Privacy: Encrypted Messaging

What is Encrypted Messaging?

End-to-end encrytion (E2EE) is a form of communication where the messages are encrypted in such a way that only the people involved in the conversation can read them. See Understanding Encryption for more information on this.

Why do I Need Encrypted Messaging?

These days, all messages are encrypted (except SMS text messages), but the service provider (Google, Facebook, etc) has the keys to decrypt your messages and can read them if they want to or are ordered to by a warrant. This means that a company can scan your messages to insert unwelcome ads or alter or block messages entirely, or that a rogue employee can steal the images and information you transmit. E2EE Messaging makes this impossible.

What Should I Look For in an Encrypted Messenger?

The most important thing is to make sure the person you're contacting is using the same service as you. These services only work if both parties are using the same encryption system. When making your decision, you should consider if any of your contacts are already widely using an encrypted messenger. If none of your contacts are using an encrypted messenger or if you think there's room for improvement, consider one from the list below.

Avoid The Following

WhatsApp is owned by Facebook, who is a notorious enemy of privacy, and collects metadata. (Source)

Telegram is better than WhatsApp, but still has several serious shorcomings such as collecting metadata, centralization, and no encryption by default (and no ability to encrypt group chats at all). Use Telegram with caution

Product/Service Pros Cons
Click here to see my criteria for selecting these services
Click here for a visual version of this chart
Listed in alphabetical order, not order of recommendation

Jami
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Peer-to-peer
  • Username-based
  • Anonymous
  • Not audited
  • Not metadata resistant

Matrix
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Decentralized
  • Username-based
  • Anonymous
  • Can be self-hosted
  • Can be bridged to communicate with other services such as Slack, Telegram, Signal, Discord, Facebook, and more.
  • Popular clients include Element, FluffyChat, and SchildiChat.

Session
  • Audited
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Decentralized
  • Username-based
  • Metadata resistant
  • Anonymous
  • In beta, some instability still present
  • No voice or video calling at this time

Signal
  • Audited
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Does not log metadata

Threema
  • Centralized
  • Not free
  • No desktop app, web only

Wire
  • Audited
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Username-based
  • Based in the United States
  • Centralized
  • Collects some metadata
  • Parent company deals heavily with analytics and data collection. This casts suspicions on the intent of the parent company and future uses of Wire's data collection.

XMPP
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Decentralized
  • Username-based
  • Anonymous depending on the server
  • Popular clients include Conversations, and Monal.
  • Not audited
  • Not metadata resistant
  • Does not support phone or video calls in most servers

Honorable Mention: Briar

Briar is only available on Android (and a Linux version still in testing). As such it does not meet the requirements for listing on this website. However, I once had the opportunity to speak with a war refugee who strongly promoted Briar. She pointed out that Androids are actually far more common than iPhones, particularly in war-torn parts of the world like hers. Additionally, Briar can work even in parts of the world where the infrastructure is unreliable or has been destroyed. She had several stories to share of how she and her community used Briar to coordinate, stay safe. and stay alive. This is because Briar - like Jami - is a peer-to-peer messenger that does not rely on any servers - it connects directly to other devices via Bluetooth or WiFi, making it both impossible to censor and viable even when the internet or cell towers are not functional. What makes Briar stand out from Jami is that Briar is specifically designed for journalists, activists, and those with particularly high threat models. It routes data through Tor when possible to strip metadata. Briar is considered one of the most secure options available for private messaging. Again, Briar is not officially recommended here because it is not cross-platform, but if you live in a highly volatile area with unreliable networking and a high number of Android users in your area, Briar would be my top recommendation without reservation.

Tips & Tricks

For high-risk individuals, the jurisdiction of the provider is important. Jurisdiction determines what laws they follow and who can issue legal orders.

Some additional resources for deciding which secure messaging is right for you could include the Secure Messaging Apps Comparison Chart and this chart.