Now gents, a number of you in the comments have wondered about what other alternatives are out there. You may have seen that I specifically advise against Signal, and other users have also expressed concerns about a number other applications, amongst which Wire and Telegram.
One that, to my knowledge has not been mentioned yet, but which would appear to meet some common measure of functionality versus convenience expressed here, is XMPP messaging application Conversations (https://conversations.im/).
I am not going to give it my personal recommendation because having tested it, I did not like a number of design decisions the developers have made, and I did not like their overall vision for the app. With that said, it's horses for courses.
On the end to end encryption front (all the rage these days, eh?), it appears that the Conversations devs have taken Signal's protocol and _done it right_. That means, they actually specced it (https://conversations.im/omemo/) and had it audited (https://conversations.im/omemo/audit.pdf), along with a couple important improvements such as eliminating the requirement for a trusted server or Google Play, which greatly reduces the attack surface.
Again, I personally do not like Conversations and I'm not going to use it myself--that's a personal preference thing, but kudos to the devs for doing a professional job, especially while everyone else are busy selling snake oil.
I say, go give Conversations a try, it may be the thing you were looking for.
>> Can I run a client from the Git repo and still use all of their infrastructure?
> Yes. You can.
The thing is, lucideer, the "restrictions" on the use of the source code are engineered to raise the barrier to independent use, notably by preventing or discouraging redistribution. This means that only those who are able and willing to compile Android source can run their own binaries. Everyone else has to go with the binaries they distribute which, as the other poster has correctly argued, cannot be independently verified.
> Do you have some personal issue with OWS?
I do not know about him. But I do. Please read on.
> and provided via F-Droid (though I have read their arguments against that w.r.t. performance)
Oh, so it's "performance" this time? It's not something about "updates" like last time¹, or "features", or "metrics"?
Do you really not think, if you go through the discussions, that there's just too many excuses? Does it make sense to you? Do you not get the feeling someone's got something to hide, if you would pardon the pun? :-)
"Please do not install software from F-Droid. It is an unverified build, exceptionally out of date, and should be considered malware."
You know what? I fucking trust F-Droid. And I for one I am very grateful to everyone who collaborate to make that happen and stand firm in their commitment to open source, and especially to Ciaran, the founder, who gives so much to the community in spite of very challenging family issues (which are publicly known). Top bloke he is.
And then you get some lying, incompetent, manipulative², and possibly delusional individual accuse them of distributing malware. That is seriously not cool.
¹ Cooperative and competent (or at least willing) open source developers can set it up so that F-Droid auto-builds every time you tag a new release.
² And I say this because I'm sure someone will correctly argue that he did not call F-Droid itself malware--that would be too crass even for this guy. He's very careful in choosing his words.
I would love to see Signal provided on F-Droid, as I mentioned above, but I would temper my criticism quite a lot more than yours, for a number of reasons:
1. I haven't read/heard excuses based on updates/features/metrics/&c. as you mention, but their one performance excuse sounds reasonably plausible. Moxie has commented that he'd welcome a PR[0] even if it had bad performance (provided it only ran conditionally of course).
2. The tone in your Github link is a bit heavy-handed, and calling it malware is going too far, but I can understand the developer of software for which security is extremely critical advising strongly against using an outdated version that's being built and distributed by someone else. There is definitely no implication in that comment that F-Droid is malware, he's only referring to TextSecure.
3. I understand your Github link was just to provide an indication of Moxie's tone, but it is very old and the actual factual details in there are probably not very relevant today.
4. I trust the F-Droid software itself, but not necessarily the repository. The distribution of the outdated TextSecure above is as good an example as any - the idea of a 3rd-party building TextSecure and providing it through F-Droid may be all well and good in the spirit of Free Software, but it doesn't really instill trust when the actual author of the software isn't involved at all.
Finally, I'd never heard of the Gandi issues with Moxie's cert before reading that article. After reading it, I'm much more inclined to be suspicious of Gandi than of Moxie. The article is littered with red flags - that fact that their initial response seems to be to go after their customer rather than to question their business relationship with Comodo being a big one.
> The suggestion that the motivation for this article is profit for the NYT or Moxie is quite destructive.
