My experience with Chatsecure (at least the version I got from F-Droid) was that it was too buggy to be worth it. Specifically, it would initiate OTR conversations with people without me asking. I think it even did so when I explicitly told it not use OTR at all, though it's been a while. If they fix that I might use it again. Do you have this problem, and/or have they fixed it to your knowledge?
OTRv3 [1] has been designed to somewhat help the problem of differing instances and has been available since libotr 4.0.0, but in practice I haven't found a good way to solve the UI/UX problem in a user friendly way. The latest beta builds of Gibberbot support the transfer of private keys from desktop to mobile, but I haven't tested it, or how well it works to transfer a conversation from one device to another.
mpOTR [2][3] is designed to solve a different problem, and I believe development has been stalled because the current design doesn't allow chatrooms to scale to large numbers of people.
> ChatSecure is a free and open source messaging app that features OMEMO encryption and OTR encryption over XMPP. You can connect to your existing Google accounts or create new accounts on public XMPP servers (including via Tor), or even connect to your own server for extra security.
> Unlike other apps that keep you stuck in their walled garden, ChatSecure is fully interoperable with other clients that support OMEMO or OTR and XMPP, such as Conversations (Android), CoyIM (Desktop), and more.
How about Chatsecure with Jabber and OTP? Isn't that a viable alternative too?
Doesn't require you to use a phone number, so it works nicely on tablets or desktops (pidgin+otr), etc.
It uses Otr for encrypted chat, so you can use any otr client for the other side of the chat. I personally use pidgin on my laptop and ChatSecure on my cell. It currently supports at least iOS and Android, which encompasses most people that I know.
Chatsecure has real problems on iOS. In fact all XMPP clients do. Because of the way iOS multitasking works, Chatsecure and other OTR-based XMPP clients can't carry on working in the background so you end up losing the connection.
I've used threema for about a year and dived into an older version of the client and found it good enough (assuming you're more bothered about the provider knowing what you're doing rather than the NSA etc.).
Would it be possible for TextSecure and ChatSecure to interoperate (at least with chats)? Or would that create too much pain for both groups to support each other as they (possibly) diverge in features?
Anyone who knows this stuff can provide additional feedback on apps like ChatSecure and Gibberbot? Are they considered to be good crypto implementations?
Update: I installed ChatSecure on my iPad and it's very easy to set up. So easy in fact that I'm thinking there must be something wrong with it, because otherwise it would probably be recommended more often in these types of threads...
One of the things that seems problematic is that the background session expires after a few minutes, so if someone tries to just randomly message you, chances are you won't be logged in, so this can't be a replacement for IM.
Those other more secure chat apps also treat desktop as an afterthought or worse, which is simply not acceptable for my use case. I live at my desk, not on my phone, and expect desktop to be treated as a first class citizen. At present, the only two services that do this are iMessage and Telegram, so I use iMessage with everybody with Apple stuff and Telegram for everybody else.
I have an android phone with gibberbot, so its an academic question, but that very scenario has been a pain for me.
Do you think the up coming work on multi party OTR helps solve this problem?
reply