| |
In addition to the top dog WhatsApp, there are countless other providers who also want a piece of the pie and advertise their own islands as paradise.
“Island” is actually to be understood as such in this context: These are island solutions that want to bind users to themselves by deliberately excluding or separating them from other systems. Therefore should be generally questioned:
In all central messengers listed below, metadata collection and analysis is possible or actively used. Metadata is not the actual content of the messages, but relates to the environment. Therefore, it is irrelevant in this context whether the communication is encrypted or not. This is often overlooked.
In addition to the “better known” messenger systems, there are many more reputable providers working with a solid business model - but also an incredible number of ominous services that come and go. In particular, you have to watch out for providers that use a lot of technical terms and throw around superlatives like:
The crowning glory is when privacy is advertised and Discord is offered as a contact option or a cryptocurrency is foisted upon you. In these cases, it’s definitely not worth taking a second look, because the people behind it usually want exactly the opposite. So watch out, because some “only want their/your best” - specifically: access to personal privacy, data grabbing, money mining/siphoning.
Also a good page with a detailed list on the topic “why not”: https://securechatguide.org/rejectedapps.html (external, English)
Cross-references: Privacy, Encryption
Digitale Gesellschaft:
Overview: https://www.digitale-gesellschaft.ch/messenger/bewertung.html (extern)
To the article: „WhatsApp, E-Mail, SMS & Co. auf Sicherheit und Nachhaltigkeit bewertet“ (extern)
Privacy handbook:
https://www.privacy-handbuch.de/handbuch_74.htm (extern)
Requirements for “secure” messengers (Mike Kuketz):
https://www.kuketz-blog.de/conversations-sicherer-android-messenger (extern)
Cross-references/Recommendations:
| decentral | free | free of charge | Beta status / no active further development |
Compares itself to Reddit/Twitter, Mastodon, Secure Scuttlebutt. At the comparison (external) there is no “classic” P2P-Messenger. At first sight nice web presence.
Supplementary to the protocol “Mim” (external) and the development (external; as of 2019?):
Heads up: this documentation is currently a work in progress - it is being made public as part of a product that is actively being built. There is no guarantee of a stable API.
0.1 DRAFT First public documentation of the protocol in draft form. This document is made available so as to enable discussion, and it not ready for use.
Project page: https://getaether.net (external)
| central | nonfree | costs | Not intended for private individuals, but for companies and government agencies. |
Abraxas’ solution is (like Stashcat only to be licensed as a closed system and can only be used as an island system.
Federal levels / open specialized applications / solves all interface issues:
_Abraxas maintains and develops software solutions for public administrations of all federal levels and for organizations in the governmental environment. Based on modern technologies, our engineers and developers design and build modern applications for tax and road traffic offices, municipalities, police corps, law enforcement bodies, vocational training, human resources and municipal utilities.
In order to meet the high demands of users for open, powerful and practical applications, Abraxas covers all areas of modern software engineering - from consulting and requirements engineering, architecture and software development to project management, quality assurance, training and support.
Abraxas takes over the management of specific projects, automatically implements necessary adaptations in case of legal changes and ensures the integration of the solution into the customer environment. Abraxas integrates the data and processes from the population to the municipalities and cantons to the federal government and solves all interface issues - always with the goal of advancing digitization for the benefit of our customers and their customers.
Source: https://www.abraxas.ch/de/loesungen/fachanwendungen (external)
Also for the police: https://www.abraxas.ch/de/loesungen/fachanwendungen/polizei/instant-messenger-police (external)
| decentral | free | costs | Cryptocurrency „ADM“ |
Messenger based on blockchain technology; “nice” comparison matrix (from Adamant’s point of view) also to other P2P systems.
Project page: https://adamant.im/#trade-adm (external)
| decentral | free | free of charge | beta status |
Also an open source project that advertises security/privacy (“The privacy-first messaging app”), but then uses “Discord” itself and offers it as a contact option. Actually, this contradicts itself, because the focus of the P2P messenger is supposedly various sensitive professional groups, activists, and also secret traitors:
Certain groups of people are at higher risk because of their activity: journalists, military personnel, government officials, activists, corporate members, lawyers, whistleblowers. Berty was designed with them in mind.
