Looking for a better alternative to email for secure communication? This guide highlights the best secure messaging services, frequently asked questions, as well as some messaging apps and practices you should avoid.
Have you ever whispered something in someone’s ear that you didn’t want others to hear?
We all have. These days, many of us spend more time talking to people online than we do face to face. Do you ever say (or type or show) anything that you don’t want others to hear (or read or see)? If so, you had better be using some kind of encrypted messaging app to do it.
In this new and updated guide, we’ll talk about why you need to use a secure messaging service. Then we’ll take a quick look at the latest versions of several secure messaging apps and the services they run on, along with some important characteristics to look for. As you’ll see, each has its own pros and cons, and each takes a different approach to the problem of providing secure messaging capabilities.
Why you need to use secure messaging
When you chat with someone online, you might assume that only yourself and the other person are privy to the conversation. But as we’ve learned over the years, there are lots of groups that are expending considerable effort to spy on your communications. Whether it is corporate surveillance or government agencies snooping up data, your private information is under attack.
- Corporations want to read your messages so they can better target ads to you or sell your personal information to the highest bidder.
- Hackers want to use the information to steal your identity, break into your bank account, sell your company’s new business plans to the competition, or blackmail you with those pictures from that wild night in Vegas.
- Governments want to know everything you think and say and do, and maybe even catch a terrorist or two.
Unless you are using a secure messaging service, any or all of these groups will have an easy time intercepting your messages should they choose to do so.
The situation has gotten even worse with governments forcing people to work from home to protect against that virus. Businesses generally have better internal security than someone sitting on their sofa at home, exposing even your company communications to greater threats than before.
That’s why there has been a boom in new messaging services that claim to be private, secure, anonymous, or any combination of those. But most of them fail to do the job for one reason or another. Some only protect your messages in transit, while leaving them accessible to the employees of the service. Others are owned by companies with bad reputations for protecting your privacy. Some may even have been hacked by the NSA or other national intelligence agencies. However, all hope is not lost.
Here are some secure messaging apps that make the grade…
Best encrypted messaging apps
We’ve tested quite a few messaging services over the years. The ones listed here are the ones we consider to be the best options for secure messaging.
1. Signal – The most secure messaging app
Signal is one of the two messaging apps that really benefited from WhatsApp’s privacy problems in January 2021. A tweeted recommendation from Elon Musk during the crisis certainly didn’t hurt. And since then, Signal continues to get lots of attention.
Signal is generally considered to be the most secure messaging service available. Originally published by Open Whisper Systems, their encryption protocol (the Signal Protocol) is so good that many other services (including giants like WhatsApp) base their own encryption protocol on it. Signal is end-to-end encrypted, open source, and completely free of charge. It allows you to create disappearing messages (a.k.a. self-destructing messages), has successfully completed third-party audits, and also publishes Transparency Reports.
And if that wasn’t enough, it has recommendations from top privacy advocates including Bruce Schneier and Edward Snowden.
However, Signal does come with a few drawbacks. Perhaps most problematic, it requires a telephone number for registration. This, of course, links what you do on Signal to your identity through your phone number, which could be a dealbreaker for some people. Fortunately, there are some workarounds for the Signal phone number registration issue. And of course, you can also use another one of the secure messaging apps listed below.
+ Pros
- End-to-end (E2E) encryption
- Encryption algorithms: Signal protocol, with Perfect Forward Secrecy (PFS) for text messages, voice messages, and video calls
- Open source
- Disappearing messages (aka self-destructing messages)
- Published transparency reports and security audits
- Logs minimum amount of data
- Does not log IP Addresses
- Can replace your phone’s SMS messaging app
- Focus is totally on individual users
- All Signal products are free of charge
– Cons
- Requires a telephone number to sign up
- Does not support 2FA (Two-Factor Authentication)
https://signal.org
Read our Signal Messenger review for more info.
