Best Messaging Apps & Everything You Need to Know about Secure Messaging

Often the most privacy-protective way to communicate with others is in person, without computers or phones being involved at all, since that isn’t always possible, the next best thing is to use end-to-end encryption. An end-to-end encrypted messaging app encrypts all transmission be it message, …

Often the most privacy-protective way to communicate with others is in person, without computers or phones being involved at all, since that isn’t always possible, the next best thing is to use end-to-end encryption.

An end-to-end encrypted messaging app encrypts all transmission be it message, voice, or video before they are sent from your device, protecting both the authenticity and confidentiality of the messages as they pass through any devices or servers.

Types of Messaging Apps

All messaging apps are not created equal, apart from having different feature sets, they differ in the ways the underlying network architecture is designed:

Centralized MessengerFederated MessengersPeer-to-Peer Messengers
Centralized messengers have all the participants on the same server or network of servers controlled by the same organization.Federated messengers have participants on multiple, independent, decentralized servers that can communicate with each other.Peer-to-Peer messengers connect participants on a distributed network of nodes, without any third-party server in between them.
When self-hosted, it can provide with additional privacy guarantees such as no usage logs or limited access to metadata; however, such a self-hosted solution will be isolated, and all users must be on the same server to communicate.Self-hosted federated messengers allows admins to be in control of their servers while still be a part of the larger communications network, kinda like emails; allowing users of one server to communicate with users of other servers.Peer-to-peer messengers can’t be self-hosted as there aren’t any servers between participants; users usually find each other via multiple methods including proximity based network approach where connection is established over WiFi or Bluetooth.
Examples: Signal, WhatsApp, etc.Examples: Element, Jitsi Meet, etc.Examples: Briar, Jami, etc.
Centralized Messengers vs. Federated Messengers vs. Peer-to-Peer Messengers

Another way messengers like Briar and Session differentiate themselves is by using something called “Anonymous Routing”, where they use some sort of routing technique, usually onion routing/Tor, with the goal of hiding the identity of the sender, receiver, and even evidence that they have been communicating.

Encrypted Messaging Apps

With all of that out of the way, here are the recommended end-to-end encrypted messengers, pick the one that suits your needs according to your threat model.

Signal

Signal is an end-to-end encrypted messenger that provides instant messaging, as well as voice and video calling, by the non-profit Signal Foundation and Signal Messenger LLC, based in the United States.

  • Centralized
  • Open-source clients and server
  • All communications are E2EE
  • Collects minimal metadata
  • Independently audited
  • Supports perfect forward secrecy
  • Requires phone number
  • Can’t really be self-hosted, server-side code is available

Element

Element is the reference client for the Matrix protocol, an open standard for secure decentralized real-time communication, by non-profit The Matrix.org Foundation, based in the United Kingdom.

  • Federated
  • Open-source clients and server
  • All communications except group voice/video calls are E2EE
  • Collects minimal metadata
  • Independently audited
  • Forward secrecy?
  • Doesn’t require phone number, username based
  • Matrix servers can be self-hosted

Session

Session is an encrypted instant messenger that uses three random service nodes to route messages anonymously on the Oxen Network, by non-profit Oxen Privacy Tech Foundation, based in Australia.

  • Federated and used anonymous routing
  • Open-source clients and server
  • E2EE in 1-to-1 or closed rooms that allow up to 100 members
  • Collects minimal metadata
  • Independently audited
  • Forward secrecy?
  • Doesn’t require phone number, username based
  • Can’t really be self-hosted

Briar

Briar is an encrypted instant messenger that connects to other clients via Wi-Fi or Bluetooth when in local proximity or over the Tor Network when the internet’s up.

  • Peer-to-peer and uses anonymous routing via Tor
  • Open-source clients
  • All communications are E2EE
  • Independently audited
  • Minimal metadata used
  • Supports forward secrecy
  • Doesn’t require phone number
  • Can’t really be self-hosted, no servers

Honorable Mention: OnionShare

OnionShare is an open-source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.

It’s not really a messenger, but a full-fledged suite of apps that can help share files, host websites, and chat anonymously—all via the Tor network; it comes included with Qubes OS, Tails, and Whonix, and is available for Windows & macOS.

To start chatting, just open a chat tab and click “Start chat server”, and share the OnionShare address and private key to people whom you want to chat with; all communications are end-to-end encrypted and ephemeral.

Why not SMS, iMessage, WhatsApp, Telegram?

Alright, let’s address the elephants in the room, here’s why I don’t recommend using SMS, and even popular encrypted messengers like iMessage and WhatsApp.

SMS is not encrypted, it is in plain-text and can be easily seen by mobile carriers and the entities they share data with; additionally, regular text messages are susceptible to man-in-the-middle attacks also eavesdropping by Stingray devices, switch to hardware or software-based multifactor authentication.

As for WhatsApp, iMessage, Telegram, and others: they are not open-source—you don’t know how they are implementing end-to-end encryption, you kinda have to just trust them; they have not been audited independently, and not to mention they are owned and operated by data hungry and privacy-invasive corporations.

Additional Resources

That’s all folks!

Leave a Comment