Privacy: Encrypted Messaging
What is Encrypted Messaging?
End-to-end encrytion (E2EE) is a form of communication where the messages are encrypted in such a way that only the people involved in the conversation can read them. See Understanding Encryption for more information on this.
Why do I Need Encrypted Messaging?
These days, all messages are encrypted (except SMS text messages), but the service provider (Google, Facebook, etc) has the keys to decrypt your messages and can read them if they want to or are ordered to by a warrant. This means that a company can scan your messages to insert unwelcome ads or alter or block messages entirely, or that a rogue employee can steal the images and information you transmit. E2EE Messaging makes this impossible.
What Should I Look For in an Encrypted Messenger?
The most important thing is to make sure the person you’re contacting is using the same service as you. These services only work if both parties are using the same encryption system. When making your decision, you should consider if any of your contacts are already widely using an encrypted messenger. If none of your contacts are using an encrypted messenger or if you think there’s room for improvement, consider one from the list below.
Avoid The Following
- WhatsApp is owned by Meta (formerly Facebook), who is a notorious enemy of privacy, and collects massive amounts of metadata.
- Telegram has several serious shorcomings such as collecting more user data than a private messenger ideally should, contadictary statementshttps://odysee.com/@surveillancereport:2/telegram-ain’t-looking-hot.-sr120:f regarding their data disclosure practices, credible allegations of state-level compromise, and no encryption by default (and no ability to encrypt group chats at all). Use Telegram with caution.
Listed in alphabetical order, not order of recommendation
Pros
Available on all operating systems
Peer-to-peer
Username-based
No identifiable user data required at signup
Cons
Not audited
Not metadata resistant
No disappearing messages
Pros
Available on all operating systems
Decentralized
Username-based
No identifiable user data required at signup
Can be self-hosted
Can be bridged to communicate with other services such as Slack, Telegram, Signal, Discord, Facebook, and more.
Popular clients include Element, FluffyChat, and SchildiChat.
Cons
Not audited
Not metadata resistant
No disappearing messages.
Pros
Available on all operating systems
Decentralized
Username-based
Metadata resistant
No identifiable user data required at signup
Offers disappearing messages
Cons
Voice & video calls in beta
Pros
Available on all operating systems
Offers disappearing messages
Cons
Centralized
Phone number required
Server source code went almost a year without a public update with no explanation
Pros
Available on Android, and iOS
Username-based
Cons
Centralized
Not free
Desktop app must be synced every time
No disappearing messages
Pros
Available on all operating systems
Username-based
Offers disappearing messages
Cons
Centralized
Unclear affiliation with Morpheus Ventures, who deals heavily with analytics and data collection.
Click here to see my criteria for selecting these services
Click here for a visual version of this chart
Honorable Mention: Briar
Briar is only available on Android (and a Linux version still in testing). As such it does not meet the requirements for listing on this website. However, Androids are far more common than iPhones in most parts of the world. Additionally, Briar can work even in parts of the world where the infrastructure is unreliable or has been destroyed. This is because Briar - like Jami - is a peer-to-peer messenger that does not rely on any servers - it connects directly to other devices via Bluetooth or WiFi, making it both impossible to censor and viable even when the internet or cell towers are not functional. What makes Briar stand out from Jami is that Briar is specifically designed for journalists, activists, and those with particularly high threat models. It routes data through Tor when possible to strip metadata. Briar is considered one of the most secure options available for private messaging. Again, Briar is not officially recommended here because it is not cross-platform, but if you live in a highly volatile area with unreliable networking and a high number of Android users in your area, Briar would be my top recommendation without reservation.
Tips & Tricks
For high-risk individuals, the jurisdiction of the provider is important. Jurisdiction determines what laws they follow and who can issue legal orders.
Some additional resources for deciding which secure messaging is right for you could include the Secure Messaging Apps Comparison Chart, SecuChart, and this chart.