So like any tech-minded libertarian, i have friends on every conceivable chat application.

Some are on Facebook, Google Hangouts, Telegram, MeWe, Whatsapp, Signal, Riot.im and IRC (there’s always that ONE guy!), and I’ve probably explored a few apps that I forgot to mention. If this is you, then you may want to read the rest of this post.

Back in the day I was mildly concerned when video-chatting with my then lover, that we would start getting naked and that entire feed would be saved on an NSA drive somewhere. (Did you know there are in fact stories of them passing around pictures of the nude women they spied on? From John Oliver on Government Surveillance)

If you’re looking for a safer/more secure way of interacting with the people you love, check out Riot. Here are it’s features, and I will explain them as I go along.

– The client is open-source: This means when you download it onto your smartphone or computer, there is no funny business running on your devices. By contrast, WhatsApp has been previously used for secure communication, but since it’s purchase by Facebook, the company has announced intentions of subverting the apps’ security features to better censor their users. I am not making this up.

– The server is open-source: While you can never guarantee the exact code running on the server you interact with, unless it’s your own. This minimizes the chances of any funny business on anyone else’s server.
By contrast, shortly after Microsoft purchased Skype, which had previously been a fairly secure communication system despite being proprietary on both the front and back end, Microsoft decided to change how calls route so they would all go through Microsoft servers, and immediately filed a patent for wiretapping Skype.

– The server is open-source: I mention this twice, because there’s a second advantage. All the other applications (Telegram, Whatsapp and Signal) require that you connect to some centralized server to do all your communication. However, just the other day I spun up my own server, side-stepping the need to trust large billion-dollar companies that spy on and censor you. You too can do this. For those using Ubuntu I recommend this tutorial.

– End-to-End Encryption: Encryption is a magic tool that allows you to encode a message so that only the party with the desired key can read it. End-to-End encryption means that when you send a message to a friend, before the message leaves your phone, it’s encrypted with your friend’s public key. This means that only the person with your friend’s private key can read it. In principle, that should be your friend. Fun fact, Whatsapp and Signal also use E2E encryption, and that is the exact feature Facebook intends to subvert.

– Chat rooms featuring End-to-End Encryption: To my knowledge, Riot (and the underlying infrastructure called Matrix) is the only application that allows rooms of multiple people to use E2E encryption. Usually such would be a pain in the ass, as every message has to be encrypted separately for every user, and all those copies of the message need to be stored somewhere. I’ll admit, that because it requires that you confirm the keys of the other users, sometimes it feels like a pain in the ass. If you wanna feel insecure, just click “Accept” and move on. But if you do that, someone could sneak their own public key instead of your friends’, and can do what’s called a “man in the middle” attack, wherein he decrypts all of the messages intended for your buddy, re-encrypts them and moves them along to the buddy, negating all of your encryption and pretending to be you.

Good security practices means checking your buddy’s public key, usually by calling them and asking (“Hey, does your key go XYZABC?”). The answer WILL usually be yes.

– ChatBots: You can download, build and customize your own chat bots. These can then be used to relay messages elsewhere, or bring news into the chatroom. For instance, there is a plugin for an RSS chatbot, that presumably lets you post to a chatroom from an RSS (a news) feed. For instance, you could have it send a daily article from the New York Times to give everyone a conversational topic. One thing i’m thinking of, is that when I redo this site to run on my own server, I’ll incorporate the “Contact Us” page to send messages to me over Riot. That way anytime someone leaves a comment or feedback I can instantly see it on my phone.

– Bridging: This allows you to connect Riot to other applications, usually by having a bot act as a user between both. There are bridges for Riot connecting Facebook Messenger, Telegram, Whatsapp and more. Also, since it’s open-source, anyone has the power to write their own bridges, so there could easily be more on the way.

– Federation: This is perhaps the coolest feature of all. With most applications nowadays, individual mega-corps are trying to carve their own space, invite people in, and never let them leave. For instance facebook is not designed to be compatible with other chat application. If you’re gonna talk to people on Facebook, they want you using Facebook, THEIR servers especially. Well, with federation, you don’t need to belong to the same server as your buddy to chat with him. You can set up an account on the server on my computer (matrix.mikesautomata.net), and still join groups and chat with friends who are on the primary matrix.org server. With this, you can register with the person you trust most without being locked in (or having to maintain 15 different chat apps).

I really do hope that Riot/Matrix-Synapse is the future. I’m excited about it’s capabilities, and look forward to what I can do next with them. If you are interested in security, tech, or just being cool, then I highly recommend you check it out.

And also, if you use my server to send nude photos to your loved ones, I promise i won’t pull an NSA and abuse the privilege… probably.

Check out their site, https://matrix.org/.