Keeping your chats secure is a good idea, but end-to-end encryption is just the beginning of the list of options to consider when picking a messaging app.
RCS still leaks metadata like a sieve. Encryption, considering the platforms that exist today (Signal and SimpleX), should not be the minimum requirement. Plain-text messaging should not even be possible in modern secure messaging platforms. The platform should be open source and be engineered to mitigate the collection of metadata - like Signal and SimpleX.
MLS only deals with encryption and key management, which is great but that’s been a “solved” problem since TextSecure (now Signal) introduced the TextSecure Protocol (now the Signal Protocol) in 2013.
What I’m aware is missing with RCS / MLS compared to Signal (someone with more recent knowledge please correct me):
Sealed sender so only the recipient knows who sent the message.
Not storing metadata or logs.
No built in crash reports.
Private contact discovery.
Published government requests providing evidence that they don’t have any data.
Open source client.
Looking at the Google Play store, Google’s Messenger shares precise location data with third parties, Signal doesn’t.
Also on the Google Play store, Google’s Messenger app list a lot of data collected. Signal only lists phone number.
Actually RCS has encryption in the new spec now, and we could see encrypted RCS messages implemented on iOS and Android within a year.
But even so, use Signal.
RCS still leaks metadata like a sieve. Encryption, considering the platforms that exist today (Signal and SimpleX), should not be the minimum requirement. Plain-text messaging should not even be possible in modern secure messaging platforms. The platform should be open source and be engineered to mitigate the collection of metadata - like Signal and SimpleX.
Seeing as RCS with encryption based on the MLS standard hasnt been deployed yet, can you show exactly what metadata is leaking?
MLS only deals with encryption and key management, which is great but that’s been a “solved” problem since TextSecure (now Signal) introduced the TextSecure Protocol (now the Signal Protocol) in 2013.
What I’m aware is missing with RCS / MLS compared to Signal (someone with more recent knowledge please correct me):
Well, instead of leaking metadata to Signal, AWS, Cloudflare, Google/Apple and your ISP, like Signal does, RCS only leaks it to your ISP /s
I think they mean that it’ll take time for everyone to get it. My carrier still doesn’t even have RCS at all.