|
In addition to the top dog WhatsApp, there are countless other providers who also want a piece of the pie and advertise their own islands as paradise.
“Island” is actually to be understood as such in this context: These are island solutions that want to bind users to themselves by deliberately excluding or separating them from other systems. Therefore should be generally questioned:
In all central messengers listed below, metadata collection and analysis is possible or actively used. Metadata is not the actual content of the messages, but relates to the environment. Therefore, it is irrelevant in this context whether the communication is encrypted or not. This is often overlooked.
In addition to the “better known” messenger systems, there are many more reputable providers working with a solid business model - but also an incredible number of ominous services that come and go. In particular, you have to watch out for providers that use a lot of technical terms and throw around superlatives like:
The crowning glory is when privacy is advertised and Discord is offered as a contact option or a cryptocurrency is foisted upon you. In these cases, it’s definitely not worth taking a second look, because the people behind it usually want exactly the opposite. So watch out, because some “only want their/your best” - specifically: access to personal privacy, data grabbing, money mining/siphoning.
About free/chargeable
Not everything that seems free (no costs) is automatically good and everything that costs the user money is bad. It can also be the other way around.
In any case, the financing should be comprehensible and transparent. There are some donation-financed or very good commercial services. It is actually important that the technology on which a messenger is based can be used free of charge - even if services based on it (server hosting, individualization of messengers, …) can of course also be marketed - yes, money can and may also be earned with services related to open source and there are also “closed source” solutions that use open protocols!
In the following, free and fee-based are therefore no longer evaluated positively or negatively, but only listed for information purposes.
Also a good page with a detailed list on the topic “why not”: https://securechatguide.org/rejectedapps.html (external, English)
Cross-references: Privacy, Encryption
Digitale Gesellschaft:
Overview: https://www.digitale-gesellschaft.ch/messenger/bewertung.html (extern)
To the article: „WhatsApp, E-Mail, SMS & Co. auf Sicherheit und Nachhaltigkeit bewertet“ (extern)
Privacy handbook:
https://www.privacy-handbuch.de/handbuch_74.htm (extern)
Requirements for “secure” messengers (Mike Kuketz):
https://www.kuketz-blog.de/conversations-sicherer-android-messenger (extern)
Cross-references/Recommendations:
decentral | free | free of charge | Beta status / no active further development |
Compares itself to Reddit/Twitter, Mastodon, Secure Scuttlebutt. At the comparison (external) there is no “classic” P2P-Messenger. At first sight nice web presence.
Supplementary to the protocol “Mim” (external) and the development (external; as of 2019?):
Heads up: this documentation is currently a work in progress - it is being made public as part of a product that is actively being built. There is no guarantee of a stable API.
0.1 DRAFT First public documentation of the protocol in draft form. This document is made available so as to enable discussion, and it not ready for use.
Project page: https://getaether.net (external)
central | nonfree | costs | Not intended for private individuals, but for companies and government agencies. |
Abraxas’ solution is (like Stashcat only to be licensed as a closed system and can only be used as an island system.
Federal levels / open specialized applications / solves all interface issues:
_Abraxas maintains and develops software solutions for public administrations of all federal levels and for organizations in the governmental environment. Based on modern technologies, our engineers and developers design and build modern applications for tax and road traffic offices, municipalities, police corps, law enforcement bodies, vocational training, human resources and municipal utilities.
In order to meet the high demands of users for open, powerful and practical applications, Abraxas covers all areas of modern software engineering - from consulting and requirements engineering, architecture and software development to project management, quality assurance, training and support.
Abraxas takes over the management of specific projects, automatically implements necessary adaptations in case of legal changes and ensures the integration of the solution into the customer environment. Abraxas integrates the data and processes from the population to the municipalities and cantons to the federal government and solves all interface issues - always with the goal of advancing digitization for the benefit of our customers and their customers.
Source: https://www.abraxas.ch/de/loesungen/fachanwendungen (external)
Also for the police: https://www.abraxas.ch/de/loesungen/fachanwendungen/polizei/instant-messenger-police (external)
decentral | free | costs | Cryptocurrency „ADM“ |
Messenger based on blockchain technology; “nice” comparison matrix (from Adamant’s point of view) also to other P2P systems.
Project page: https://adamant.im/#trade-adm (external)
decentral | non free | Entry without costs | Closed source version of Element |
Caution: The website often and regularly refers to “open source”, but this only refers to bridges and the (naturally) open Matrix protocol - however, it is not mentioned there that the app’s code is a company secret (whether this conforms to the licensing of Element must be clarified elsewhere).
