{{Header}}
{{Title|title=
Instant Messenger Chat
}}
{{#seo:
|description=Anonymous Chat, IRC, XMPP in {{project_name_short}}.
|image=Balloons-874841640.jpg
}}
{{chat_mininav}}
[[File:Balloons-874841640.jpg|thumb]]
{{intro|
Anonymous Chat, IRC, XMPP in {{project_name_short}}.
}}
= General Safety Advice =
{{mbox
| type = notice
| image = [[File:Ambox_notice.png|40px|alt=Info]]
| text = '''Tip:''' Most existing instant messenger protocols are unsafe from a privacy point of view. This is not a {{project_name_short}}-specific problem, but a general problem with instant messengers.
}}
{{PQCrypto}}
It is recommended to review the [[Tips_on_Remaining_Anonymous#Keep_Anonymity_Modes_separate|Do not Mix Anonymity Modes]] section in conjunction with this entry. For a comprehensive comparison of instant messengers, [https://en.wikipedia.org/wiki/Comparison_of_instant_messaging_clients see here].
== Encryption ==
[[Warning#Exit_Relays_can_Eavesdrop_on_Communications|Tor exit relays can eavesdrop]] on communications if encryption to the server is disabled. Depending on the protocol which an instant messenger is using, encryption might be disabled by default or not even supported. Tails has noted that without encryption, Tor exit relays can see the contact list, all messages, file transfers, and audio/video. [
See: https://tails.boum.org/todo/Pidgin_Protocol_Review/ for an overview of Pidgin protocols and associated encryption features.
] While encryption to the server prevents exit relay eavesdropping, it still leaves one problem unresolved: [[Chat#Server_Logging|server logging]].
High-risk users should also bear in mind that even in the event that strong and secure end-to-end encryption is used -- for example encrypted chat using .onion connections only (staying within the Tor network) -- advanced adversaries are capable of compromising the trusted computing base (TCB) [
"... the trusted computing base or TCB comprises the set of all hardware, software, and firmware components that are critical to establishing and maintaining its security. Typically, the TCB consists of an operating system with all its in-built security controls, individual system hardware, network hardware and software, defined security procedures and protocols, and the actual physical location of the system itself." [https://web.archive.org/web/20210724143029/https://blog.finjan.com/trusted-computing-base/ Trusted Computing Base or "TCB"]
] of nearly all platforms: [
https://github.com/maqp/tfc/wiki/Security-design#the-issue-of-endpoint-security]
All proper end-to-end encrypted (E2EE) messaging systems store private key(s) exclusively on user's device (endpoint). The holy grail of attacks against E2EE systems is called exfiltration where the sensitive data, namely the private keys or plaintext messages, are stolen from the endpoint. The attack is directed against the trusted computing base (TCB) of the target system. The overwhelming majority of TCBs are connected to the network and compromising them with polished malware that exploits a zero-day vulnerability, is trivial and undetectable.
Another consideration is that even when using end-to-end encrypted applications, additional strong security protocols such as [https://en.wikipedia.org/wiki/Forward_secrecy forward secrecy] [
[https://signal.org/blog/advanced-ratcheting/ Advanced cryptographic ratcheting]:]As we’ve discussed previously, “forward secrecy” is one of the critical security properties OTR is designed to provide. In contrast to the PGP protocol model, where messages to a recipient are encrypted with the same public key over and over again, OTR uses ephemeral key exchanges for each session. This is a critical feature of any modern secure protocol, because otherwise a network adversary who records (potentially years of) ciphertext traffic can later decrypt all of it if they manage to later compromise the one key that was used. By contrast, with ephemeral key exchanges, there is no key to compromise in the future (since the keys are only ephemerally in memory for a short time), so any recorded ciphertext should remain private.
may not be available for group communication channels, see: [https://eprint.iacr.org/2017/713.pdf More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema].
== Web Interfaces ==
Avoid using web interfaces for any messengers because they break end-to-end encryption (E2E). If the website can show the messages, it follows that the server, if malicious or compromised, could also view the messages. Locally running applications should be preferred. Web apps running on a foreign server accessed through the user's browser are more exposed and therefore have a higher security risk.
== Server Logging ==
Encrypted server connections does not prevent the server from gathering information about users or building a [https://en.wikipedia.org/wiki/Social_graph social graph]. A non-exhaustive list of things the server could infer or log are:
* Account names
* List of contacts
* The exact date and time of logins
* Message timestamps
* Communication patterns like common contacts (see footnote) [If the recipient knows the sender and has ever used a non-anonymous account or logged in without Tor, this information can be used to try and determine the sender's identity.]
The content of messages will only be protected by using end-to-end encryption, for example [https://en.wikipedia.org/wiki/OMEMO OMEMO]. The threat of server logging can be completely removed with decentralized (server-less) instant messengers like [[OnionShare]].
== Jabber / XMPP ==
[https://xmpp.org/ Jabber/XMPP] is a libre server-federation protocol designed with openness in mind: "''... All of the existing XMPP servers, clients, and programming libraries support the key features of an IM system, such as one-to-one and multi-party messaging, presence subscriptions and notifications, and contact lists.''"