No, that's literally how it works. Media need to sell copy (clicks these days) and companies need to get coverage. And that's perfectly OK if companies are acting ethically and journalists and editors are doing due diligence.
The person that you mention has good connections in the media and uses them to self-promote and promote the tat he sells.
You misunderstand. He is running a company, what do you think their exit strategy is? You may want to look at his previous company and "red phone", I think was his product called.
> And normally one would associate such vehement and repetitive insistence on counter-factuals with trolling
> what's a reasonable heuristic for conducting private business?
You need to do a threat analysis.
I did not immediately find any good introductory resources via a quick Google search, but try it yourself. Very very briefly, it involves identifying the threats and their possible consequences, then working on either removing the former or minimising the latter.
Be aware that this is not merely a technological process. It is primarily a social one.
> Re: Google Play Services. Here's is the way I understand this to work, so please do correct me if I'm wrong.
> Signal uses Google Play Services to notify me that I have an incoming message from Signal.
More importantly:
a. That dependency, along with other "restrictions", sets an artificially high barrier to actually using the product independently. This is presumably so that they can maintain the pretence of being "open source".
b. Keep track of application downloads and whatever else Google provides to developers.
Moreover, as the paper that someone has linked elsewhere says, if you are allowing Google services in your app (Google Cloud Messaging, to be exact), you're at the mercy of anyone with control of it. A relatively trivial attack via GCM, as the paper hints, would involve simply replacing your application with a backdoored version, and you'd be none the wiser. It is a massive attack surface that just cannot be ignored.
Just wondering, but why not just use XMPP? You can choose any server that you like or trust, or run your own (on your own or third party infrastructure, up to you), and use OTR for end-to-end encryption if you feel you need to¹.
I have been using XMPP since 2000/2001. My current address is nine years old (and I control the server). I have a choice of clients on every platform that I use. All my contacts have the same set of choices regarding provider, accounts, and clients. As a bonus, not just my human contacts but also my infrastructure uses it for messaging and monitoring, so I can literally control some of my servers from my XMPP clients.
There must have been at least thirty major IM "solutions" going in and out of fashion during these 16 years. Individually, each might have been somehow "more convenient", but if start counting the cumulative migration effort, I'm not sure the convenience argument holds much water.
¹ I used it in anger once myself, initiated by one of my contacts. It was an interesting experience.
For one thing, XMPP does not have the same features. Try Wire and see for yourself. There's audio, video, voice messages, multiple device encryption. Maybe XMPP has improved, but it didn't work as well for mobile use.
> Is OTR really a practical option? You message seems unclear about it.
It depends on your threat model, like other alternatives.
I have never initiated an OTR session myself, but I have received one from a contact in anger (whistleblowing).
> Also, how do you get all your contacts to use XMPP
In my case, I have been using XMPP for the last sixteen years, so my contacts have "grown organically", to use an en vogue marketing term.
It appears that Mac computers come with an XMPP client preinstalled (and possibly pre-configured?) Linux, the same. Android, there are a number of clients available. Windows, I think there is Gajim, ...
As far as a stereotypical common user is concerned, they are quite happy to install whatever applications their peers are using, which is how they end up with so much cruft on their computers, phones, etc. :-)
> and your server?
Nobody needs to use my server. It is like email, you can use whichever provider you like.
One that, to my knowledge has not been mentioned yet, but which would appear to meet some common measure of functionality versus convenience expressed here, is XMPP messaging application Conversations (https://conversations.im/).
I am not going to give it my personal recommendation because having tested it, I did not like a number of design decisions the developers have made, and I did not like their overall vision for the app. With that said, it's horses for courses.
On the end to end encryption front (all the rage these days, eh?), it appears that the Conversations devs have taken Signal's protocol and _done it right_. That means, they actually specced it (https://conversations.im/omemo/) and had it audited (https://conversations.im/omemo/audit.pdf), along with a couple important improvements such as eliminating the requirement for a trusted server or Google Play, which greatly reduces the attack surface.
Again, I personally do not like Conversations and I'm not going to use it myself--that's a personal preference thing, but kudos to the devs for doing a professional job, especially while everyone else are busy selling snake oil.
I say, go give Conversations a try, it may be the thing you were looking for.