In any case, this is window dressing, because the beeper client is only based on the actually open source matrix client “Element “ - but the changes to the code are secret and the beeper code is not public. Quote:
„closed source forks of Element“ (https://github.com/beeper/self-host) (external)
Is Beeper possibly even a cost trap or do I have to reckon with later usage restrictions?
„For now [Status Dec. 2023], everyone has access to all the features of Beeper Plus for free. At some point in 2023, we will begin charging $5-10 per month for Beeper Plus. We will give you a warning before that begins and switch everyone by default to the free plan.“
There appear to be further restrictions. Information from the Beeper team (by e-mail, Nov. 2023):
„The Beeper Matrix homeserver is fully federated, however, bridges cannot communicate outside the Beeper homeserver. Additionally, the bridges a user sets up can not interact with any other user on the homeserver besides the user that set it up.“
Conclusion:
In terms of openness of source, good on the outside (open source) but bad on the inside (company secret). Instead, Matrix can be used normally with another hoster or in self-hosting. The only positive thing is the great and catchy name. Once again, someone has done some good marketing.
Project page: https://www.beeper.com (external)
decentral | free | free of charge | beta status |
Also an open source project that advertises security/privacy (“The privacy-first messaging app”), but then uses “Discord” itself and offers it as a contact option. Actually, this contradicts itself, because the focus of the P2P messenger is supposedly various sensitive professional groups, activists, and also secret traitors:
Certain groups of people are at higher risk because of their activity: journalists, military personnel, government officials, activists, corporate members, lawyers, whistleblowers. Berty was designed with them in mind.
Berty’s messenger comparison (external)
Project page: https://berty.tech (external)
central ° | non free | Entry free of charge | ° decentralized possible but: server without federation |
Project page: https://www.chiffry.de/versionen (external)
decentral | free | free of charge | beta status |
All data is stored encrypted and exchanged between the device and an “Amazon S3 bucket” via a P2P protocol. Various service providers (Amazon, minio, wasabi, …) offer S3-compatible storage, but it can also be self-hosted. The messenger “Stone-Age” is based on Conversations - but the communication protocol XMPP has been replaced by Cweb.
Stone-Age: https://f-droid.org/packages/com.cweb.messenger (external)
Project page: https://cweb.gitlab.io (external)
decentral | free | free of charge | beta status |
Also a solution that uses TOR. In order to chat with somebody in a peer-to-peer conversation both must be online. Groups and chat rooms require servers that are accessed via TOR. In this respect, it is a server-supported messenger.
Project page: https://cwtch.im (external)
central | non free | free of charge | 'hefty' terms of use |
The “terms of service” (external; from 28.03.2022) of the messenger, which is popular and often used in the computer games scene and by students, reads fiercely, as Discord gets the rights to all of the content shared there:
Your content is yours, but you give us a license to it when you use Discord …
… To use, copy, store, distribute, and communicate content … publish, publicly perform or publicly display … monitor, modify, translate and reformat, … to sublicense …
(as of 06/16/2022)
(Until 28.03.2022 (external): By uploading, distributing, transmitting or otherwise using your content on the service, you grant us a perpetual, non-exclusive, transferable, royalty-free, sublicensable, worldwide license to use, host, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display your content in connection with the operation and provision of the Service.)
Project page: https://discord.com (external)
central | non free | free of charge | Facebook Ireland Limited has changed its name to Meta Platforms Ireland Limited as of 04/01/2022. |
Project page: https://www.facebook.com/games/fbmessenger_android (external)
central | non free | private free of charge | Encryption does not live up to the advertising promise. |
On the website, “ginlo Business” (as of April 2024) advertises with:
And with “ginlo Privat” even with:
When superlatives are used (the “most secure”), the alarm bells ring here too and it is worth questioning this …
(Source a.o.: Wikipedia)
Encryption
The Privacy-Handbuch (external) is also not very enthusiastic about Ginlo. Someone has now taken a closer look at Ginlo’s encryption, worked their way through the source code and the result is as of 13.11.2023: Nothing with great security (outdated and buggy) and a far cry from Signal et al. - alarming results and details >> here << (external).
The messenger service SIMSme from Deutsche Post was acquired by Babbler in March 2019 and the name was changed to “ginlo”. According to Wikipedia (external), the architecture is allegedly similar to that of GoldBug.
December 2019: Termination
Discontinuation of “Ginlo “ due to insolvency of Brabbler AG at end of year 2019.