2. Wickr Me – Ephemeral, anonymous messaging app
Wickr is another great option for a secure messaging app. The Wickr product line contains free and paid versions targeting both individuals and teams/businesses. In our Wickr review, we concentrated on Wickr Me, the free, personal version of Wickr.
Note: The company has been hard at work expanding their product line since our first review. Now they offer Wickr Pro, a personal/small team solution with different paid tiers, Wickr Enterprise, designed to provide a fully scalable, secure, collaboration platform, and Wickr RAM, a version optimized for military use.
Wickr Me is built on the same code base as the company’s paid commercial offerings, with some features only turned on for the paid versions. While both Wickr Me and Signal are super secure services, they have a number of functional differences that could lead you to choose one over the other.
- Wickr Me uses anonymous accounts. You do not have to provide a phone number, email address or any other personally identifiable information to create an account. This might be more appropriate for your threat model than Signal’s phone number based accounts.
- All Wickr Me content is ephemeral. While Signal lets you decide whether a message must self-destruct or not, Wickr Me doesn’t give you a choice. All messages and attachments self-destruct. The only control you have as a Wickr Me user, is over how long content lasts before it ceases to exist.
If anonymity is important to you, and you are okay with everything you send disappearing after a few days, Wickr Me could be the secure messenger for you.
+ Pros
- Client-side end-to-end (E2E) encryption
- Encryption algorithms: AES 256, ECDH521, and RSA 4096, with Perfect Forward Secrecy (PFS)
- Anonymous accounts
- Ephemeral messages and attachments
- Burn-On-Read messages and attachments
- Published Transparency Reports and Security audits
- All user content is forensically wiped from the device after it expires
- Does not log IP Addresses or Unique Device ID
- Does not record user metadata
- GDPR compliant
– Cons
- Code is publicly visible on GitHub, but not open source
- Message handling is unusual
- Based in the United States
https://wickr.com
Note: As an alternative to Wickr Me (free version), you can also get the “Basic” version of Wickr Pro, which includes more options and is also free.
See our Wickr Messenger review for more info and a comparison of the different versions.
3. Wire – Secure messaging and collaboration
Wire is a well-regarded corporate collaboration suite with secure messaging, group chat capabilities, file-sharing, and the ability to collaborate securely with external clients. For this roundup, we reviewed Wire Personal, their secure messaging app for individuals. According to third-party testing, the Proteus protocol that Wire Personal relies on is secure. Like Signal, Wire Personal is open source and gives you self-destructing messages. Also like Signal, Wire requires some personal information to create an account, either an email address or a phone number. However, you can always use a burner temporary email for this.
Judging on its technology, Wire Personal is a great secure messaging app for individuals. On the downside, there are only approximately 500,000 Wire Personal users. Another drawback is that the company has announced they will be focusing more on corporate users, rather than individuals. Take this into account if you are looking for a long-term solution to your encrypted chat app needs.
+ Pros
- End-to-end (E2E) encryption
- Encryption algorithms: Proteus protocol, WebRTC (DTLS, KASE, SRTP) with PFS
- Open source
- Self-destructing messages
- Published transparency reports and security audits
- GDPR compliant
- Wire Personal is free
– Cons
- Registration requires email address or phone number
- Some logging of personal data
- Does not support 2FA
- Small number of Wire Personal users (roughly 500,000)
- Company focus is now on the corporate market, not individual users
https://wire.com
Here’s our full Wire Messenger review.
4. Threema – Anonymous messaging and no user data collection
Threema is one of the less well-known secure and private messaging apps. With around 5 million users and over 8 years on the market, it is a mature, powerful product that somehow never gained a massive following like Telegram, or widespread fame like Signal. But none of this means that Threema isn’t a good option for certain use cases. Here’s why…
First, you can use Threema totally anonymously. Unless you choose to link the app to an email address or phone number, the only way to identify a user is through a randomly generated ID that has no connection to any user-identifiable data. Likewise, each user’s private key is stored on their device, meaning only the user of the relevant device can read messages sent to it.
