Shadow Wiki

browsers
darknet
email
hosting
im
mobilecomms
software
uspol
namac/index
This page uses valid XHTML 1.0! This page uses valid CSS! Use any browser. XMPP Spyware Watchdog. Digdeeper. baobab Nuegia RetroImages Novaburst Theundercoverman (archive) qorg11 EldritchData Kallist Society
Comment on the forum thread about this page, I respond to all comments!: [Tor/Onion] [I2P/Eepsite] [Clearnet/RetroImages Reverse Proxy Tunnel thru I2P]

           Prologue           

       Introduction       

       TL;DR       

Behold, most IMs suck profusely as they are of propriety centralized design. You should use XMPP (the eXtensible Messaging and Presence Protocol). IRC isn't bad either. Everything else either has issues, lack of features or is obscure.

       The Table of Instant Messaging Systems       

Name Spyware Rating Network Architecture Operating System License Verdict
Adamant Unrated Decentralized, Blockchain Android and Web GPLv3 ?
Briar Unrated Decentralized, P2P Android GPLv3 Probably okay
Cabal Unrated ? Electron AGPLv3 (core), GPLv3 (client) ?
Cwtch Unrated Decentralized, Semi-P2P Linux, Windows, macOS, iOS & Android MIT ?
DeltaChat Unrated Decentralized, same as email Various MPLv2, GPLv3 Probably okay
Discord Extremely High Centralized Web Interface and Electron, 3rd party clients prohibited Proprietary Do Not Use
IRC Unrated Distributed, Load balanced Various, depends on client Depends on implementation, usually open source Good
Jami Unrated Decentralized, P2P Various GPLv3 Probably okay
Keybase Unrated Centralized Linux, Windows, Mac, Android, iOS Custom Open Source (Client), ? (Server) Do Not Use
Matrix Unrated Decentralized w/ dominant instance (matrix.org), Federated Web Interface and electron (official client), Various (3rd party clients) Apache (official implementations), various (other) Avoid When Possible
Psyc Unrated Decentralized, Federated Various ? ?
Signal Unrated Centralized Various MIT Avoid
Session Unrated ? ? ? ?
Skype Unrated Centralized Various Proprietary Do Not Use
Telegram Unrated Centralized Various Open Source (client), Closed Source (server) Do Not Use
Threema Unrated Centralized Android, iOS, Web GPLv3 (client), Proprietary (server) Avoid
Tox Unrated Decentralized, P2P Various GPLv3 Avoid When Possible
Utopia Unrated ? ? ? ?
Wire Unrated Centralized Various AGPLv3, GPJv3 ?
WhatsApp Unrated Centralized Various Proprietary Do Not Use
XMPP Unrated Decentralized, Federated Various, depends on client CC-BY-SA 2.0 (specification), Various (client) Good

       Instant Messaging Systems Notes       

Adamant

Adamant is a crypto/blockchain based messenger that is paid. It's biggest downside is that it only offers web and app clients.

Briar

A peer to peer messenger that works over Tor. There is only an Android client, and you must scan a QR code to friend someone.

Cabal

?

Cwtch

?

DeltaChat

Rather than reinventing the wheel, DeltaChat uses an already existing email server (any) to relay communication, but in a chat-like realtime form. It is essentially an email client. It uses "Autocrypt" encryption.

Discord

For the love of god please do not use this platform.


Discord by OpenFeint Ltd


I think Discord is not appropiate for anyone because, contrary to popular belief, it works against the user in many ways.


Besides being spyware, Discord has implemented a black box system to flag accounts automatically, having to now follow a dubious-at-best laundry list to not be coerced into giving them your phone number. You may not believe my personal account, but I was banned from 3 accounts for using a custom client (Ripcord). The following things were taken care of, however they were futile efforts:

  1. Changed IP address
  2. Used popular email services (google mail and mail.com)
  3. Used spare phone numbers, every time I was asked to verify it
  4. maybe other things, ask me for more

On all 3 accounts, whenever I responded to a direct message, it got my account disabled. All 3 times, with an email response stating I would not get my account back. Also, when a friend's account was disabled, he said he was transsexual, and it got him unbanned. There have also been cases of users suspected to be under the minimum age for Discord, that is 13, being requested to send their government-issued ID: [1] [2, in Russian].

Tangentially, don't forget about those staffed at Discord (cub porn scandal) and their marketing strategies (built on shilling). They also have a blatant political bias. (free speech for me but not for thee...)

But it gets worse. There is also public proof they automate analysis of anything you put through their network. A prime example is their purchase of Sentropy, an "AI anti-harassment company". One can only wonder where they came from... Another one is them using Google Cloud Storage for their CDN, as one can clearly see a reference to it when a file is unsuccessfully accessed:

<?xml version='1.0' encoding='UTF-8'?>
            <Error>
                  <Code>AccessDenied</Code>
                  <Message>Access denied.</Message>
                  <Details>
                        Anonymous caller does not have storage.objects.get access to the
                        Google Cloud Storage object.
                  </Details>
            </Error>

You could presume they are just using this for affordability reasons, however, Microsoft's PhotoDNA is known to be used by Discord: (original) (local archive)

We reported 6,948 accounts to NCMEC during the second half of 2020. This figure represents distinct accounts reported and not the total number of reports submitted.

