We have described the three main types of messaging programs that exist: Centralized, Federated and Peer-to-Peer (P2P), with the advantages and disadvantages of each.
Federated
Federated messengers use multiple, independent, decentralized servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.
{%
include cardv2.html
title="Element"
image="/assets/img/svg/3rd-party/element.svg"
description='
Element (formerly
Riot) is the reference client for the
Matrix network. The
Matrix open standard is an open-source standard for secure, decentralized, real-time communication.'
labels="color==info::icon==fas fa-info-circle::text==Audited::link==https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last::tooltip==The protocol was independently audited.|text==VoIP"
website="https://element.io"
privacy-policy="https://element.io/privacy"
forum="https://forum.privacytools.io/t/discussion-element-io/665"
github="https://github.com/vector-im/element-web"
windows="https://element.io/get-started"
mac="https://element.io/get-started"
linux="https://element.io/get-started"
fdroid="https://f-droid.org/packages/im.vector.app/"
googleplay="https://play.google.com/store/apps/details?id=im.vector.app"
ios="https://apps.apple.com/app/vector/id1083446067"
web="https://app.element.io"
%}
Advantages
- Allows for greater control over your own data when running your own server.
- Allows you to choose who to trust your data with by choosing between multiple "public" servers.
- Often allows for third party clients which can provide a more native, customized, or accessible experience.
- Generally a less juicy target for governments wanting backdoor access to everything as the trust is decentralized. The server may be hosted independently from the organization developing the software.
- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member)
- Third-party developers can contribute code and add new features, instead of waiting for a private development team to do so.
Disadvantages
- Adding new features is more complex, because these features need to be standardized and tested to ensure they work with all servers on the network.
- Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).
- Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is utilized.
- Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with users on those servers.
Peer-to-Peer (P2P)
Peer-to-peer messengers connect to a distributed network of nodes to relay messages to the recipient without a third-party server. Clients (peers) usually find each other through the use of a distributed computing network. Examples of this include DHT (distributed hash table) (used with technologies like torrents and IPFS, for example). Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the Scuttlebutt social networking protocol). Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
{%
include cardv2.html
title="Briar"
image="/assets/img/svg/3rd-party/briar.svg"
description="Encrypted instant messenger that connects to contacts via Wi-Fi, Bluetooth, or Tor over the internet to synchronize messages. Technology such as this has proven to be useful when Internet availability is an issue, such as in times of crisis."
labels="color==warning::text==Warning::tooltip==If local mesh network is not needed, disable Wi-Fi and Bluetooth connections in Briar's options for maximal anonymity by only connecting through the Tor network.|color==info::icon==fas fa-info-circle::text==Audited::link==https://briarproject.org/news/2017-beta-released-security-audit/::tooltip==The client software was independently audited."
website="https://briarproject.org"
privacy-policy="https://briarproject.org/privacy-policy/"
forum="https://forum.privacytools.io/t/discussion-briar/2114"
gitlab="https://code.briarproject.org/briar/briar"
fdroid="https://f-droid.org/packages/org.briarproject.briar.android/"
googleplay="https://play.google.com/store/apps/details?id=org.briarproject.briar.android"
%}
{%
include cardv2.html
title="Jami"
image="/assets/img/svg/3rd-party/jami.svg"
description="Encrypted instant messaging and video calling software. All communications are E2EE using
TLS 1.3 and never stored elsewhere than on user's devices, even when
TURN servers are used."
labels="color==warning::link==https://git.jami.net/savoirfairelinux/ring-project/issues/765::text==Warning::tooltip==This software is partially centralized but can be self-hosted.|text==VoIP"
website="https://jami.net/"
privacy-policy="https://jami.net/privacy-policy/"
forum="https://forum.privacytools.io/t/discussion-jami/2116"
gitlab="https://git.jami.net/savoirfairelinux"
windows="https://jami.net/download-jami-windows"
mac="https://jami.net/download-jami-macos"
linux="https://jami.net/download-jami-linux"
fdroid="https://f-droid.org/packages/cx.ring/"
googleplay="https://play.google.com/store/apps/details?id=cx.ring"
ios="https://itunes.apple.com/app/ring-a-gnu-package/id1306951055?mt=8"
%}
Advantages
- Minimal information is exposed to third parties.
- Modern P2P platforms implement end-to-end encryption by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.
Disadvantages
- Reduced feature set:
- Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.
- Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.
- Your IP address and that of the contacts you're communicating with may be visible if you do not use the software in conjunction with a self contained network, such as Tor or I2P. Many countries have some form of mass surveillance and/or metadata retention.
Anonymous Routing
A messenger using anonymous routing communicates encrypted messages through a virtual overlay network that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly, and only meet through a secret rendez-vu node, so that there is no leak of IP addresses nor physical location. With onion routing networks (e.g., Tor), nodes cannot decrypt messages nor the final destination, only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers".
{%
include cardv2.html
title="Briar"
image="/assets/img/svg/3rd-party/briar.svg"
description="Encrypted instant messenger that connects to contacts via Wi-Fi, Bluetooth, or Tor over the internet to synchronize messages. Technology such as this has proven to be useful when Internet availability is an issue, such as in times of crisis."
labels="color==warning::text==Warning::tooltip==If local mesh network is not needed, disable Wi-Fi and Bluetooth connections in Briar's options for maximal anonymity by only connecting through the Tor network.|color==info::icon==fas fa-info-circle::text==Audited::link==https://briarproject.org/news/2017-beta-released-security-audit/::tooltip==The client software was independently audited."
website="https://briarproject.org"
privacy-policy="https://briarproject.org/privacy-policy/"
forum="https://forum.privacytools.io/t/discussion-briar/2114"
gitlab="https://code.briarproject.org/briar/briar"
fdroid="https://f-droid.org/packages/org.briarproject.briar.android/"
googleplay="https://play.google.com/store/apps/details?id=org.briarproject.briar.android"
%}
{%
include cardv2.html
title="Session"
image="/assets/img/svg/3rd-party/session.svg"
description="Encrypted instant messenger using 3-hops onion routing to transmit communications via
Oxen blockchain's nodes that are
distributed worldwide. All communications are E2EE encrypted by default, supporting 1-on-1, private group and public group textual chatrooms."
labels="color==info::icon==fas fa-info-circle::text==Audited::link==https://getsession.org/session-code-audit/::tooltip==The client softwares on all platforms were independently audited.|color==info::icon==fas fa-info-circle::text==Whitepaper::link==https://arxiv.org/abs/2002.04609"
website="https://getsession.org/"
privacy-policy="https://getsession.org/privacy-policy/"
github="https://github.com/oxen-io/session-desktop"
googleplay="https://play.google.com/store/apps/details?id=network.loki.messenger"
ios="https://apps.apple.com/app/session-private-messenger/id1470168868"
windows="https://getsession.org/windows"
linux="https://www.getsession.org/linux"
mac="https://getsession.org/mac"
%}
Advantages
- Minimal to no information is exposed to other parties, including recipients.
- Messages can be relayed even if one of the parties is offline.
Disadvantages
- Slow messages propagation.
- Less reliable due to the random nodes routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline.
- More complex to use as it requires the creation and secured backup of a cryptographic private key.
