A secure, free alternative to WhatsApp that is fully under your control

Update: Nowadays, better look into a Matrix homeserver.

With Facebook’s acquisition of WhatsApp, many people are turning to alternatives such as Threema or MyEnigma. But these alternatives, while offering better security than WhatsApp, are still based on proprietary technology and controlled by a single company. Also, they have somve privacy issues:

  • Threema requires that you have the Google apps installed on your Android phone. This is nonsense, since you can buy the .apk file directly from Threema, but cannot use it unless you have the Google apps, and in that case you could have bought it through Google Play as well.
  • Threema uses Google Cloud Messaging for notifications. That means Google still knows about your chat activity.
  • Threema and myEngima are both closed source, so you cannot be sure what they actually do. You also cannot get them through F-Droid or other app stores that carry Free Software.
  • myEngima seems to not be available through any other means than through Google Play. Update: This is wrong, myEngima customer support gave me a direct URL to the .apk file. I just don’t know if they use Google Cloud Messaging, they didn’t respond to that.

If you want to avoid these problems, you can, thanks to Free Software. You can offer your friends and family your own solution for chatting, and as a free bonus, this stuff comes with full desktop support, not just mobile. So you can transparently chat with your friends either from a mobile device, your tablet, your laptop or your desktop, and you have the full source code of all the components involved.

Did I mention it’s encrypted end to end and very simple to use? No? It’s that, too.

All you need to do is:

  1. Set up your own XMPP server. I can recommend Prosody. It’s very easy to set up and has Debian packages available.
  2. Make your friends install ChatSecure. On Android, this is also available from F-Droid. Inside Apple’s golden cage, it’s only available from Apple’s store I guess. It might be on Cydia, but I don’t know of a way to check.
  3. Create accounts for your friends on your XMPP server. Enable the ‘muc’ module if you want to allow group chat via conferences.
  4. Make everybody connect. As an extra bonus, make everybody exchange fingerprints so you can have secure end-to-end messaging.

You might want to consider restricting connections to SSL-only so all possible channels are encrypted.

If you don’t have hardware you control yourself, Prosody is very resource-friendly and runs fine even on very small virtual servers you can rent somewhere. There are services like gandi.net that are reasonably protective of your privacy.

Let me know how this works out for you.

Leave a Reply

Your email address will not be published. Required fields are marked *