”… If you still want to download images, videos, files etc. from ginlo, please do it right away. Because all your encrypted content, metadata and personal data will be irretrievably deleted by the end of December at the latest. …”
January 2020: continuation/acquisition
“In January of this year, Brabbler co-founder Karsten Schramm took over the ginlo project from Brabbler AG’s insolvency and transferred it to the newly founded ginlo.net GmbH.”
Source: Press release from 14.07.2020 (external; PDF)
Project page: https://www.ginlo.net
decentral ° | free | free of charge | ° decentral but server without federation |
Internet Relay Chat, or IRC for short, is one of the oldest services and thus also one of the Internet’s chat bedrock. Thus, the software is very mature, but the operation is still done via text commands, which can be difficult for newcomers.
External sources:
central | non free | costs | Nicht für Privatpersonen, sondern für Firmen und Behörden gedacht. |
A commercial platform for companies that want to “serve” different islands with information at the same time. It includes: WhatsApp, Instagram, Facebook Messenger, Apple Business Chat, Telegram, Viber, Notify, Webchat.
Cross reference: Are bridges and their use legal?
Project page: https://www.messengerpeople.com/notify (external)
central | non free | Entry free of charge | Lockangebot |
Project page: https://olvid.io (external)
central ° | non free | Entry free of charge | ° dezentral möglich aber: Server ohne Föderation / Beta-Status |
Revolt Chat is based on its own self-developed protocol and sees itself as an alternative to Discord and Rocket Chat.
Why there is no federation? See the FAQ (external) for an answer:
From personal experience, I’ve generally found federated protocols to not be suitable for real time communication, Matrix is incredibly buggy at times and it’s left a sour taste in my mouth.
So the answer is something like: “too complicated for us, and nobody wants it anyway” - not very convincing, because apparently this questioner does exist, otherwise this would not be a frequently asked question (FAQ).
Project page: https://revolt.chat (external)
Developer page: https://developers.revolt.chat/api (external)
decentral | free | selfhosting free of charge | ° decentral but server without federation |
Teammessenger as an alternative to Slack with the basic goal of “self-hosting”.
central | non free | costs | Nicht für Privatpersonen, sondern für Bildungseinrichtungen gedacht. |
Nicht mit der „HPI Schul-Cloud“ zu verwechseln!
school.cloud is based on stashcat and uses an in-house developed, non-public protocol for data transfer.
More information: >> here <<
Project page: https://schul.cloud (external)
decentral | free | free of charge | Cryptocurrency "$OXEN" |
Session (formerly known as “Loki Messenger”) is a fork of the app Signal that doesn’t use a phone number for identification, but has various features removed from the protocol. Currently, there is a change in the name from “Loki” to “Oxen”. Session uses onion-routing through Oxen Service Nodes for transport and the “LOKI coin” has become the “$OXEN”.
Oxen about itself:
Oxen is many things. A private cryptocurrency. A secure messaging platform. A network anonymity layer. Tools to build a more private future for the Internet.
The messenger app “Session” is closely related to the cryptocurrency “$OXEN” (formerly: “LOKI coin”):
Authorization for a server to operate on the network is attained through the server operator con3 ducting a special staking transaction, which requires that an operator provisionally lock an amount of Loki cryptocurrency assigned to their node (approximately 18,550 Loki coins; equivalent USD 7,420 dollars as of 10/02/2020).
Source: Whitepaper Feb. 2020 (external; PDF)
Source among others: https://restoreprivacy.com/secure-encrypted-messaging-apps/session/ (external; also read comments!) s The question of why the perfect forward secrecy function was removed is answered by Session in their FAQ (external):
Simply put, Session mitigates the same risks that PFS does in other ways. Through fully anonymous account creation, onion routing, and metadata minimisation, Session provides just as effective protection in real-world scenarios as PFS does, and in some cases even better protection.
To Session there was once a tweet, in which it was about that one of the developers probably has a great proximity to right-wing extremism. This was then controversially discussed, whether this says something about the software. This was also briefly mentioned at the CCC: https://media.ccc.de/v/df93bf36-c048-4dea-ad2b-898ac3255cfa (external) Further opinion on this: “What’s the deal with SESSION, Lokinet, $OXEN and LLARP” (extern)
Another good site with session information is privacyaffairs.com (external).
