Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

I made a spreadsheet that ranks messengers for privacy

I've been working really hard to research and rank messaging apps by their privacy. The more green boxes the better.

I plan to turn PrivacySpreadsheet.com into a place for privacy data on everything from cars to video games. It's all open source too on GitHub.

Not trying to advertise, I just put a lot of time into researching all this, and I want to share it since I think others could benefit.

coffeeClean , (edited )

it would be more usable if the left column were locked so you don’t lose it when scrolling horizontally. Same for the top row.

“Email / Phone required for signup” ← these are on two very different levels of intrusiveness.. really needs to split into two rows. And from there, it’s interesting to know whether a phone must be a mobile phone or not. With email, it’s interesting to know if disposable addresses are blocked or not.

Also, for “decentralized network” for , you simply have “no”. I would change that to “No (Amazon)” to inform people they are feeding Amazon by using Signal.

In fact I suggest also adding a row: “feeds a tech giant” because privacy from tech giants is not the only factor -- some of us trying to live ethically do not want to even feed privacy offending tech giants, such as:

  • Amazon
  • Microsoft
  • Google
  • Cloudflare
  • Apple
  • Facebook

And as someone else pointed out, Delta Chat is missing.

clever_banana ,
@clever_banana@lemmy.today avatar

why not put this on Wikipedia? Theres already a great article there that would benefit from this additional data

https://en.m.wikipedia.org/wiki/Comparison_of_cross-platform_instant_messaging_clients

Jericho_One ,

Didn't even include the default messages app that most Android phones ship with 🤦

UnHidden OP ,

Please submit a GitHub issue so I can track the suggestions and problems, thanks

Jericho_One ,

Done

UnHidden OP ,

I've updated the spreadsheet to include Google Messages, should be live on the site now :)

brb ,

I don't think Google Messages is the default one tho? It's just called "Messages" on my Oneplus

Scolding7300 ,

This is awesome!
Is there a way to freeze the first column? Just so you can scroll to the right and see the categories

UnHidden OP ,

Working on it

return2ozma ,
@return2ozma@lemmy.world avatar

Is there a way to lock the left cells while scrolling through the other messengers?

UnHidden OP ,

Working on it, hard to do well without JavaScript while maintaining the ease of webpage generation

clever_banana ,
@clever_banana@lemmy.today avatar

Don't do this with JavaScript ffs

UnHidden OP ,

I will not include any JS in the site.
I'm not a web dev, I'm a mobile app dev, so web dev is new to me

pescetarian ,
@pescetarian@lemmy.ml avatar

Deltachat?!

southernwolf ,
@southernwolf@pawb.social avatar

I think you left off Session from this list. Based on everything I know, it'll probably come in number 2, or even number 1 if it beats SimpleX.

sxan , (edited )
@sxan@midwest.social avatar

SimpleX may be one of the best, privacy-wise, but until they implement multi-device support with shared history, it's simply a non-starter. Not being able to access a conversation on both my phone and my computer puts a messaging app near the bottom of any usability list.

SimpleX is close to implementing it; the last time I checked, there was a way to link two devices, but it was exceedingly cumbersome - too difficult to ask a non-tech person to work through - and the history syncing didn't work. If they get that worked out, it'll be a strong contender; I only wish it'd been part of the original design and not a tack-on, as I expect it'll consequently be a major source of bugs for the project.

BearOfaTime ,

It's kind of there now - you can link devices, but you have to manually switch between them. So only one device is active at a time. Not what people are looking for, but it's a start.

Not really useful for me, yet, but I like their approach. They didn't just throw out a fully-functional use-anywhere but flawed system, just to appease users. They've remained focused on keeping it secure. It's an Agile development approach, which works really well for stuff like this.

My guess is it'll be more fluid within the year (at least I hope so). I'd really like to switch to it, especially since you can self-host. Would be useful for my family, and could possibly make getting friends on board easier.

sxan ,
@sxan@midwest.social avatar

Yes, it's coming along. Just very slowly. I think I first tried SimpleX a year ago? It isn't quite near where I'd feel comfortable suggesting that my friends and family switch to it, and at this rate, it'll yet be a while.

I wish them luck, though.

pescetarian ,
@pescetarian@lemmy.ml avatar

With simplex battery is low. Not for smartphones.

poVoq ,
@poVoq@slrpnk.net avatar

You got some errors for XMPP e2ee: the popular mobile clients all enable it by default, it has perfect forward secrecy and a/v calls are usually also e2ee and of course data is encrypted in transit.

rcbrk ,

Yep. Really need to compare the best-practice XMPP clients (e.g. Conversations, Siskin), not half-developed clients more suited to the XMPP landscape of 20 years ago. -- Just as Matrix's ranking in the table is high because only the state-of-the-art clients are considered -- there are plenty of Matrix clients which don't support e2ee, for example.

This list of mistakes isn't exhaustive, but extending from poVoq's mentions, here are some things XMPP(conversations) does actually have positive findings for:

  • End to end encrypted by default [OMEMO]
  • End to end encryption is available [OMEMO]
  • Voice/video calls are end to end encrypted ["calls are always end-to-end encrypted with DTLS-SRTP"]
  • Utilizes Perfect Forward Secrecy [OMEMO]
  • Data is encrypted in transit [TLS and OMEMO]
  • You can verify contacts out of band [https://gultsch.de/trust.html]
  • There has been a third party code audit [2016]
  • Provider can scan for illegal content [If you send content unencrypted, otherwise no different to Matrix/Signal]

I'm not sure there's much differentiation between any apps when it comes to "What can the apps hand to police?"; if the police have physical access to your device and app, they have access to everything you do on that device/app.