The system is decentralized because there is no central authoritative server; anyone can run a server. Some users are confused on this point because there are a number of large and popular public XMPP servers (like jabber.org), to which many have subscribed. [Other popular public servers are listed [https://xmpp.org/getting-started/ here].] A list of all public servers is available at https://list.jabber.at/
Each network user has a unique XMPP address called a JID (Jabber ID). The JID is similar to an email address insofar as it has a username and domain name like username@example.com [https://en.wikipedia.org/wiki/XMPP]
Safely using the protocol requires enabling encryption (such as OMEMO), because it is unwise to trust server connections are properly encrypted between each other. You can check the OMEMO version used by different clients on this page: https://xmpp.org/extensions/#xep-0384-implementationsJabber (note that the latest versions of the protocol may be in the experimental stage). XMPP privacy is also limited, as various adversaries are capable of observing which accounts are communicating. XMPP and Tor combined only guarantee pseudonymous communications, as while the user's current location is hidden, the social graph can still expose their true identity. For tips on operational security when chatting anonymously, see this [https://archive.ph/n116i article] by [https://theintercept.com/2015/07/14/communicating-secret-watched/ The Intercept]. Also see: [https://forums.whonix.org/t/why-is-icq-considered-unsafe-through-tor/1096 Why prefer open protocols such as Jabber/XMPP over proprietary ones such as ICQ?]
== IRC ==
When using IRC (Internet Relay Chat) inside {{project_name_workstation_long}}, the [https://en.wikipedia.org/wiki/Ident_protocol Ident Protocol] is automatically blocked because {{project_name_workstation_long}} is firewalled. Therefore the associated daemon will not identify the username which is linked with a particular TCP connection, as is normally the case.
The Tor Project [https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO/IRC Internet Relay Chat] page contains a number of important recommendations and tips for safe IRC use:
* Use onion services when available.
** Check self-signed certificates have the correct SSL/TLS certificate.
* Cycle Tor circuits to evade censorship bans.
* Chain VPNs and Tor for registration.
* Use OTR for end-to-end encryption.
* Distrust users and servers in general.
* Avoid personally identifiable information in chats.
* Check the user fingerprint before using IRC.
* Harden the IRC client.
* And more.
== Legal Data Access ==
In 2021, a Freedom of Information request uncovered a FBI training document that summarizes the level of access US law enforcement has to various secure messaging services. Most importantly, it revealed there is some limited access to encrypted messages in iMessage, Line and WhatsApp, but not to messages sent with [[Signal]], [[Telegram]], Viber, WeChat and [[Wickr]]; refer to the comparison table below.
'''Table:''' ''Legal Access: Secure Messaging Service Comparison'' [https://therecord.media/fbi-document-shows-what-data-can-be-obtained-from-encrypted-messaging-apps/]
{| class="wikitable"
|-
! scope="col"| '''Application'''
! scope="col"| '''Legal Process and Other Details'''
|-
! scope="row"| Apple iMessage
|
* Message content limited.
* Subpoena: can render basic subscriber information.
* 18 USC §2703(d): can render 25 days of iMessage lookups and from a target number.
* Pen Register: no capability.
* Search Warrant: can render backups of a target device; if target uses iCloud backup, the encryption keys should also be provided with content return can also acquire iMessages from iCloud returns if target has enabled Messages in iCloud.
|-
! scope="row"| Line
|
* Message content limited.
* Suspect’s and/or victim’s registered information (profile image, display name, email address, phone number, LINE ID, date of registration, etc.).
* Information on usage.
* Maximum of seven days worth of specified users’ text chats (only when E2EE has not been elected and applied and only when receiving an effective warrant; however, video, picture, files, location, phone call audio and other such data will not be disclosed).
|-
! scope="row"| [[Signal]]
|
* No message content.
* Date and time a user registered.
* Last date of a user’s connectivity to the service.
|-
! scope="row"| [[Telegram]]
|
* No message content.
* Court order: For confirmed terrorist investigations [
https://telegram.org/privacy?setln=ru#8-3-law-enforcement-authorities
] or copyright infringement [
https://torrentfreak.com/telegram-discloses-personal-details-of-pirating-users-following-court-order-221130/
], Telegram may disclose phone numbers, IP addresses, and email addresses to relevant authorities.
|-
! scope="row"| Threema
|
* No message content.
* Hash of phone number and email address, if provided by user.
* Push Token, if push service is used.
* Public Key.
* Date (no time) of Threema ID creation.
* Date (no time) of last login.
|-
! scope="row"| Viber
|
* No message content.
* Provides account (i.e. phone number) registration data and IP address at time of creation.
* Message history: time, date, source number, and destination number.
|-
! scope="row"| WeChat
|
* No message content.
* Accepts account preservation letters and subpoenas, but cannot provide records for accounts created in China.
* For non-China accounts, they can provide basic information (name, phone number, email, IP address), which is retained for as long as the account is active.
|-
! scope="row"| WhatsApp
|
* Message content limited.
* Subpoena: can render basic subscriber records.
* Court order: Subpoena return as well as information like blocked users.
* Search warrant: Provides address book contacts and WhatsApp users who have the target in their address book contacts.
* Pen register: Sent every 15 minutes, provides source and destination for each message.
* If target is using an iPhone and iCloud backups enabled, iCloud returns may contain WhatsApp data, to include message content.
|-
! scope="row"| [[Wickr]]
|
* No message content.