Note: You have the option to securely back up your Threema ID, contacts, groups, and other data in a Threema Safe which can reside on the company’s servers or on your choice of other location.
Threema offers a business/education version of the product, along with add-ons for broadcasting messages to Threema groups, and an API to use the Threema message network with your own software.
Even Threema’s relative obscurity can be an advantage in some circumstances. Anyone trying to spy on, hack, or otherwise tamper with a messaging service is much more likely to target the services with larger user bases or greater notoriety. There can be advantages to being overlooked.
While there is currently no free version of Threema, you can still purchase this app through the Threema store for direct download, or the Google Play and Apple stores.
+ Pros
- End-to-end (E2E) encryption
- NaCl open source encryption
- Anonymous messaging; no telephone number or email address needed
- Text and voice messages, voice and video calls, file sharing, polls, groups and distribution lists
- Mobile apps plus browser-based, secure desktop chat
- Transition to Open Source is complete
- No IP Addresses or metadata logging
- They own all their own servers for better security and privacy
- Regular security audits and transparency reports
- GDPR compliant
– Cons
- Small user base
- No 2FA
- No free version
https://threema.ch/en
See our Threema review here.
5. Telegram – Secure messaging app with 500+ million users
Telegram was the biggest beneficiary of the WhatsApp privacy issues at the start of 2021. How big a beneficiary? Telegram gained tens of millions of new users in just the first few weeks of 2021.
It doesn’t matter how secure and private a messaging app is if you can’t talk to anyone with it. When a messaging service has over a billion users like WhatsApp or Facebook Messenger, the odds are high that the people you want to chat with already have an account. When a service has less than a million users (Wire, for example) the odds that the people you want to talk to already have an account are pretty small.
Telegram occupies the middle ground. With over 500 million active monthly users, the odds that the people you need to talk to already have an account are pretty darn good. And the service is free, too. So let’s talk about the other characteristics of a secure messenger service.
While we love the widespread acceptance of Telegram, and the ever-expanding feature set, we do have some concerns about the service. Communications in Telegram are not end-to-end encrypted by default. Only voice calls and Secret Chats are E2E encrypted. Unless you use one of these two modes, your communications within Telegram are not really secure. Even if you do use the E2E encrypted parts of the service, MTProto, the encryption protocol used by Telegram, is questionable at best, insecure at worst – all depending on who you ask. Besides, Telegram logs more user information than the other services listed here.
Whether Telegram is an option for you depends heavily on your threat model and use cases. You may well find that access to the rich feature set and huge user base of Telegram outweighs the questions about exactly how secure and private Telegram really is. If you do decide to give Telegram a try, make sure to use a good VPN service as well. Hiding your IP address and physical location using a VPN goes far toward overcoming the privacy concerns of all that user data logging.
+ Pros
- End-to-end (E2E) encryption
- Encryption algorithms: MTProto, a custom protocol
- Open source apps and Telegram Database Library
- Self-destructing messages
- Users can be logged in on multiple devices simultaneously
- Supports Two-Step Verification
- GDPR compliant
– Cons
- Registration requires a phone number
- E2E encryption only for voice calls and Secret Chats
- Servers are not open source
- Lacks published formal third-party audits
- Logs IP Address and other metadata
https://telegram.org
See our Telegram review here.
Messaging apps and practices to AVOID
So now that we’ve covered the best secure messaging apps above, let’s touch on another topic: messaging apps to avoid.
1. WhatsApp (owned by Facebook)
Sure, WhatsApp may be encrypting your messages – but that doesn’t make it a safe and secure solution. It is owned by Facebook and operates under US law. Here are a few reasons to avoid WhatsApp:
- WhatsApp collects metadata about every user, which can be exploited by Facebook and/or handed over to government agencies. This data includes your name, IP address, mobile number, location history, cell network, contacts, and device type.
- Facebook and WhatsApp will be forced to share users’ encrypted messages with British police under a new treaty.
