Hi all! I’d like to request suggestions for a secure messaging app, ideally that doesn’t require mobile phone for registration, to stay connected to my family In Russia.
The country wages war on the Internet, messengers and VPNs. Options are blocked one by one, and one can’t register in Signal because numbers that send registration confirmation from Signal are blocked…
I’d need an app that allows group chats, calls, media attachments and audio messages, easy enough for older people would be able to install. Ideally, something niche enough it won’t be blocked right away…
It’s a lot of requirements, but I hope something like this exists and would be very grateful for any recommendations.
Android / iPhone / desktop.
Looks promising, thank you!
btw, I also host a cryptpad instance of the project https://cryptpad.fr/, this can be fine for easy chat inside a document, all in the browser, discrete as it shows just an office online tool at first glance. (end to end encrypted)
I think you’re in luck here. You can use XMPP or Matrix as the other person said, and pick from the myriad of different servers to let the authorities play whack-a-mole with them. If you’re picking XMPP, suggest them one of the clients that support OMEMO (it uses the protocol used by Signal too; edit: most apps that support it are modern and in active development). Briar is another good option, since it uses Tor, but you both need to be online in order to receive messages from each other since it uses no servers (unless they and you use something like this on a spare phone).
An option that would likely be a better fit for what you’re looking for, but which I haven’t tried yet is SimpleX.
Whatever you pick, I think it would be a great practice for you to teach them to use a panic button app such as Ripple (not sure if that’s maintained anymore though).
Wow, thanks a lot! I’ll look through the options!
You’re welcome. Stay safe!
XMPP would work well, I would recommend Movim since it is browser based: https://movim.eu/
Thank you!
I think it’s hard, and even if there is something that works, its use can probably be detected somehow, and that could get your family in trouble.
Tbh I’d probably use snail mail letters for anything private on the theory that the RU govt doesn’t have the resources to open all the envelopes, and you can use special phrases for particularly private meanings. All that stuff like media attachments is asking for trouble. You could also send microSD cards by snail mail though that might attract attention.
Remember that Osama bin Laden’s compound in Pakistan had no internet connectivity at all. If he wanted to send an email, he’d write it to a USB drive and have a guy on a motorcycle take it to a café 70 km away or something like that. Replies would be brought to him the same way. They still managed to find him and kill him in his bedroom.
Today with AI analysis of massive amounts of traffic logs, I’m sure signal ID is far easier than it was in 2011.
I’m looking for something to have a family chat with, not to run a terrorist organization:) It’s quite risky via official Russian apps that are look-through, but as long as the content of messages and calls is secured, it should be fine even if the channel itself can be identified. As of now, the usage of messaging apps per se is not prosecuted.
Tbh I’d probably use snail mail letters for anything private on the theory that the RU govt doesn’t have the resources to open all the envelopes
Hahahaha!
I’m not a Russian, rather Romanian. But I heard stories how all the mail coming from the outside was checked and “vetted for anything suspicious” at the border during communism. Since we and USSR were on the same team I suppose they did the same. And how the way the public institutions work barely changed, nowadays, given the current situation, I expect them to return to that practice.
So yeah, I wouldn’t trust snail mail with anything sensitive.
Spot on haha. I doubt they have time to read every single snail mail, but I won’t ever write anything important in a snail mail sent to Russia.
Well start with a few not-that-private letters to check for evidence of their being opened. What happens with ordinary email by the way?
Hmmm, that’s true. Probably OP checked this, but now that you mentioned it, I would do the same 😁Screw that, they were reading all the foreign mail coming through. And you could still be unable to see if they opened your envelope because they were either carefully opening it and close it back, or simply use another one.
What happens with ordinary email by the way?
I expect it was previously appealing based on the fact that only the vendor had access (of course, now it no longer applies).
Maybe another option is to use one of the private providers that do not track you and are less mainstream than Proton. Let’s say Tuta or Mailbox.org (if they are not blocked already too). Probably encrypt the emails with PGP too for more security.
Would something like this be relevant?
Thank you very much.
However, the problem is that Signal needs phone number registration and sends confirmation via a blocked phone number. When users are registered, it works reliably, but new users in Russia cannot register without a non- Russian phone provider.
Ah okay, I wasn’t aware of that. I hope you find a safe alternative!
hi, here is a page i dedicate to such topic: https://mbuf.net/messaging/
hopefully it will give you some clues about what fits the best :)Wow,.lots of detailed information! Looks very helpful. Thank you, I bookmarked it and will read this weekend.
xmpp matrix threema https://threema.com/en simplex https://simplex.chat/
Anything other than Signal seems unadvisable from a privacy POV. Do you have a way of talking to them live on the phone, at the same time? You can try and register their Signal on a burner phone wherever you are. As they sign up, you sit on the call and give them the phone number and security code when it comes through. Unless having Signal on the phone is itself a reason to get arrested in Russia, which frankly wouldn’t surprise me either.
I don’t know if this will work. I did it on a different service using the number on a dumbphone to register for use on a tablet once.