* Date and time account created.
* Type of device(s) application is installed on.
* Date of last use.
* Number of messages.
* Number of external IDs (email addresses and phone numbers) connected to the account, bot not to plaintext external IDs themselves.
* Avatar image.
* Limited records of recent changes to account setting such as adding or suspending a device (does not include message content or routing and delivery information).
* Wickr version number.
|-
|}
= Instant Messenger Selection Criteria =
A recommendation if any can be made depends on the threat model, priorities of the user. An obvious recommendation is impossible at time of writing because no instant messenger exists with all of the minimum desired security properties.
[[Signal]] is adamant about phone number validation (see [[Phone Number Validation|Phone Number Validation vs User Privacy]])
, registration by phone which leads to very bad usability for most users that wish to remain anonymous and/or hide their social graph from the server.
OMEMO encryption has amazing security properties but it's opt-in in all known chat programs, which is a huge usability issue. Meaning users could easily forget to enable it or due to bugs getting disabled. It is also XMPP-specific, therefore there are no instant messengers that are serverless (and thereby hiding the user's social graph) as well as at the same time support OMEMO encryption. OMEMO is built on top of the double-ratchet encryption algorithm however, and there are a variety of messengers that support double-ratchet encryption.
The most secure instant messenger would be serverless with local data storage, peer to peer (p2p) over Tor onions or another metadata protection-resistant onion routing, without a permanent user ID, with well-audited quantum resistance to double-ratchet end-to-end encryption enabled by default — only [[SimpleX]] and [[Cwtch]] are closest to these criteria.
= Instant Messenger Security Properties Comparison =
'''Table:''' ''Instant Messenger Security Properties Comparison''
* TODO: unfinished
* Wiki editors notice: Please do not expand this table without prior discussion. To keep maintenance effort low, this table shall be a curated list with most suitable choices only. Messengers that are discouraged in context of anonymity such as [[Telegram]] and [[Signal]] (due to the [[Phone Number Validation]] issue), shall not be added to this list.
{| class="wikitable"
|-
! '''Feature'''
! [[SimpleX]]
! [[Cwtch]]
! Dino IM
! Gajim
! [[OnionShare]]
|-
! Network
| SimpleX Network
| Tor onion
| XMPP ("Jabber")
| XMPP ("Jabber")
| Tor onion
|-
! End-to-end encryption (E2E) protocol
| Simplex Messaging Protocol (SMP)[https://github.com/simplex-chat/simplexmq/blob/stable/protocol/simplex-messaging.md]
| Tapir Protocol[https://pkg.go.dev/cwtch.im/tapir]
| OMEMO[https://xmpp.org/software/dino/]
| OMEMO[https://xmpp.org/software/gajim/]
| Tor onion protocol[https://spec.torproject.org/tor-spec/index.html]
|-
! colspan="6" | '''Security Property'''
|-
! Serverless / peer to peer / onion to onion
| {{Yes}}, client to unidirectional SimpleX routing (server does not store data)[https://simplex.chat/blog/20240604-simplex-chat-v5.8-private-message-routing-chat-themes.html]
| {{Yes}}, client to onion (server)
| {{No}}
| {{No}}
| {{Yes}}, client to onion (server)
|-
! No risks introduced for hosting an Onion Service [
There are more de-anonymization attacks against onion services than against Tor users who only use Tor as a client since it is possible to make onion services talk. See [[Onion_Services#Onion_Services_Security|Onion Services Security]].
]
| {{Yes}}
| ? {{Yes}}
| {{Yes}}
| {{Yes}}
| {{No}}
|-
! End-to-end encryption (E2E) by default
| {{Yes}}
| {{Yes}}
| {{No}}
| {{No}}
| {{Yes}}
|-
! Quantum resistance
| {{Yes}}
| {{No}}
| {{No}}
| {{No}}
| {{No}}
|-
! Verifiability
| {{Yes}} (Simplex Messaging Protocol)
| {{Yes}} (Tapir Protocol)
| {{Yes}} (OMEMO)
| {{Yes}} (OMEMO)
| {{Yes}} (Onion E2EE authentication)
|-
! Deniability
| {{Yes}} (Simplex Messaging Protocol)
| {{Yes}} (Tapir Protocol)
| {{Yes}} (OMEMO)
| {{Yes}} (OMEMO)
| {{No}}
|-
! Message padding [
Attacker able to observe even approximate message sizes can use these sizes as an additional signal for machine learning to de-anonymise the users and to categorize the relationships between the users.
If a messenger conceals the routing of the messages to hide the transport identities (IP addresses) of senders and recipients, message sizes can be used by traffic observers to confirm the fact of communication with a much higher degree of certainty.
