In part 1, I explained why encrypted messengers are important. In this part, we will look at particular messengers and compare them.
Let’s start with probably the most well-known and widely used secure messenger – Signal. It’s been in development since 2010, but the first version of what we know as Signal came out in 2015. As of January 2022, it had over 40 million users.
Each Signal user is currently identified by a phone number. This is for easy contact discovery – if you want to write to someone and you have their number in your contact list, you don’t need to do anything other else – just write them a message. This helps the Signal network effect a lot. On the other hand, if you want to be anonymous, you need to buy an anonymous phone number. This can be done using various online services or by buying an anonymous SIM card. You can do this for example in the Czech Republic as I write this (april 2022).
You can run Signal on your mobile device as well as on your computer, and the two devices can be synchronised so you can start the conversation on your mobile and finish it on your computer in the Signal Desktop app. The primary device is always the smartphone, which has a phone number associated with it. You pair Signal Desktop with it by scanning a QR code. The pairing is also encrypted and secure.
In addition to text messages, you can also send voice messages, make phone calls (including video). Signal also works with groups that you can set up – only admins or everyone can post messages, groups can be open (any member can add another or use the link to add to the group) or closed (admin must approve each member). You can also do group video calls (currently up to forty participants) and send voice messages in a group. As for groups, what’s also interesting (and unique to Signal) is that the Signal servers don’t see the membership of groups, their name, much less their content. That is, Signal operators can’t even answer the basic question “is this user a member of this group?” or “what groups is this user in?”.
You can delete messages a few minutes after they’ve been sent (if you make a mistake), but of course if someone has already seen them before you delete them, there’s nothing you can do about it. An interesting option (which is missing in Threema for example) is the ability to set up so-called “disappearing messages”. You can set this in a conversation or in a group and change the setting at any time. Disappearing messages ensure that everyone who gets a given message deletes it from the device after a certain amount of time (hour, day, week, etc.). Of course, an attacker can save the messages, but this setting is especially good because if you’re texting someone about something and someone gets to your phone in a few months, they won’t be reading long-outdated old messages. Of course, you can manually delete conversations in Threema too, but the automatic deletion in Signal relieves people from having to do it manually. It’s like with backups – unless they are automatic, you forget to do it.
Signal also has payments using the MobileCoin cryptocurrency in beta. It has similar characteristics to Monero in terms of privacy. The advantage is that, as with Signal communication, you don’t have to exchange addresses with anyone. If you want to send someone a cryptocurrency from your wallet, you send it the same way you would if you were sending a picture or document in a Signal conversation – to a phone number. Signal will make sure to find out the address where the cryptocurrency needs to be sent. However, despite the network effect and the number of Signal users, this cryptocurrency has not won the hearts of investors and users. This is evidenced by the fact that after the initial craze with Signal integration, the price has bounced back and at the time of writing these lines (April 2022), it is on a 227th place among cryptocurrencies in terms of market capitalization. This means a slow journey towards market cap of zero and very probable death. The problem, in my opinion, is mainly that there is no easy way to buy the first MobileCoins – you basically have to use centralized exchanges where you have to have an account and buy it with Bitcoins (which you need to get somewhere as well). This is a huge barrier for most people from Signal’s target audience that are not crypto-savvy. We’ll see if Signal can reverse this and if it will be easier to get access to this cryptocurrency. Integration into simple decentralized exchanges could help. I think privacy-preserving payments have their place in crypto communication tools, but I don’t know if MobileCoin and Signal will be it – probably not, I would bet on slow death.
A few positive things about Signal. The applications are open-source, including a well-described open protocol. Therefore, we know what encryption techniques and algorithms they use. We can also verify that the app in the Play Store is compiled from source without adding additional code (thanks to deterministic builds). Of course, end-to-end encryption is provided, including the ability to verify that the server isn’t cheating with the keys (key verification using a QR code in a face-to-face meeting). The application has been audited by third parties, logs very little metadata (last account login time). A disadvantage for privacy, but an advantage for Signal propagation, is the necessity to use a phone number to register. Signal servers run in the cloud (which is fine, because although they forward messages, they don’t see the content), but you can’t connect Signal client to your own server. So the service is centralized from that point of view – if the infrastructure goes down, communication via Signal doesn’t work.
You can protect yourself against SIM swap attacks by setting a PIN or password. If someone gains access to your phone number and wants to activate Signal on it, they won’t be able to do so without a PIN. However, if the attacker still succeeds, they won’t be able to access previous messages and everyone you communicate with will see that the keys have been changed. If this happens, it’s a good idea to verify what happened (ideally in person or with a video call – until fraudsters start using deep fake videos).
Signal also tries various techniques to circumvent censorship and blocking of services. However, I can’t evaluate how successful they are, because fortunately I live in countries where censorship of encrypted communications does not happen (yet).
Signal’s operator, the “Signal Foundation” lives on voluntary contributions. Anyone who contributes gets a badge for their profile photo so you can “signal” support for your favorite messenger.
Element / Matrix
Element is a messenger that uses the Matrix protocol. However, you can choose to use other apps to use the Matrix communication network and communicate in a way that suits you. Matrix is similar to email in many ways. As with email, you can use different client apps (in the case of email, these include Outlook, Gmail web client, Thunderbird, Postbox, mutt or the native Mail app from macOS and iOS, Protonmail, etc.) and also different server infrastructure providers (Protonmail, Gmail, Seznam, …).
With Matrix protocol it is similar. You choose a client – for example, Element, which you can use via a browser, or as a desktop or mobile app. You choose a server where you have an account and which holds (encrypted) messages for you until you connect. Similar to email, you can also communicate with other users who are on other servers. This has the advantage that you are not dependent on one operator. The system can also operate in “island mode”, i.e. if your Internet connection goes down but you have a local server, you can continue to operate within your local community that can reach your server. This has been used in the conflict in Ukraine, for example, where local operators in individual cities run Matrix servers. If everything works, they can communicate between cities and with the whole Internet. Even in groups there can be members from different servers. But in the event of one city’s connection going down, at least the ability to communicate between users of that city’s server is preserved.
Element is therefore a decentralised network – nothing depends on a single operator. Just as there is no way to “turn off email”, there is no way to turn off the entire Matrix network. Warrants are also complicated. You can use different jurisdictions based on your beliefs or connect to a server that is connected via the Tor anonymization network and bypass the physical locations entirely.
Compared to Signal, I especially like the ability to create “spaces” in Element, which is similar to Slack teams or Discord “servers”. It’s a list of people and rooms (groups). If you would like to join more groups of an organization on Signal, you may have noticed that you have to join each group separately. In Element, just add a space and you can see all the rooms straight away.
A few extra details that are better than Signal are support for voting (polls), the ability to edit messages (like you can edit a comment on Facebook, for example), support for threads and you can decide whether to make the history available to room users who join as well, or whether they will only see messages from the time they joined the group.
Anonymous registration is also an advantage, but it means you need to find the identifier of the person you want to communicate with. This is in the format @username:matrix.org – matrix.org in this case is the server on which the user is registered. So if you want to start a conversation through Element, it’s not as easy as Signal, where you just open the app and text whoever you have in your contact list. On Element, you have to find out from your contacts what identifier they have or invite them using a special link. You can add an email address and phone number to simplify the search, but almost no one does that.
A big advantage of Matrix is the ability to create bridges to other messengers. You have to run these yourself or you can buy them from a company that operates them, but you can get Slack, WhatsApp, Discord, Telegram, Microsoft Teams, or even Signal users into Element. Beware, if you don’t run the bridge yourself, the operator can see the decrypted messages. For example, if you want to use one messenger for everything or connect to other bots, systems, and so on, there’s a diverse ecosystem for that in Element.
What is the security? The encryption is quite good, but the important thing is how to verify that the server is not lying to us and showing us a different key. Similar to Signal or Threema, for example, we can authenticate the user by scanning a QR code when we are present in person. But it’s also possible to authenticate using an emoji. Both parties receive several emoji images during authentication, and their job is to verify in a secure way that they are the same. They can do this in person or, for example, via another encrypted and signed method of communication. Or, at worst, via an encrypted video call. Of course, if you use the same and trusted server (for example your own), you don’t have to do the verification.
Similar to Telegram, you can make “bots” that can tell you the price of Bitcoin, arrange a meeting, connect you to another communication service, see if you have any new tickets on github, or a number of other things. If you want to tweak your Matrix installation, you can then use Element (as a Matrix client) for virtually all your communication needs, no matter what channel your users are writing to you through.
My criticism of Element and Matrix is primarily regarding the occasional instability. Sometimes the keys are not synchronized and messages don’t arrive or something takes longer to load. I think this is the price of a distributed architecture.
