

[Blackbird]

High risk individuals use encrypted phones. They are expensive like 200€ per month.

 

[Spinat]

High risk individuals use encrypted phones. They are expensive like 200€ per month.

any link to such phones? where to buy them? what brand?

 

[GiGoGo]

Would you guys invest in a company to create a privacy phone ? I have experience with Cryptography and hardware

 

[offshoreisfun]

High risk individuals use encrypted phones. They are expensive like 200€ per month.

what is the function of an encrypted phone

 

[GiGoGo]

what is the function of an encrypted phone

Private and secure communication between two parties

 

[Blackbird]

I'm in the business so I can't really promote them here. But there are many operators so when you buy check company and tech background. How is everything built. Where are keys stored. There are sad stories like phantom secure and Ennetcom which were taken down my multiple lawenforcement agencies. Other guy was selling phones to Cartels so they pressured him to put backdoors and stuff. Other was one man shop where they seized servers and this guy was using pgp still. You can read about these in Google. I have multiple brands but I'd say SkyECC, Chatmail and now to be released ShadowSecure will be really nice. You can brick the phone in emergency or with remote etc. Great stuff. I sell worldwide but just try to find a local reseller. Also depends what you need it for. Phonecalls (yes they can be encrypted with zrtp) but voice in general is not very secure. So messaging is the key ppint. You can use with simcard that works in every country (included in price) or jusy over WiFi.

I'm.not going to explain how security is built but almost all these started evolving from Blackberry messenger. And now it's maybe gen 4 or 5 after that. Good company will explain their algorithms and tech.

 

[Blackbird]

Would you guys invest in a company to create a privacy phone ? I have experience with Cryptography and hardware

I was contacted to be distributor for VaultChat, Shadowsecure, Encrypted Network and waiting for one more company. These are all launching now, ok Corona messed things up a bit but, 4 new companies trying to push and survive... Market is tough 2 big players control market. Everybody would love to make fairly easy money, but to find clients who spend 2400€ per year to license and phone is not easy. This is very special people. These guys who sell 1000 units/renewals per month are not going to jump ship from other company. It would be cool but to really build a good product there is different paths. Own Os or iOS/Android. Own server/servers. MDM from somebody, 99% use BlackBerrys tech or build own would be a challenge. Build 2020 standards encryption to all levels (device/msgs/traffic/servers) VPN and companies&lawyers so that you won't or even can't release/log anything..and tons of other stuff. So it's not just make a phone and sell it to some friends project. But if you make it... Well with prices and thousands of customers you can imagine that there is a fat cake on the table where everybody gets a slice. But if you find somebody good luck bro....

 

[offshoreisfun]

but it is diffcult to vertify my personal info wouldnt be taped by the phone providers.

 

[Blackbird]

You are using special sim card with own accespoint. Phone company can record everything that is sent via VPN tunnel which it self is encrypted. All messages (traffic) is individually encrypted with 512bit ECC (about 15k rsa) so there is a shitoad of work for phone company to try to open even one message. The rather let NSA try to do it .Headers are encrypted also.

Professional people have put a lot of time and effort to create this as hard to decrypt as possible. I'd rather say it like this because anything in theory can be hacked/decrypted

 

[Back2Matters]

3)It requires Sms vertification , but it allows Voip nunber to vertify

Do you mean a disposable number can be used? What's the best option?

so the only personal info that will expose is your ip address , but this is a common problem among all messager.

A VPN can still be used on mobile devices. Anyway it still expose your IP to VPN provider, so better use one you can pay by crypto (I like Mullvad).

thats why I think it is the most private messager so far

I use Riot on daily basis. Open Source, great community, well supported, NO phone number and NO email required and more.

 

[Blackbird]

Do you mean a disposable number can be used? What's the best option?


A VPN can still be used on mobile devices. Anyway it still expose your IP to VPN provider, so better use one you can pay by crypto (I like Mullvad).


I use Riot on daily basis. Open Source, great community, well supported, NO phone number and NO email required and more.

Riot is quite ok because it uses olm double ratchett.

As cryptographic primitives, the Double Ratchet Algorithm uses so for the DH ratchet Elliptic curve Diffie–Hellman (ECDH) with Curve25519, (this is ECC).

for message authentication codes (MAC, authentication)Keyed-Hash Message Authentication Code (HMAC) based on SHA-256,for symmetric encryptionthe Advanced Encryption Standard (AES), partially in Cipher Block Chaining mode (CBC) with padding as per PKCS #5 and partially in Counter mode (CTR) without padding,for the hash ratchetHMAC.

So its high tech. How does riot store messages on your device? for example what happens if your device is connected to Cellebrite UFED ( israeli companys gift to world to f*** up phone security)? Are they in plaintext if phone security is breached.

phone manufactures say that have done their part, phone is encrypted if somebody breaks it and gets plain text files it's not their fault. App encrypt/decrypt messages, they are stored in encrypted phone. It's phone manufacturers fault if encryption is broken.

 

[offshoreisfun]

Do you mean a disposable number can be used? What's the best option?

Yes,u can download textnow on app store to open a US number with email ,then u are avilable to send and recieve sms through that number

for VPN

But those famous logless vpn such as Expressvpn also accept bitcoin ,what is the advantage of Mullvad when comparing to others

for Riot

Does it open sources on server , encryption and the client application?

 

[offshoreisfun]

Riot is quite ok because it uses olm double ratchett.

As cryptographic primitives, the Double Ratchet Algorithm uses so for the DH ratchet Elliptic curve Diffie–Hellman (ECDH) with Curve25519, (this is ECC).

for message authentication codes (MAC, authentication)Keyed-Hash Message Authentication Code (HMAC) based on SHA-256,for symmetric encryptionthe Advanced Encryption Standard (AES), partially in Cipher Block Chaining mode (CBC) with padding as per PKCS #5 and partially in Counter mode (CTR) without padding,for the hash ratchetHMAC.

So its high tech. How does riot store messages on your device? for example what happens if your device is connected to Cellebrite UFED ( israeli companys gift to world to f*** up phone security)? Are they in plaintext if phone security is breached.

phone manufactures say that have done their part, phone is encrypted if somebody breaks it and gets plain text files it's not their fault. App encrypt/decrypt messages, they are stored in encrypted phone. It's phone manufacturers fault if encryption is broken.

what is your Common on Signal?

 

[Blackbird]

Any vpn registered outside 14 eyes country is good. Express is in Bvi, nordvpn is in Panama. They don't have to log by law or react to legal issues. Also you can pay with btc.

There is security, privacy and anonymity to consider. Security how easily your communication infrastructure can be accessed, privacy means how well you communication is hidden. Anonymity is how well communication can be linked to you.

There is charts like this about apps. How much is true and can they be trusted is up to you. But it's good way to start research:

Secure Messaging Apps Comparison | Privacy Matters

This site compares secure messaging apps from a security & privacy point of view. These include Facebook Messenger, iMessage, Skype, Signal, Google Allo, Threema, Riot, Wire, Telegram, and Wickr. The best secure messaging app?

www.securemessagingapps.com

 

[wonderwhat]

Signal is US company is it not? I would not trust any U.S developed product open source or not. Use whatever the U.S does not want you to use as that is the one that most probably offers the best privacy .

There were some tweet from reputable journalist that Signal had founding from NSA's shell VC. I can't recall where I saw this. It was like few years back.