]
| {{Yes}}
| {{Yes}}
| {{Yes}}
| {{Yes}}
| ?
|-
! Perfect Forward Secrecy (PFS)
| {{Yes}} (Simplex Messaging Protocol)
| {{Yes}}, Tor provides forward secrecy
| {{Yes}} (OMEMO)
| {{Yes}} (OMEMO)
| {{Yes}}, Tor provides forward secrecy
|-
! Written in memory safe language
| {{Yes}} (Haskell, Kotlin)
| {{Yes}} (Go, Rust)
| {{No}} (C)
| {{Yes}} (python)
| {{Yes}} (python)
|-
! Metadata resistant
| {{Yes}}
| {{Yes}}
| {{No}}
| {{No}}
| {{Yes}}
|-
! Self-destruct passcode
| {{Yes}}
| {{No}}
| {{No}}
| {{No}}
| {{No}}
|-
! Audited protocol/crypto/client
| {{Yes}}, (Trail of Bits: 2022, 2024) [
*https://github.com/trailofbits/publications/blob/master/reviews/SimpleXChat.pdf
*https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SimpleX_Design_Review_2024_Summary_Report_12_08_2024.pdf
]
| {{No}}
| {{No}}, only protocol/crypto (Radically Open Security: 2016) [https://conversations.im/omemo/audit.pdf]
| {{No}}, only protocol/crypto (Radically Open Security: 2016) [https://conversations.im/omemo/audit.pdf]
| {{Yes}}, (Radically Open Security: 2021) [https://raw.githubusercontent.com/onionshare/onionshare/develop/security/2021%20Penetration%20Test%20Report.pdf]
|-
! Signed application releases
| ? [https://github.com/simplex-chat/simplex-chat/releases]
| ? [https://git.openprivacy.ca/cwtch.im/cwtch-ui/releases]
| ? [https://github.com/dino/dino/releases]
| ? [https://dev.gajim.org/gajim/gajim/-/releases]
| ? [https://github.com/onionshare/onionshare/releases/]
|-
! Signed source code
| ? [https://github.com/simplex-chat/simplex-chat/commits/stable/]
| ? [https://git.openprivacy.ca/cwtch.im/cwtch-ui/commits/branch/trunk]
| ? [https://github.com/dino/dino/commits/master/]
| ? [https://dev.gajim.org/gajim/gajim/-/commits/master]
| ? [https://github.com/onionshare/onionshare/commits/main/]
|-
! Reproducible builds
| {{No}}, only server[https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SERVER.md#reproduce-builds]
| {{Yes}}[https://docs.cwtch.im/blog/cwtch-bindings-reproducible/]
| {{Yes}}[
*https://github.com/dino/dino/wiki/Build
*https://reproduce.debian.net/amd64/#dino-im
]
| {{Yes}}[
*https://reproduce.debian.net/amd64/#dino-im
*https://dev.gajim.org/gajim/gajim/#building
]
| {{No}}
|-
! colspan="6" | '''Usability Property'''
|-
! Multiple Devices Support
| {{No}}
| {{Yes}}
| {{Yes}}
| {{Yes}}
| {{No}}
|-
! Offline Messages / Backlog
| {{Yes}}
| {{No}}
| {{Yes}}
| {{Yes}}
| {{No}}
|-
! File Transfer
| {{Yes}}
| {{Yes}}
| {{Yes}}
| {{Yes}}
| {{Yes}}
|-
! Voice Messages
| {{Yes}}
| {{No}}
| {{No}}
| {{Yes}} (Available since Debian Trixie)
| {{No}}
|-
! Voice Chat
| {{Yes}}
| {{No}}
| {{Yes}}
| {{No}} (with plugin)
| {{No}}
|-
! Video Chat
| {{Yes}}
| {{No}}
| {{Yes}}
| {{No}} (with plugin)
| {{No}}
|-
|}
= Recommendation =
Applications discussed in this chapter are listed in order of best usability and compatibility with {{project_name_short}}, based on the opinion and experience of {{project_name_short}} developers.
It should be noted that no single application listed here has a superior feature set. Users must make a choice based on personal preferences and their [https://www.kicksecure.com/wiki/Threat_Modeling self-assessed threat model]:
# [[SimpleX]] has a high level of security and anonymity: post-quantum encryption, does not require a phone number or email for registration, protects against metadata collection, data is stored locally, incognito mode allows for the creation of separate chats with random names, etc.
# [[Cwtch]] has a high anonymity and protection against metadata collection: does not require a phone number or email for registration, data is stored locally, all communication is end-to-end encrypted and takes place over Tor (there is no “Cwtch service” or “Cwtch network”). Not undergone an independent security audit at the time of writing.
# [[#Dino_IM|Dino IM]] provides a good UX, a modern and clean look and OMEMO support. On the downside, it requires a Jabber server which weakens anonymity.
# [[#Gajim|Gajim]] has more Jabber users, is written in memory-safe python, supports offline messages, and can provide OMEMO encryption. On the downside, it requires a Jabber server which weakens anonymity.
# [[OnionShare]] provides a serverless (hosted using a Tor onion service), secure, ephemeral and anonymous chat feature. It is particularly useful because it does not require account creation, is encrypted end-to-end and reduces the risk of messages being stored locally.
= SimpleX =
{{Anchor|SimpleX Chat}}
[[File:SimpleX_Logo_Small.png|border|SimpleX logo]]
See [[SimpleX]].
= Cwtch =
See [[Cwtch]].
= Dino IM =
[[File:Dinologo.png|border]]
== Overview ==
[https://dino.im/ Dino IM] is a modern XMPP ("Jabber") Chat Client written in GTK+/Vala for GNU/Linux and is available in Debian. OMEMO is supported, but needs to be toggled in the chat window. OpenPGP is also supported.
