After WhatsApp updated its privacy terms and millions of users got angry, people started to move from it to Signal and Telegram. It even caused some problems for Telegram and Signal servers as they didn’t expect that much users.

Signal is known for its encryption and privacy and I think they are doing a very good job but I don’t trust them. The thing against Signal is that it’s not really free software. Signal has a code/repository that is published with a free (as in freedom) license but the app itself is not libre.

Signal’s app is not on F-Droid. The only way to get Signal’s app is to download it using Google Play Store. When many people complained, they published an APK which is really really hard to find and is still using Google Play Service, if it’s available on your phone.

Signal doesn’t let you connect to Signal using the app you created yourself. Even if you compile their exact source code, it will only be active at most for 90 days.

But what I use instead of Signal and Telegram? I use Matrix and XMPP. They are decentralized messengers and truly free (as in freedom). With Matrix and XMPP, I have true liberty over my computing and messaging. I can run my own server if I don’t trust others and I can make sure encryption works the way I want.

I can compile/build my own app and know for sure that the app works as it is expected. Unlike WhatsApp, Telegram, and Signal which have centralized servers, Matrix and XMPP are decentralized and there’s no main server. I know for sure what’s happening on the server (as I can run my own) and I’m sure the app communicates with server exactly how it says so or I want it.

Many intelligence agencies or tech companies try to fool people by telling them that their backdoors are only for good people. I think there’s no need to say that’s a lie.

There’s no meaning in encryption or security when there’s a backdoor. There is no such thing as a backdoor that only lets the good guys in. If there’s a “master key” that unlocks millions of accounts, every cracker on the planet will be after it.

A compromised encryption backdoor could give cyber criminals access to your bank account, your personal messages and other sensitive information.

Don’t think crackers can steal the master key? Think again. Both the CIA and the NSA were breached in 2017 by mysterious organizations that stole and published the spy agencies’ cracking tools. The same year, cyber criminals stole an NSA exploit and used it in a massive, worldwide ransomware attack. The fact is, if the government or anyone else controls a master key, eventually it will get out.

Crackers aren’t the only threat: Governments may also use encryption backdoors for harm. The U.S. government has already revealed its willingness to spy on citizens without a warrant. If liberal democracies cannot be trusted, what about China, Russia, Saudi Arabia, or countless other authoritarian states? Encryption backdoors could be used by repressive regimes to help them persecute journalists, dissidents, religious minorities, the LGBT community, and anyone else they please.

I’m a fan of decentralized networks. I use Mastodon instead of Twitter, I use Pixelfed instead of Instagram, and I use IRC and XMPP instead of Whatsapp. I’m very well satisfied with my experience. I don’t feel lack of any social network or messaging system.

I respect myself, therefore I don’t use proprietary apps and networks. If someone needs to contact me or have a digital social relationship with me, then that person can start a respectful relationship by using free software and privacy-minded networks.

However, I should mention that not all of Fediverse or decentralized services/products are good. For example, some programs/networks don’t have a good user experience.

With rising concern about privacy violations and security issues of computer technology giants like Big Tech, companies and products are now advertising for themselves using the term end-to-end encryption to mislead users.

I’ve always said that end-to-end encryption only works if you’re in control of the encryption secret/public keys, not the product/company. Sadly, many fall into the false claims of tech giants about privacy.

This week, Texas Attorney General filed a lawsuit [PDF] against Google in which it explains that Google has accesses encrypted messages sent and received by WhatsApp, The Register has reported.

End-to-end encryption supposed to eliminate the ability of middle-man or messaging servers/companies to read the message. Now, if we don’t control our encryption keys and rely on keys that are controlled by the company (messenger provider), there’s no difference with no encryption at all.

Messengers like Facebook Messenger, WhatsApp, Google stuff, etc. are not safe, even with encryption because the company is controlling the keys, thus can read and share our messages, encrypted or not.

I always have suggested libre decentralized messaging software like Matrix and XMPP which can be self-hosted and secured with true end-to-end encryption.