[eatbitseveryday]

There is a lot of hype over encrypted chat programs.

Telegram's encryption is not end-to-end unless you opt into "Secret Chats"[1] and many claim their crypto is not secure[2,3] as they rolled their own[4].

The latest Google chat app Allo also backed away from defaulting to end-to-end encryption for all messages as it lessens the quality of their auto-assistant[5].

The Axolotl protocol (developed by Moxie and Trevor[6]) is available in Signal and was later adopted by WhatsApp. Signal has far fewer features than other chat applications, and people aren't clamoring much about it; I would guess because many people place features > crypto.

Wire (wire.com) uses this protocol as well[7].

WhatsApp being part of Facebook has already called into question their handling of privacy[8], the feature they were originally advertising as their main strength.

[1] https://telegram.org/faq#secret-chats

[2] http://security.stackexchange.com/questions/49782/is-telegra...

[3] http://www.cryptofails.com/post/70546720222/telegrams-crypta...

[4] https://news.ycombinator.com/item?id=6916860

[5] https://news.ycombinator.com/item?id=12547130

[6] https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm

[7] https://wire.com/resource/Wire%20Security%20Whitepaper/downl...

[8] http://www.nytimes.com/2016/08/26/technology/relaxing-privac...

[microtonal]

Still hoping that iMessage will switch to Axolotl rather than their broken E2E design.

[kuschku]

And in case @m0xie complains that we should call it the "Signal Protocol":

No one will call it that as long as you claim that Signal is trademarked, and threaten legal action against projects using that name.

The LibreSignal issue, where you behaved worse than a kindergarten child (and I know, I volunteered to work some weeks in a kindergarten a few years ago) is still in memory for most people.

[tw04]

Given that it's not multiplatform it's kind of irrelevant. It's not a replacement for any of the others. I mean, yay for better encryption, but it's not going to help anyone on Whatsapp today.

[philippnagel]

So what's recommended then? Signal, Wire and Tox?

[tdkl]

If you want desktop clients (electron, but at least not Chrome app) try Wire.

[krautsourced]

What's recommended is not posting anything you absolutely need to be secure through some instant messaging app...

[eatbitseveryday]

It isn't about securely sharing highly sensitive material, but enabling verifiable privacy of typical communications. For example (hypothetically) me discussing cancer with a family member, or financial information, or (in countries where there is government oversight) organizing protests.

If not using a secure end-to-end encryption method such as chat, what do you recommend?

Email providers such as ProtonMail provide the same but in the form of email. Telephone calls are not secure, and neither are text messages.

[reitanqild]

If you are like me you can even use Telegram.

For the things I post on Telegram I don't care about crypto but rather about a good desktop client, features months ahead of Whatsapp, nice niche communities, bots (including the hn bot which is really nice to see all things that have been voted above a configurable threshold during the day.)

Now that I think of it a lot of what I use it for is as a RSS and twitter replacement: subscribing to channels and groups, occasionally posting harmless stuff.

[jhomedall]

A message should only be readable by the intended recipient, regardless of how sensitive the contents are.