== Installation ==
{{Install Package|
package=dino-im
}}
== Key Backup ==
In addition to the fingerprint displayed in clients, OMEMO uses session/ephemeral keys: as soon as you chat with someone, these keys are created and they are replaced with new ones after every message exchange.
Without the latest session keys, incoming messages cannot be decrypted. This means when session keys are imported from an older backup, problems are likely if the keys were used in between.
Both types of keys are stored in ~/.local/share/dino/omemo.db (a SQLite database). Problems are avoided so long as keys are not backed up while Dino is running and Dino is not started from the same database twice.
= Gajim =
[[File:Gajimlogo.png|border]]
== Overview ==
Ubuntu provides a succinct overview of Gajim: [https://help.ubuntu.com/community/Gajim]
Gajim is a free software, instant messaging client for the Jabber (XMPP) protocol which uses the GTK+ toolkit. It runs on GNU/Linux, BSD and Windows. The name Gajim is a recursive acronym for Gajim (is) a jabber instant messenger.
The goal of Gajim is to provide a full featured and easy to use Jabber client. Gajim works nicely with GNOME, but does not require it to run. It is released under the GNU General Public License.
Gajim has various features, including: [https://gajim.org/]
* chat client synchronization
* group chats
* sending of pictures, videos and other files to friends or groups
* secure end-to-end encryption via OMEMO or PGP
* the option to keep and manage all chat history
* connection compatibility with other messengers via transports, such as IRC
* various other features are available via plugins
In 2021, audio/video is reportedly not functional in Gajim. Further, OTR support was dropped in Gajim release 1.0, but the [https://dev.gajim.org/gajim/gajim-plugins/wikis/OmemoGajimPlugin OMEMO plugin] is an encryption alternative. [https://dev.gajim.org/gajim/gajim/-/wikis/help/gajimfaq#does-gajim-support-audiovideo]
'''Figure:''' ''Gajim Client in {{project_name_short}}''
[[File:Gajim.png|1600px]]
== Installation ==
{{mbox
| type = notice
| image = [[File:Ambox_notice.png|40px|alt=Info]]
| text = '''Tip:''' Gajim dependencies and Debian instructions are always available [https://dev.gajim.org/gajim/gajim/blob/master/README.md here].
}}
The steps below install Gajim, along with the OMEMO encryption plugin and [https://dev.gajim.org/gajim/gajim-plugins/wikis/HttpUploadPlugin HTTP Upload plugin] (which is required for file transfers). [Note this feature can be combined with OMEMO for encrypted file transfers.] The latter plugin is fully integrated into the core Gajim software as of version 1.0. Upon first launch of the program, users can use an existing [[#Jabber_.2F_XMPP|XMPP account]] or create a new one.
{{Update}}
{{CodeSelect|code=
sudo apt update
}}
Install gajim and gajim-httpupload. gajim-omemo is installed by default in Debian bullseye during the Gajim installation.[
[https://github.com/{{project_name_short}}/anon-apps-config anon-apps-config] which is installed by default will [https://github.com/{{project_name_short}}/anon-apps-config/blob/master/debian/anon-apps-config.hide deactivate gajim plugin installer / updater] because it is not secure.
]
== Configuration ==
=== Account ===
On first launch, an Account Creation Wizard Dialog will appear. Use the wizard to either create a new account to connect to the jabber network or use an existing account. For new accounts, there are multiple jabber servers available and only a username and password is required to join. [A new account can always be added with: ]Edit → Accounts → New
=== Gajim Settings ===
The following changes are recommended for better security and privacy.
{{Box|text=
Logs:
* Edit → Accounts → '''un'''check Save conversation logs for all contacts
Activity settings:
* Preferences → Status → '''un'''check Away after [To prevent needlessly leaking your activity to the server.]
* Preferences → Status → '''un'''check Not available after
Privacy settings:
* Preferences → Advanced → Privacy → '''un'''check
** Allow client / OS information to be sent
** Allow local system time information to be sent
** Log encrypted chat session
** Allow my idle time to be sent
Prevent auto-start:
* Preferences → Advanced→ applications → Custom → clear fields for: [For better security, this prevents the automatic start of these applications from the chat client.]
** Browser
** Mail Client
** File Browser
Network settings: [To set use of the Tor network, along with [[Stream Isolation]].] [[https://forums.whonix.org/t/whonix-gajim-instructions-giving-error/11632 Whonix gajim instructions giving error]. Proxy authentication is tested to work in {{project_name_short}} 16 when the ]username and password are left blank in settings.
* Preferences → Advanced → global proxy → Tor
* Preferences → Advanced → global proxy → mange → Tor → check Use proxy authentication → leave username blank → leave password blank
}}
Gajim cannot be installed by default in {{project_name_short}} yet, as there is more development work TODO; see [[Dev/Gajim]].
= OnionShare =
[[File:OnionShare_logo.png|128px|border|OnionShare logo]]
See [[OnionShare]].
= IRC Client =
[[Undocumented]]
= Matrix clients =
Matrix is a federated chat protocol and server network. It is similar to XMPP in that one can create an account on any Matrix server to access chatrooms and communicate with users on the Matrix network, even if the other users being communicated with are using a different Matrix server.
