I’ve been working really hard to research and rank messaging apps by their privacy. The more green boxes the better.

I plan to turn PrivacySpreadsheet.com into a place for privacy data on everything from cars to video games. It’s all open source too on GitHub.

Not trying to advertise, I just put a lot of time into researching all this, and I want to share it since I think others could benefit.

  • Arthur BesseA
    link
    fedilink
    English
    arrow-up
    12
    ·
    edit-2
    10 months ago

    This is worthy of a more usable interface than this spreadsheet widget.

    It took me a fair bit of scrolling to identify which attributes each of the six purple “N/A” values for SimpleX are, but now that I have I agree they’re accurate (though I think there is an argument to be made for just writing a green “no” for each of them).

    It is noteworthy that SimpleX is currently the only one of these (currently 34) messengers to not have a single red or yellow cell in its column. well done, @epoberezkin@lemmy.ml! 😀

    edit: istm that SimpleX (along with several other things) getting a “no” in the “can hand IP address to the police” row is not really accurate. SimpleX does better than many things here in that they don’t have a lot of other info to give to the police along with the IP, but, if Bob has their phone seized (or remotely compromised) and then the police reading Alice and Bob’s messages from Bob’s phone want to know Alice’s IP address… they can compel a server operator to give it to them. (And it is the same for a user who posts a SimpleX contact link publicly.)

    • viking@infosec.pub
      link
      fedilink
      arrow-up
      1
      ·
      10 months ago

      Briar has even fewer N/As than SimpleX and all greens otherwise. Second column in the table.

      • Arthur BesseA
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        10 months ago

        Briar has even fewer N/As than SimpleX and all greens otherwise. Second column in the table.

        Briar has a yellow Yes in row 12 ('requires global identity')

        … presumably because (if you have one instance of the Briar installed) when you’re talking to two different people they can check and confirm you’re the same person, while in SimpleX you can create disposable/ephemeral identities for different chats.

        I haven’t reviewed this thoroughly but I can see that there are a lot of attributes that could be added to this table in regards to metadata protection against various parties, including revealing online presence to servers and contacts (which is a place where briar falls short).