Berty’s messenger comparison (external)
Project page: https://berty.tech (external)
| central ° | non free | Entry free of charge | ° decentralized possible but: server without federation |
Project page: https://www.chiffry.de/versionen (external)
| decentral | free | free of charge | beta status |
All data is stored encrypted and exchanged between the device and an “Amazon S3 bucket” via a P2P protocol. Various service providers (Amazon, minio, wasabi, …) offer S3-compatible storage, but it can also be self-hosted. The messenger “Stone-Age” is based on Conversations - but the communication protocol XMPP has been replaced by Cweb.
Stone-Age: https://f-droid.org/packages/com.cweb.messenger (external)
Project page: https://cweb.gitlab.io (external)
| decentral | free | free of charge | beta status |
Also a solution that uses TOR. In order to chat with somebody in a peer-to-peer conversation both must be online.
Project page: https://cwtch.im (external)
| central | non free | free of charge | 'hefty' terms of use |
The “terms of service” (external; from 28.03.2022) of the messenger, which is popular and often used in the computer games scene and by students, reads fiercely, as Discord gets the rights to all of the content shared there:
Your content is yours, but you give us a license to it when you use Discord …
… To use, copy, store, distribute, and communicate content … publish, publicly perform or publicly display … monitor, modify, translate and reformat, … to sublicense …
(as of 06/16/2022)
(Until 28.03.2022 (external): By uploading, distributing, transmitting or otherwise using your content on the service, you grant us a perpetual, non-exclusive, transferable, royalty-free, sublicensable, worldwide license to use, host, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display your content in connection with the operation and provision of the Service.)
Project page: https://discord.com (external)
| central | non free | free of charge | Facebook Ireland Limited has changed its name to Meta Platforms Ireland Limited as of 04/01/2022. |
Project page: https://www.facebook.com/games/fbmessenger_android (external)
| central | non free | private free of charge | Discontinued as of 31.12.2019 / continued as of Jan. 2020 by "ginlo.net GmbH". |
The messenger service SIMSme was acquired by Babbler in March 2019 and the name was changed to “ginlo”. According to Wikipedia (external), the architecture is allegedly similar to that of GoldBug.
(Source: Wikipedia)
December 2019: Termination
Discontinuation of “Ginlo “ (former post-messenger “SIMSme “ due to insolvency of Brabbler AG at end of year 2019.
”… If you still want to download images, videos, files etc. from ginlo, please do it right away. Because all your encrypted content, metadata and personal data will be irretrievably deleted by the end of December at the latest. …”
January 2020: continuation/acquisition
“In January of this year, Brabbler co-founder Karsten Schramm took over the ginlo project from Brabbler AG’s insolvency and transferred it to the newly founded ginlo.net GmbH.”
Source: Press release from 14.07.2020 (external; PDF)
Project page: https://www.ginlo.net
| central | non free | free of charge | no encryption |
In April 2020, “ICQ” was renamed “ICQ New” by the ownership group (Mail.ru).
In the rules of use established by the operator ICQ Inc. on June 7, 2000, the user waives all his intellectual property rights to the data made available through the ICQ service
Source and more: https://de.wikipedia.org/wiki/ICQ (external)
Project page: https://icq.com (external)
| decentral ° | free | free of charge | ° decentral but server without federation |
Internet Relay Chat, or IRC for short, is one of the oldest services and thus also one of the Internet’s chat bedrock. Thus, the software is very mature, but the operation is still done via text commands, which can be difficult for newcomers.
External sources:
| central | non free | costs | Nicht für Privatpersonen, sondern für Firmen und Behörden gedacht. |
A commercial platform for companies that want to “serve” different islands with information at the same time. It includes: WhatsApp, Instagram, Facebook Messenger, Apple Business Chat, Telegram, Viber, Notify, Webchat.
Cross reference: Are bridges and their use legal?
Project page: https://www.messengerpeople.com/notify (external)
| central | non free | Entry free of charge | Lockangebot |
Project page: https://olvid.io (external)
| central ° | non free | Entry free of charge | ° dezentral möglich aber: Server ohne Föderation / Beta-Status |
Revolt Chat is based on its own self-developed protocol and sees itself as an alternative to Discord and Rocket Chat.
