The New Oil

The New Oil logo
Privacy: Encrypted Texting/Calling

Encrypted Realtime Messaging

What is Encrypted Messaging?

End-to-end encrytion (E2EE) is a form of communication where the messages are encrypted in such a way that only the people involved in the conversation can read them. See Understanding Encryption for more information on this.

Why do I Need Encrypted Messaging?

These days, all messages are encrypted (except SMS text messages), but the service provider (Google, Facebook, etc) has the keys to decrypt your messages and can read them if they want to or are ordered to by a warrant. This means that a company can scan your messages to insert unwelcome ads or alter or block messages entirely, or that a rogue employee can steal the images and information you transmit. E2EE Messaging makes this impossible.

What Should I Look For in an Encrypted Messenger?

The most important thing is to make sure the person you’re contacting is using the same service as you. These services only work if both parties are using the same encryption system. When making your decision, you should consider if any of your contacts are already widely using an encrypted messenger. If none of your contacts are using an encrypted messenger or if you think there’s room for improvement, consider one from the list below.

Avoid The Following

  • Telegram cannot be trusted and is not private or secure. For starters, messages on Telegram are not end-to-end encrypted by default. Group messages cannot be end-to-end encrypted at all, and one-to-one messages can only be encrypted on phones and not desktop devices. Furthermore, Telegram has overtly lied to users for years about their data disclosure practices. I do not trust Telegram, nor do I think anyone should. If you insist on using Telegram, consider it an open social media platform and not an encrypted messenger. Do not trust it with anything you wouldn’t want to be public for the world to see.
  • WhatsApp is owned by Meta (formerly Facebook), who is a notorious enemy of privacy, and collects massive amounts of metadata and shares it with other Meta services for advertising. While the content itself may be encrypted, there are better options who respect your metadata.

Listed in alphabetical order, not order of recommendation

Pros
Cons
  • Lacks perfect forward secrecy

  • Criticisms regarding their reliance on cryptocurrency (the cryptocurrency aspect is invisible to the end-user)

Pros
Cons
  • Not available on F-Droid

  • Centralized

  • Phone number required for signup (can be VoIP)

Pros
Cons
  • Still early in development, may be missing features

Cons
  • Not available on F-Droid

  • Centralized

  • Not free

  • Desktop app must be synced every time

  • Missing mainstream features such as stickers and GIF support

Click here to see my criteria for selecting these services

Honorable Mention: Briar

Briar logo

Briar is only available on Android (and a Linux version still in testing). It also do not support a method to export chat data. As such it does not meet the requirements for listing on this website. However, Androids are far more common than iPhones in most parts of the world. Additionally, Briar can work even in parts of the world where the infrastructure is unreliable or has been destroyed. This is because Briar is a peer-to-peer messenger that does not rely on any servers - it can connect directly to other devices via Bluetooth or WiFi, making it both impossible to censor and viable even when the internet or cell towers are not functional. Furthermore, Briar is specifically designed for journalists, activists, and those with particularly high threat models. It routes data through Tor when possible to strip metadata. Briar is considered one of the most secure options available for private messaging. Again, Briar is not officially recommended here because it is not cross-platform and is missing chat backup functionality, but if you live in a highly volatile area with unreliable networking and a high number of Android users in your area, Briar would be my top recommendation without reservation.

Honorable Mention: Molly

Briar logo

Molly is a fork of Signal that makes significant privacy and security changes behind-the-scenes to improve user privacy. It’s worth noting that I do not consider there to be anything “wrong” with Signal, Molly simply decideds to go above and beyond. Molly does not qualify for full listing here because it is Android-only, however, for Android users, there are plenty of reasons to consider using Molly. For one, Molly does not depend on Google services in any way, making it ideal for custom OS users to receive reliable notifications. Molly is capable of auto-locking after periods of inactivity (or device reboots), encrypting the database for additional security against even the most advanced threats. It also offers automatic chat backups and censorship resitance features (on top of those implemented by Signal). Please be aware, though, that because Molly is not an official Signal client, there will always be a short delay between Signal updates and Molly’s implementation of those updates. While Molly strives to keep those delays as short as possible, users who want the latest updates as quickly as possible may wish to consider staying with the stock Signal app.

Tips & Tricks

Some additional resources for deciding which secure messaging is right for you could include the Secure Messaging Apps Comparison Chart, SecuChart, and this chart.