Closed source, not end-to-end encrypted by default, end-to-end only device to device (so I can't swap seamlessly from a desktop to a mobile session).
Not even the protocoll is open, so I am bound to their clients.
Sadly it was the only nice alternative when the snowden stuff was published. That means those of my peers who made it away from skype/fb/whatsapp are now on telegram.
Most seamless end-to-end encrypted solution I've come across. And it's still in beta. Every piece is open source (I'm running my own server), it's federated, supports history sync as a first-citizen feature, individual read receipts for group messages. The UX is not as polished as Telegram, but it's improving rapidly and is more than usable as a daily driver.
iMessage has end to end encryption and supports multiple devices. Each device uses its own keypair and when a message is sent, it is sent encrypted for each of the recipient's devices.
iMessage does not allow for any out-of-band key verification. It's correct that that Apple (and anyone compromising them) is in a position to change the recipient's key or add new ones without the sender noticing anything's going on. I think iMessage limits this to new messages. (I believe syncing is done through iCloud, which doesn't use E2E-crypto but is optional.)
It would still be possible to implement this in a secure way (including out-of-band key verification) by having the "original" key (the one you've compared out-of-band) sign keys for new devices and have the server deliver that signature (which the sender can then verify). I don't know if there are any implementations of this.
Wire? I used it for a year with friends and family. I have never in my life experienced a buggier app on Android. My friends and family said the same about it.
They seem to focus on bringing new features (like an alien voice FX feature) when they should try to fix the basics first.
The worst thing that happened to me was that UI told me I was in a chat with Alice, but I soon realized I was actually chatting with Bob. So much for E2E...
Now we use https://riot.im. I'm kind of surprised a federated solution offers a decent UX and is less buggy.
Never experienced anything like that on Riot. I mostly call from Android to other Android and iOS phones though.
I'd say we had a 40% chance of actually connecting a call with Wire. Suddenly there was an update to the app and calling didn't work _at all_ until the next update came (this happened more than once).
A close relative finally gave up and yelled something along the lines of "who the f* uses this POS app", and I couldn't really argue. :)
e2e on Riot/Matrix is in beta. I've had some experiences with someone else in a group chat only being able to read messages on one of their devices, and this is apparently not uncommon.
I'm a firm believer that Matrix is the future. But right now I wouldn't recommend it to anyone that isn't an early adopter.
We're not aware of any crashes at all on Riot/Desktop (especially as it's an electron app, so crashes will be due to chromium bugs). Please can you make sure it's filed on https://github.com/vector-im/riot-web/issues? thanks!
How come https://riot.im (Matrix) manages to sync between devices AND have E2E, while also being federated?
That's not what you get when you have a secure system, that's what you get when you design a system that can collect (and possibly monetize) the data of millions of users.
I believe that making sync work with E2E bring either security issues or more burden on the user; I would like them in telegram, but I also like the "if you send this message you exactly the device it go to, not an old laptop i forgot in the office, just my phone". it is meant to be secure on a device level.
That's not what I meant. Yes you can have sync and E2E. With different trade-offs.
Telegram is secure from device to device, not from account to account. If I send you a secure message from my iPad I don't have to worry about the web session I opened a week ago on someone else laptop.
Signal and WhatsApp both support multi-device encrypted chats. Signal is better than WhatsApp in this respect as your primary device doesn't need to be online for it to work.
Signal multi-device support is very limited. Doesn't support multiple mobile devices. Primary device must be a phone, all others must be desktop computers with Chrome.
How come https://riot.im (Matrix) manages to sync between devices AND have E2E, while also being federated? How come I can use both WhatsApp and Signal on both my computer and phone (and they stay in sync)?
It looks like in [1] that each device registered to a user has a device_key and when an encrypted message is sent, they user's public devices keys are requested and the message is encrypted for each device. New devices can't see old messages.
The message isn't encrypted for each device; the message is encrypted once for the room, as part of a 'session' of messages - and then the key data for that session is shared with the devices who are allowed to read it. Thus you can share old session key data with other devices if you want, meaning that new devices /can/ see old messages, although we're still working through the UX for that. (Currently the only way to do it is by import/export session key data in settings and transferring it between devices).
Thanks—so there's another layer of encryption over the ever changing (Megolm) key that encrypts the room, if I understand this. Looks like I simplified too much.
Sort of. Just to clerify: the first layer (Olm) provides a secure channel between pairs of devices, used mainly to share Megolm encryption state between them.
The second layer (Megolm) encrypts each sent message once per room, using a ratchet described by session key data. The session key data is shared 1:1 between the appropriate devices (past and future) over Olm.
Sadly it was the only nice alternative when the snowden stuff was published. That means those of my peers who made it away from skype/fb/whatsapp are now on telegram.