The content of your messages and the metadata associated with them should be secure and private. Unfortunately many messengers out there fail to do this.

In an ideal world, you'd avoid non-privacy-friendly messengers such as Facebook Messenger and WhatsApp.

You should also aim to avoid carrying out private or sensitive conversations on social media direct messaging (DMs) and even Apple's iMessage system.

While iMessage is encrypted and arguably better than messengers like WhatsApp, metadata is not necessarily "safe." Simply, better options out there exist for those seeking even more security and privacy in their messaging communications. The messengers listed here have a reputation for robust security and are considered private by design.

Session

Session is a decentralized messenger, utilizing the Oxen Service Node Network to route messages in a similar manner to Tor. It is developed by Oxen and has a focus on privacy – specifically the protection of metadata – and security.

Session does not require a phone number (or any potentially unique identifier) for use. Accounts on Session are created using a SessionID; this SessionID is not a username/password combination and instead has a unique-to-you seed phrase attached to it for recovery purposes.

Additionally, users’ local Session databases can be encrypted with a PIN code. Session does not collect metadata or any personal data. Session's decentralized nature and use of "onion" routing makes it resistant to censorship.

Session supports group chats, voice messages, and sending file attachments. Voice and video calls are a beta feature as of writing. These communication methods are all encrypted and the network has zero knowledge of metadata surrounding communications; because of this, Session states that there’s nothing to leak.

Session’s client does not use tracking methods nor display ads.

SimpleX Chat

SimpleX Chat does not use any identifiers - not even for message routing. Users create profiles and databases stored on their devices. By extension, SimpleX does not collect any information, including metadata.

SimpleX Chat uses the SimpleX Chat protocol, which has been audited, to route messages. The SimpleX Chat protocol primarily relies on temporary anonymous pairwise identifiers to send messages. Users can choose which server(s) to send messages; as a result, every conversation could use different server(s) for message routing.

SimpleX Chat allows users to create links or QC codes to share their address, so other users can connect and chat. These links can be deleted or set as a one-time invitation link. Sending contact addresses via links or QC codes shares your profile with the receiving user. Users can enable the Incognito Profile setting to decrease the likelihood their profile can be linked to other activity.

Any data storage is done on the client devices. Data stored includes user profiles, contacts, and groups. Users can enable a lock for SimpleX Chat to more finely control who has access to your SimpleX Chat profile on their devices from a local risk or threat.

Users can also connect to the SimpleX network using Tor. SimpleX Chat has a robust groups feature, allowing users to create private groups that require a shared invitation link to join.

SimpleX Chat supports markdown in message composition. The SimpleX Chat client does not use tracking methods nor display ads.

SimpleX Chat is available over command line interfaces (CLI) for Windows and Linux operating systems. SimpleX Chat is also available for both iOS and Android devices.

Signal

Signal is a well-known private messenger developed by the Signal Foundation. It’s available on most platforms and implements the Signal protocol, which has been audited over the years by different third-parties for security. Signal relies on centralized servers for message routing; however, voice and video calls are P2P.

Signal also requires a phone number for account creation and use of the service. The phone number serves as an identifier and establishes the account, but a VoIP or landline number can be used as long as the user has a method for receiving the mandatory verification code.

All communication to the server is encrypted and Signal has stated the server does not log sensitive metadata such as who called whom and when. However, for the purposes of relaying messages, user verification, and fighting spam, Signal's servers have access to metadata about the sender and recipient.

Contacts are encrypted on the user's device(s) using a pin, preventing the server(s) from having access to users' contacts. Users can the Sealed Sender feature – available for use only for those in your contacts – to minimize any metadata associated with communications, thus making communications even more private and secure.

Signal’s client does not engage in any tracking methods on its client nor does it display ads.

Briar

The Briar Project describes Briar as a “messaging app designed for activists, journalists, and anyone else who needs a safe, easy, and robust way to communicate.” In short, Briar is also available for users who want more privacy without relying on any kind of centralized servers.

Briar does not rely on centralized servers for message routing. Messages are . Briar is also not completely reliant on an internet connection to work; it can use Wi-Fi or Bluetooth to transmit messages between clients (who are contacts) in close proximity to each other.

Users can add contacts to Briar using the “add contact nearby” or “add contact at a distance” functions. The nearby option generates a QR code, which the desired contact can scan; the distance option renders a link you can send to your desired contact.

Briar account information is stored on the user’s/client’s device and encrypted with the set password created at time of account creation. Briar does not collect any information.

Briar's client does not use tracking methods nor display ads.

Briar is available for Windows and Linux operating systems. Briar is also available for both iOS and Android devices.

Threema

Threema is a well-respected messenger developed by Threema GmbH, a business based in Switzerland. Threema decentralizes some data such as contacts, group chats, and private keys and stores these on user devices – Threema’s servers don’t store copies of these types of data. Threema’s servers transmit messages using E2EE.

Threema does not require a phone number or email for use. Instead, ThreemaIDs and the “key pair” (one public key, one private key) are used to establish accounts. The public key of the key pair is sent to Threema’s servers for distribution to chat partners.

Threema supports voice and video calling, group chats, polling, communications with chatbots, and file sharing. It’s worth noting that Threema GmbH also provides other privacy-friendly and secure apps/services geared towards large, medium, and small organizations.

Use of Threema on the desktop requires the application to be installed on a mobile device. While Threema is open source, it’s ultimately a paid app/service; the price of the Threema app covers costs associated with the maintenance of server infrastructure.

Threema doesn’t collect personal information or metadata. Threema’s client doesn’t engage in tracking users or displaying ads.

