Almost all those can be self-hosted, and built from source, so matrix, xmpp, simplex, are fine. Don’t use anything that’s uses a centralized server in a five eyes country, like signal or threema.

That article in Signal is bogus. It is entirely based on speculation from how funding comes in, and also either ignores, or misunderstands how Signal fundamentally works.

The EFF recommends Signal, and it’s one of the most secure ways to communicate.

https://ssd.eff.org/module/how-to-use-signal

You can make your own decisions, but if you just grab any random arguments, you’ll find a reason to doubt everything.

XMPP lacks good clients and suffers from fragmentation of protocol standards implementation

• For Android: Conversations is excellent, also on F-Droid if you don’t want to use the Google store.
• For iOS/MacOS: Siskin or iOS/MacOS: Monal.
• For Linux/Windows: Gajim or Linux: Dino.

“Protocol fragmentation” is not a valid complaint about XMPP – it’s like complaining that ActivityPub is fragmented; but that’s not a problem: you use the services (Mastodon, Lemmy, Kbin, etc) built with it which suit your needs, mostly interacting with that sector of the federation (eg, Lemmy+Kbin), but get a little interoperability with other sectors as a bonus (eg, Lemmy+Mastodon).

I don’t consider those comments regarding Matrix as problematic. Don’t use someone else’s server if you don’t trust them - including a third party lookup server.

/selfhosting Matrix

Signal, Threema, SimpleX.

Your source is ridiculous. Please educate yourself about more how Signal works.

It really just depends on your threat model.

Think it in this way: What is the most secure way to walk in the city? You’ll need a team of armed bodyguards and wear a full bulletproof vest. Do you REALLY need this level of security? Who are you protecting from? If the answer is a criminal organization or law enforcement, then yes, probably. But if the answer is a random thief, then you’ll probably need to just carry a gun, pepper spray, knife etc.

Same goes for privacy online and messenger in this case. Are you an activist or a drug dealer? Then you’ll probably need Tails + something like SimpleX via TOR. Otherwise, if you are just concerned of typical surveillance capitalism (and don’t want the government to scan your chats like it probably will in the EU after Chat Control), in my opinion, Signal is the best compromise of privacy, security and convenience.

You could try Molly if you don’t like Signal

Personally using Threema and happy with it.

Depends a lot on who you’re talking to, and your, and their threat models. For many, signal provides pretty good protection, which brings us to a salient point, anything that actually provides good security will attract plenty of negativity, often from state level actors who feel (are) threatened. If you’re playing at that level, adam_y is right, dead drops and one time pads. Presuming lesser threat, signal beats telegram and FB etc. Email is plaintext unless proton to proton, encrypted email is fine (look at PGP) and indeed if you encrypt at home before sending it’s pretty much a dead drop anyway, as long as the other party has a key, and I’m wandering off the beaten path.

Seems you want a secure messenger that works and are scared by random crap because you don’t have the relevant knowledge to decide (spoiler, very few do, and it’s insider knowledge, the world is imperfect), fair enough, but don’t let perfect be the enemy of good. As long as you’re willing to give up your phone number, Signal is well regarded (exchange privacy for security, you decide). But yeah, no perfects, world imperfect, trust hard, deal ;)

After looking at the article about why not to use Signal it sounds like you’re looking for any excuse no matter how small to not use something. If that’s the case you might as well not communicate with anyone at all.

DeltaChat. I don’t use it myself because it’s built on electron (which basically excludes 99% of modern chat clients); but as it’s technically an email client turned into a chat client, we can assume you’re protected by PGP when writing to most users, and with the added effect of not needing to convince anyone to install anything since from their end it’s just an email.

Dead drops and one time pads.

Set up a numbers station if you can afford it.

So, we have reasons not to use Signal, reasons not to use Matrix

yes, nearly all possible things in the world have been argued by someone somewhere already

For me SimpleX does everything I need. Unified push would be nice, and would address battery usage. I don’t need or want message sync, so that’s not an issue.

They all have tradeoffs, so it’s just a matter of your priorities. For instance I’m OK with the higher battery drain because it’s not using Google.

What level of attacker do you realistically need protection from?