32
posted ago by EnoughGunControl ago by EnoughGunControl +32 / -0

Link to original

Privacy Ranked:

I’m going to rank these least private to most, and explain why on each step.

Discord – Why: Discord is as bad as it gets. It's not only completely unencrypted, but they maliciously sell your data and have such huge restrictions on VPN IPs and SMS VoIP verification.

SMS – Why: It’s going naked over the phone lines, but isn't heavily sold in such a rotten way as Discord.

VoIP – Why: VoIP is just as horrible as SMS, but separates your real physical location from the cell tower

Telegram – Why: Unlike VoIP, it does have end-to-end encryption, but only on mobile. And with weak encryption that they made up, that hasn’t been properly reviewed [Source: Madaidans of whonix]

Signal – Why: Telegram has no metadata protection, while as Signal has sealed sender. Signal’s encryption is stronger and more thoroughly peer reviewed. Also Signal has a good legal track record and isn’t strict on crypto VoIP burners like Telegram. Having phone numbers isn't that big a deal if I paid $1 of crypto for a random VoIP burner in Cambodia without restrictions on Tor. Btw, my Signal number is Cambodian: +855 68 504 905

Matrix – Why: Tucker Carlson’s Signal was hacked. Also, academic papers have shown Signal’s sealed sender has flaws. If you self-host Matrix, that's much more control than trusting Amazon's AWS, which is a CIA contractor. Many open source projects use Matrix rooms.

Session – Why: Most Matrix users use http://Matrix.org which is Cloudflare with Gmail verifying the emails. Setting up a Matrix server is more expensive and complex than just opening Session and hitting "create account". Session’s onion routing, non-location based DNS, and decentralization is stronger than Matrix's Cloudflare-dominated network.

SimpleX – Why: Session lacks (by default) rotating keys and multiple identities. You can manually rotate keys using your blockchain name, and manually get multiple accounts at once via enabling it on Linux, but most won’t want to do this just to avoid government domain names (which most SimpleX users use). Session is better for censorship of servers, SimpleX is better for end users being invisible.

Self-hosted Tor XMPP – Why: SimpleX is hiding from servers, but if you control the server, that’s stronger. Even a self-hosted SimpleX server only picks half the conversation. Also, XMPP has a longer proven track record, which is more eyes on the code. Now if you DON'T self-host XMPP, it's way up on the list next to Matrix.

Self-hosted Tor XMPP w/ OTR – Why: OTR nukes the conversation when it’s done. It literally destroys the encryption keys. Game over bro.

Conclusion: Anything is better than Discord. Now, let's play a game, pick a communication method I did not mention, and you tell me where you think it should rank on the list. Then, we'll discuss.