What’s the closest thing we have to a perfect private messanger?

In my mind the perfect private messanger is both completely secure, and also completely anonymous.

All the mainstream messengers can pretty much ensure the contents of the message will not be revealed…but that is not good enough. I want to be able to deploy and establish a completely anonymous AND private channel of communication on a dime without having to jump through extreme operational security hoops.

Does it really exist?

  • BCBoy911@lemmy.ca
    link
    fedilink
    arrow-up
    2
    arrow-down
    4
    ·
    7 days ago

    Matrix gets a lot of flak from people for their constant protocol changes, de-facto centralization around matrix.org and Element etc… but I’m very happy with Matrix as an open, federated, encrypted and private messenger and I hope it gets more adoption.

  • Florencia (she/her)@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    32
    arrow-down
    2
    ·
    9 days ago

    SimpleX is currently the best one possible.

    All the security of signal without needing a phone number.

    Everything can be through tor. Contact link can be formed with a one time use code that you DM someone privately.

    Anything more advanced and you’re basically in internet dead drop territory. An encoded message on a pastebin through tor. Congratulations, you’ve entered pedophile/terrorist level security realm.

    • hereforawhile@lemmy.mlOP
      link
      fedilink
      arrow-up
      10
      arrow-down
      1
      ·
      9 days ago

      Simplex does check alot of those boxes… but smp traffic is easily identifiable unless your jumping through the major hoops of establishing a totally anonymous proxy.

      An encoded message on a pastebin through tor. Congratulations, you’ve entered pedophile/terrorist level security realm.

      Thats to bad being anonymous and secure puts you in that category. It shouldn’t!

      • Florencia (she/her)@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        2
        arrow-down
        24
        ·
        edit-2
        9 days ago

        Honestly, pedos & terrorists get the whole world cooperation on doxing them. So if they’re not using a tool or method then it’s not proof against nation states.

        Why the need for complete anonymity though? Literally only pedos operate at that level so that nobody can squeal on the others if they are busted (they inevitably need to mess up a real kid because their CSAM isn’t good enough).

        • Lytia @lemmy.today
          link
          fedilink
          arrow-up
          26
          ·
          8 days ago

          This kind of mindset is what make the privacy community seem like outcasts. Yes, pedophiles and other criminals would benefit from complete anonymity, but that does not mean we should draw the line at how anonymous someone gets to be because “only pedos operate at that level”.

          • rirus@feddit.org
            link
            fedilink
            English
            arrow-up
            18
            ·
            8 days ago

            Journalist and human rights activists are criminals in certain circumstances. Being a criminal doesn’t mean they are bad.

  • Pearl@lemmy.ml
    link
    fedilink
    arrow-up
    26
    ·
    8 days ago

    Can’t believe nobody brought up i2p.

    Messages sent through i2p in theory would be secure and anonymous. With an envelope anology, no way to tell if an envelope stops at a particular house or gets forwarded on, and also they can only see bags of envelopes and not a specific envelope.

    • notarobot@lemmy.zip
      link
      fedilink
      arrow-up
      2
      ·
      7 days ago

      Are there any cool i2p sites or apps? Since it doesn’t have exit nodes I never found a reason to use it.

      • Pearl@lemmy.ml
        link
        fedilink
        arrow-up
        4
        ·
        7 days ago

        I2p has a BitTorrent system. They’d have to block i2p completely to stop it. It will probably be the only way to torrent once VPN bans/liability get brought up.

  • Hellfire103@lemmy.ca
    link
    fedilink
    English
    arrow-up
    7
    ·
    9 days ago

    SimpleX?

    Tox would also be fantastic, but they need to improve their encryption and get it audited. Also, some nicer UIs in the various clients would be nice.

  • stupid_asshole69 [none/use name]@hexbear.net
    link
    fedilink
    English
    arrow-up
    6
    ·
    8 days ago

    No. If you don’t jump through those hoops you give up the completeness of your anonymity, privacy or security.

    If you’re uninterested in simply recognizing that fact, consider that the “push button, get privacy” level development is being worked on in reverse by every intelligence agency, data broker, state and municipality with astronomical funding levels.

  • solrize@lemmy.ml
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    8 days ago

    I think you don’t want to know the real answer. It sounds like you want a phone app, but what you really have to do is flush your phone down the toilet and use a totally different approach. Also, there is absolutely no way to avoid difficult opsec. The communications technology is irrelevant since the greatest vulnerability in any security system is the people who use it. Do you think the private messenger software will free sessions with your therapist from spying? Guess again.

    As the saying used to go, you’re seeking a Star Trek solution to a Babylon 5 problem.

    • grey_maniac@lemmy.ca
      link
      fedilink
      arrow-up
      2
      ·
      8 days ago

      Technically, you should keep your phone and run false, normie activities on it. Give it to someone else to use and move about while you’re actually operational so it remains actively pinging the world while you’re away from it. All while also using the real approach, but not within range of your phone, or any windows or apple hardware linked to you either.

  • balance8873
    link
    fedilink
    arrow-up
    3
    ·
    8 days ago

    You need to define extreme operational security hoops.

    For me, meeting a human in person and scanning a qr code or relying on an out of band scheme to do the same is a huge hoop.

    • przmk@sh.itjust.works
      link
      fedilink
      arrow-up
      2
      ·
      8 days ago

      You can’t have big groups in Jami, it’s limited to a small number of participants (can’t remember how many).

      • Yeah. SimpleX has a similar problem, because it’s basically creating a bunch of 1:1 connections between everyone to preserve anonymity - IIRC (I freely admit I could be misremembering this). As I understood, it’s a decent limit, though - more than the 7-12 friend/family group you’d reasonably trust in a chat group.

        I did not consider this a blocker - who’s using encrypted chat for large groups? Large group chats are fundamentally insecure; is the use case about anonymity, not encryption?

        • mistermodal@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          8 days ago

          Okay that’s cool but even software projects like SimpleX need group chats for the software’s community to ask questions and such, where should they be hosted? Slack?

        • przmk@sh.itjust.works
          link
          fedilink
          arrow-up
          1
          ·
          8 days ago

          Sure, encryption may not be important for large groups but it can happen that it may be needed. If I were to make a group with my coworkers, I’d want that to be E2EE. On top of that, even without E2EE, you need good UX to host discussion groups for various topics, and Jami is simply not there yet.