Explanation of what Session is using for onion-routing and why it doesn’t use Lokinet: getsession.org (external)
Roadmap where you can see that Lokinet integration is not finished yet: oxen.io (external)
Source code for desktop: https://github.com/oxen-io/session-desktop/releases (external)
Project pages: https://getsession.org (external), https://oxen.io/ (external)
central | non free | free of charge | Signal is recommended by Edward Snowden - but is also controversial. |
Just like WhatsApp, Signal is defacto a closed system, also uses only phone numbers for registration, uses the same encryption, and is also headquartered in the United States of America (USA).
More information: >> here <<
Project page: https://signal.org (external)
central | non free | partly without costs | Nicht für Privatpersonen, sondern insb. für Firmen gedacht. |
Designed for workgroup communication (groupware). According to Wikipedia (external), Slack seems to use tracking and analysis tools extensively.
Project page: https://slack.com/intl/de-de/pricing (external)
decentral | free | free of charge | Questionable copy of Ricochet Refresh. |
Speek is based on Ricochet Refresh. While the original is trimmed to make things work cleanly and securely, Speek focuses on a “better” operation/user interface.
As it is, Speek has to be taken with a grain of salt, as the developer of Ricochet-Refresh has given the following (warning) advice:
tldr: Speek.App is literally just reskinned Ricochet-Refresh w/ some sketchily implemented patches on top and the Ricochet-Refresh git history removed. Please don’t be fooled by slick marketing and purple websites. If your safety is a real concern (ie you are an activist or a whistleblower or something), don’t use Speek.App. To everyone else, sure YOLO.
long version: Speek.App is a fork of a dev version of Ricochet-Refresh from sometime around October 2021. They have updated the style (dark mode skin, tweaked toolbars, backgrounds, etc) and added some quite badly implemented features (bad in the sense that the code changes are amateurish and buggy, not that the usability enhancements are themselves a bad idea). I performed a light audit on their changes a few weeks ago, and while there isn’t anything that stands out as a backdoor, or cryptography fuckery, or anything like that, the changes are very badly implemented (like around first-year of uni if I’m being generous). They have also stripped out nearly all references to Ricochet-Refresh and the Blueprint for Free Speech organization (the non-profit which maintains Ricochet-Refresh through grants).
Source: awsomealternatives.org (external)
So despite their omissions, Speek.App is based off of Ricochet-Refresh … So, the normal way of going about this is to create a clone of a git repo, and start a new branch with your commits on top. Instead, the Speek.App team essentially copy+pasted the code into a new git repo, and made a v large ‘initial commit’. I’ll leave it to the community to speculate as to whether this is due to maliciousness or incompetence. …
Side note (you can skip this paragraph if you’re not a turbo-nerd): a side effect of this approach is that they have essentially copied all of the source of (a now old) version of tor (which Ricochet-Refresh uses for ed25519 encryption primitives) and the fmt library (which we use for debug logging, only enabled by a compile-time flag not set in our official releases). We include these external dependencies as a git submodule, which is basically a soft-link to an external git repo to make it easy to update versions (for instance if we need a new feature or if there has been a critical bug-fix). Copying and pasting breaks this link so the version of tor in the Speek.App repo is now several months old. …
the takeaway is don’t use Speek.App if you care about your anonymity and safety. I did not find anything actively malicious (eg backdoors, broken crypto, etc). However, in terms of code-quality, the new features are implemented very amateurishly and almost certainly contain bugs if not outright security and or privacy vulnerabilities.
I’m sure an intrepid security researcher with some free time can find some interesting around their RichTextBox usage ;)
Anyway, it sure would be nice if y’all restored the AUTHORS.md file at least :)
Source: reddit.com (external)
Project page: https://speek.network (external)
decentral | free | free of charge? | Cryptocurrency „bitcoin“ |
Another one about easy money for all: “Earning is the key that starts the flywheel. Speech and assembly support decentralized earning.”
Project page: https://sphinx.chat (extern)
central | non free | costs | Nicht für Privatpersonen, sondern für Firmen und Behörden gedacht. |
Stashcat is also the basis of schul.cloud and uses an in-house developed, non-public protocol for data transfer.
More information: >> here <<
decentral | free | free of charge? | Kryptowährung „Etherum“ |
Messenger with exchange for digital money (“Crypto Wallet”). Very closely interwoven with the cryptocurrency “Etherum”. In the whitepaper (external), the headline reads: “The Status Network - A strategy towards mass adoption of Ethereum”.
Status.im (Status Research & Development GmbH) from Switzerland has invested over 99 million (external) in various companies - including $10 million in Matrix (with 10 million (5 million each) to Matrix.org and New Vector).