Why there is no federation? See the FAQ (external) for an answer:
From personal experience, I’ve generally found federated protocols to not be suitable for real time communication, Matrix is incredibly buggy at times and it’s left a sour taste in my mouth.
So the answer is something like: “too complicated for us, and nobody wants it anyway” - not very convincing, because apparently this questioner does exist, otherwise this would not be a frequently asked question (FAQ).
Project page: https://revolt.chat (external)
Developer page: https://developers.revolt.chat/api (external)
| decentral | free | selfhosting free of charge | ° decentral but server without federation |
Teammessenger as an alternative to Slack with the basic goal of “self-hosting”.
| central | non free | costs | Nicht für Privatpersonen, sondern für Bildungseinrichtungen gedacht. |
Nicht mit der „HPI Schul-Cloud“ zu verwechseln!
school.cloud is based on stashcat and uses an in-house developed, non-public protocol for data transfer.
More information: >> here <<
Project page: https://schul.cloud (external)
| decentral | free | free of charge | Cryptocurrency "$OXEN" |
Session (formerly known as “Loki Messenger”) is a fork of the app Signal that doesn’t use a phone number for identification, but has various features removed from the protocol. Currently, there is a change in the name from “Loki” to “Oxen”. Session uses onion-routing through Oxen Service Nodes for transport and the “LOKI coin” has become the “$OXEN”.
Oxen about itself:
Oxen is many things. A private cryptocurrency. A secure messaging platform. A network anonymity layer. Tools to build a more private future for the Internet.
The messenger app “Session” is closely related to the cryptocurrency “$OXEN” (formerly: “LOKI coin”):
Authorization for a server to operate on the network is attained through the server operator con3 ducting a special staking transaction, which requires that an operator provisionally lock an amount of Loki cryptocurrency assigned to their node (approximately 18,550 Loki coins; equivalent USD 7,420 dollars as of 10/02/2020).
Source: Whitepaper Feb. 2020 (external; PDF)
Source among others: https://restoreprivacy.com/secure-encrypted-messaging-apps/session/ (external; also read comments!)
To Session there was once a tweet, in which it was about that one of the developers probably has a great proximity to right-wing extremism. This was then controversially discussed, whether this says something about the software.
This was also briefly mentioned at the CCC: https://media.ccc.de/v/df93bf36-c048-4dea-ad2b-898ac3255cfa (external)
Explanation of what Session is using for onion-routing and why it doesn’t use Lokinet: getsession.org (external)
Roadmap where you can see that Lokinet integration is not finished yet: oxen.io (external)
Source code for desktop: https://github.com/oxen-io/session-desktop/releases (external)
Project pages: https://getsession.org (external), https://oxen.io/ (external)
| central | non free | free of charge | Signal is recommended by Edward Snowden - but is also controversial. |
Just like WhatsApp, Signal is defacto a closed system, also uses only phone numbers for registration, uses the same encryption, and is also headquartered in the United States of America (USA).
More information: >> here <<
Project page: https://signal.org (external)
| central | non free | partly without costs | Nicht für Privatpersonen, sondern insb. für Firmen gedacht. |
Designed for workgroup communication (groupware). According to Wikipedia (external), Slack seems to use tracking and analysis tools extensively.
Project page: https://slack.com/intl/de-de/pricing (external)
| decentral | free | free of charge | Questionable copy of Ricochet Refresh. |
Speek is based on Ricochet Refresh. While the original is trimmed to make things work cleanly and securely, Speek focuses on a “better” operation/user interface.
As it is, Speek has to be taken with a grain of salt, as the developer of Ricochet-Refresh has given the following (warning) advice:
tldr: Speek.App is literally just reskinned Ricochet-Refresh w/ some sketchily implemented patches on top and the Ricochet-Refresh git history removed. Please don’t be fooled by slick marketing and purple websites. If your safety is a real concern (ie you are an activist or a whistleblower or something), don’t use Speek.App. To everyone else, sure YOLO.
long version: Speek.App is a fork of a dev version of Ricochet-Refresh from sometime around October 2021. They have updated the style (dark mode skin, tweaked toolbars, backgrounds, etc) and added some quite badly implemented features (bad in the sense that the code changes are amateurish and buggy, not that the usability enhancements are themselves a bad idea). I performed a light audit on their changes a few weeks ago, and while there isn’t anything that stands out as a backdoor, or cryptography fuckery, or anything like that, the changes are very badly implemented (like around first-year of uni if I’m being generous). They have also stripped out nearly all references to Ricochet-Refresh and the Blueprint for Free Speech organization (the non-profit which maintains Ricochet-Refresh through grants).