- Reports suggest governments can easily access encrypted WhatsApp data through “WhatsApp Web”.
- In early 2021, news broke about major privacy policy changes at WhatsApp, which puts more data in the hands of Facebook.
Check out our guide on the best alternatives to WhatsApp.
2. Keybase (now owned by Zoom)
Keybase, which has grown in popularity over the years, sold out to Zoom back in 2020. We covered the story more in our Keybase review.
We know that Zoom is not a business that respects the privacy or security of its users. In fact, there have been numerous scandals with Zoom over the past few years. It’s also worth noting that Zoom has questionable ties to China. In fact, it was even busted routing user data through China.
With Zoom now owning Keybase, we can no longer recommend it.
3. Regular (unencrypted) SMS text messages
While this does not fall under the category of encrypted messaging apps, it’s still worth repeating. If you expect any privacy or security, don’t use standard (unencrypted) text messages.
These text messages can easily be seen by your mobile carriers and the entities they share data with. Additionally, regular text messages are susceptible to man-in-the-middle attacks and also eavesdropping by Stingray devices.
It is important to realize that this applies to SMS messages sent by Signal too. If you configure Signal to manage your SMS messages, it can send and receive SMS. But there is no way to encrypt SMS messages, so even if Signal is managing them, SMS messages go out unencrypted.
Characteristics to look for when selecting an encrypted messaging app
What characteristics should you look for when selecting an encrypted messaging app or service? Even if you have some very specialized requirements, these are characteristics you should definitely look out for:
- End-to-end (E2E) encryption
- Third-party testing / reviews
- Open source code
- Self-destruction
- Limited user data collection
- The specific features you need
- Anonymous signup options
End-to-end (E2E) encryption
End-to-end (E2E) encryption is the #1 characteristic to look for in a secure messaging service. When a messaging service uses end-to-end encryption, only the people who are communicating can read the messages. No one else, not even the company providing the service, can read the messages. Whether you decide to go further down the E2E rabbit hole or not, the key thing to remember is this: If a service doesn’t offer end-to-end encryption, it is not secure.
However, there are two additional conditions that an end-to-end encrypted service must fulfill to ensure it is secure. First, it must use proven encryption algorithms. Second, the end-to-end encryption must be applied to your messages. So let’s look at those two conditions a bit more.
Trusted encryption algorithms
The security of E2E encryption assumes that no one can break the encryption. Or more realistically, it would take a vast amount of time to break the encryption being used. Vast as in millions or billions of years. This normally isn’t a problem. That’s because messaging services typically use trusted encryption algorithms. Algorithms like Signal‘s Signal protocol have been analyzed by cryptographers and shown to be secure against any reasonable attacks. If a service doesn’t use trusted encryption algorithms, it doesn’t mean that the service isn’t secure, but it is something to consider.
End-to-end encryption is turned on
E2E encryption is only useful if it is turned on. Most secure messaging services have E2E encryption turned on by default. Telegram, on the other hand, does not. You need to be sure that you are using Telegram’s Secret Chat system or communicating by voice messages if you want E2E encryption to be turned on in Telegram.
Third-party testing / reviews
One of the big concerns when dealing with any kind of secure messaging service is being able to validate their claims. There are a few different questions you need to answer for yourself:
- What is the service’s definition of “secure?” One service might take a zero-knowledge approach, encrypting/decrypting all messages in the client with the servers having no access to your passwords and encryption keys. Another might use TLS to secure data in transit, and encrypt it at rest on their servers, using their own encryption keys. Both can claim their service is secure, but they would both be using different definitions of the word “secure.”
- What is your threat model? You need to understand what threats you are trying to protect against. If all you want security against third parties spying on your messages while they are zooming back and forth across the Internet, that’s one type of security. If you want your messages to be secure against someone (the NSA perhaps) getting into the messaging service’s servers and decrypting your messages using their copy of your encryption keys, that is an entirely different level of security. Which one you need to search for depends on your threat model.
