Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So, how does this compare with the Signal app, WhatsApp, and other secure chat clients that use the same library?

What makes ChatSecure a better choice? What can I do with it that they can't?



I'm not familiar with ChatSecure, but from what I can tell:

It ChatSecure is an XMPP client; XMPP being an open federated protocol.

Signal uses Google infrastructure; while this isn't an issue for security purposes (because everything is encrypted), some people don't like it, some people like to run their own servers. With a "centralized" protocol like Signal, running your own server means you are cut off from everyone on the main server; with a "federated" protocol like XMPP your server can communicate with the other servers, so you can chat with users on other servers.

The innovation with ChatSecure over other XMPP clients is that it has implemented an XMPP extension (XMPP is an extensible protocol) called "OMEMO" that implements encryption, by borrowing substantially from the Signal protocol. This is an improvement over OTR, the status-quo way of doing encrypted XMPP, which the linked page explains was designed around desktop usage and doesn't work well with phones.


That's correct. Our main differentiator from Signal/WhatsApp/Wire/Telegram/etc is that we have no centralized messaging infrastructure. Users are free to run their own servers, or connect to any 3rd party providers they trust. We also have integrated Tor support, but plan to remove that once iCepa reaches maturity.


How many trustworthy and well administered XMPP servers are out there?

BTW, for anyone wanting to setup a modern XMPP server, check out this:

http://www.enricozini.org/blog/2017/debian/modern-and-secure... http://www.trueelena.org/computers/howto/modern_xmpp_server....


Most public servers are pretty bad in terms of modern XMPP features [1]. Trust is also a big issue, but one of our goals is to solve this problem by making it much easier to run your own server. We currently default to Dukgo for new registrations but they don't support many of the XEPs required for a good mobile experience (0198, 0313, 0357).

1. https://gultsch.de/compliance.html


This is the article I read, which explains things quite clearly:

https://copperhead.co/android/docs/usage_guide

Basically ChatSecure is a nice clean XMPP client (turns out XMPP is not actually that scary, and choosing a network is no worse than choosing an e-mail provider), that supports OTR (and now OMEMO, which is much better). For Android, there's conversations.im, which was the first one to really support OMEMO.

Basically means you can choose your client, networks handle the messages, and it's up to the client each person is using to handle the crypto.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: