Updated 20. august 2024
In part 1, I explained why encrypted messengers are important. In this part, we will look at particular messengers and compare them.
Signal
Let’s start with probably the most well-known and widely used secure messenger – Signal. It’s been in development since 2010, but the first version of what we know as Signal came out in 2015. As of January 2022, it had over 40 million users.
Each Signal user is currently identified by a phone number. This is for easy contact discovery – if you want to write to someone and you have their number in your contact list, you don’t need to do anything other else – just write them a message. This helps the Signal network effect a lot. On the other hand, if you want to be anonymous, you need to buy an anonymous phone number. This can be done using various online services or by buying an anonymous SIM card. You can do this for example in the Czech Republic as I write this (april 2022).
You can run Signal on your mobile device as well as on your computer, and the two devices can be synchronised so you can start the conversation on your mobile and finish it on your computer in the Signal Desktop app. The primary device is always the smartphone, which has a phone number associated with it. You pair Signal Desktop with it by scanning a QR code. The pairing is also encrypted and secure.
In addition to text messages, you can also send voice messages, make phone calls (including video). Signal also works with groups that you can set up – only admins or everyone can post messages, groups can be open (any member can add another or use the link to add to the group) or closed (admin must approve each member). You can also do group video calls (currently up to forty participants) and send voice messages in a group. As for groups, what’s also interesting (and unique to Signal) is that the Signal servers don’t see the membership of groups, their name, much less their content. That is, Signal operators can’t even answer the basic question “is this user a member of this group?” or “what groups is this user in?”.
You can delete messages a few minutes after they’ve been sent (if you make a mistake), but of course if someone has already seen them before you delete them, there’s nothing you can do about it. An interesting option (which is missing in Threema for example) is the ability to set up so-called “disappearing messages”. You can set this in a conversation or in a group and change the setting at any time. Disappearing messages ensure that everyone who gets a given message deletes it from the device after a certain amount of time (hour, day, week, etc.). Of course, an attacker can save the messages, but this setting is especially good because if you’re texting someone about something and someone gets to your phone in a few months, they won’t be reading long-outdated old messages. Of course, you can manually delete conversations in Threema too, but the automatic deletion in Signal relieves people from having to do it manually. It’s like with backups – unless they are automatic, you forget to do it.
Signal also has payments using the MobileCoin cryptocurrency in beta. It has similar characteristics to Monero in terms of privacy. The advantage is that, as with Signal communication, you don’t have to exchange addresses with anyone. If you want to send someone a cryptocurrency from your wallet, you send it the same way you would if you were sending a picture or document in a Signal conversation – to a phone number. Signal will make sure to find out the address where the cryptocurrency needs to be sent. However, despite the network effect and the number of Signal users, this cryptocurrency has not won the hearts of investors and users. This is evidenced by the fact that after the initial craze with Signal integration, the price has bounced back and at the time of writing these lines (April 2022), it is on a 227th place among cryptocurrencies in terms of market capitalization. This means a slow journey towards market cap of zero and very probable death. The problem, in my opinion, is mainly that there is no easy way to buy the first MobileCoins – you basically have to use centralized exchanges where you have to have an account and buy it with Bitcoins (which you need to get somewhere as well). This is a huge barrier for most people from Signal’s target audience that are not crypto-savvy. We’ll see if Signal can reverse this and if it will be easier to get access to this cryptocurrency. Integration into simple decentralized exchanges could help. I think privacy-preserving payments have their place in crypto communication tools, but I don’t know if MobileCoin and Signal will be it – probably not, I would bet on slow death.
A few positive things about Signal. The applications are open-source, including a well-described open protocol. Therefore, we know what encryption techniques and algorithms they use. We can also verify that the app in the Play Store is compiled from source without adding additional code (thanks to deterministic builds). Of course, end-to-end encryption is provided, including the ability to verify that the server isn’t cheating with the keys (key verification using a QR code in a face-to-face meeting). The application has been audited by third parties, logs very little metadata (last account login time). A disadvantage for privacy, but an advantage for Signal propagation, is the necessity to use a phone number to register. Signal servers run in the cloud (which is fine, because although they forward messages, they don’t see the content), but you can’t connect Signal client to your own server. So the service is centralized from that point of view – if the infrastructure goes down, communication via Signal doesn’t work.