Messenger comparison from status.im: https://our.status.im/private-messengers-what-can-they-really-see (external)
Sourcecode: https://github.com/status-im (external)
Project page: https://status.im/de/private-messenger (external)
central | non free | costs | Nicht für Privatpersonen, sondern insb. für Firmen gedacht. |
Project page: https://teamwire.eu (external)
central | non free | free of charge | In a nutshell: Rather not suitable for private communication |
Danger from viewing phone numbers in group chats.
Telegram, is used by pro-democracy activists in Hong Kong to keep communications away from the prying eyes of Chinese authorities. Telegram has been banned there since 2015, but users have taken remedial action. Unfortunately (in 2019), a dangerous new technical problem has emerged with group messaging that makes phone numbers viewable. Protesters claim that this has already allowed government agencies to identify and identify individuals.
This particular problem does not open up private message content and affects “only” public groups. But it shows what can happen when authorities can compromise privacy in secure platforms. And it’s here that we see what the broader debate around encryption is all about, and why there’s so much passion for the issue.
“I need help from @telegram,” tweeted local software engineer Chu Ka-Cheong. “We and multiple teams have independently confirmed a serious vulnerability that leads to phone numbers being shared with members in public groups, regardless of privacy. Telegram is heavily used in #hkprotest, it puts HKers in immediate danger.”
Source: forbes.com (external)
More information
Project page: https://telegram.org (extern)
central | non free | free of charge? | No safety audit |
Finally another new messenger as an isolated solution and with a proprietary protocol - the world has been waiting for this! And again with great promises:
… allegedly.
Data storage.
The information in the FAQ (external) contradicts each other. From FAQ #10:
To delete your account, simply uninstall the application. Only the assigned ID remains on the server. No other data is stored.
Funny, because how does the provider know after “just uninstall the application” that it should delete still stored offline messages including metadata? And others then can’t send messages to the chat account anymore? But right in FAQ #11 it talks about offline messages stored on the server:
The messages are stored only until they are delivered. After delivery they will be deleted immediately.
So when the application is deleted, the account data as well as metadata and encrypted messages for offline messages are not deleted after all. Somehow this does not fit together.
Encryption
Better than a “complex encryption system” would be an encryption system that is comprehensible and up-to-date for interested parties. Complexity does not have to be positive. Where at least according to Wikipedia Salsa20 is not as complex as claimed: “Salsa20 (also Snuffle 2005) is a stream cipher, … and is based on a few simple operations” (external). So some more details about the implementation would be very interesting.
Sources:
dnip.ch: How much data protection is in TeleGuard? (external) Spoiler: Not much.
Project page: https://teleguard.com/de (external)
central | non free | costs | Die „beste unfreie“ Lösung (wenn man das so sagen kann) |
The app is now open source, which also includes the cryptography. This is also documented in a whitepaper (external). By the way, unlike Signal, Threema is not planning a crypto payment system, which seems very reasonable:
No, we are not working on a corresponding feature, and with Threema it will not be possible to make payments in the future - for good reason.” And, “In our view, secure messaging is therefore not compatible with payment processing.”
There is an unofficial desktop client (external) based on Electron.
Threema’s opinion of itself: “What makes Threema better than all other messengers?” (external).
Data protection
Threema is rated as very good in terms of data protection by several supervisory authorities, and the LfDI Dr. Brink has also expressly welcomed the launch (https://www.baden-wuerttemberg.datenschutz.de/lfdi-gute-entscheidung-fuer-threema-schulen-brauchen-mehr-orientierung/). The Swiss government agency Educa.ch has published a list “Messenger services for use in educational contexts” (external; PDF), in which Threema also scores well.
Funding
In 2020, investor Afinum (external) joined Threema: https://threema.ch/en/blog/posts/open-source-and-new-partner (external)
Encryption
Threema has end-to-end encryption enabled by default. In December 2022, Threema introduced the new encryption protocol “Ibex”, which eliminates some weaknesses and also provides forward secrecy. This is made possible by negotiating a separate session key for each message transmission.
In the future, the Ibex protocol will be activated by default. Currently it is still necessary to activate the Ibex protocol for each chat individually on both sides of the communication. To do this, you have to open the settings of a chat by tapping on the header bar and activate the option “Perfect Forward Secrecy” in the “Privacy” section.
Enabling the protocol will affect sent messages only. The other party should also enable it so that both directions are optimally protected.