Once you have the answers to the first two questions, you need to decide if the service you are considering is fit for your particular situation. But how?
Is it practical for you to validate their claims yourself? Knowing that a secure messaging service you are interested in has open source code is great. But can you analyze their code to see if it really delivers on their claims? I certainly can’t. Nor can I do penetration testing or any of the other tests that would be necessary to see whether a service really delivers what it promises.
This is where third-party testing, audits, and reviews come in. Many companies now hire third-parties to come in and validate the service. The exact testing that they get done varies, as does the amount of test results they publish. But this kind of testing can at least give us some sense whether or not a product delivers on their marketing promises.
Open source code
Open source code can also make us more confident that a service will deliver on its promises. Why? Not because you or I are likely to review their source code looking for back doors or flaws in their algorithms. But because it is possible for someone to do exactly that. There are people out there who can, and do, dig into open source code looking for problems.
The more popular a messaging service is, the more likely that people are looking at the code, ready to call out problems. The simple fact that there are people willing and able to go through open source code like this means that errors are likely to get fixed sooner, and anyone trying to do something sneaky in the code will get called out publicly.
Self-destruction
The idea of providing security through self-destructing messages has been around for a long time. Today’s secure messaging apps have revived the idea of self-destructing messages, although they aren’t quite as dramatic about it as the old Mission Impossible team was.
Some services allow you to set specific messages to self-destruct a certain amount of time after they are read. Wickr Me goes so far as to make self-destruction the basis of their service. All messages and attachments will self-destruct after a certain amount of time. Depending on your use case for a secure messaging service, this could be a crucial feature.
Limited user data collection
Just because all your messages are securely E2E encrypted, it doesn’t mean that the service has no information about you. Most services collect a certain amount of user data. This could be your email address, your phone number, the IP address you connect to the service from, what time you connect, who you connect to, and so on. While collecting this kind of information might not compromise the security of your messages, it does reduce your privacy.
Depending on your threat model, the amount of user data a secure messenger service collects may not be important. If it is, you can easily reduce the impact of this data collection by using a VPN while using the messenger service. A VPN will hide your IP address and your location, even from the apps on your devices. Some of our top-recommended VPNs include:
- NordVPN – Based in Panama, zero logs, fast speeds, apps for all devices (see our NordVPN review)
- Surfshark – Based in the British Virgin Islands, zero logs, very low prices (see our Surfshark review)
Note: A VPN is not a silver bullet that hides all your metadata. It is just one of many privacy tools you should be using for basic digital self-defense. However, a VPN will securely encrypt traffic between your device and a VPN server, while also concealing your true location and IP address. See these best VPN services for more options and info.
The specific features you need
The security and privacy of a messaging app or service means little if it doesn’t have the features you need. Happily, most of the top secure messaging services continue to add features, reducing the risk that the one you want will be missing something you need. For example, the ability to run on multiple platforms is virtually a necessity, whereas the ability to send video messages or voice memos may or may not be, depending on your use case.
One “feature” to look for in particular is compatibility. Specifically, compatibility with the secure messaging services used by the people you need to exchange messages with. Telegram’s user base is growing rapidly and has over 400 million users. The rest of the top services have a small fraction of that user base. Depending on circumstances, you may need to compromise on the security and privacy front to be able to communicate with the people you need to reach.
FAQ
In this article, our goal was to give you several options to choose from when looking for a secure and private messaging app. But some people out there want us to pick a single winner. By far, the most frequently asked question we’ve heard when researching this topic is:
What is the most secure and private messaging app?
We get it that you want us to tell you that one particular messaging app is the most secure and private. But we’re not going to do it. While we have our own opinions on the subject, we prefer to defer to the 82nd Airborne. They recommended Signal and Wickr as the secure and private messaging apps to use in a combat zone. Who are we to argue.
Conclusion on secure messaging apps
Secure messaging apps remain a great alternative to standard email communications. We’ve said this for years, and even Edward Snowden agrees.