While Matrix does support end-to-end encryption in both one-on-one and group chats, it has a number of serious shortcomings:
* A verification procedure is needed to ensure the Matrix server is not performing a man-in-the-middle attack on encrypted communications. However, this verification procedure can oftentimes be difficult to impossible to complete due to client and/or server bugs.
* Messages in encrypted rooms are sometimes unable to be decrypted by some of the users in the room.
* Matrix server admins can trivially intercept new encrypted messages sent to a user by logging into that user's Matrix account themselves. Even though their new login will not be "verified" and will not have access to previously sent messages, Matrix clients will by default encrypt all newly sent messages with a key that the unverified device can read.
* Support for encryption varies between Matrix clients, and oftentimes isn't implemented at all.
* libolm, which was previously the primary library used to provide encryption functionality for Matrix, had multiple dangerous security flaws that would potentially have allowed Matrix's encryption to be compromised.[
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
] This library has since been deprecated.
* Matrix has well-known issues with large-scale metadata leakage. [
Matrix metadata leakage references:
* User contributed references - not reviewed by {{project_name_short}} developers in detail.
** https://gitlab.com/libremonde-org/papers/research/privacy-matrix.org/-/blob/master/part1/README.md
** https://gitlab.com/libremonde-org/papers/research/privacy-matrix.org/-/blob/master/part2/README.md
** https://forum.hackliberty.org/t/why-we-abandoned-matrix-the-dark-truth-about-user-security-and-safety/224
** https://hackea.org/notas/matrix.html
** https://github.com/matrix-org/synapse/issues/5677
]
* The Matrix protocol itself theoretically supports forward secrecy [
https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#partial-forward-secrecy
], but certain clients, such as Element, may not have this feature. Users should review the client's documentation before starting a chat.
* The Matrix protocol has been criticized for several practically-exploitable cryptographic vulnerabilities that, together, invalidate the confidentiality and authentication guarantees claimed by Matrix against a malicious server. [
https://eprint.iacr.org/2023/485.pdf
]
While not technically a shortcoming, most rooms on the Matrix network do not have encryption enabled.
Many different Matrix clients exists, Element being the most commonly used client.
See other Matrix clients here:
https://matrix.org/ecosystem/clients/
== Element ==
Not recommended for these reason: Element do not have forward secrecy at the time of writing. Any key compromise among message recipients would affect the confidentiality of all past communications.[
* https://web.archive.org/web/20250402144326/https://www.privacyguides.org/en/real-time-communication/#additional-options
* https://github.com/element-hq/element-meta/issues/1296
]
=== Notices ===
{{Third_Party_Repository}}
=== Element installation ===
{{CodeSelect|code=
sudo extrepo enable element.io
}}
{{Install Package|package=
element-desktop
}}
== Quaternion ==
[[File:quaternion.png|128px|border]]
=== Overview ===
Quaternion is a Qt-based desktop IM client for the Matrix protocol. Matrix is an open, federated communications protocol. [
https://packages.debian.org/{{Stable project version based on Debian codename}}/quaternion
]
At time of writing, [https://github.com/quotient-im/Quaternion/issues/75 Quaternion did not support end-to-end encryption] yet.
For example, it is possible to create an account on the [https://chat.{{project_matrix_server}}/#/register {{project_matrix_server}}] home server for a more private experience; less data is collected about users compared to the matrix.org home server. The privacy issues are inherent in the synapse server side software itself; refer to this [https://github.com/privacytools/services/issues/17 list] for a full write-up. Besides federating with other Matrix instances, Quaternion supports bridging to IRC, Telegram and many other protocols. [
https://matrix.org/bridges/
]
=== Installation ===
{{Install Package
|package=quaternion
}}
== Nheko Reborn ==
[[File:Nhekologo.png|128px|border]]
=== Overview ===
Nheko Reborn is: [https://packages.debian.org/bullseye/nheko]
... a Qt-based chat client for Matrix, an open, federated communications protocol. The motivation behind the project is to provide a native desktop app for Matrix that feels more like a mainstream chat app and less like an IRC client.
The developers explicitly warn that although the current implementation of end-to-end encryption is functional, it may have bugs that affect security. Further, it may be necessary to bootstrap cross-signing keys in a different client. Online key backup is not supported, but this can be performed offline. Most major chat features are available such as: VoIP calls (voice and video); user registration; creating, joining and leaving rooms; sending and receiving invites/files/emojis and so on.
Refer to the [https://github.com/Nheko-Reborn/nheko Nheko Reborn GitHub README] for further information.
=== Installation ===
{{Install Package
|package=nheko
}}
= Web Browser / JavaScript Clients =
Web clients can provide weaker or stronger security depending on the user's threat model.
One disadvantage of web clients is that they rely on the server not attacking the user and stealing their encryption keys from the browser. Websites can target specific users with malicious JavaScript whereas with an installed application, the code is completely static. [
https://proton.me/blog/cryptographic-architecture-response/
]
Furthermore, installed applications can utilize TLS certificate pinning to better mitigate [[Warning#Man-in-the-middle_Attacks|man-in-the-middle attacks]] by eliminating the dependence on potentially compromised certificate authorities. Certificate pinning is already being extensively used by applications such as Signal [
https://www.signal.org/blog/certifiably-fine/
], ProtonMail [
https://proton.me/blog/tls-ssl-certificate#Extra-security-precautions-taken-by-ProtonMail
] and others.