In terms of privacy, the downside is that the servers can see who is communicating with whom (but not about what) and who is a member of what group. This problem can be partially solved by running your own Matrix server and communicating only with users within the server (e.g. in the case of corporate communications). But the fact is that metadata is flying through the network more than I would like.
If Element is similar to email in architecture, then DeltaChat straight up uses email. You connect it to your email provider using IMAP and you can create groups. In the background, DeltaChat uses the AutoPGP protocol to automatically encrypt messages. Since the messages on the server are also accessible via IMAP from multiple devices (just like you can read emails on both mobile and desktop), synchronization is solved. If you can’t see your own messages on other devices, turn on the “Send to self” option.
Group conversations are simply emails with multiple users in the copy (but DeltaChat puts them nicely into the correct group – with a name and icon).
DeltaChat is a very simple application for communication, but because it uses existing infrastructure it can be used by anyone who is comfortable with email. Beware, encryption using PGP (and AutoPGP) is a bit archaic. Server operators can see who you’re emailing and how often, if you leak a key it can be used to decrypt all messages from the past (no perfect forward secrecy), and so on. On the other hand, it’s a nice minimalist communicator, without support for more complex features like voice calls and video calls and such.
Threema is one of the first popular encrypted communication tools. Compared to all the other apps in this review, it is the only app that is paid for regular use. At the time of writing, the price of the application was about 4€/4$ (one-time fee). Threema has ten million users and additional services for companies such as Threema Gateway or Threema Work for teams.
The main advantage is the ability to create accounts anonymously without having to link the account to a phone number. If you are an Android user, you can even pay for the app with Bitcoin.
I personally miss the disappearing messages feature. Although Threema pretends that the security of disappearing messages is questionable (aren’t traces of messages found in the operating system logs?), but manually deleting messages is definitely inconvenient. Threema also can’t delete (“unsend”) or edit messages, even manually.
Compared to Signal, the option of group (video) calls is also missing. And for me personally the most annoying is the very poor quality desktop client (or “Threema Web”). Very often it disconnects from the phone or doesn’t work at all, gets stuck on loading and so on. In contrast, the synchronisation of all the other messengers mentioned before is very good.
Group support is also at a relatively low level. The group creator is also the sole administrator of the group. All members have to be added manually (for example, linking to a group is not possible as in the case of Signal). It is also not possible to specify who can post in the group.
Threema definitely has a place among encrypted communicators, especially in the corporate environment, especially in the European Union, due to GDPR.
Session started as an attempt at a decentralized “version” of the Signal messenger, even the app was very similar to Signal. The added value is key management as we know it from the “cryptocurrency world”, where a person can back up their identity by writing down 12 English words (called a seed phrase). User identifiers are random-looking strings of characters that represent a public key. Because of this, there is no “authentication” of users – if you can write to someone and have the correct address, you can be sure that no one has given you the wrong keys. The downside is that there is no way to write to someone without knowing their Session Identifier. You have to exchange that through another channel. Unlike Threema, there’s no way to assign a phone number either.
Session promised Tor-like anonymization from the start, but for a long time it was just a promise. The protocol has changed over time and doesn’t use the same encryption as Signal. Session thus lost perfect forward secrecy and plausible deniability.
At the time of this writing, Session is still somewhat unstable and a bit slow. I don’t recommend it for normal use yet. It also lacks advanced capabilities such as phone calls, conferencing, or video calling. But you can send media, voice messages and write in groups.
XX Messenger / Elixxir
XX Messenger is part of David Chaum’s Elixxir project. Chaum is one of the original cypherpunks, who has been working on anonymity and encryption for several decades. XX Messenger uses cryptographically secure “mixing” and thus the intent, as with Session, is to provide not only encryption but also a high degree of anonymity and privacy.
XX Messenger is still in its infancy from a user perspective, but the protocol design is interesting from the start – I can’t evaluate the security in detail, but I expect that this particular team knows what they’re doing. You can send simple text messages, media and voice messages, and create groups (however, sending media is somewhat limited in the groups).
Status.im is one of the more interesting projects to emerge from the “ICO mania”. It is a combination of an encrypted messenger with a web3 wallet and a decentralized application browser. The wallet (or one of your wallets) is also your identity on the network. Despite the strong integration to the web3/Ethereum ecosystem, you can use it for free and without having any cryptocurrency – purely for communication. In the background is the decentralized waku protocol, whose nodes are operated by the community. In case you have cryptocurrencies, you can buy a “name” (an identifier) for example.