Element

Element is a messenger based on the Matrix protocol, an open standard and communication protocol for real-time communication. Matrix supports federation and you'll find a variety of servers hosting Matrix-based messaging/chat solutions.

Many of the initial/main developers for the Matrix protocol work for Element. Interestingly, Element allows users to choose the server where their data will reside. Element does not require a phone number for account creation or service use. Messages are sent using E2EE, however, group voice and video calls are not E2EE.

Element supports messaging those completely outside the platform through the implementation of "Bridges." Bridges allow users on Element to communicate with those using another messenger, such as Telegram, Signal, or even the privacy-unfriendly WhatsApp. The free tier of Element allows for unlimited use of most features but relies on free public servers for rendering the service.

NOTE: Element Web in particular relies on federated servers and while this allows for considerable resistance to censorship, it’s important to note data is stored on involved servers. Therefore, the server where a user chooses to house their data should be reasonably trusted; usage of an untrustworthy server could compromise your privacy.

Element's client does not engage in tracking nor the displaying of ads.

A word on Telegram

While free and open source, Telegram is not generally recommended primarily because it does not support E2EE by default. In Telegram, E2EE is only enabled when using the Secret Chat feature. Group chats are not and cannot be encrypted.

This lack of encryption has consequences for both privacy and security - Telegram owns the keys to your messages. With end-to-end encryption (which Telegram does not support by default), your messages would be encrypted on your device with your key (or derived key, depending on implementation) prior to upload to the server. So, in theory, without E2EE anyone with varying access levels can read messages, and those reading may not necessarily be intended recipients.

Telegram operates in the cloud, and while this does have good portability across multiple devices and device types, the service provider (or anyone with access to the cloud server) could theoretically read them at any time, assuming they have the decryption key. Telegram owns its servers and parts of its infrastructure, and claims to store encryption keys at different data centers, so presumably the data stored on their servers shouldn't be directly accessible by third parties.

However, this isn't a 0% possibility given the data Telegram collects and the lack of client-side encryption/E2EE implementation. Regardless, Telegram always has access to the decryption keys for your data - using the platform requires placing a rather uncomfortable amount of trust in Telegram. For example, Telegram falls into an eerily similar trap that WhatsApp does regarding reporting messages where Telegram staff can - and will? - read your messages if reported for "spam or abuse" to the service.

According to Telegram’s privacy policy, the service itself logs IP addresses and phone numbers. Users outside of the US have access Telegram's anonymous phone number registration service, which must be paid for using Fragment and Telegram's TonCoin network. Telegram collects and uses aggregated metadata, such as the Telegram apps and devices you use. Also according to Telegram's privacy policy, they may share this data with third parties.

By default, Telegram also has direct access to metadata (especially since chats are not E2EE). Metadata can de-anonymize you and can be shared with third parties. Metadata is just as valuable as the message contents and can alone can tell most of the story without revealing the explicit content of the communication; message metadata, even at its most basic form, often includes who sent/received a message and when it was sent. These are two powerful data points, especially when collected over a period of time.

Despite Telegram’s stance on using user information for ad and tracking purposes, this lack of client-side encryption combined in regards to storing messages in the cloud is a major cause for concern; this set up allows Telegram access to your messages and potential snooping by third parties, as Telegram could easily decrypt messages. Allegedly, Telegram has been accused of data sharing with governments.

Criteria for secure messaging recommendations

At a minimum, to be listed as a recommendation on avoidthehack, secure messaging solutions must:

Be Open-source

When it comes to messengers, closed-source platforms have proven time and time again any trust placed in them must be minimal. At best, no trust would be placed in them, which raises the question of why not find a better platform worthy of some trust?

Especially for messengers, open-source promotes transparency that the messaging platform is indeed using robust encryption and protocol implementations preserving user privacy and user security.

Use end-to-end-encryption

Messaging platforms must use authentic end-to-end encryption, verifiable via open-source. Preferably, the specific protocol and messaging platform uses would have been audited by a reputable third party and present results of audits publicly.

Minimal data collection at sign-up

The messaging platform must not collect excessive personal identifiable information (PII).

If the messaging platform insists on collecting phone numbers, then it must permit registration with VoIP numbers or non-SIM numbers.

Anonymous registration is preferred.

Minimal metadata exposure

The messaging platform should expose minimal metadata. Preferably, the platform would not expose any metadata to any servers or other third parties.

Any metadata should not be shared with third parties or used for any kind of advertising.

Free from ads

Apps and clients should be free from advertisements. AdTech is about privacy and cybersecurity unfriendly as it gets.

Availability across multiple platforms

For accessibility and portability, messaging platforms should support a minimum of three (3) different platforms, one of which must be a mobile platform (Android or iOS).

Security audit of messaging protocol

For more robust security and transparency, messengers listed here have had their protocol (their method of routing data - primarily messages) audited.

While a "successful" or satisfactory security audit is not a tell-all of a messaging protocol's security, it is conducive for transparency.

Out of beta/alpha stages

Messengers listed here should be completely out of alpha and beta stages. Beta software can be buggy and frustrating for users to use reliably in their day-to-day.

Final thoughts

Using private and secure messengers here in place of options such as WhatsApp and Telegram is important for those seeking more privacy in their communications with others.

In some cases, you may also want to avoid transmitting more private details over text message (SMS) as well. SMS is an unencrypted protocol, and the contents of your messages can be intercepted by third parties.

While the likes of iMessage is encrypted for Apple users, it's important to note that your metadata - such as your IP address, the number you're communicating with, and the time you searched for the number/communicated with it - may still be up for grabs. Understand that while your message contents themselves are safe, Metadata can reveal much of the "story," especially when combined with other data. The options provided here mitigate this.

Happy (secure) messaging and stay safe out there!