Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

I made a spreadsheet that ranks messengers for privacy

I've been working really hard to research and rank messaging apps by their privacy. The more green boxes the better.

I plan to turn PrivacySpreadsheet.com into a place for privacy data on everything from cars to video games. It's all open source too on GitHub.

Not trying to advertise, I just put a lot of time into researching all this, and I want to share it since I think others could benefit.

set_secret ,

fed it to gpt:

Briar and Cwtch stand out as recommended for private communication, both featuring end-to-end encryption by default, utilization of Perfect Forward Secrecy, and encryption at rest on both server and client sides. They are also decentralized and not dependent on DNS, which enhances privacy and security.

Pantherina ,

Really cool, but could you maybe use commments for the first column huge cells?

BearOfaTime ,

Nice work so far! It's a big task, really.

Smart idea hosting on git. Gives it a chance to be maintained and have a history.

Any way to download as a csv/excel file? (I can just copy/paste from the web, but that's imperfect)

UnHidden OP ,

I'm working on it, and an Excel file will be available later today under the "datasets" directory in GitHub

Jericho_One ,

Didn't even include the default messages app that most Android phones ship with 🤦

UnHidden OP ,

Please submit a GitHub issue so I can track the suggestions and problems, thanks

Jericho_One ,

Done

UnHidden OP ,

I've updated the spreadsheet to include Google Messages, should be live on the site now :)

brb ,

I don't think Google Messages is the default one tho? It's just called "Messages" on my Oneplus

Aria ,

The first row and first column should stay visible when you scroll with such a dense graph.

Blxter ,
@Blxter@lemmy.zip avatar

Great work :)

UnHidden OP ,

Thanks, if you have suggestions please submit a Github issue

fiercekitten ,

I don’t see Wire listed. Do you plan to add it?

possiblylinux127 ,
@possiblylinux127@lemmy.zip avatar

I don't think wire is the best privacy wise

clever_banana ,
@clever_banana@lemmy.today avatar

Very few dont require a phone numbers, so Wire is def in the top 10

possiblylinux127 ,
@possiblylinux127@lemmy.zip avatar

I think most don't require phone numbers

clever_banana ,
@clever_banana@lemmy.today avatar

Oh boy you're in for a surprise

possiblylinux127 ,
@possiblylinux127@lemmy.zip avatar

Signal is the only one I know that requires a phone number

clever_banana ,
@clever_banana@lemmy.today avatar

WhatsApp, Telegram too.

Oh, and Discord and a bunch of others dont tell you they require phones. Until their ML system false-positives and locks you out of your account until you auth with a phone number.

possiblylinux127 ,
@possiblylinux127@lemmy.zip avatar

Those are proprietary massagers. I though we were talking about secure messaging. When it comes to messages that have a reasonable level of transparency Signal is the only one I know that requires a phone. I'm comparing it to Briar, Simplex chat and Session.

UnHidden OP ,

Yes

TCB13 ,
@TCB13@lemmy.world avatar

What are you using to create this read-only spreadsheet?

jbd ,

I noticed that some of these are apps and some are protocols. It makes sense to list the app if the protocol is proprietary, but it's confusing that there can be multiple apps for an open protocol and not all of those apps could feature the same level of privacy.

UnHidden OP ,

Please submit a GitHub issue so I can track the suggestions and problems, thanks

jbd ,

Nice work. Can you add RCS to the table? https://en.wikipedia.org/wiki/Rich_Communication_Services

BigDanishGuy ,

I came here to suggest that as well. I have contacts who are switching from other platforms to RCS, and I have a hard time figuring out how secure that is.

Cyberflunk ,

RCS is a protocol, not a messenger. Google messages is the only client that implemented it.

Unless you know of any other RCS apps

lemmyreader ,

Apple announced to support it : https://www.eff.org/deeplinks/2024/01/what-apples-promise-support-rcs-means-text-messaging

Cheradenine ,

Very nicely done, thanks

fosstulate ,
@fosstulate@iusearchlinux.fyi avatar

The messaging app front I consider to be a long-term stalemate, mainly due to crippling network effects. Another factor is that strange psychology at play when making app decisions, where a person will have page after page of junk apps on their phones, yet utterly balks at the notion of installing a second messenger.

