Secure and Private Messengers

Messenger Recommendations

Key reads...

Many "encrypted" messengers collect/share a lot of data

Despite implementing their versions of end-to-end encryption (E2EE), many "encrypted" messengers out there collect a surprising amount of data, which can include:

  • Account creation with the messenger may require a valid email address or a phone number. In some cases, the messenger may only accept a phone number attached to a SIM card as opposed to a VoIP number.
  • The messenger may require direct access to your contacts and continually “scan” your contacts for additions. In some cases, the messenger may utilize connected Wi-Fi networks and location data to “guess” who may be a viable contact.
  • Some messengers may aggregate data attained from third parties.
  • Some messengers display ads, which often come with their own trackers and invasive practices.
  • Some messenger servers collect and store metadata, such as to whom and when a message was sent or received.
  • The messaging service may collect telemetry and usage data such as setting preferences, frequency and duration of interaction

This list is dependent on the messenger and its corresponding privacy policies and is not designed to be all inclusive.

Depending on the "encrypted" messenger, your data may be shared with advertisers, third-parties needed to carry out the service (ex: cloud providers), or third-parties not necessary for carrying out the service (ex: data brokers).

Generally, people may feel as long as the messaging services aren’t reading the contents of their messages, then their privacy is not at risk. This assumption is troublesome because in many cases, the real “juice” is often in the metadata - or any data attached to but ultimately existing outside the message contents itself.

Metadata can be just as critical as actual message contents and often includes (but is not limited to) who a message was sent to and when the message was sent.

For rather obvious reasons, who a message was sent to itself can be significant enough on its own, especially if the users have been identified with rather unique identifiers, such as a phone number attached to a SIM card. Knowing when a message was sent to a user can establish a pattern; especially if the central servers relaying your messages are logging and storing these particular data points – as many do.

Over time, just with tracking these two metadata data points alone, we can start establishing clear patterns - for example, User A may message User B every Thursday at 5:00pm for approximately an hour.

Combine this metadata with other data messengers may collect and store on their servers – like location data, saved contacts, and device information -- and users will find that a lot can be “told,” all without ever reading the contents of their messages!