It seems like I constantly see “X secure messaging option is actually bullshit because it was purchased by Dr. Evil and Y is actually just e-mailing your messages directly to Xi Jinping.”
Is there an authoritatively “best” one I can just…download and setup easily? Is Signal good? Or do I need to solder a Raspberry Pi to the flux modulator of my home Linux NAS GUI, etc…?
For everyone suggesting signal, have a read here and then decide for yourself.
https://github.com/signalapp/Signal-Android/issues/8974
Claims require evidence in proportion to their extremity. There is no evidence of a backdoor in that issue. If a security researcher made a post saying “Signal is CIA backdoored, here is exactly how it works,” then I would read it and use my relevant domain knowledge as a software dev to make a decision. No explanation is provided, so I have nothing to use to decide. Therefore, my viewpoint is unchanged.
Signal has been audited, and I believe it’s been audited multiple times. If you’re worried about your 4th amendment rights in the US, don’t turn on backups. If you have something serious to hide and your threat model includes state actors, send messages that delete themselves after a certain time period and enforce that discipline amongst your peers. The poster’s concerns sound like a skill issue to me.
They might have valid concerns, but when the writeup includes stuff like
it’s hard not to imagine the whole thing hand-painted on the side of a van.
I agree, that’s why I specified “make your own decision”. It’s better to have an informed opinion than just trust it.