Even if a large actor (say, the EU?) managed to bruteforce some interoperability into being, I wonder whether that would be to the detriment of small apps in terms of undermining (or even eliminating) their privacy protections. I can use the likes of Session or Simplex all day long, but if the other side of the conversation is on a corporate product like Whatsapp... It runs into the same problem as email.

BearOfaTime ,

where a person will have page after page of junk apps on their phones, yet utterly balks at the notion of installing a second messenger.

Ffs this drives me crazy.

I have a friend who bitches about SMS being shit, every.single.day.

But will they use another app? No. "I don't want to have to use different messaging apps". Oh, so what you're saying is you're OK with how shitty SMS is. So stop complaining.

Really, it's not like you don't already have 3 email accounts, and have had a few phone numbers. And your friends numbers have changed over the years too.

This is something you use all day, every day. Not hard to find a conversation - hell, both iOS and Android show you this on a per contact basis.

So I'm not sure what's really going on when people say this. There's some other weird mental thing happening.

UnHidden OP ,

Now you have something visual that you can show them and say "this is how bad SMS is compared to Signal"

JustUseMint ,

Would absolutely add Session, I think it's basically a requirement for this comparison. Great work otherwise

sxan ,
@sxan@midwest.social avatar

Yes, please add Session. Wire is missing, too.

A version of this with usability features would be nice. Some of these I gave earnest tries, with multiple friends who were willing to indulge my interest, and the tools failed for various reasons: too cumbersome, too confusing, too unreliable, too basic. It's a subjective metric, but these are social tools, and to be useful, they have to be usable -- and many simply aren't.

I don't know if it's humorous, but one unexpected thing I discovered was that Wire's and Session's embedded animated GIF finder+inserter is so hugely desireable with my friends, it became an almost minimum requirement. Funny GIFs are immensely popular.

UnHidden OP ,

Session, Wire, and Element are done and will be added later today

sxan ,
@sxan@midwest.social avatar

I just saw Session - thanks!

But now I'm confused. Maybe you could add notes about what some of the rows mean. For example:

  • Upon what is based the "recommended for private comnunication?" Recommended by whom? Under what criteria?
  • Why is Session's voice/video "n/a" when it supports encrypted voice and video calls?
  • Why is running a private server, rated as higher security than distributed, tor-like onion networks? (can self host), and why is Session listed as "no" when anyone can self host routing nodes in the network? This preference for centralized servers over distributed onion networks is particularly baffling for a privacy-focused table.

This is a huge labor. Thanks again for attempting it.

JustUseMint ,

Based

southernwolf ,
@southernwolf@pawb.social avatar

I think you left off Session from this list. Based on everything I know, it'll probably come in number 2, or even number 1 if it beats SimpleX.

sxan , (edited )
@sxan@midwest.social avatar

SimpleX may be one of the best, privacy-wise, but until they implement multi-device support with shared history, it's simply a non-starter. Not being able to access a conversation on both my phone and my computer puts a messaging app near the bottom of any usability list.

SimpleX is close to implementing it; the last time I checked, there was a way to link two devices, but it was exceedingly cumbersome - too difficult to ask a non-tech person to work through - and the history syncing didn't work. If they get that worked out, it'll be a strong contender; I only wish it'd been part of the original design and not a tack-on, as I expect it'll consequently be a major source of bugs for the project.

BearOfaTime ,

It's kind of there now - you can link devices, but you have to manually switch between them. So only one device is active at a time. Not what people are looking for, but it's a start.

Not really useful for me, yet, but I like their approach. They didn't just throw out a fully-functional use-anywhere but flawed system, just to appease users. They've remained focused on keeping it secure. It's an Agile development approach, which works really well for stuff like this.

My guess is it'll be more fluid within the year (at least I hope so). I'd really like to switch to it, especially since you can self-host. Would be useful for my family, and could possibly make getting friends on board easier.

sxan ,
@sxan@midwest.social avatar

Yes, it's coming along. Just very slowly. I think I first tried SimpleX a year ago? It isn't quite near where I'd feel comfortable suggesting that my friends and family switch to it, and at this rate, it'll yet be a while.

I wish them luck, though.

pescetarian ,
@pescetarian@lemmy.ml avatar

With simplex battery is low. Not for smartphones.

SolarPunker ,

Love your commitment but I already knew SimpleX is the best. 🙃

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacy@lemmy.ml
  • random
  • incremental_games
  • meta
  • All magazines
    •