ChatSecure

Last updated
ChatSecure
Original author(s) Chris Ballinger
Developer(s) Chris Ballinger, David Chiles, and contributors
Initial release1.0.2 / February 27, 2012;11 years ago (2012-02-27) [1]
Stable release
5.0.4 [2] / August 13, 2021;2 years ago (2021-08-13)
Repository github.com/chatsecure
Written in Objective-C, Swift
Operating system iOS
Size 10.7 MB [3]
Available in30 languages [3]
Type Communication
License GPL-3.0-or-later [4]
Website chatsecure.org

ChatSecure is a messaging application for iOS which allows OTR and OMEMO encryption for the XMPP protocol. ChatSecure is free and open source software available under the GPL-3.0-or-later license.

Contents

ChatSecure has been used by international individuals [5] [6] and governments, [7] businesses, [8] and those spreading jihadi propaganda. [9] [10]

As of July 2023 the app haven't received any updates in almost two years, which may indicate that the app was abandoned. [11]

History

ChatSecure was originally released in 2011, and was the first iOS application to support OTR messaging. [12] In 2012, ChatSecure formed a partnership with The Guardian Project and the Gibberbot app was rebranded to "ChatSecure Android". [13]

In late 2016, the Android branding partnership was ended, [14] [15] with ChatSecure Android becoming 'Zom', [16] and ChatSecure iOS remaining as ChatSecure. ChatSecure iOS remains in active development and is unaffected by this change. Version 4.0 was released on January 17, 2017. [17]

ChatSecure is censored from the App Store in China. [18]

Reception

In November 2014, "ChatSecure + Orbot" received a perfect score on the Electronic Frontier Foundation's "Secure Messaging Scorecard"; [19] the combination received points for having communications encrypted in transit, having communications encrypted with keys the provider doesn't have access to (end-to-end encryption), making it possible for users to independently verify their correspondents' identities, having past communications secure if the keys are stolen (forward secrecy), having the code open to independent review (open source), having the security designs well-documented, and having a recent independent security audit. [19]

See also

Related Research Articles

<span class="mw-page-title-main">Pidgin (software)</span> Open-source multi-platform instant messaging client

Pidgin is a free and open-source multi-platform instant messaging client, based on a library named libpurple that has support for many instant messaging protocols, allowing the user to simultaneously log in to various services from a single application, with a single interface for both popular and obsolete protocols, thus avoiding the hassle of having to deal with new software for each device and protocol.

Off-the-Record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.

eBuddy Instant messaging software

eBuddy is a privately held Dutch software company that offers instant messaging services. As of 2011, eBuddy reported 100 million downloads. The company's flagship service is XMS, a proprietary cross-platform instant messaging service. After some changes of ownership, the company is now again owned by its original founders, Onno Bakker and Jan-Joost Rueb.

<span class="mw-page-title-main">Cryptocat</span> Open source encrypted chat application

Cryptocat is a discontinued open-source desktop application intended to allow encrypted online chatting available for Windows, OS X, and Linux. It uses end-to-end encryption to secure all communications to other Cryptocat users. Users are given the option of independently verifying their buddies' device lists and are notified when a buddy's device list is modified and all updates are verified through the built-in update downloader.

Silent Circle is an encrypted communications firm based in Washington DC. Silent Circle provides multi-platform secure communication services for mobile devices and desktop. Launched October 16, 2012, the company operates under a subscription business model. The encryption part of the software used is free software/open source and peer-reviewed. For the remaining parts of Silent Phone and Silent Text, the source code is available on GitHub, but under proprietary software licenses.

Wickr is an American software company based in New York City, known for its instant messenger application of the same name. The Wickr instant messaging apps allow users to exchange end-to-end encrypted and content-expiring messages, and are designed for iOS, Android, Mac, Windows, and Linux operating systems. On June 25, 2021, Wickr was acquired by Amazon Web Services.

Surespot was a free open-source instant messaging application for Android and iOS with a focus on privacy and security. It was shut down on July 31, 2022.

TextSecure was an encrypted messaging application for Android that was developed from 2010 to 2015. It was a predecessor to Signal and the first application to use the Signal Protocol, which has since been implemented into WhatsApp and other applications. TextSecure used end-to-end encryption to secure the transmission of text messages, group messages, attachments and media messages to other TextSecure users.

<span class="mw-page-title-main">Open Whisper Systems</span> Open source software organization

Open Whisper Systems was a software development group that was founded by Moxie Marlinspike in 2013. The group picked up the open source development of TextSecure and RedPhone, and was later responsible for starting the development of the Signal Protocol and the Signal messaging app. In 2018, Signal Messenger was incorporated as an LLC by Moxie Marlinspike and Brian Acton and then rolled under the independent 501c3 non-profit Signal Technology Foundation. Today, the Signal app is developed by Signal Messenger LLC, which is funded by the Signal Technology Foundation.

Threema is a paid cross-platform encrypted instant messaging app developed by Threema GmbH in Switzerland and launched in 2012. The service operates on a decentralized architecture and offers end-to-end encryption. Users can make voice and video calls, send photos, files, and voice notes, share locations, and make groups. Unlike many other popular secure messaging apps, Threema does not require phone numbers or email address for registration, only a one-time purchase.

<span class="mw-page-title-main">Briar (software)</span> Mesh-networking and messaging app

Briar is an open-source software communication technology, intended to provide secure and resilient peer-to-peer communications with no centralized servers and minimal reliance on external infrastructure. Messages can be transmitted through Bluetooth, Wi-Fi, over the internet via Tor or removable storage, such as USB sticks. All communication is end-to-end encrypted. Relevant content is stored in encrypted form on participating devices. Long-term plans for the project include support for distributed applications such as crisis mapping and collaborative document editing.