You can protect yourself against SIM swap attacks by setting a PIN or password. If someone gains access to your phone number and wants to activate Signal on it, they won’t be able to do so without a PIN. However, if the attacker still succeeds, they won’t be able to access previous messages and everyone you communicate with will see that the keys have been changed. If this happens, it’s a good idea to verify what happened (ideally in person or with a video call – until fraudsters start using deep fake videos).
Signal also tries various techniques to circumvent censorship and blocking of services. However, I can’t evaluate how successful they are, because fortunately I live in countries where censorship of encrypted communications does not happen (yet).
Signal’s operator, the “Signal Foundation” lives on voluntary contributions. Anyone who contributes gets a badge for their profile photo so you can “signal” support for your favorite messenger.
Element / Matrix
Element is a messenger that uses the Matrix protocol. However, you can choose to use other apps to use the Matrix communication network and communicate in a way that suits you. Matrix is similar to email in many ways. As with email, you can use different client apps (in the case of email, these include Outlook, Gmail web client, Thunderbird, Postbox, mutt or the native Mail app from macOS and iOS, Protonmail, etc.) and also different server infrastructure providers (Protonmail, Gmail, Seznam, …).
With Matrix protocol it is similar. You choose a client – for example, Element, which you can use via a browser, or as a desktop or mobile app. You choose a server where you have an account and which holds (encrypted) messages for you until you connect. Similar to email, you can also communicate with other users who are on other servers. This has the advantage that you are not dependent on one operator. The system can also operate in “island mode”, i.e. if your Internet connection goes down but you have a local server, you can continue to operate within your local community that can reach your server. This has been used in the conflict in Ukraine, for example, where local operators in individual cities run Matrix servers. If everything works, they can communicate between cities and with the whole Internet. Even in groups there can be members from different servers. But in the event of one city’s connection going down, at least the ability to communicate between users of that city’s server is preserved.
Element is therefore a decentralised network – nothing depends on a single operator. Just as there is no way to “turn off email”, there is no way to turn off the entire Matrix network. Warrants are also complicated. You can use different jurisdictions based on your beliefs or connect to a server that is connected via the Tor anonymization network and bypass the physical locations entirely.
Compared to Signal, I especially like the ability to create “spaces” in Element, which is similar to Slack teams or Discord “servers”. It’s a list of people and rooms (groups). If you would like to join more groups of an organization on Signal, you may have noticed that you have to join each group separately. In Element, just add a space and you can see all the rooms straight away.
A few extra details that are better than Signal are support for voting (polls), support for threads and you can decide whether to make the history available to room users who join as well, or whether they will only see messages from the time they joined the group.
Anonymous registration is also an advantage, but it means you need to find the identifier of the person you want to communicate with. This is in the format @username:matrix.org – matrix.org in this case is the server on which the user is registered. So if you want to start a conversation through Element, it’s not as easy as Signal, where you just open the app and text whoever you have in your contact list. On Element, you have to find out from your contacts what identifier they have or invite them using a special link. You can add an email address and phone number to simplify the search, but almost no one does that.
A big advantage of Matrix is the ability to create bridges to other messengers. You have to run these yourself or you can buy them from a company that operates them, but you can get Slack, WhatsApp, Discord, Telegram, Microsoft Teams, or even Signal users into Element. Beware, if you don’t run the bridge yourself, the operator can see the decrypted messages. For example, if you want to use one messenger for everything or connect to other bots, systems, and so on, there’s a diverse ecosystem for that in Element.
What is the security? The encryption is quite good, but the important thing is how to verify that the server is not lying to us and showing us a different key. Similar to Signal or Threema, for example, we can authenticate the user by scanning a QR code when we are present in person. But it’s also possible to authenticate using an emoji. Both parties receive several emoji images during authentication, and their job is to verify in a secure way that they are the same. They can do this in person or, for example, via another encrypted and signed method of communication. Or, at worst, via an encrypted video call. Of course, if you use the same and trusted server (for example your own), you don’t have to do the verification.
