[lqdc13]

Regarding SMS interception, you can do it with every other messenger that uses this technique, which is basically every messenger that doesn't use passwords.

Regarding the nonce attack, it looks like the devs responded and said it was because of poor random numbers source on the client, which I personally don't understand as a justification. However, they said they'll remove it in the next update and that nonce has been "0" up until now.

Regardless, all of these messengers for cell phones aren't great if you are paranoid. That's because the hosting company's servers have all kinds of data on you as it is. Your contacts, access to SMS, access to location, camera, mic, photos, and all the files on the device.

This is true for all the messengers that are currently in widespread use.

If you are paranoid, use Pidgin with OTR plugin.

[ryanlol]

>If you are paranoid, use Pidgin with OTR plugin.

Don't do that, this is a super bad idea. If you really have to go that way, at least use coyim or something. Definitely not anything libpurple based.

[jsjohnst]

Keybase.io chat is quite good too.

[lqdc13]

Why? Because they had a code exec vuln in 2017?

On the CoyIM site it says: "Not yet audited. Do not use for anything sensitive."

[ryanlol]

So who audited pidgin and libOTR?

>Because they had a code exec vuln in 2017?

No. Look at the code, it’s scary! Pidgin and libPurple were not built with security in mind.

Coyim is being built ground up in an effort to avoid the numerous issues surrounding Pidgin/libOTR.

I think you absolutely should not use either, but if you’re going to use one at least use Coyim.