In addition, the stateless design of Tor Browser will erase any keys created and approved by communicating parties. This can cause confusion about the trustworthiness of contacts in subsequent sessions -- one workaround is to use a dedicated install of Firefox for that purpose.
However, there are advantages to web clients too. Websites are much less privileged than installed applications and have no direct access to system resources. Common browsers also often employ browser sandboxing technologies to contain malicious websites even in the event of a browser exploit (unless chained with an additional sandbox escape exploit).
== Element Web ==
[https://app.element.io/#/welcome Element Web App] is a browser-based Matrix client. It can also be run from [https://element.io/get-started different platforms].
== Converse.js ==
[https://conversejs.org/ Converse.js] is an OMEMO browser client which is provided by some XMPP hosting services. However, chat encryption is only available on "Trusted Devices".
= Briar =
Not recommended due to [https://www.whonix.org/wiki/Tips_on_Remaining_Anonymous#Refrain_from_.22Tor_over_Tor.22_Scenarios tor over tor scenario] at the time of writing.
See forum discussion:
https://forums.whonix.org/t/briar-desktop-in-whonix/9565/21
= Session =
Not recommended for these reasons:
* Only one account with a permanent ID in the desktop client
* Encryption issues identified in 2025 [
*https://soatok.blog/2025/01/14/dont-use-session-signal-fork/
*https://soatok.blog/2025/01/20/session-round-2/
]
* [https://github.com/oxen-io/session-desktop/issues/2321 session private messenger does not consider supply chain attacks yet? #2321]
* [https://github.com/oxen-io/session-desktop/issues/2322 security: NPM found 91 vulnerabilities #2322]
* Does not have PFS (Perfect Forward Secrecy)
{{quotation
|quote=A detailed blog post on why Session removed PFS (Perfect Forward Secrecy), and what that means for users can be found [https://getsession.org/session-protocol-technical-information here].
|context=[https://getsession.org/a-response-to-recent-claims-about-sessions-security-architecture A Response to Recent Claims About Session's Security Architecture]
}}
See forum discussion: https://forums.whonix.org/t/session-private-messenger/13264
= Deprecated Chat Clients =
== Introduction ==
The following is a list of chat clients which were previously documented on this page. It is not a list of all deprecated chat clients that have ever existed.
== CoyIM ==
CoyIM is no longer included in {{project_name_short}} due to technical issues. Namely, it is currently not available from Debian stable or backports package sources (packages.debian.org). [
https://forums.whonix.org/t/coyim-in-whonix-development-discussion/5901/16
] There is a chance it will be reintroduced when {{project_name_short}} 16 (based on Debian bullseye) is released. Manual software installation might also be possible (see [[Install Software]]), but that procedure is [[Unsupported|undocumented]] by {{project_name_short}} developers.
== Nheko ==
The original Nheko application is no longer maintained and was last worked on in 2018. [
https://github.com/mujx/nheko
]
This repository has been archived by the owner. It is now read-only.
As an alternative, consider installing [[#Nheko_Reborn|Nheko Reborn]].
== Pidgin ==
Pidgin supports most protocols and OTR end-to-end encrypted chat. However, it is not recommended because it has a [https://pidgin.im/about/security/advisories/ very poor security record] with many remotely exploitable bugs. Security researcher and developer Micah Lee notes this is the result of reliance on legacy protocols and the libpurple, libotr and libxml libraries which are: ''"... massive, written in C/C++, and are littered with memory corruption bugs. ..."'' [https://micahflee.com/2013/02/using-gajim-instead-of-pidgin-for-more-secure-otr-chat/]
== RetroShare ==
{{project_name_short}} developers no longer list RetroShare, which is a [https://en.wikipedia.org/wiki/Friend-to-friend friend-to-friend] (peer-to-peer), decentralized network and not an anonymizing network. Encrypted RetroShare connections support chat, voice and video, mail, file-sharing, forums and Tor. [Unlike other private P2P options, the F2F network can grow in size without compromising their users' identities. Also, passwords or digital signatures are required for authentication.] Although RetroShare is [https://github.com/RetroShare/RetroShare under active development], [See also: https://retroshareteam.wordpress.com/2021/03/15/release-notes-for-v0-6-6/] there are several serious concerns which disqualify a recommendation:
* The RetroShare package is signed with [[RetroShare#Installation|weak 1024-bit keys]] (in late-2018).
* A 2016 code review which focused on implementation vulnerabilities discovered multiple security issues: [https://www.elttam.com/blog/a-review-of-the-eff-secure-messaging-scorecard-pt1/]
** The attack surface is high due to the feature-rich codebase.
** Systemic "insecure coding practice" was identified, particularly ''"...inconsistent return value checking and error handling, poor usage of explicit and implicit typecasting, and relaxed handling of adverse security edge-cases."''
** Within a 24-hour period, auditors had developed proof of concept exploits for web-like vulnerabilities, weak binary protections, and out of bound memory reads and remote memory corruption (promptly rectified by developers).
* A coverity scan of the RetroShare code shows a large number of outstanding defects, along with a relatively high defect density. [https://scan.coverity.com/projects/retroshare-retroshare] [For example, compare this result with the low number of defects and defect density of the [https://scan.coverity.com/projects/tor Tor] codebase.]