The secure messaging apps and services listed here each takes a slightly different approach to the problem of keeping bad guys out of your business. We’ve given you a quick overview of each of them here. We urge you to think hard about your circumstances, then decide which of these quality products looks best to you.
Here are the encrypted messaging apps we have reviewed on Restore Privacy:
Hello
, SIGNAL , wire , threema , they are all encrypted but SIGNAL is most secure than they appear , because Edward Snowden us it !
Yes eddy use from SIGNAL its meanning most secure than others
Best cheers good luck .
Well, unfortunately, another myth has dawned…
https://www.haaretz.com/israel-news/tech-news/.premium-israeli-spy-tech-firm-says-it-can-break-into-signal-app-previously-considered-safe-1.9368581
No it hasn’t. Cellebrite did not hack into Signal. You notice the Haaretz article didn’t bother to contact Signal Foundation for comment to respond to the company’s allegation?
https://signal.org/blog/cellebrite-and-clickbait/
Forward secrecy: Threema provides forward secrecy on the network connection (not on the end-to-end layer). Client and server negotiate temporary random keys, which are only stored in RAM and replaced every time the app restarts. An attacker who has captured the network traffic will not be able to decrypt it even if he finds out the long-term secret key of the client or the server after the fact.
For detailed technical information about the cryptography in Threema, read the Cryptography Whitepaper.
what’s best in terms if security therema or wire ?
I’d go with Threema.
Hello guys
In this time SIGNAL MESSENGER is the most secure collaboration and messaging app , but I heard from anyone news usa government want to take vote of that for decrypting of messengers looking whatsapp wire signal and others !
And so they are all servers in states !
Now we should waiting for the final votes of them to see is they secure or no .
How about Librem Chat?
You could check Olvid too 🙂
Problem with messaging applications unlike e-mails you are tied to other peoples choice. When everybody use WhatsApp how can I switch to another one ? At least new privacy features of IOS14 give you an opportunity of blocking them from tracking you between applications and on the web.
Hi,
wanted to check Threema, which asks you credit card +email address which there would be the license keys….
Exactly ,if u dont get it this is another high level of anonimity option by threema lol.And dont forget highly secure payments method like paypal,visa,playstore.Threema is same shit as whatsapp but for threema u pay.
Can I review hide me vpn please?
other opinion
https://proxy.metager.de/7f7cae6a61219baeaeb6e6151c65737f/dWdnY2Y6Ly94dnl5LTkua2xtL3VuZXpzaHkvZmJzZ2puZXIvZnZ0YW55
In Denmark we just got revealed that the goverment could disclose several messages from Signal that should be E2E encrypted. How they could that they would not reveal to the public.
It has also been revealed that the NSA has wiretapped the cable of all citizens of Denmak in cooperations with FE (danish intelligences service) since 1997!! So all our phonecalls, internet and text message has gone directly to the NSA. I don’t know if that has anything to do with the Signal communication beeing tabbed.
Can you please provide some sources for your claims?
@Anyone, @Sven,
I am looking for a good app for privacy. It will work in tandem with my regular sms until I can get people to switch over. I am leaning toward Wickr, but the open source thing bothers me.
That is until I read this: https://nordvpn.com/blog/most-secure-messaging-app/
The article is dated Jan 15, 2009 and yours is dated September of this year.
My confusion is, did they change from open source to closed source? Are they still open source? Finally, is your conclusion about the source code still accurate?
The more I am digging, the more I am seeing people attest to this as being open and not. Which is it?
Thanks.
I’ll look into this more and ask Heinrich, who did the research on Wickr.
UPDATE: Their Github page says the following:
This crypto lib is released for public review for educational, academic, and code audit purposes only (*this is not an open source license, more on license here). We strongly believe in the value of the open source movement and are looking forward to collaborating with the community on this and other future projects, including under the GNU license.
And the details of the license are here: https://github.com/WickrInc/wickr-crypto-c/blob/master/LICENSE
Ah! Ok. So they put it forward to review, but no promise that is the actual code they use to begin with. At least that is what it looks like. Unless the license details are clear that this is what they operate by which I didn’t see.
