security
This is an old revision of the document!
There's a few chat applications which can be used to communicate:
Secure
- SimpleX - Bit more secure then Signal, as it has built in privacy features at the protocol level (such as message padding). By default users /chats don't have constant identifiers either. Allows for anonymous profiles and supports multiple profiles.
- Signal - Good replacement for normal “text messaging”. Share your username instead of phone number.
- Delta Chat - Supports multiple profiles.
Less Secure
- Keybase - Supports multiple profiles, allows managing teams. Roughly an alternative to discord/slack. Currently owned by Zoom. Keybase has access to metadata to understand who is talking to who. https://book.keybase.io/docs/chat/crypto#metadata
- Matrix
- Configuration Steps:
- Setup a home server and disable federation to prevent metadata being copied around to other servers, This option is also configurable by the room creator, which is helpful and can decide when to use it.
- Enable End To End Encryption (E2EE) for sensitive rooms.
- Security And Privacy Notes:
- Metadata leaks are possible, as all metadata is not encrypted. This includes usernames of who are in encrypted chat rooms, as along with their name.
- Homeserver owners can join encrypted chats and impersonate users by adding their own device key to the target users account. This is a bug that is being mitigated in 2026 by requiring clients to confirm device keys of other users. https://element.io/blog/verifying-your-devices-is-becoming-mandatory-2/.
- A stolen domain for homeserver can gain rights as any user that has joined the room from the homeserver, This is due to Matrix stores permissions as user@homeserverDomain.com for rooms.
- Fluffychat client is recommended, as it supports multiple profiles.
security.1774836756.txt.gz · Last modified: 2026/03/30 02:12 by admin