Sources:
Project page: http://threema.ch (external)
With “Threema Libre”, there is a customized version for the Android app store F-Droid, where all proprietary software libraries from Google or other third parties are removed. Threema provides a separate F-Droid repo for this, which must be added to the F-Droid app before installation. Furthermore, a license is required, which has to be purchased in the Threema store. The license model is not customer but app related. Regarding the use of licenses from the Playstore for the Google-free version, Threema has formulated:
Since we can not verify licenses purchased via Google Play, Threema can not be downloaded with it in our store / F-Droid. However, if the purchase was less than a year ago, I am happy to offer you a refund and you can purchase a license through our store. Unfortunately, for purchases made more than a year ago, a refund is not possible due to Google Play restrictions. If you want a refund, please create a data backup first and then send us the Google Play invoice number.
… Presumably this applies to all customers.
Limitations compared to the PlayStore version:
Push: Google’s push service “firebase cloud messaging (fcm)” does not work, “Threema push” is used.
Info about this from the source code: Github (external)
Emojies: There are no built-in emojies available. Instead, the system emojies are displayed/used (depending on the Android version, they can be accessed by a long press on the Enter key).
Info about this from the source code: Github (external)
Google Voice Assistant does not work.
Found/found any other limitations? Feel free to report them: >> Contact <<
General info about push services like FCM/GCM: Kuketz (external)
Info about building (compiling) the app: Github (external)
Data backup: https://threema.ch/de/faq/data_backup (external)
Installation: Threema (external)
Since many also use a private smartphone in the professional/school environment, every user of Threema Work should still consider the following points during installation or decide for themselves:
The settings can still be changed under “My profile” after the initial setup, and the user’s own profile can also be further personalized there.
For schools applies: Private smartphones of teachers for the use of Threema Work must be included in the device list on the “Form for the use of private DV devices” (external) from the “VwV Datenschutz an öffentlichen Schulen” and approved!
central | non free | free of charge | TikTok automatically reads the contact list or phone book. |
On various pages, problems are pointed out or even warned against the use:
Project page: https://www.tiktok.com (external)
central | non free | free of charge | Data octopus |
Viber belongs to the Japanese multinational conglomerate “Rakuten”. The headquarters of “Viber Rakuten” is in Luxembourg and the technical development takes place in Belarus.
Viber (like WhatsApp) stores, among other things, data from the device address book - and also from non-users. This provides a very precise insight into the social environment. How do you know if one of your contacts uses Viber and you are being abused for evaluation purposes without being asked? You don’t. But you can at least make a request that this should not be done:
If you are not a Viber user and do not want your phone number to be recorded, please contact us at: https://help.viber.com/en/contact (external)
On data collection and secrecy regarding the company:
Viber packages data collection in marketing very cleverly:
We cannot and will not sell the content you share.
… but the contents are hardly interesting for any company - but Viber can use and successfully sell the much more valuable metadata!
Viber collects massive amounts of data from its users. The company itself is extremely tight-lipped about it.
A spokeswoman puts Viber everywhere and nowhere.
Sources: https://www.zeit.de/2012/09/Telefonsoftware-Viber (external), https://www.zeit.de/2012/09/Telefonsoftware-Viber/seite-2 (external)
At least users from California can object to the sale of their data (“Do Not Sell My Data”) thanks to the “California Consumer Privacy Act” (CCPA): https://support.viber.com/customer/portal/emails/new?type=CA (external)
Unfortunately, there is hardly any information from/about Viber itself. Neither about the company, nor about the location of the servers. Here is a rare interview with executive officer Veronika Kesova (2017): https://productized.medium.com/inside-of-viber-office-in-minsk-belarus-17320ce4a922 (external)
Wikipedia: https://en.wikipedia.org/wiki/Viber (external)
Privacy policy: https://www.viber.com/de/terms/viber-privacy-policy (external)
Project page: https://www.viber.com (external)
central | non free | free of charge | Often in public criticism because of: Data protection and privacy |
WhatsApp uses only phone numbers for registration and as user ID. The company is based in the United States of America (USA) and the business model is to collect, add/enrich and ‘sell’ metadata.
Advantages/disadvantages in a nutshell:
More information: >> here <<
Project page: https://whatsapp.com (external)
central | non free | costs | Aimed at enterprise customers (Wickr Pro and Wickr Enterprise) |
Wickr is geared as a messenger solution for companies; only very limited version in the “free” variant.