Similar to Telegram, you can make “bots” that can tell you the price of Bitcoin, arrange a meeting, connect you to another communication service, see if you have any new tickets on github, or a number of other things. If you want to tweak your Matrix installation, you can then use Element (as a Matrix client) for virtually all your communication needs, no matter what channel your users are writing to you through.
My criticism of Element and Matrix is primarily regarding the occasional instability. Sometimes the keys are not synchronized and messages don’t arrive or something takes longer to load. I think this is the price of a distributed architecture.
In terms of privacy, the downside is that the servers can see who is communicating with whom (but not about what) and who is a member of what group. This problem can be partially solved by running your own Matrix server and communicating only with users within the server (e.g. in the case of corporate communications). But the fact is that metadata is flying through the network more than I would like.
DeltaChat
If Element is similar to email in architecture, then DeltaChat straight up uses email. You connect it to your email provider using IMAP and you can create groups. In the background, DeltaChat uses the AutoPGP protocol to automatically encrypt messages. Since the messages on the server are also accessible via IMAP from multiple devices (just like you can read emails on both mobile and desktop), synchronization is solved. If you can’t see your own messages on other devices, turn on the “Send to self” option.
Group conversations are simply emails with multiple users in the copy (but DeltaChat puts them nicely into the correct group – with a name and icon).
DeltaChat is a very simple application for communication, but because it uses existing infrastructure it can be used by anyone who is comfortable with email. Beware, encryption using PGP (and AutoPGP) is a bit archaic. Server operators can see who you’re emailing and how often, if you leak a key it can be used to decrypt all messages from the past (no perfect forward secrecy), and so on. On the other hand, it’s a nice minimalist communicator, without support for more complex features like voice calls and video calls and such.
Threema
Threema is one of the first popular encrypted communication tools. Compared to all the other apps in this review, it is the only app that is paid for regular use. At the time of writing, the price of the application was about 4€/4$ (one-time fee). Threema has ten million users and additional services for companies such as Threema Gateway or Threema Work for teams.
The main advantage is the ability to create accounts anonymously without having to link the account to a phone number. If you are an Android user, you can even pay for the app with Bitcoin.
I personally miss the disappearing messages feature. Although Threema pretends that the security of disappearing messages is questionable (aren’t traces of messages found in the operating system logs?), but manually deleting messages is definitely inconvenient. Threema in latest versions can delete (“unsend”) and edit messages manually. Threema users can set global auto-deleting of messages, but there’s no way for the group operators to enforce this, so it is more a storage maintenance feature for users, than a security feature.
Group support is also at a relatively low level. The group creator is also the sole administrator of the group. All members have to be added manually (for example, linking to a group is not possible as in the case of Signal). It is also not possible to specify who can post in the group.
Threema definitely has a place among encrypted communicators, especially in the corporate environment, especially in the European Union, due to GDPR.
Session
Session started as an attempt at a decentralized “version” of the Signal messenger, even the app was very similar to Signal. The added value is key management as we know it from the “cryptocurrency world”, where a person can back up their identity by writing down 12 English words (called a seed phrase). User identifiers are random-looking strings of characters that represent a public key. Because of this, there is no “authentication” of users – if you can write to someone and have the correct address, you can be sure that no one has given you the wrong keys. The downside is that there is no way to write to someone without knowing their Session Identifier. You have to exchange that through another channel. Unlike Threema, there’s no way to assign a phone number either.
The advantage is the possibility of in-person contact exchange with a QR code, which, for example, Signal does not allow.
Session promised Tor-like anonymization from the start, but for a long time it was just a promise. The protocol has changed over time and doesn’t use the same encryption as Signal. Session thus lost perfect forward secrecy and plausible deniability.
At the time of this writing, Session is finally getting better and in some circles where anonymity is important is a messenger of choice. It also lacks advanced capabilities such as confcalls or group video calls. But you can send media, voice messages, write in groups, or do one on one voice and video calls (in beta).
It also has the advantage of a high-quality desktop app that syncs with the mobile app.
