Instant messengers

When I started growing more than 20 years ago, ICQ with the OTR (off the record) plugin was the way to go for encrypted instant messaging. Then ICQ changed their protocol which separated the network and proprietary client from the open source and encrypted IM-Clients (like mirandaIM or pidgin). Today the support for ICQ was rebuild for Pidgin and Miranda NG which makes it usable again.

About 10 years ago Jabber with the XMPP protocol was big and is still in use today. A big disadvantage was and is the unreliable server structure, which requires changing the server (when the owner decided to shut it down for example), registering a new username and informing every contact about this change.

Today Wickr and Telegram are more or less widely used, both are encrypted but their client and infrastructure are proprietary. Wickr was acquired by amazon 2 years ago, so it is in the hands of the US-Government and Telegram already sold out their users to the German Government (political opposition). Sure there is Signal (another Instant Messenger) but as they require the phone number for registration, the anonymity is wasted right from the start, same applies to telegram, icq (or you have an old icq-account, then you don’t need to create a new account).

Here I have compiled a small list where with pros and cons.

ICQ: Encrypted messaging through proprietary infrastructure, requires a phone number for new accounts
Jabber/XMPP: Encrypted messaging through open infrastructure, when your xmpp server goes out of business you need a new one and inform everyone abut that change
Telegram/Signal: Encrypted messaging through proprietary infrastructure, requires a phone number for registration, so no anonymity right from the start which makes the encryption senseless
Wickr: Encrypted messaging through proprietary infrastructure
WhatsApp: You joking right?

What IMs do you use, or what IMs should anyone use when he/she wants to interact with OG members?

2 Likes

I use Signal, but TBF I use it for regular run-of-the-mill things. Mostly keeping up with old housemates from 30 (yikes) years ago.

I’m not too worried about Signal having my phone number.

1 Like

Discord seems to be the most common way for me these days

6 Likes

The question is, how secure is Signal or Discord for cannabis-topics.
Discord is with voice I guess which would make it easier to identify someone.

Signal with its phone numbers could be critical… As these phonenumbers can be checked automatically with phone numbers logged in mobile cells in the near of Cannabis-states like California, Oregon, Colorado etc. In Germany we have the Netherlands which is kind a Cannabis-State of Europe, they were several cases where the cops visited the tourists at their homes at the same day, after they crossed the border (on the way back home from NL to Ger) with their switched on cellphones.

The only thing I can imagine would be Jabber or ICQ (with an old account) used via the Pidgin or MirandaNG Messenger.

Iphone to iphone with no cloud backup…enhanced encryption turned on for both phones if you have cloud backup on. Could always go into lockdown mode when not messaging also. Turn off all notifications.

1 Like

Discord is even more open than whatsapp. every channel can be seen by management. People have been banned off Discord for saying or posting certain things in cannabis discord communities.

2 Likes

Personally I don’t trust any form of electronic communication to be fully secure. I guess there was a FOIA request in 2021 that revealed that E2EE messages are mostly safe as long as you don’t use cloud backup services. But that’s safe from the FBI, they’re not gonna tell you all the nefarious stuff the NSA can do. I just try to follow the only-break-one-law-at-a-time rule :wink: . Not that I’m trying to excuse this big brother shit, but I’ve got too many other things going on in my life to rage on it all that much.

4 Likes

yeah, technically last I checked the NSA has a backdoor in every single ethernet and wireless chip made. Even if they didn’t or don’t now, all the traffic is being routed through PRISM or some other similar program. E2E is cool and all, but we already have quantum computers that can break every known level of encryption we have in minutes at most.

Kinda can just do the best you can and hope… for the best :sweat_smile:

3 Likes

To actually contribute here. I don’t know of anything technically better than Signal. I use it but only barely, most just don’t. I do use Telegram and Discord too but am aware of the fact anything can likely be taken off there.

4 Likes

If they want to read it they can. Nobody will ever convince me otherwise

9 Likes

You beat me to it.

Privacy is non-existent today.

The thing is, they lack the manpower to keep track of us all.
They gotta find and pay people who are willing to do that kinda work.

2 Likes

E2EE itself is secure enough, no question. But when the phonenumber is known, you are identified anyway.

@HolyAngel Not realy the Off-The-record-Protocol (remeber it was released back in 2004) encrypts every single message with a new key. Even with quantum computers they would need years to decrypt a full conversation.

Encryption is not the primary problem here, it is the pattern that you only get E2EE when you reveal your identity which makes E2EE/encryption senseless. The only way you can have both is jabber in combination with pidgin or MirandaNG.

2 Likes

I’ll definitely check that out :+1:

Not sure how useful it is for what you want to do but PGP may be worth looking into.

1 Like

The manpower isn’t needed in the present. All of evidence is there. If you catch there eye, they’ll just focus on you and follow it back

1 Like

I started using Signal because a friend wanted to show me photos of his plants. You can set it so photos you send can only be opened once and then disappear.

I’m in a legal state and am not doing anything worthy of the feds attention, so I’m not concerned.

1 Like

Youre right, PGP is often used for not instant messaging like emails. But the technology behind it is the same. Every PGP-user has 2 keys a public one for encryption and a private one for decryption. When you wanna send an email to someone who has published his PGP key (often under or above his email-address) you encrypt with PGP your message and send this to him via email.

When he received this email, he decrypts it’s content his private key.

Instant messengers are doing this on the fly, while you chatting back and forth, that’s why it’s so convenient.

1 Like

Pretty much to do anything completely anonymously today you’d need a burner phone purchased in cash setup on a public network wearing something to obscure facial recognition software. Granted I don’t think anyone’s going after weed that hard today lol.

2 Likes

Yeah I already noticed that the situation in the USA and CA (I guess the most members are from there) is much more relaxed than here in Europe. Or it depends on the state, I mean the phrase “Don’t mess with Texas” is well known, even here.

2 Likes

The only secure form of communication is Face to Face

5 Likes