But then why not just open it up as a FOSS?
So they want to look like they are transparent but not enough to unveil the entire code for others to work on. Sounds shady. I read somewhere that they took money from the US government, but upon further searching, I could not find that. I did find the Air Force Contract that was given to them.
However, some things to note is what they do when served with legal documents: https://wickr.com/privacy/
I am just not sure if I feel confident enough with them since they are a US based company (California) and not open source per-sey.
Thank you Sven for looking at this. I appreciate it.
No problem J.M.
If Wickr seems suspicious to you especially given its US military ties, perhaps Threema will suit you more. If you’d like messengers with more advanced setup, consider trying out Element/Matrix or Jabber/XMPP.
How about element.io ?
Telegram: “Has not shared any Transparency Reports”
–>
“If Telegram receives a court order that confirms you’re a terror suspect, we may disclose your IP address and phone number to the relevant authorities. So far, this has never happened. When it does, we will include it in a semiannual transparency report published at: https://t.me/transparency.”
See: https://telegram.org/privacy#8-3-law-enforcement-authorities
Good catch. It’s fixed now.
tinfoil chat?
What about silent circle? Thx
One other cool messenger application I came across is Silence. It is free and open source, integrates SMS messages on Android devices, and includes an option for people to send their contacts encrypted messages.
https://silence.im/
Why not Matrix and Other Decentralized Platforms? Pls consider Matrix and Jabber/XMPP
I can’t believe you haven’t considered the requirement of many of (the Android versions of) these apps to use FCM. Any app requiring FCM simply can’t offer privacy (security yes, privacy no). Google can trivially reconstuct timelines of received messages (metadata, not content), and quite possibly even link two people together having a (real-time) conversation. Apps independent of GSF deserve upgrades in your rankings, while apps that require it should appear lower on the list (if at all).
Briar is missing
@ wire
on the wire web page is no one reference point to free account, only on different paid accounts so I doubt that the Wire is encrypted for free users.
No. It is fully encrypted, exactly like the paid version. The free Wire account is discussed more in our Wire review.
Nice article! I would like to add more apps to try which are secure messangers which are threema, session and usecrypt messagner. Usecrypt and threema have a payment uou need to pay but session as far as I know is free but use an end to end service with onion as well. Including something they created which is call loki, check it out if you want more options.
Also to point out about the vpn thing. I think is pointless to use a vpn on your phone because cell towers can still track your geo location and wifi as well. You could try netguard to block the signals mainly apps on your phone, but the phone itself is much harder. Edward Snowden confirmed the tracking in one interview he had and one of his new book.
There are many uses for a VPN. Using one on a mobile device is certainly not pointless, as it still encrypts traffic, unblocks georestrictions, prevents your ISP from collecting all your browsing activity and handing this over to government agencies, and offers more security on public WiFi…. just to name a few reasons.
And if you want more anonymity, then simply control your communication channels and disable what you need, including radio.
What about Jami?
never used it, but totally agreed… it looks like a very viable option… along with xmpp and even keybase.
on that note, since telegram is listed, why not jitsi? it’s kind of complementary, since telegram doesn’t do video and jitsi chat sucks because it’s focused on video.
Main con of SIGNAL is SMS registering in the USA with a (+1xxxx)phone number. As soon as you have done the sign up with SMS , you said to the N5EYE ” hi! This is my number and i’m using signal, so please go to the assigned signal aws networks for encrypted coms to find out more “.
Sessions is a better idea, but only if you are not forced to send or exchange encryption keys via unsecured coms .
Any app that depends on Google services to function correct is corrupt, and I prefer apps which are made by people who do not share them on Google playstore, but on their own download site. This is part of the new ” store wars ” trilogy, episode 1 ” the woke open source “.
May the source be with you
Nice update. I’m recently wondering why Whatsapp isn’t on top messenger app indeed. Besides being owned by Facebook, it has default E2E encryption messages and calls and huge database.