Omega_Haxors ,

Provider is funded by authoritarian regimes

💀

Chozo ,

Not that I give a shit, but I can see you potentially catching some flack for listing the USA as an "authoritarian regime" lmfao

UnHidden OP ,

Lets be honest, its not much different from China. They both make social media companies censor, and they both track citizens to predict their likliness of committing a crime in the future.

return2ozma ,
@return2ozma@lemmy.world avatar

Where's the lie?

Encryption ,
@Encryption@feddit.ch avatar

They hate him, because he told the truth.

TheAnonymouseJoker ,

USA is atleast 100x worse than China, if you cared to look at Snowden and Assange leaks, and Wikipedia page for USA surveillance programs since the formation of NSA in 1960s. Assange is getting drugged and tortured as we speak, and that is not happening in China. Snowden can never go back to his home unless he wants to be "mysteriously dead".

BearOfaTime ,

I wouldn't say worse than China, but I'd say they're both equal, in their own way.

It's the nature of state politics and security. I'd bet even money every government on the planet is equally bad, up to the resources they have at their disposal.

Remember, all governments are collections of individuals, and individuals range in their morality.

Certain types are attracted to certain opportunities...like the power of government.

clever_banana ,
@clever_banana@lemmy.today avatar

Maybe Undemocratic ia better?

set_secret ,

fed it to gpt:

Briar and Cwtch stand out as recommended for private communication, both featuring end-to-end encryption by default, utilization of Perfect Forward Secrecy, and encryption at rest on both server and client sides. They are also decentralized and not dependent on DNS, which enhances privacy and security.

lazynooblet ,
@lazynooblet@lazysoci.al avatar

It's got that telegram is funded by Russia, is that true?

Wikipedia says the opposite.

https://en.m.wikipedia.org/wiki/Telegram_(software)

Telegram was launched in 2013 by the brothers Nikolai and Pavel Durov. Previously, the pair founded the Russian social network VK, which they left in 2014, saying it had been taken over by the government. Pavel sold his remaining stake in VK and left Russia after resisting government pressure.

AtmaJnana ,

Telegram was suddenly unblocked in Russia after getting a bunch of money from the Kremlin.

https://www.wired.com/story/the-kremlin-has-entered-the-chat/

The Moscow Times reported that the investments included $75 million from a joint partnership between an Abu Dhabi state fund and a Kremlin sovereign wealth fund.

BearOfaTime ,

Uggh, that's a bit concerning.

TheAnonymouseJoker ,

Telegram is not meant for private messaging. It is like a public forum but in the form of realtime chat. Telegram and Discord are unique types of public chat style forums.

BearOfaTime ,

Really? Because that's how I use it. There's nothing "public" about anything I use in it.

There's also fully end-to-end encrypted chats.

TheAnonymouseJoker ,

You can go whisper in another person's ear in a discussion group, thinking others cannot hear your whispers. Does not make it true. You can go use an axe to cut vegetables if you like. Just do not complain when the onion becomes red.

If you do not understand the nature of different tools, it is entirely your fault. Use different tools for different purposes.

fosstulate ,
@fosstulate@iusearchlinux.fyi avatar

The messaging app front I consider to be a long-term stalemate, mainly due to crippling network effects. Another factor is that strange psychology at play when making app decisions, where a person will have page after page of junk apps on their phones, yet utterly balks at the notion of installing a second messenger.

Even if a large actor (say, the EU?) managed to bruteforce some interoperability into being, I wonder whether that would be to the detriment of small apps in terms of undermining (or even eliminating) their privacy protections. I can use the likes of Session or Simplex all day long, but if the other side of the conversation is on a corporate product like Whatsapp... It runs into the same problem as email.

BearOfaTime ,

where a person will have page after page of junk apps on their phones, yet utterly balks at the notion of installing a second messenger.

Ffs this drives me crazy.

I have a friend who bitches about SMS being shit, every.single.day.

But will they use another app? No. "I don't want to have to use different messaging apps". Oh, so what you're saying is you're OK with how shitty SMS is. So stop complaining.

Really, it's not like you don't already have 3 email accounts, and have had a few phone numbers. And your friends numbers have changed over the years too.

This is something you use all day, every day. Not hard to find a conversation - hell, both iOS and Android show you this on a per contact basis.

So I'm not sure what's really going on when people say this. There's some other weird mental thing happening.

UnHidden OP ,

Now you have something visual that you can show them and say "this is how bad SMS is compared to Signal"

Pantherina ,

Really cool, but could you maybe use commments for the first column huge cells?

BearOfaTime ,

Nice work so far! It's a big task, really.

Smart idea hosting on git. Gives it a chance to be maintained and have a history.

Any way to download as a csv/excel file? (I can just copy/paste from the web, but that's imperfect)

UnHidden OP ,

I'm working on it, and an Excel file will be available later today under the "datasets" directory in GitHub

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacy@lemmy.ml
  • incremental_games
  • random
  • meta
  • All magazines
    •