Earlier this year, I finally took the time to revisit the state of instant messaging services. My requirements:

- open source

- cross-platform (linux, mac, windows, ios, android)

- group chats

- end-to-end encryption

- well-understood crypto ciphers & protocols

- mature enough for a reasonable expectation of security & privacy

- easy enough for most computer users

- some way to protect metadata (e.g. self-hosting)

- signup without real-world ID

- offline message delivery

I ended up choosing the Matrix network. The reference client is called Element[1] (formerly Riot). There are things I dislike about the client, but they're pretty minor compared to the benefits of the underlying protocol, and lots of alternative clients are in development[2][3].

On top of meeting my requirements, all signs indicate that development is both active and moving in the right directions. Reading the team's weekly reports and issue tracker convinced me that they are making very sound decisions.

[1]: https://element.io/

[2]: https://matrix.org/clients-matrix/

[3]: https://matrix.org/clients/

Here's what I didn't like about the others:

Briar: Lacked cross-platform support and (iirc) offline messaging. Tor brings baggage that not everyone is ready to accept.

Cwtch: Not mature yet.

Jami: Very fragile code base in my experience, which was also true when was called Ring, and when it was called SFLphone. Only about 25% of the builds I've tried over the years actually worked. I was unable to determine whether it had offline messaging.

Keybase: Now owned by Zoom, which is a privacy nightmare.

Ricochet: Same problems as Briar.

RocketChat: Crypto is not mature yet.

Session: Not mature yet. Small limit on number of group chat participants.

Signal: Required phone number for signup. Required Google Play Services (aka spyware) for quite a long time. Weak cross-platform support. Some of that is finally changing, but Moxie will surely make more intolerable design decisions, and refuse to fix them for years, again.

Telegram: Homebrew crypto.

XMPP: Most clients are hard to use (or to teach others to use). Good servers are hard to find. Protocol standards are a mess. I couldn't find a real-world e2ee group chat implementation.

Everything else: Failed to meet my requirements even before I looked closely, mostly due to closed code and/or problematic corporate interests. (For example, I will not use an app from Facebook or any of its subsidiaries.)

maqp

"some way to protect metadata (e.g. self-hosting)"

From whom are you trying to protect metadata? Briar distinguishes itself as a platform that doesn't leak it to anyone. Matrix always has at least one central point for metadata eavesdropping, and that's the device the entities interested in your communication will hack first. Or maybe the threat of the group is in the inside -- John, the creepy IT-guy of the peer network who has a crush on Karen and is jealously eavesdropping on her every action, including content when E2EE is disabled for some chats.

Thanks but no thanks. I'd much rather just centralize the trust to a known crypto anarchist like Moxie who doesn't know me in person, and if I can't trust anyone I'll just use Briar despite lack of offline-messages. It's not like my phone isn't on 24/7 anyway.

Wrt. Session, it's not at all clear how anonymous their onion routing network is, if there's enough nodes etc.

foresto

I think it's important to distinguish mass surveillance from targeted surveillance. They present very different threat models.

I need a general-purpose chat tool for use with friends, family, and business contacts. Protection from targeted surveillance by a state actor (or someone with equivalent resources) is neither a priority nor realistic today in light of my other requirements. I'm okay with using a separate tool if I ever need that kind of special-purpose protection.

Roughly stated, the goal is to regain the convenience of older tools like talk, ytalk, irc, ICQ, AIM, Yahoo Messenger, Facebook Messenger, and Google Talk, without being inaccessible to swaths of the computer-using population, and without exposing us all to mass surveillance any more than necessary. Matrix succeeds at this admirably, and continues to get better at it over time. (You might want to look at their in-progress P2P work.)

Briar fails unless you only talk to people using smartphones.

MoxieTalk fails because it exposes people to mass surveillance. In multiple ways. Over and over again. (Also, I've never seen a good linux client for it.)

I acknowledge that both those tools look very useful for certain purposes, and I have a good deal of respect for Moxie because of his contributions to the crypto/comms community, but neither tool does what I need.

maqp

"I think it's important to distinguish mass surveillance from targeted surveillance. They present very different threat models."

Targeted attacks against centralized points that enable wide-scale surveillance are mass surveillance. Imagine NSA would claim "A fiber optic splitter in the bottom of the ocean is a targeted attack against one device (repeater), or one inch segment of glass wire, it's not mass surveillance".

It's vital that we define targeted surveillance as something where the target is a single entity. Hacking Moxie's phone is targeted surveillance. Hacking Signal server is not. Hacking every visitor of a CP site is mass surveillance https://www.eff.org/deeplinks/2016/09/playpen-story-fbis-unp...

"You might want to look at their in-progress P2P work."

It will be a nice to have sure, but I think P2P should work exclusively via Tor if you want to hide metadata. wrt that, you might find my work interesting https://github.com/maqp/tfc

"Briar fails unless you only talk to people using smartphones."

A picture is worth a thousand words

https://twitter.com/Amlk_B/status/1286642831239647232/photo/...

"MoxieTalk fails because it exposes people to mass surveillance."

Jabs like these aren't really appreciated. Extraordinary claims require extraordinary evidence.