Further very good overview/article: https://restoreprivacy.com/secure-encrypted-messaging-apps/wickr/ (external; English)
Prices: https://wickr.com/product-tiers/ (external)
Project page: https://wickr.com (external)
central | non free | costs | Aimed at enterprise customers (Wire Enterprise and Wire Government) |
Wire is aimed as a messenger solution for companies; only very limited version in the “free” variant.
Wire says it stores a database with “plain text storage of threads between users” on the server. “This allows us to ensure a better user experience when multiple end devices are used - for example, to synchronize call histories with other end devices,” Wire explained.
The company’s headquarters was moved to the U.S. (external) in November 2019.
Interoperability
A developer commented as follows on GitHub in October 2019:
Update: internal discussions around federation (between Wire servers as a first step) are happening. what would need to be done to implement: a) XMPP federation between Wire servers b) XMPP API between Wire servers and clients We have no plans to ever implement b) (to speak XMPP between Wire clients and Wire Servers.), or at least not in the next few years. So please don’t focus your efforts on that part. We plan to implement federation between Wire servers first. Whether that makes use of XMPP or not remains to be seen. …
Source: https://github.com/wireapp/wire-server/issues/631#issuecomment-541728717
Further very good overview/article: https://restoreprivacy.com/secure-encrypted-messaging-apps/wire/ (external; English)
Prices: https://wire.com/de/preise (external)
Project page: https://wire.com/de (external)
decentral | non free | free of charge | too little transparency, beta status, various cryptocurrencies |
WireMin describes itself as a “decentralized social network”. Despite the fact that various open source code (external) is used, the WireMin source code built from it is not open (cannot be viewed). Whether this corresponds to the license of the source code used must be clarified elsewhere. A minimum age of 13 years is required for use.
Points from the FAQ (external):
WireMin claims to value data protection and privacy and believes it can prove this through its open source protocol design and the implementation of applications. However, the use of an e-mail address at Google (Gmail) contradicts this basic idea. It is known and documented in their terms and conditions that all correspondence (both sent and incoming messages) is analyzed by Google.
Apparently, no data is stored on central servers - but not only with contacts (friends), but also on ‘random devices in the network’. Offline messages are possible - but where this intermediate storage of messages takes place is beyond the user’s insight and control (this is not sustainable from a data protection perspective):
Your data is relayed and stored in your friends’ devices and other random devices available in the network. All data is protected by strong cryptography algorithms and can be accessed only with the owner’s secret seed.
Messages and multimedia are relayed and temporarily stored for 48 hours, which allows an offline recipient to receive messages from others when it is back online. Personal data, like lists of contacts, will be stored until it has expired. So, if you stop using an account for a long time (like several months), all your data will vanish permanently from the network.
Furthermore, according to the FAQ, some newly developed protocols are used for which there is no experience/audits and which have (why?) not yet been published.
Are there any new protocols or technologies being introduced to build WireMin?
Yes, and a lot of them!
…
We will release the design and/or reference code to the public when the initial version is stabilized.
There is a close connection and support for many cryptocurrencies - whether this should be the focus of a social network for communication is questionable:
“Currently, we support Bitcoin payments via Lightning Network and ETH payments via Ethereum Network. Other well-known tokens that use the ERC-20 standard will be supported on WireMin soon, such as USDT, USDC, SHIB, BNB, LEO, BAT, MKR, DAI, etc.”
From the terms of use and difficult to assess, as not considered in detail:
“Our apps may allow you to access, use, or interact with third-party websites, apps, content, and other products and services.””
Conclusion:
WireMin is still a construction site with many unanswered questions and a lack of transparency.
Project page: https://wiremin.org (external)
The chat standard “XMPP”
decentral | free | free of charge | The protocol is in the public domain and can be used by anyone free of license or cost. |
A system based on the international standard protocol “XMPP”, which is based on a federated infrastructure and an open, expandable protocol. Formerly known as “Jabber”.
Advantages/disadvantages in brief:
Detailed information: >> here <<
Conclusion:
Despite weaknesses, the best alternative for your WhatsApp application currently available. Recommendation in system comparison.
Project page: https://xmpp.org (extern)
central | non free | free of charge | Cryptocurrency „xx coin“ |
A system developed in the Cayman Islands (tax haven) that also uses TOR. Great animated and elaborate website but marketing blubber without end. Outside hui and inside …
Project page: https://xx.network/de (external)
central | non free | free of charge | Often in public criticism because of: Data protection and privacy |
Zoom is booming and foolproof to use - so made for fools?
Over 6 million euros for Zoom?
