Many people are discussing alternatives to WhatsApp right now. Here I just track how many installations the currently discussed, crypto-enabled alternatives have according to the app store.
WhatsApp was already bad before Facebook acquired it. But at least now people woke up and are considering secure alternatives. Yes, this move could have come earlier, but I do welcome the new opportunity: its the first time wide spread encryption actually has a chance in the consumer market. So for most of the people out there the question is more “which alternative should I use” instead of “should I use one”. Right now I do not have the faintest idea which alternative with crypto support will make the break through – but you could say I am well prepare.
Well – that’s obviously not a long term solution. Thus, to shed some light on the various alternatives and how they stand right now, here is a quick statistical overview:
| Secure Instant Messengers, state updated 2014-03-11 | ||||
|---|---|---|---|---|
| Name | WebPage/GooglePlay | installed devices | Ratings | Google +1 |
| ChatSecure | Website / Google Play | 100 000 – 500 000 | 1 626 | 2 620 |
| Kontalk | Website / Google Play | 10 000 – 50 000 | 237 | 265 |
| surespot | Website / Google Play | 50 000 – 100 000 | 531 | 632 |
| Telegram | Website / Google Play | 10 000 000 – 50 000 000 | 273 089 | 97 641 |
| Threema | Website / Google Play | 500 000 – 1 000 000 | 9 368 | 12 594 |
| TextSecure | Website / Google Play | 100 000 – 500 000 | 2 478 | 2 589 |
The statistics are taken from Google’s Android Play Store. I would love to include iTunes statistics, but it seems they are not provided via the web page. If you know how to gather them please drop me a note and I’ll include them here.
These numbers just help to show how fat an application is spread – it does not say anything about the quality. For example Threema is not Open Source and thus not a real alternative. So, if you want to know more details about the various options, please read appropriate reviews like the one from MissingM.
/home/liquidat 
As much as I embrace the idea of looking for Whatsapp alternatives, I would first try to look for an alternative for Android and all its Google services…
http://jolla.com/ and http://www.plasma-active.org/ 🙂
Which services do you mean? There are many alternatives to host your address book and your contact details as well as your mails.
For maps you can access OSM material through various providers, for media there are the usual alternatives available as well… what are you missing?
I’d be happy if the Telepathy delevopers finally implemented OTR encryption…
Oh yes, that would be great, together with ChatSecure for example…
I am waiting for an android client for Tox. http://tox.im/ Right now it has a working cli client that can securely exchange text messages and A/V support is in the works.
Yeah, but right now I am not fully convinced that Tox will make it. The project is running for months now, and in the meantime vivid and actually quite well made alternatives like TextSecure have arisen. Tox might simply be too late – if it ever makes it.
Why not any jabber/xmpp program with OTR support? No single entity contolling the network and even then your provider cannot see conversations when using OTR messaging. You can have all the parts either as open source or commercial, use your own federated server or use a free or commercial provider.
The question is not about the protocol, but about the client. In fact, ChatSecure mentioned above is nothing else but a very well made XMPP client with integrated OTR support.
As jabber/xmpp clients for android I can think of jitsi, still only available through nighties but working for me. It even does encrypted audio/video. Another option, text only this time, coud be beem, available from f-droid.
Yes, there are more and more alternatives in development – but this page is about the currently available (as in ready-to-install from Play store) solutions. And wagain, with ChatSecure there is at least one fully fledged Jabber/XMPP client available with a long history which is recommended from WhistleBlowers.
Hello! What about viber? 1000 000+ installs and 2770 530 ratings. And exist on linux
Viber does not offer security in form of end-to-end encryption and is thus not an option at all for me. I clarified this requirement above a bit more.
Ubuntu != linux just learn that
Extract a deb isn’t a native solution, same as teamviewer’s linux version which comes with stupid wine
I just want to compile it on my gentoo or download a universal tar ball without extracting ubuntu’s version
Well, “existing on linux” does not mean “native solution” as you implied. So Stepan was in fact right. It exists.
Compiling however requires the source – and that means Open Source, which Viber certainly is not.
