Privacy: Encrypted Messaging

What is Encrypted Messaging?

End-to-end encrytion (E2EE) is a form of communication where the messages are encrypted in such a way that only the people involved in the conversation can read them. See Understanding Encryption for more information on this.

Why do I Need Encrypted Messaging?

These days, all messages are encrypted (except SMS text messages), but the service provider (Google, Facebook, etc) has the keys to decrypt your messages and can read them if they want to or are ordered to by a warrant. This means that a company can scan your messages to insert unwelcome ads or <alter or block messages entirely, or that a rogue employee can steal the images and information you transmit. E2EE Messaging makes this impossible.

What Should I Look For in an Encrypted Messenger?

The most important thing is to make sure the person you're contacting is using the same service as you. These services only work if both parties are using the same encryption system. When making your decision, you should consider if any of your contacts are already widely using an encrypted messenger. If none of your contacts are using an encrypted messenger or if you think there's room for improvement, consider one from the list below.

Avoid The Following

WhatsApp is owned by Facebook, who is a notorious enemy of privacy, and collects metadata. (Source)

Telegram is better than WhatsApp, but still has several serious shorcomings such as collecting metadata, centralization, and no encryption by default (and no ability to encrypt group chats at all). Use Telegram with caution

Product/Service Pros Cons
Click here to see my criteria for selecting these services
Click here for a visual version of this chart
Listed in alphabetical order, not order of recommendation

Jami
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Peer-to-peer
  • Username-based
  • Anonymous
  • Not audited
  • Not metadata resistant

Matrix
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Decentralized
  • Username-based
  • Anonymous
  • Can be self-hosted
  • Can be bridged to communicate with other services such as Slack, Telegram, Signal, Discord, Facebook, and more.
  • Popular clients include Element, FluffyChat, and SchildiChat.
  • Not audited
  • Not metadata resistant

Session
  • Audited
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Decentralized
  • Username-based
  • Metadata resistant
  • Anonymous
  • In beta, some instability still present
  • No voice or video calling at this time
  • Recently removed multi-device support until they can work out more bugs.

Signal
  • Audited
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Does not log metadata

Threema
  • Centralized
  • Not free
  • No desktop app, web only

Wire
  • Audited
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Username-based

XMPP
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Decentralized
  • Username-based
  • Popular clients include Conversations, and Monal.
  • Not audited
  • Not metadata resistant
  • Does not support phone or video calls in most servers

Tips & Tricks

For high-risk individuals, the jurisdiction of the provider is important. Jurisdiction determines what laws they follow and who can issue legal orders.

Some additional resources for deciding which secure messaging is right for you could include the Secure Messaging Apps Comparison Chart and this chart.