… Adding up the expenditures of the universities from the responses, they paid Zoom a total of 2,764,771 euros in 2020. Overlaid on all universities for which no data is available, German universities paid the U.S. company about 6.4 million euros. …
Source: https://netzpolitik.org/2021/private-infrastruktur-fuer-die-lehre-so-viel-bezahlen-hochschulen-fuer-zoom (external)
Some examples on operating systems:
Quirks in use
Project page: https://zoom.us (external) Privacy policy: https://explore.zoom.us/de/privacy/ (external)
Some services have already been discontinued (which always highlights the dependence on centralized systems). These include:
decentral | non free | Entry without costs | Ending: November 2021 |
Grape is the basis for the Untis Messenger (external).
Press release, 11/17/2021: Grape is no more.
With regret we have to announce that UberGrape GmbH - the company behind Grape - has filed for insolvency. …
Source: https://www.grape.io/de/blog/grape-ist-nicht-mehr (external; 11/17/2021)
central | non free | free of charge | Ending: May 2020 |
Using the “Nearby” or “Worldwide” function, one receives offensive, crude but “clear” messages from strangers again and again. Unfortunately, this function is activated by default and must be deactivated by the user. deactivated by the user. Therefore, Hoccer seems to me especially not suitable for children or teenagers!
05/2020: discontinuation of Hoccer (external)
On the website was/is informed that the messenger service “Hoccer” was discontinued in May 2020:
”… with great regret we have to inform you that we have to discontinue the service of the popular Hoccer app. The last few months have been very challenging for our entire team. The effects of Corona have unfortunately also affected us on a personnel as well as on a sponsor level, so that we have to shut down “Hoccer” with a heavy heart. Until the end we tried to keep our messenger up and running to provide you with the best possible platform for secure communication. As you can imagine, this was connected with high costs, which we could only cover through company cooperations and sponsors in the last years. Due to this discontinuation within the Corona crisis, we accordingly have no other choice. We thank you for your loyal use of our app and hope that you will find a suitable alternative that will continue to protect your privacy. …”
(as of May 2020 / 20.07.2020)
central | non free | free of charge | Ending: June 2024 no encryption |
The name “ICQ” alludes to the phrase “I seek you”.
ICQ was launched in 1996 by the Israeli company Mirabilis. Via AOL (1998), the service then went to the Russian investment company Digital Sky Technologies in 2010, which renamed itself Mail.ru Group. In April 2020, “ICQ” was renamed “ICQ New” by the owner group (Mail.ru).
Questionable terms of use
In the terms of use defined by the operator ICQ Inc. on June 7, 2000, the user waives all his intellectual property rights to the data made accessible via the ICQ service
Source and more: https://de.wikipedia.org/wiki/ICQ (external)
June 2024: ICQ will be discontinued as one of the oldest chat services after a total of 27 years …
ICQ will stop working from June 26
Source / project page: https://icq.com (external)
zentral | non free | free of charge | Ending: September 2023 |
After six years, Meta is pulling the plug on Messenger Lite. The service was launched in Germany in April 2017 as a slimmed-down alternative to Facebook Messenger, which has been around since 2011. Compared to the extensive program, the Lite version not only requires significantly less storage space on the smartphone, it also responds somewhat faster due to its leaner structure. In the Google Play Store and Apple App Store, the service was rated rather moderately - with 3.8 (Google) and 3.9 (Apple) out of 5 stars respectively. Users mainly criticized the deteriorating performance after updates as well as partially discontinued functions.
Source: Techbook.de 09/2023: Discontinuation of Messenger Lite (external; german)
Other: https://techcrunch.com/2023/08/24/meta-is-shutting-down-messenger-lite-for-android-in-september (external)
central | non free | costs | Ending: September 2019 |
Discontinuation of “Privalino “ (external) among other things due to data protection and DSGVO to September 2019:
”… Ultimately, however, we could not inspire enough parents for our idea. …”
A good (English) page with a detailed list on the topic “why not”: https://securechatguide.org/rejectedapps.html (external, English)
Cross-references: encryption, privacy
Digital Society:
Overview: https://www.digitale-gesellschaft.ch/messenger/bewertung.html (external)
About the article: “WhatsApp, email, SMS & co. assessed for security and sustainability” (external)
Privacy manual:
https://www.privacy-handbuch.de/handbuch_74.htm (external)
Requirements for “secure” messengers (Mike Kuketz):
https://www.kuketz-blog.de/conversations-sicherer-android-messenger (external)