The majority of our reports were for child sexual abuse images flagged by PhotoDNA hashing software. Trust & Safety reviews all flagged images and reports confirmed instances of child-harm content. These totals are represented as “Media reports” in the graph above.

Another 83 of our reports were for higher-harm grooming or endangerment situations. Trust & Safety thoroughly investigates all cases that could result in immediate harm to a minor. We partner closely with NCMEC to ensure that time-sensitive escalations receive prompt attention.

Realistically, the only way PhotoDNA could do this is if it had samples to compare to, and that seems to be the case (note the infographic's source). They hash the images first, of course, but there's still the question: where do they get those samples from? Hmmmm...

Anyway, this is just speculation, but I believe with all this proof of weird automation, it would not be far-fetched to say they are also using Google CloudVision AI to identify and datamine the contents of all images in general (the whole botnet package, right?).

Now, to round it off, Discord's founder Jason Citron had founded a company called OpenFeint which was subject to a class action suit over privacy issues (more info here). He sure learned a lesson from that, it's impossible to do that against Discord now. [youtube] [local backup]

Alternatives?

I don't mean to market to you with this little writeup (once again, not like them...). But XMPP and Mumble have worked quite well for me so far. Not only are they quite feature rich in their own right, but you have the promises of independence, security and privacy. They're also computationally effective and bandwidth effective, even moreso than Discord. I suggest you try them out as an alternative for online communication at any scale.

But the alternatives don't have everything Discord has! With time, I've either found those features' ideas manifested in a different way, or just either forgot about them or don't miss them.

Although personally I don't do video conferencing, I've heard about Jitsi Meet, Spreed and BigBlueButton. Hopefully some XMPP clients are able to leverage jitsi-videobridge in the future, instead of having to use its WebRTC interface (Jitsi Meet).


It's clear this happens throughout history, but, right now, Discord has faciliated the descent into a mindset in which the person is a slave of himself, impulsed by emotionality, almost losing a capacity of insight. At least, that's what it seems like when I bring up the Discord Question to any Discord user.

The vicious cycle of "but all my friends use Discord" can only be ended by realizing that's what Discord itself WANTS happening, and working actively to escape it. I invite you to begin a migration to a better communications system right now, because tomorrow you'll say "tomorrow", and it will never happen.


Others have written about why Discord is really terrible:

IRC

The oldest and longest lived of all chat systems (and still in current use today), IRC was initially one network before getting forked into a plethora of different networks and implementations. Encryption can be had with TLS and OTR, probably other methods too. Features associated with modern chat system such as history can be found in IRCv3.

Jami

Jami is a peer to peer chat application most akin in features to Skype. However, development has been slow so it may lack many features.

Keybase

A messenger from the same entity that does that Keybase website, which is owned by the makers of Zoom no less.
Will collect your data, especially if unencrypted.[1] You also can't talk about weapons or firearms.[2]

Matrix

The reference client, Element (formerly Riot) is web based and only works on big 5 and big 5-adjacent web browsers. The alternative clients almost always miss critical features such as moderation or encryption (check out the WeeChat plugin, not to be confused with WeChat).
The reference server implementation (Synapse) is massively bloated and very poorly performing. The premier alternative, Construct, is purportedly treated in a hostile way[3] by the reference developers.
The official (massive) instance, matrix.org, is Cloudflared and employs a Google ReCaptcha to keep people away, and is hosted on Amazon servers. If you do use Matrix, be sure to use an independent homeserver or self-host.
  1. 3. Hacker News - Riot/Matrix is a chat standard, but it's not an open standard, 3/12/2019 https://news.ycombinator.com/item?id=19365968

Psyc

Seems to be an implementation of XMPP, but in a different way.

Signal

A common crutch for cattle who are to scared to use XMPP or SIP. Outclassed in every possible way by XMPP.

Session

? Has something to do with LokiNet. Site is clownflared so here's an archive link.

Skype

A botnet owned by Micro$oft.

Telegram

Famous because they had to leave Russia. While the client is open source, and possibly the server software (?) this is meaningless because the whole thing is setup to only use their servers. Requires a phone number, and encryption only works on 1 to 1 messages (?).

Threema

Yet another "secure" "anonymous" "app" that's centralized.

Tox

P2P but there are concerns their crypto, also very poor client support.

Utopia

?

Wire

Another centralized "secure" messenger.

WhatsApp

Facebook owned.

XMPP

Pending.

           Epilogue           

Powered by NAMAC! Licensed CC0. Disclaimer.