The goal of the Status project is to create communities whose membership can be conditional on owning a token, and allows communities to vote or co-sign cryptocurrency transactions. If you want, it will soon be possible to create decentralized applications using the Status messenger.
For added security, Status also offers a hardware wallet that works for signing transactions. However, this one is not on the level of wallets like Trezor or Ledger, in my opinion, because it doesn’t have a display – you use it by putting an NFC card close to your device, and thus you don’t know what you’re signing. Still, it could be an interesting intermediate step.
Status also works on desktop, you can use it to take out (on mobile or desktop) a decentralised loan or use other apps from the DeFi ecosystem. It’s performance as an encrypted communication tool it is good and very user-friendly.
The downside is identity, which works similarly to Session. You can buy an easily identifiable name that will only be yours, but at current fees (april 2022) you will pay more to the Ethereum network than the value of the currency itself. Status solves this by gradually integrating other protocols (both L1 and L2), but we have yet to see a good solution to the fee problem.
In terms of integration with cryptocurrencies, Status is better off than Signal, which only allows you to use the not very popular MobileCoin currency. On the other hand, the privacy of payments on the Ethereum network is probably the worst of all cryptocurrencies, so on the one hand you do have encrypted messages, but the payments are too transparent.
However, community and token support is something I’m personally looking forward to and I am watching the status of Status as it evolves.
Other encrypted communicators
Many readers will immediately write to tell me that I haven’t mentioned their favourite encrypted communicator. It can be Wickr Me, Wire, Keybase or many other tools. The reason is that I don’t find them very interesting or widespread. Keybase addresses identity in an interesting way – using cryptographic authentication of your social networks, you can create a way for someone to contact you securely without knowing you beforehand. Interestingly, it also includes encrypted cloud file storage (“encrypted dropbox”). On the other hand, after the creator of Keybase was bought by Zoom (in an attempt to repair its not-so-good reputation regarding its security), I feel that development has slowed down considerably.
Wire also has a bad reputation with me. For years it pretended to be a super-secure encrypted communicator, but forgot to tell users that it doesn’t encrypt video calls end-to-end. I think they’ve fixed that mistake, but given that we have pretty good options, I don’t have to forgive them for that mistake.
Another interesting area is communicators that don’t need Internet access. They form an ‘ad-hoc mesh network’, where individual devices connect to each other and somehow forward messages to each other. In theory, this could work, for example, by sending a message to a friend in another part of town. The neighbour has his mobile phone with him, and his communicator stores the (ideally encrypted) message with him until he comes across someone who can forward it to his friend. He goes shopping, there it gets forwarded to someone else who lives a short distance from my friend, and so it gets delivered to him. So people and their movements create a network without a fixed structure that works even in the event of various disasters and Internet outages. One such communicator, for example, is the Android app Briar. Unfortunately they do not support Apple’s iOS platform. Briar works over the Internet (via the Tor network), but also via Bluetooth and Wifi. So you can, for example, chat with your friends on a plane, even if you’re not sitting next to each other. I hope you never need other instances of such communication otherwise. Another technology is mesh networks over slightly longer distances. Disaster.radio and Meshtastic allow communication over the LoRA protocol, which works very slowly but over greater distances. The communication is unencrypted by default and requires specific hardware. An example of a proprietary solution is the well-known goTenna project.
However, an alternative solution to the problem of Internet unavailability is a local network built on Internet protocols. Local area networks are not new and running a Matrix server (for Element) or an e-mail server (for DeltaChat) is easy and practical.
For me, Signal, Element or Threema are the winners. Signal and Threema because of the network effect, Threema because of the possibility of anonymous accounts, and Element because of the distributed architecture and many integrations.
I’m also watching Status and XX messenger and it’s possible I’ll use them in specific cases.
But what’s more important is what I try not to use – communicators that are either unencrypted end-to-end or openly prey on collecting user data. If possible, I try to avoid Telegram, WhatsApp or Facebook Messenger. It’s not always possible. You can’t do anything in Latin America without WhatsApp. Various crypto or software projects have discussions or technical support via Telegram, and the easiest way to organise a high-school reunion is via Facebook Messenger. Whenever possible, I’m a so-called “intolerant minority”. That is, that annoying person who refuses to use less secure communication tools and forces others to use something secure. By the way, I don’t even answer normal GSM phone calls most of the time. I communicate with all the people I want to communicate with via encrypted calls (mostly via Signal or Threema).