== Ricochet IM ==
Ricochet IM (original) is no longer recommended as a decentralized (server-less) option because it is not functional in {{project_name_short}} and deprecated upstream by its original developers. Ricochet IM 'only' uses onion encryption and is difficult to set up and use. OTR or double-ratchet encryption is not available and offline messages are not supported. [
https://github.com/ricochet-im/ricochet/issues/72
] [
https://github.com/ricochet-im/ricochet/issues/405
] Ricochet Refresh is [[Unsupported|unsupported]] since it was broken in {{project_name_short}} 15 [https://forums.whonix.org/t/ricochet-support/7174 despite all efforts to fix it]. A contributor submitted github pull requests [
* https://forums.whonix.org/t/ricochet-support/7174/56
* https://github.com/blueprint-freespeech/ricochet-refresh/pull/101
* https://github.com/blueprint-freespeech/ricochet-refresh/pull/102
] which were unfortunately rejected due to Ricochet Refresh's rewrite [https://github.com/blueprint-freespeech/gosling gosling] in development. [https://github.com/blueprint-freespeech/ricochet-refresh/commit/b0a274c07f0e8afd7b6727e3fe8428e1f9ad5249 The Ricochet Refresh was changed and Ricochet rewrite is now non-freedom software]. The [https://github.com/blueprint-freespeech/gosling/commit/27fe04db12f8d83d44e4c21d94a8331e8aa8b8f5 chosen license for gosling (a rewrite of Ricochet Refresh) is the same non-freedom software license] [https://www.gnu.org/licenses/license-list.html#comclause Commons Clause].
{{Non-freedom-software}}
An issue [https://github.com/blueprint-freespeech/ricochet-refresh/issues/153 Ricochet-Refresh is now proprietary] had been reported. According to the [https://github.com/blueprint-freespeech/ricochet-refresh/issues/153#issuecomment-1126821612 Ricochet-Refresh developer's reply] it seems unlikely that the license would be reverted to a Freedom Software license.
Update: Was reverted? [
* [https://github.com/blueprint-freespeech/ricochet-refresh/pull/156 Adding Comment Headers and Making Changes for REUSE Compliance] has been closed without merge.
]
([[Deprecated/Ricochet IM|archived documentation]])
== TorChat ==
TorChat has not been recommended by {{project_name_short}} developers since late-2015. The reason is [https://github.com/prof7bit/TorChat/issues development has been at a standstill] since 2013 and the TorChat developer does not respond to other people, suggesting the project has been abandoned. TorChat is also an unofficial project and unaffiliated with The Tor Project. Since communication, support, active development and security fixes are essential for anonymity-related projects, modern software alternatives are recommended. [Ricochet IM was previously recommended in this section, since it passed a recent (2016) security audit with flying colors.]
Another reason to avoid TorChat is the findings of a 2015 security analysis [[https://kodu.ut.ee/~arnis/torchat_thesis.pdf Security Analysis of Instant Messenger TorChat]] which inspected the protocol and Python implementation: [https://en.wikipedia.org/wiki/TorChat#Security]
It was found that although the design of TorChat is sound, its implementation has several flaws, which make TorChat users vulnerable to impersonation, communication confirmation and denial-of-service attacks.
== Tor Messenger ==
Do not use Tor Messenger! It was deprecated by upstream developers in early-2018. [
* https://blog.torproject.org/sunsetting-tor-messenger
* [[Deprecated#Tor_Messenger]]
* https://forums.whonix.org/t/tor-messenger-is-no-longer-maintained-as-of-march-2018
]
== Tox ==
Tox is a fully-featured, decentralized (server-less) option which employs strong encryption, but the software is in alpha status.
qTox has been [https://forums.whonix.org/t/tox-qtox-whonix-integration/1219/18 removed from {{project_name_short}}] due to serious security issues.
= Other Software =
For anonymous Voice over IP (VoIP) or encrypted, anonymous phone calls using the Tor anonymity network, see: [[VoIP]].
If a messenger program is not listed in this chapter, it is for now recommended against. If readers feel any privacy-respecting chat clients are missing on this page, first search the [https://forums.{{project_clearnet}} {{project_name_short}} forums] to see if that application has been discussed in the recent past. Any additions to this page will be based on an objective analysis of the software's underlying strength and compatibility with {{project_name_short}}. [
Also see: https://forums.whonix.org/t/client-server-instant-messengers-im/3081
]
= Resources =
* https://www.securemessagingapps.com/
* https://www.privacyguides.org/en/real-time-communication/
* https://privacyspreadsheet.com/messaging-apps
* https://eylenburg.github.io/im_comparison.htm
* https://www.kuketz-blog.de/die-grosse-messenger-uebersicht-kompakt-kritisch-direkt/
* {{ExtLink
|https://archive.is/20250416085840/https://www.heise.de/select/ct/2025/9/2505715264990543311
}} [
Original and web archived behind paywall:
* https://www.heise.de/select/ct/2025/9/2505715264990543311
* https://web.archive.org/web/20250418145817/https://www.heise.de/select/ct/2025/9/2505715264990543311
]
= Footnotes / References =
{{reflist|close=1}}
= License =
{{License_Amnesia|{{FULLPAGENAME}}}}
{{Footer}}
[[Category:Documentation]]