Source: awsomealternatives.org (external)
So despite their omissions, Speek.App is based off of Ricochet-Refresh … So, the normal way of going about this is to create a clone of a git repo, and start a new branch with your commits on top. Instead, the Speek.App team essentially copy+pasted the code into a new git repo, and made a v large ‘initial commit’. I’ll leave it to the community to speculate as to whether this is due to maliciousness or incompetence. …
Side note (you can skip this paragraph if you’re not a turbo-nerd): a side effect of this approach is that they have essentially copied all of the source of (a now old) version of tor (which Ricochet-Refresh uses for ed25519 encryption primitives) and the fmt library (which we use for debug logging, only enabled by a compile-time flag not set in our official releases). We include these external dependencies as a git submodule, which is basically a soft-link to an external git repo to make it easy to update versions (for instance if we need a new feature or if there has been a critical bug-fix). Copying and pasting breaks this link so the version of tor in the Speek.App repo is now several months old. …
the takeaway is don’t use Speek.App if you care about your anonymity and safety. I did not find anything actively malicious (eg backdoors, broken crypto, etc). However, in terms of code-quality, the new features are implemented very amateurishly and almost certainly contain bugs if not outright security and or privacy vulnerabilities.
I’m sure an intrepid security researcher with some free time can find some interesting around their RichTextBox usage ;)
Anyway, it sure would be nice if y’all restored the AUTHORS.md file at least :)
Source: reddit.com (external)
Project page: https://speek.network (external)
| decentral | free | free of charge? | Cryptocurrency „bitcoin“ |
Another one about easy money for all: “Earning is the key that starts the flywheel. Speech and assembly support decentralized earning.”
Project page: https://sphinx.chat (extern)
| central | non free | costs | Nicht für Privatpersonen, sondern für Firmen und Behörden gedacht. |
Stashcat is also the basis of schul.cloud and uses an in-house developed, non-public protocol for data transfer.
More information: >> here <<
| decentral | free | free of charge? | Kryptowährung „Etherum“ |
Messenger with exchange for digital money (“Crypto Wallet”). Very closely interwoven with the cryptocurrency “Etherum”. In the whitepaper (external), the headline reads: “The Status Network - A strategy towards mass adoption of Ethereum”.
Status.im (Status Research & Development GmbH) from Switzerland has invested over 99 million (external) in various companies - including $10 million in Matrix (with 10 million (5 million each) to Matrix.org and New Vector).
Messenger comparison from status.im: https://our.status.im/private-messengers-what-can-they-really-see (external)
Sourcecode: https://github.com/status-im (external)
Project page: https://status.im/de/private-messenger (external)
| central | non free | costs | Nicht für Privatpersonen, sondern insb. für Firmen gedacht. |
Project page: https://teamwire.eu (external)
| central | non free | free of charge | In a nutshell: Rather not suitable for private communication |
The privacy-handbuch.de has reassessed Telegram: https://www.privacy-handbuch.de/handbuch_74b.htm#20_12_20 (external)
Danger from viewing phone numbers in group chats.
Telegram, is used by pro-democracy activists in Hong Kong to keep communications away from the prying eyes of Chinese authorities. Telegram has been banned there since 2015, but users have taken remedial action. Unfortunately (in 2019), a dangerous new technical problem has emerged with group messaging that makes phone numbers viewable. Protesters claim that this has already allowed government agencies to identify and identify individuals.
This particular problem does not open up private message content and affects “only” public groups. But it shows what can happen when authorities can compromise privacy in secure platforms. And it’s here that we see what the broader debate around encryption is all about, and why there’s so much passion for the issue.
“I need help from @telegram,” tweeted local software engineer Chu Ka-Cheong. “We and multiple teams have independently confirmed a serious vulnerability that leads to phone numbers being shared with members in public groups, regardless of privacy. Telegram is heavily used in #hkprotest, it puts HKers in immediate danger.”
Source: forbes.com (external)
More information
Project page: https://telegram.org (extern)
| central | non free | free of charge? | No safety audit |
Finally another new messenger as an isolated solution and with a proprietary protocol - the world has been waiting for this! And again with great promises:
… allegedly.
Data storage.
The information in the FAQ (external) contradicts each other. From FAQ #10:
To delete your account, simply uninstall the application. Only the assigned ID remains on the server. No other data is stored.
Funny, because how does the provider know after “just uninstall the application” that it should delete still stored offline messages including metadata? And others then can’t send messages to the chat account anymore? But right in FAQ #11 it talks about offline messages stored on the server:
The messages are stored only until they are delivered. After delivery they will be deleted immediately.
So when the application is deleted, the account data as well as metadata and encrypted messages for offline messages are not deleted after all. Somehow this does not fit together.
Encryption
Better than a “complex encryption system” would be an encryption system that is comprehensible and up-to-date for interested parties. Complexity does not have to be positive. Where at least according to Wikipedia Salsa20 is not as complex as claimed: “Salsa20 (also Snuffle 2005) is a stream cipher, … and is based on a few simple operations” (external). So some more details about the implementation would be very interesting.
Sources:
dnip.ch: How much data protection is in TeleGuard? (external) Spoiler: Not much.
Project page: https://teleguard.com/de (external)
| central | non free | costs | Die „beste unfreie“ Lösung (wenn man das so sagen kann) |
The app is now open source, which also includes the cryptography. This is also documented in a whitepaper (external). By the way, unlike Signal, Threema is not planning a crypto payment system, which seems very reasonable:
No, we are not working on a corresponding feature, and with Threema it will not be possible to make payments in the future - for good reason.” And, “In our view, secure messaging is therefore not compatible with payment processing.”
There is an unofficial desktop client (external) based on Electron.
Threema’s opinion of itself: “What makes Threema better than all other messengers?” (external).
Data protection
Threema is rated as very good in terms of data protection by several supervisory authorities, and the LfDI Dr. Brink has also expressly welcomed the launch (https://www.baden-wuerttemberg.datenschutz.de/lfdi-gute-entscheidung-fuer-threema-schulen-brauchen-mehr-orientierung/). The Swiss government agency Educa.ch has published a list “Messenger services for use in educational contexts” (external; PDF), in which Threema also scores well.
Funding
In 2020, investor Afinum (external) joined Threema: https://threema.ch/en/blog/posts/open-source-and-new-partner (external)
Encryption
Threema has end-to-end encryption enabled by default. In December 2022, Threema introduced the new encryption protocol “Ibex”, which eliminates some weaknesses and also provides forward secrecy. This is made possible by negotiating a separate session key for each message transmission.
In the future, the Ibex protocol will be activated by default. Currently it is still necessary to activate the Ibex protocol for each chat individually on both sides of the communication. To do this, you have to open the settings of a chat by tapping on the header bar and activate the option “Perfect Forward Secrecy” in the “Privacy” section.
Enabling the protocol will affect sent messages only. The other party should also enable it so that both directions are optimally protected.
Sources:
Project page: http://threema.ch (external)
With “Threema Libre”, there is a customized version for the Android app store F-Droid, where all proprietary software libraries from Google or other third parties are removed. Threema provides a separate F-Droid repo for this, which must be added to the F-Droid app before installation. Furthermore, a license is required, which has to be purchased in the Threema store. The license model is not customer but app related. Regarding the use of licenses from the Playstore for the Google-free version, Threema has formulated:
Since we can not verify licenses purchased via Google Play, Threema can not be downloaded with it in our store / F-Droid. However, if the purchase was less than a year ago, I am happy to offer you a refund and you can purchase a license through our store. Unfortunately, for purchases made more than a year ago, a refund is not possible due to Google Play restrictions. If you want a refund, please create a data backup first and then send us the Google Play invoice number.
… Presumably this applies to all customers.