SimpleX Chat
SimpleX Chat is the youngest app I included in this comparison. It focuses on privacy and protection from metadata collection. It is unique in the fact that it uses no user identifiers, and linking using a QR code or an URL will create asymmetric connections between users, so sending and receiving messages is not easily correlated.
In incognito mode, it is not possible to link a single user (even by profile name) across, for example, multiple group memberships. SimpleX does not use centralized servers for communication, and each direction of communication can go through different relays.
As for the user interface and reliability, you can see that the app is still under development. On the other hand, most things work – even simple audio and video calls (why simple? during a video call, for example, the sound did not come from the phone’s speaker for videocalls, so I had to put on headphones).
SimpleX is an interesting solution for people who prefer anonymity, don’t want to register on servers and the like. However, for communication with family or within a business, SimpleX will have to wait – for example, the desktop app exists, but the connection requires pairing with a mobile device each time and you need to be on the same wifi network without AP isolation. But if you don’t want to give someone a permanent identifier, but just need to agree on something, it’s a good option.
Status.app
Status.app is a combination of an encrypted messenger with a web3 wallet and a decentralized application browser. The wallet (or one of your wallets) is also your identity on the network. Despite the strong integration to the web3/Ethereum ecosystem, you can use it for free and without having any cryptocurrency – purely for communication. In the background is the decentralized waku protocol, whose nodes are operated by the community. In case you have cryptocurrencies, you can buy a “name” (an identifier) for example.
With the new version of status Status, you can create communities whose membership can be (optionally) conditional on owning a token, and should allow communities to vote or co-sign cryptocurrency transactions soon. Status thus aims to become more of a decentralized Discord-like “super-app” for communities, than just a simple messenger.
For added security, Status also offers a hardware wallet that works for signing transactions. However, this one is not on the level of wallets like Trezor or Ledger, in my opinion, because it doesn’t have a display – you use it by putting an NFC card close to your device, and thus you don’t know what you’re signing. They are working on KeyCard Pro that will be a full hardware wallet with a display for the KeyCard.
Status also works on desktop, you can use it to take out (on mobile or desktop) a decentralised loan or use other apps from the DeFi ecosystem. It’s performance as an encrypted communication tool it is good and very user-friendly.
The downside is identity, which works similarly to Session. You can buy an easily identifiable name that will only be yours.
In terms of integration with cryptocurrencies, Status is better off than Signal, which only allows you to use the not very popular MobileCoin currency. On the other hand, the privacy of payments on the Ethereum network and its L2s is probably the worst of all cryptocurrencies, so on the one hand you do have encrypted messages, but the payments are too transparent.
However, community and token support is something I’m personally looking forward to and I am watching the status of Status as it evolves.
Sideband / nomadnet / reticulum
Another interesting technology is mesh networking. Meshtastic allows communication over the LoRA protocol, which works very slowly but over longer distances. The communication is unencrypted by default and requires specific hardware. An example of a proprietary solution is the well-known goTenna project.
To me, the most interesting open-source solution that works also over LoRA, that also supports encryption, is the Reticulum protocol and the nomadnet and sideband messengers. Nomadnet has a text interface, sideband works on most platforms with a graphical user interface. You can communicate over local wifi without configuration, over servers (you can run your own server), and also just over the LoRA network mentioned above. With this stack, you can create a connection even over longer distances, which is slow, but works even without internet. The Reticulum network protocol that powers these communication tools always finds a path that works (if it exists).
The packets are encrypted by default. It also allows storing messages on propagation nodes, if there is no direct connection. I use this protocol for example, to monitor systems.
Keet
Keet is part of the Holepunch a Pears projects. It focuses on true peer to peer communication without any servers. With Holepunch, it creates a peer to peer network directly between individual users’ computers, even if they are behind home networks and routers. Video calls or file transfers thus do not have to travel through third parties and are faster.
Keet is at a very early stage of development, supports mainly rooms, not 1:1 communication, and its encryption scheme is not well documented. Nevertheless, it is interesting that it focuses on peer to peer communication and provides a framework through which you can develop peer to peer communication tools, including for example the already functional port tunneling program Holesail, or the remote desktop control tool Peerviewer.
