Privacy: Encrypted Messaging

What is Encrypted Messaging?

End-to-end encrytion (E2EE) is a form of communication where the messages are encrypted in such a way that only the people involved in the conversation can read them. See Understanding Encryption for more information on this.

Why do I Need Encrypted Messaging?

These days, all messages are encrypted (except SMS text messages), but the service provider (Google, Facebook, etc) has the keys to decrypt your messages and can read them if they want to or are ordered to by a warrant. This means that a company can scan your messages to insert unwelcome ads or alter or block messages entirely, or that a rogue employee can steal the images and information you transmit. E2EE Messaging makes this impossible.

What Should I Look For in an Encrypted Messenger?

The most important thing is to make sure the person you're contacting is using the same service as you. These services only work if both parties are using the same encryption system. When making your decision, you should consider if any of your contacts are already widely using an encrypted messenger. If none of your contacts are using an encrypted messenger or if you think there's room for improvement, consider one from the list below.

Avoid The Following

WhatsApp is owned by Facebook, who is a notorious enemy of privacy, and collects metadata. (Source)

Telegram is better than WhatsApp, but still has several serious shorcomings such as collecting metadata, centralization, and no encryption by default (and no ability to encrypt group chats at all). Use Telegram with caution.

Listed in alphabetical order, not order of recommendation

Jami

Pros
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Peer-to-peer
  • Username-based
  • Anonymous
Cons
  • Not audited
  • Not metadata resistant
  • No disappearing messages

Matrix

Pros
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Decentralized
  • Username-based
  • Anonymous
  • Can be self-hosted
  • Can be bridged to communicate with other services such as Slack, Telegram, Signal, Discord, Facebook, and more.
  • Popular clients include Element, FluffyChat, and SchildiChat.
Cons
  • Not audited
  • Not metadata resistant
  • Default homeserver based in the United Kingdom
  • No disappearing messages.

Session

Pros
  • Audited
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Decentralized
  • Username-based
  • Metadata resistant
  • Anonymous
  • Offers disappearing messages
Cons
  • In beta, some instability still present
  • Voice & video calls in beta

Signal

Pros
  • Audited
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Does not log metadata
  • Offers disappearing messages
Cons

Threema

Pros Cons
  • Centralized
  • Not free
  • No desktop app, web only
  • No disappearing messages

Wire

Pros
  • Audited
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Username-based
  • Offers disappearing messages
Cons
  • Based in the United States
  • Centralized
  • Collects some metadata
  • Parent company deals heavily with analytics and data collection. This casts suspicions on the intent of the parent company and future uses of Wire's data collection.
Click here to see my criteria for selecting these services
Click here for a visual version of this chart

Honorable Mention: Briar

Briar is only available on Android (and a Linux version still in testing). As such it does not meet the requirements for listing on this website. However, Androids are far more common than iPhones in most parts of the world. Additionally, Briar can work even in parts of the world where the infrastructure is unreliable or has been destroyed. This is because Briar - like Jami - is a peer-to-peer messenger that does not rely on any servers - it connects directly to other devices via Bluetooth or WiFi, making it both impossible to censor and viable even when the internet or cell towers are not functional. What makes Briar stand out from Jami is that Briar is specifically designed for journalists, activists, and those with particularly high threat models. It routes data through Tor when possible to strip metadata. Briar is considered one of the most secure options available for private messaging. Again, Briar is not officially recommended here because it is not cross-platform, but if you live in a highly volatile area with unreliable networking and a high number of Android users in your area, Briar would be my top recommendation without reservation.

Tips & Tricks

For high-risk individuals, the jurisdiction of the provider is important. Jurisdiction determines what laws they follow and who can issue legal orders.

Some additional resources for deciding which secure messaging is right for you could include the Secure Messaging Apps Comparison Chart, SecuChart, and this chart.