Limitations compared to the PlayStore version:
Push: Google’s push service “firebase cloud messaging (fcm)” does not work, “Threema push” is used.
Info about this from the source code: Github (external)
Emojies: There are no built-in emojies available. Instead, the system emojies are displayed/used (depending on the Android version, they can be accessed by a long press on the Enter key).
Info about this from the source code: Github (external)
Google Voice Assistant does not work.
Found/found any other limitations? Feel free to report them: >> Contact <<
General info about push services like FCM/GCM: Kuketz (external)
Info about building (compiling) the app: Github (external)
Data backup: https://threema.ch/de/faq/data_backup (external)
Installation: Threema (external)
Since many also use a private smartphone in the professional/school environment, every user of Threema Work should still consider the following points during installation or decide for themselves:
The settings can still be changed under “My profile” after the initial setup, and the user’s own profile can also be further personalized there.
For schools applies: Private smartphones of teachers for the use of Threema Work must be included in the device list on the “Form for the use of private DV devices” (external) from the “VwV Datenschutz an öffentlichen Schulen” and approved!
| central | non free | free of charge | TikTok automatically reads the contact list or phone book. |
Auf verschiedenen Seiten wird auf Probleme hinngewiesen bzw. wird vor der Nutzung sogar gewarnt:
Project page: https://www.tiktok.com (external)
| central | non free | free of charge | Data octopus |
Viber belongs to the Japanese multinational conglomerate “Rakuten”. The headquarters of “Viber Rakuten” is in Luxembourg and the technical development takes place in Belarus.
Viber (like WhatsApp) stores, among other things, data from the device address book - and also from non-users. This provides a very precise insight into the social environment. How do you know if one of your contacts uses Viber and you are being abused for evaluation purposes without being asked? You don’t. But you can at least make a request that this should not be done:
If you are not a Viber user and do not want your phone number to be recorded, please contact us at: https://help.viber.com/en/contact (external)
On data collection and secrecy regarding the company:
Viber packages data collection in marketing very cleverly:
We cannot and will not sell the content you share.
… but the contents are hardly interesting for any company - but Viber can use and successfully sell the much more valuable metadata!
Viber collects massive amounts of data from its users. The company itself is extremely tight-lipped about it.
A spokeswoman puts Viber everywhere and nowhere.
Sources: https://www.zeit.de/2012/09/Telefonsoftware-Viber (external), https://www.zeit.de/2012/09/Telefonsoftware-Viber/seite-2 (external)
At least users from California can object to the sale of their data (“Do Not Sell My Data”) thanks to the “California Consumer Privacy Act” (CCPA): https://support.viber.com/customer/portal/emails/new?type=CA (external)
Unfortunately, there is hardly any information from/about Viber itself. Neither about the company, nor about the location of the servers. Here is a rare interview with executive officer Veronika Kesova (2017): https://productized.medium.com/inside-of-viber-office-in-minsk-belarus-17320ce4a922 (external)
Wikipedia: https://en.wikipedia.org/wiki/Viber (external)
Privacy policy: https://www.viber.com/de/terms/viber-privacy-policy (external)
Project page: https://www.viber.com (external)
| central | non free | free of charge | Often in public criticism because of: Data protection and privacy |
WhatsApp uses only phone numbers for registration and as user ID. The company is based in the United States of America (USA) and the business model is to collect, add/enrich and ‘sell’ metadata.
Advantages/disadvantages in a nutshell:
More information: >> here <<
Project page: https://whatsapp.com (external)
| central | non free | costs | Aimed at enterprise customers (Wickr Pro and Wickr Enterprise) |
Wickr is geared as a messenger solution for companies; only very limited version in the “free” variant.
Further very good overview/article: https://restoreprivacy.com/secure-encrypted-messaging-apps/wickr/ (external; English)
Prices: https://wickr.com/product-tiers/ (external)
Project page: https://wickr.com (external)
| central | non free | costs | Aimed at enterprise customers (Wire Enterprise and Wire Government) |
Wire is aimed as a messenger solution for companies; only very limited version in the “free” variant.
Wire says it stores a database with “plain text storage of threads between users” on the server. “This allows us to ensure a better user experience when multiple end devices are used - for example, to synchronize call histories with other end devices,” Wire explained.