But anyway, there is no reason to have Viber here right now since it offers no ent-to-end encryption.
IM silos don’t make any sense.
Jabber/XMPP does!
The list above features at least one user friendly, encryption enabled Jabber/XMPP-Client, ChatSecure. And even Kontalk is aiming at XMPP support.
However, please be aware that XMPP as such was not really developed for mobile usage and many people report problems with lost messages as soon as one partner of a conversation is offline.
So why should there be a reason against any new Open Source IM – even if it comes along with a new protocol? If it really takes off, new clients will be around rather sooner than later, so there will be no “IM silo” with Open Source solutions anyway.
The problem is not the IM messenger… The problem is what your contacts use.
If your friends do not use messenger product “X”… the messenger product “X” is unuseful to you even if it is secure and good!
You can stop communicate with those who still live in 20th century 🙂 I just wait for one more contact I care about to switch to telegram and I delete my whatsapp account. I regret that I bought a year subscription 2 month ago…
If your friend cares as much about you as you do about them, they will accept having to use multiple services. If they do not, then maybe you should question your relation as friends.
Yes, you are right of course – but as I have written above, right now many people are actually willing to make a change. And for that reason I want to track the numbers – to see where many people are changing to.
I can assume that something is problematic in terms of cryptography without cracking anything: if a person without further experience in cryptography starts implementing cryptography routines the result is most likely problematic.
However, afaik right now the Telegram guys are working on improving the situation, so most likely time will tell.
To bad that Telegram seems to have some security problems in there protocol design:
Telegram, AKA “Stand back, we have Math PhDs!”
http://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/
“To sum it up: avoid at all costs.”
And about there Crypto challenge.
http://www.thoughtcrime.org/blog/telegram-crypto-challenge/
Yeah, there are quite some concerns regarding telegrams security model right now. I know they only responded to some of them.
So my personal choice would be either TextSecure or ChatSecure, but unfortunately it looks like the masses are going for telegram…
It’s totally outdated, if the guy from second link is so sure – let him just crack the encrypted traffic, until he or someone else does it you can’t say it’s insecure
Personally, I don’t care much about Telegram’s security, I use it because its API (and clients) are Open Source, because it’s pop and my friends are using it and because the devs promise about opensourcing the server. Telegram works quite well for centralized communication. If I want security (which implies a group of concerned people about security), we’ll use gpg for mail and otr for the instant messaging, there’s no such thing as easy (as user friendly) and secure.
If you don’t care for security why do you not use WhatsApp or Facebook Messenger? There are by far more people using these than telegram.
Also, with the option of quickly scanning a QR code to ensure encryption (as for example TextSecure and I think even ChatSecure support it!) there is actually a quite user friendly way to ensure encryption.
I know there are better alternatives, but Telegram scores best in the combination: Open Source, Free as free beer, Multiple Clients in multiple dispositives, centralized communication.
Regarding security, really, there’s no such thing as user friendly… exchanging QR codes is another layer that may (surprisingly) confuse a normal user, and that only ensures that the device belongs to that person (could be an attacker using his/her phone in other moment)… security it’s more than encrypting the communication, even one of the most important things I would use is the metadata, not the information itself.
I’ve already said, if I want true security it envolves preoccupied users that will learn stuff that aren’t easy (not only the technologies that are being used).
I’d say that “centralized communication” is a bad thing, not a good thing. There is actually no reason why an instant messenger needs to be centralized. E-mail works without any form of centralization, so does the web itself.
Speaking about the metadata, there are ways to introduce for example plausible deniability – that way metadata about communication get useless. Something which Telegram again does not offer.
And regarding encryption and usability: well, I got your point. But I still think that scanning QR codes is something you can teach people. After all they learned to use a mouse, click buttons, enter addresses into browser bars and so on. QR codes might not be perfect security (hacked device, etc), but it that would be roughly the same level as GPG or S/MIME is.
I too use Telegram because it’s smooth and the easiest to convince others to use. Surespot and Kontalk are fully open source but not widespread yet. hope one of them catches on