Ask HN: Are there any truly private chat apps?
If you have to input email, phone or any identifying info to use - it's not private. I'm thinking about a messaging service that generates a key for you to use for identification and encryption. All data is encrypted on the client side. Everything is tied to a single key that the user is responsible for keeping safe to access their chats.
Does something like this exist? Amethyst is GPG based so it's the opposite of private, it's verifiable. Briar is end to end encrypted without any other methodology to identify you besides the meta information (briar hash), so it's as private as it can get. But, it's painful to do a handshake, both peers need to be online at the same time. The important question is: Do laws regarding privacy should apply to everyone? Encryption is a cat and mouse game that shifts the focus from personal rights to technological prowess. Of course the problem of law is harder and less fun to discuss, but eventually is the only path to true privacy. SimpleX? Yes, at a quick glance, this is it. I'm curious about the obsession with random numbers. How feasible is it to crack even a simple uuid4 identifier? To answer the question a simple 6 digit number a few hows with an off the shelf brute force program. 10 to 20 digits could take a year if it's a good generator. 40+ digits good luck with that I doubt there's many on this site that would even know of the names of the software needed for that and far fewer outside of a 3 digit organization that has the time to dedicate a high end computer for the job. It's just easier to get the information via social eng means or a $5 hammer to the knee caps. For those who don't: https://xkcd.com/538/ (classic!!!!) without a user id number it has to track your usage think about that for a minute. Session - no phone number or e-mail needed. It creates a 66-digit alphanumeric number for user identification when you create a new account. yes, that's it IRC on SIPR is private. Properly private .. or recoverable via an FOI after the appropriate lapse of time? Even if not entered into a formal record, properly private, or logged by higher command and saved for X days in case of need for review. I can believe it's secure from outside hacking, I question whether it's private w/out some form of logging baked in. Logging: do you include the logging of: your browser, your ISP, your Windows machine, your router, Google (if you are using their browser), Microsoft (if you are using their browser), VPN provider (if you are using VPN), etc. I primarily include chat logs made by third parties not chatting when discussing the privacy of a chat protocol. Traffic analyis is a secondary concern.