The company’s headquarters was moved to the U.S. (external) in November 2019.
Interoperability
A developer commented as follows on GitHub in October 2019:
Update: internal discussions around federation (between Wire servers as a first step) are happening. what would need to be done to implement: a) XMPP federation between Wire servers b) XMPP API between Wire servers and clients We have no plans to ever implement b) (to speak XMPP between Wire clients and Wire Servers.), or at least not in the next few years. So please don’t focus your efforts on that part. We plan to implement federation between Wire servers first. Whether that makes use of XMPP or not remains to be seen. …
Source: https://github.com/wireapp/wire-server/issues/631#issuecomment-541728717
Further very good overview/article: https://restoreprivacy.com/secure-encrypted-messaging-apps/wire/ (external; English)
Prices: https://wire.com/de/preise (external)
Project page: https://wire.com/de (external)
| central | non free | free of charge | Cryptocurrency „xx coin“ |
A system developed in the Cayman Islands (tax haven) that also uses TOR. Great animated and elaborate website but marketing blubber without end. Outside hui and inside …
Project page: https://xx.network/de (external)
| central | non free | free of charge | Often in public criticism because of: Data protection and privacy |
Zoom is booming and foolproof to use - so made for fools?
Over 6 million euros for Zoom?
… Adding up the expenditures of the universities from the responses, they paid Zoom a total of 2,764,771 euros in 2020. Overlaid on all universities for which no data is available, German universities paid the U.S. company about 6.4 million euros. …
Source: https://netzpolitik.org/2021/private-infrastruktur-fuer-die-lehre-so-viel-bezahlen-hochschulen-fuer-zoom (external)
Some examples on operating systems:
Quirks in use
Project page: https://zoom.us (external) Privacy policy: https://explore.zoom.us/de/privacy/ (external)
Some services have already been discontinued (which always highlights the dependence on centralized systems). These include:
| decentral | non free | Entry without costs | Ending: November 2021 |
Grape is the basis for the Untis Messenger (external).
Press release, 11/17/2021: Grape is no more.
With regret we have to announce that UberGrape GmbH - the company behind Grape - has filed for insolvency. …
Source: https://www.grape.io/de/blog/grape-ist-nicht-mehr (external; 11/17/2021)
| central | non free | free of charge | Ending: Mai 2020 |
Using the “Nearby” or “Worldwide” function, one receives offensive, crude but “clear” messages from strangers again and again. Unfortunately, this function is activated by default and must be deactivated by the user. deactivated by the user. Therefore, Hoccer seems to me especially not suitable for children or teenagers!
05/2020: discontinuation of Hoccer (external)
On the website was/is informed that the messenger service “Hoccer” was discontinued in May 2020:
”… with great regret we have to inform you that we have to discontinue the service of the popular Hoccer app. The last few months have been very challenging for our entire team. The effects of Corona have unfortunately also affected us on a personnel as well as on a sponsor level, so that we have to shut down “Hoccer” with a heavy heart. Until the end we tried to keep our messenger up and running to provide you with the best possible platform for secure communication. As you can imagine, this was connected with high costs, which we could only cover through company cooperations and sponsors in the last years. Due to this discontinuation within the Corona crisis, we accordingly have no other choice. We thank you for your loyal use of our app and hope that you will find a suitable alternative that will continue to protect your privacy. …”
(as of May 2020 / 20.07.2020)
| central | non free | costs | Ending: September 2019 |
Discontinuation of “Privalino “ (external) among other things due to data protection and DSGVO to September 2019:
”… Ultimately, however, we could not inspire enough parents for our idea. …”
A good (English) page with a detailed list on the topic “why not”: https://securechatguide.org/rejectedapps.html (external, English)
Cross-references: encryption, privacy
Digital Society:
Overview: https://www.digitale-gesellschaft.ch/messenger/bewertung.html (external)
About the article: “WhatsApp, email, SMS & co. assessed for security and sustainability” (external)
Privacy manual:
https://www.privacy-handbuch.de/handbuch_74.htm (external)
Requirements for “secure” messengers (Mike Kuketz):
https://www.kuketz-blog.de/conversations-sicherer-android-messenger (external)