Signal is great and must have because it can replace Text Message default app on Android, so anyone can install it and just replace the old texting app, as you can send a message either via Signal either via standard network plain unencrypted text message.
I’m considering quitting Telegram as it indeed doesn’t have E2E by default, not normal, and doesn’t have video call. Even if I find their functionalities epics.
Other apps doesn’t have enough members to be interesting to use.
So my only question is, why not using Whatsapp now ? Everything (messages, photos, video, files, and calls ) are now E2E so even govs cannot require access to messages as they are E2E
1. Owned by Facebook. (Would you really trust Facebook with your privacy and security?)
2. Not open source.
3. Other messengers, such as Signal, have updated security and better features.
1) OK but imagine it’s open-source. If something is open-source and E2E, it doesn’t matter who owns it right ? Or is it by principle ?
2) That’s sad indeed. And killer.. Meaning they can hide whatever they want right?
3) I wouldn’t say Signal has better features (lack a lot) but ok
Thanks for the answer.
I’m still asking for my contacts to come on Signal. Converted few of them but still can’t get rid of whatsapp
well, Telegram got to this list, and it’s owned by VK (which is basically a 1-to-1 copy of Facebook) creator Pavel Durov, doesn’t have E2E by default (which WhatsApp has, and uses Signal protocol)… moreover, they try to explain it here https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by-Default-08-14 and also are ignorant enough to say that Signal doesn’t offer message backups (which is a massive lie)…
moreover, it has been said before that VK and Telegram are actually working with Russian secret services, even though they PR themselves with a lot of examples where Telegram did not share any date with Russian governments…
I’m not a big believer in conspiracy theories, but we are speaking about Russia, where the president is an ex-KGB Russian “emperor”, and Pavel Durov is a super pro-Russia guy, who also has a couple of articles where he explains why Russia is better than USA…
In other words, a messaging app which which belongs to Russian “Zuckerberg”, with NO encryption by default, with a strange proprietary encryption algorithm gets to the list of “Recommended secure messaging services”, whereas WhatsApp doesn’t….
Moreover, Telegram database has been leaked recently…
Thanks for the article team RP. Looking forward to including more messengers! Agreed it’s lacking in selections compared to most articles online. At least Threema, Riot.im/Matrix and Jabber/XMPP should be added.
Here’s an interaction article found online, discussing messengers https://securechatguide.org/centralizedapps.html
@Sven,
I just decided to try Wickr. Another thing that I saw, on Android anyway, is that Google Play needs to be active.
If so, would that be a negative, or is there a work around? Thanks.
How about Jabber/XMPP with end to end encryption like OTR or OMEMO?
or jami, as per my other comment…
not to mention another one i haven’t tried myself, mattermost, because it requires you to host your own server…
but yeah, xmpp doesn’t get enough credit!
fdroid even have a completely free forked app there, called conv6ation (original is conversation, but that requires a paid server).
Here is an interesting update.
There is also a good segment at the end to heighten security in your phone.
https://getsession.org/session-user-analytics-and-anonymity/
Why Threema being avoided all the time in messaging services?
Missing “Threema”?!
Threema is limited to only iOS, Android, and a “Web app” – unlike all the other secure messaging services in this review, which offer desktop and mobile clients. And we also haven’t reviewed it yet, although I did test it out on mobile in 2016/2017 (and it worked well). We’ll get a review of it done and then consider including it to this guide in the next update.
any update on Threema? Really love it!
How come Telegram, which is non-privacy friendly (Encryption available only in Secret Chats, which you can start only with your contacts, logs a lot of data about the user, MTProto flaws, etc.) got to “Best Secure Messaging Apps”, and WhatsApp, which encrypts messages by default, using Signal encryption protocol for that, didn’t? Moreover, chats like QTox, Riot, Session are way more secure than both… Telegram shouldn’t be up here just because it has a massive user-base…