Unfortunately, the current version is not fully open-source, according to the authors, they are trying to avoid copying and releasing it with some crypto token by third parties. If security is our goal, Free and Open Source is an important aspect, but I believe this problem will be solved soon.
Nostr and Nostr-based apps
Nostr is an interesting protocol for social networking. The advantage is that you own your identity, including your social graph (who you follow). This allows you to use one identity across different applications. Probably the most well-known is the classic social network similar to Twitter, but you can find many other apps. Once you have your friends on this social network, it’s good if you can write to them straight away without having to search for any of their other identifiers.
You can do this with direct messages on Nostr, but their privacy is very poor. The 0xchat or keychat projects are trying to address this problem. 0xchat is compatible with NIP-17 standard (compatible with Coracle and Amethyst for example). Keychat is unfortunately not compatible and therefore I think that for using Nostr as an encrypted messenger, it is best to wait and see which standard wins. But you can at least follow me on the social network.
Other encrypted communicators
Many readers will immediately write to tell me that I haven’t mentioned their favourite encrypted communicator. It can be Wickr Me, Wire, Keybase or many other tools. The reason is that I don’t find them very interesting or widespread. Keybase addresses identity in an interesting way – using cryptographic authentication of your social networks, you can create a way for someone to contact you securely without knowing you beforehand. Interestingly, it also includes encrypted cloud file storage (“encrypted dropbox”). On the other hand, after the creator of Keybase was bought by Zoom (in an attempt to repair its not-so-good reputation regarding its security), I feel that development has slowed down considerably.
Wire also has a bad reputation with me. For years it pretended to be a super-secure encrypted communicator, but forgot to tell users that it doesn’t encrypt video calls end-to-end. I think they’ve fixed that mistake, but given that we have pretty good options, I don’t have to forgive them for that mistake.
Another interesting area is communicators that don’t need Internet access. They form an ‘ad-hoc mesh network’, where individual devices connect to each other and somehow forward messages to each other. In theory, this could work, for example, by sending a message to a friend in another part of town. The neighbour has his mobile phone with him, and his communicator stores the (ideally encrypted) message with him until he comes across someone who can forward it to his friend. He goes shopping, there it gets forwarded to someone else who lives a short distance from my friend, and so it gets delivered to him. So people and their movements create a network without a fixed structure that works even in the event of various disasters and Internet outages. One such communicator, for example, is the Android app Briar. Unfortunately they do not support Apple’s iOS platform. Briar works over the Internet (via the Tor network), but also via Bluetooth and Wifi. So you can, for example, chat with your friends on a plane, even if you’re not sitting next to each other. I hope you never need other instances of such communication otherwise.
However, an alternative solution to the problem of Internet unavailability is a local network built on Internet protocols. Local area networks are not new and running a Matrix server (for Element) or an e-mail server (for DeltaChat) is easy and practical.
Conclusion
For me, Signal, Element or Threema are the winners. Signal and Threema because of the network effect, Threema because of the possibility of anonymous accounts, and Element because of the distributed architecture and many integrations.
I’m also watching Status and XX messenger and it’s possible I’ll use them in specific cases.
But what’s more important is what I try not to use – communicators that are either unencrypted end-to-end or openly prey on collecting user data. If possible, I try to avoid Telegram, WhatsApp or Facebook Messenger. It’s not always possible. You can’t do anything in Latin America without WhatsApp. Various crypto or software projects have discussions or technical support via Telegram, and the easiest way to organise a high-school reunion is via Facebook Messenger. Whenever possible, I’m a so-called “intolerant minority”. That is, that annoying person who refuses to use less secure communication tools and forces others to use something secure. By the way, I don’t even answer normal GSM phone calls most of the time. I communicate with all the people I want to communicate with via encrypted calls (mostly via Signal or Threema).
Find more content like this in my book Cryptocurrencies – Hack your way to a better life.
It is a guide for Bitcoin and cryptocurrency ninjas. Learn how to use the Lightning network, how to accept cryptocurrencies, what opportunities there are for different professions, how to handle different market situations and how to use crypto to improve your life.
Get it on my e-shop (BTC, BTC⚡️ and XMR and even oldschool plastic) or at Amazon.