Wire Swiss GmbH is a software company with headquarters in Zug, Switzerland. Its development center is in Berlin, Germany. The company is best known for its messaging application called Wire.

<span class="mw-page-title-main">Signal (software)</span> Privacy-focused encrypted messaging app

Signal is an encrypted messaging service for instant messaging, voice, and video calls. The instant messaging function includes sending text, voice notes, images, videos, and other files. Communication may be one-to-one between users or may involve group messaging.

<span class="mw-page-title-main">Matrix (protocol)</span> Networking protocol for real-time communication and data synchronization

Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, in the way that standard Simple Mail Transfer Protocol email currently does for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. It therefore serves a similar purpose to protocols like XMPP, but is not based on any existing communication protocol.

Peerio was a cross-platform end-to-end encrypted application that provided secure messaging, file sharing, and cloud file storage. Peerio was available as an application for iOS, Android, macOS, Windows, and Linux. Peerio (Legacy) was originally released on 14 January 2015, and was replaced by Peerio 2 on 15 June 2017. The app is discontinued.

<span class="mw-page-title-main">OMEMO</span> Extension to XMPP for multi-client end-to-end encryption

OMEMO is an extension to the Extensible Messaging and Presence Protocol (XMPP) for multi-client end-to-end encryption developed by Andreas Straub. According to Straub, OMEMO uses the Double Ratchet Algorithm "to provide multi-end to multi-end encryption, allowing messages to be synchronized securely across multiple clients, even if some of them are offline". The name "OMEMO" is a recursive acronym for "OMEMO Multi-End Message and Object Encryption". It is an open standard based on the Double Ratchet Algorithm and the Personal Eventing Protocol . OMEMO offers future and forward secrecy and deniability with message synchronization and offline delivery.

In cryptography, the Double Ratchet Algorithm is a key management algorithm that was developed by Trevor Perrin and Moxie Marlinspike in 2013. It can be used as part of a cryptographic protocol to provide end-to-end encryption for instant messaging. After an initial key exchange it manages the ongoing renewal and maintenance of short-lived session keys. It combines a cryptographic so-called "ratchet" based on the Diffie–Hellman key exchange (DH) and a ratchet based on a key derivation function (KDF), such as a hash function, and is therefore called a double ratchet.

The Signal Protocol is a non-federated cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations. The protocol was developed by Open Whisper Systems in 2013 and was first introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide" or Google who provides end-to-end encryption by default to all RCS-based conversations between users of their Google Messages app for one-to-one conversations. Facebook Messenger also say they offer the protocol for optional Secret Conversations, as does Skype for its Private Conversations.

Wire is an encrypted communication and collaboration app created by Wire Swiss. It is available for iOS, Android, Windows, macOS, Linux, and web browsers such as Firefox. Wire offers a collaboration suite featuring messenger, voice calls, video calls, conference calls, file-sharing, and external collaboration – all protected by a secure end-to-end-encryption. Wire offers three solutions built on its security technology: Wire Pro – which offers Wire's collaboration feature for businesses, Wire Enterprise – includes Wire Pro capabilities with added features for large-scale or regulated organizations, and Wire Red – the on-demand crisis collaboration suite. They also offer Wire Personal, which is a secure messaging app for personal use.

<span class="mw-page-title-main">Conversations (software)</span> Free software instant messaging client for the XMPP protocol

Conversations is a free software, instant messaging client application software for Android. It is largely based on recognized open standards such as the Extensible Messaging and Presence Protocol (XMPP) and Transport Layer Security (TLS).

References

  1. "ChatSecure/ChatSecure-iOS". GitHub .
  2. "ChatSecure Messenger". 13 August 2021.
  3. 1 2 "ChatSecure Messenger on the App Store". apps.apple.com. 13 August 2021.
  4. "README.md". GitHub .
  5. Glaser, April. "Your Selfies Are Insecure. Here's How to Encrypt Them". Wired.
  6. Dredge, Stuart (11 December 2014). "Worried about leaky chats? Messaging apps are responding with security features". The Guardian.
  7. Paletta, Damian (22 February 2016). "How the U.S. Fights Encryption—and Also Helps Develop It". Wall Street Journal.
  8. Pogue, David (2016). "Your E-mail Password Will Never Be Safe". Scientific American. 316 (1): 24. Bibcode:2016SciAm.316a..24P. doi:10.1038/scientificamerican0117-24. PMID   28004711.
  9. "'Dark net' Islamic preachers under intelligence lens".
  10. "ISIS recommends list of secure-messaging apps amid heated U.S. encryption debate". The Daily Dot . 13 April 2016.
  11. "Commits · ChatSecure/ChatSecure-iOS". GitHub. Retrieved 2023-07-14.
  12. "ChatSecure iOS Security Audit". ChatSecure. 26 June 2015. Retrieved 2023-01-30.
  13. Nathan Freitas (24 October 2013). "ChatSecure v12 Provides Comprehensive Mobile Security and a Whole New Look". GuardianProject.info. Archived from the original on 7 September 2018. Retrieved 24 October 2013.
  14. "The End of ChatSecure Android". 16 December 2016.
  15. "ChatSecure 4.0 Launches With Support For Signal-Derivative 'OMEMO' Protocol (Update)". 18 January 2017.
  16. "zom/Zom-Android". GitHub .
  17. "ChatSecure v4.0 - OMEMO and Signal Protocol". 17 January 2017.
  18. "Apple Censorship: ChatSecure".
  19. 1 2 "Secure Messaging Scorecard". Electronic Frontier Foundation. 4 November 2014. Retrieved 18 January 2017.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.