Usually if the code is accessible you can rely on the fact that someone else will check it for shenanigans, in a way similar to how peer review is a warranty in scientific publications.
How does Average Joe know that “Study X” is not bogus?
He trusts the scientific community to review the paper and sanction it, or not.
Same goes for software.
Of course it is not an unfalsifiable system, but it is definitely more trustworthy than a proprietary one.
yes, it does, which is sort of a nuisance. however, at some point one has to trust download sites if one is — like me — not capable of checking any code thoroughly for security flaws. in such a case i prefer to use the suppliers homepage, where i just payed for the app, for downloading the app.
I’ve started using TextSecure a few days ago. So far I haven’t used it much; I don’t text a lot generally and only a few people in my contacts use it.
There is a drawback in using it with the dual SIM Fairphone: it doesn’t show which number a text message was sent to. And it seems impossible to select a SIM when sending an SMS. (I freaked when I received a message about number portability, until I learned my colleagues got the same benign message and I could conclude it was sent to my work phone number. I now deselected the setting that TextSecure receives all SMS messages.)
Personally, I really like Telegram. Easy to use (it’s exactly like WhatsApp), plus you can access your account through all the decives you want. www.telegram.org
I´ve been doing some research about this topic and I have narrowed the choices down to three apps:
-Surespot
-myEnigma
-ChatSeccure
You´ve already mentioned the last one, but for me Surespot seems to be the best one. What is your opinion on that? Do you know if any of these is downloadable from an alternative platform rather than GooglePlay?
You can get ChatSecure on F-Droid if you add the Guardian Project repository.
Also ChatSecure is the only one of the three apps you mentioned that made it on the PrismBreak List, so it’s probably the most trustworthy.
IMHO the most important part here is what @haffenloher said: Using Google Cloud Messaging service or having a server based in the US is not really a problem if you can verify that the message is incrypted on your phone and only decryptable on the receivers device.
As was mentioned above: This naturally relies on people doing the verification.
In the meantime Threema has set up an own “Polling” feature. It is even possible to choose among several polling intervalls.
So you don’t need Google Cloud Messaging anymore with Threema.