Digital Privacy/Instant Messaging Apps
This is in alphabetical list of instant messaging applications I (and others) do and do not recommend along with reasons and warnings. It is a collaborative effort so, if you have information to add, feel free to do so. Anonymous editing is enabled but note that MediaWiki will store your IP address in the page's revision history. If you don't want to use Tor or a VPN to obfuscate that, simply create an account.
- 1 Author’s picks
- 2 Recommended
- 3 Not recommended
- 4 Great projects but immature at the moment
- 5 Untested but potentially good
- 6 Proprietary encryption algorithms
(this one is ordered)
Mobile and Desktop
Briar has to be one of the best mobile messaging apps I’ve seen. It’s amazing for everything but battery life.
- Peer-to-peer encrypted messaging and forums
- Messages are stored securely on your device, not in the cloud
- Connect directly with nearby contacts
- No Internet access required
- Free and open source software
At the moment, it doesn’t have the greatest UI but the next update will bring a ton of improvements, including a redesigned interface.
Briar has to be one of the most unique IM applications I’ve ever seen. It sends messages over Bluetooth if your contact is in range, over LAN if they’re not, and over the internet through Tor you’re not on the same network. A desktop client is also in the works and can be installed as a flatpak with the commands below.
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo flatpak install flathub org.gnome.Platform/x86_64/3.36 flatpak install --user https://flatpak.dorfbrunnen.eu/repo/appstream/app.briar.gtk.flatpakref flatpak run app.briar.gtk
Mattermost isn’t focused solely on privacy or security but, as a FLOSS and self-hosted application, it is more secure and trustworthy than most proprietary Software as a Service (Saas) solutions like Slack, which Mattermost is a clone of. The UI is pretty much the same, functionality is the same, you can use the same extensions, bots, etc.
Check out their website at mattermost.com
Note: the desktop app that supports multiple instances is electron-based.
- Great for talking and gaming
- Stay private and secure
- Always encrypted communication
- Public/private-key authentication by default
- Recognize friends across servers
- In-game Overlay
- See who is talking
- Positional audio
- Hear the players from where they are located
- Wizards to guide you through setup, like configuring your microphone
Mumble is one of the best VoIP solutions. As the bullet points above say, it’s low-latency, really high quality, has wizards that guide you through setup, is cross-platform (Linux, Android, Windows, macOS, iOS), has great gamer-focused features, and is encrypted.
I run a Mumble server if you’d like to use it. Just message me somewhere or say something in Mumble if you want a separate room for your group.
Check out their main wiki too
If you’re looking for a solution that’s really desktop-only, Rocket.Chat is ok. If you want a good mobile experience, look elsewhere. The app is terrible. Markdown formatting is weird, it doesn’t combine messages sent in quick succession (so you get the username/profile picture above each and every message which takes up a lot of space), the admin interface is just like the admin webpage in desktop view (opening a website on mobile and checking “request desktop version”), you can’t create or add channels, and you can’t be signed in to multiple instances. There are a ton of other things that detract from the UX.
If you just want it on desktop/browser, it’s great, though the desktop app is electron.
Private - Telegram messages are heavily encrypted and can self-destruct.
Cloud-Based - Telegram lets you access your messages from multiple devices.
Fast - Telegram delivers messages faster than any other application.
Distributed - Telegram servers are spread worldwide for security and speed.
Open - Telegram has an open API and protocol free for everyone.
Free - Telegram is free forever. No ads. No subscription fees.
Secure - Telegram keeps your messages safe from hacker attacks.
Powerful - Telegram has no limits on the size of your media and chats.
We Can do It! - Help make messaging safe again – spread the word about Telegram.
All the above is true, however Telegram isn’t fully open source. There is an official client that is but the server (the backend) and the “easily accessible” client in Google Play are both proprietary. Telegram also “rolls its own crypto”. This means that they use their own proprietary encryption algorithm instead of one already known to be secure. As theirs isn’t auditable, there’s no way to know for sure that it is other than taking their word for it (which is never a good idea). Read more about that issue below. When using Telegram, keep in mind the fact that you can permanently delete messages for all users. It used to be that, after 48 hours, only your copy was deleted but a recent update extends that infinitely (supposedly). Make sure you select “Delete for all” or it’ll only be deleted for you.
Note: Communications in Telegram are not end-to-end encrypted by default. Only voice calls and Secret Chats are E2E encrypted. Unless you use one of these two modes, your communications within Telegram are not really secure.
Wire is one of the few applications that really is secure and private (for the most part - more on that later).
The most secure collaboration platform.
Secure messaging, file sharing, voice calls and video conferences. All protected with end-to-end encryption.
With Wire, your teams are immediately more productive. Switch from group chats and file sharing, to HD video calls and crystal clear conference calls with a single click — without ever leaving the security of Wire’s end-to-end encryption.
Wire offers the strongest security for organizations looking to protect their communications and document sharing. End-to-end encryption gives you the confidence to talk, message, and share across teams, and with clients, through a single app that’s available on all of your devices.
Secure external communications
Communicate securely with clients and partners — even if they don’t have a Wire account. Create an encrypted guest room in seconds. Send an invitation link and partners can join with a click — nothing to download, no registration required.
I use Wire on both desktop and mobile and message a couple people with it. There aren’t many users yet but that number is growing and will likely continue to grow as they prove to be private and secure.
As I mentioned above, there are yet a few flaws. Michael Bazzell at IntelTechniques.com and a colleague found that, when you have URL previews enabled, your IP address and some very basic metadata is sent to the website as your client retrieves and builds the preview. The metadata is obfuscated but your IP address is still shown. Disable this under Preferences > Options > By Popular Demand.
Note: the desktop app is electron
Ricochet is a different approach to instant messaging that doesn’t trust anyone in protecting your privacy. - Eliminate metadata - nobody knows who you are, who you talk to, or what you say. - Stay anonymous - share what you want, without sharing your identity and location. - Nobody in the middle - there are no servers to monitor, censor, or hack. - Safe by default - security isn’t secure until it’s automatic and easy to use.
Ricochet is one of the best applications for privacy/security but also one of the least convenient in that your conversations don’t stick around; once you close the client, history disappears. You also can’t send images.
It’s one of the most secure and private because all connections are made over Tor and there’s no metadata whatsoever. There aren’t even usernames. To add a contact, you copy your randomly generated ID and send it to them and copy/paste theirs into your client. You then give them whatever name you want.
You can take a look at the project and download it at the link below. https://ricochet.im
Protect your communication in transit and on your phone. Silence (formerly SMSSecure) is a full replacement for the default text messaging application: all messages are encrypted locally and messages to other Silence users are encrypted over the air.
Silence makes encrypting SMS and MMS easy and simple. Using it as your default messaging app, SMS to other users will be automatically encrypted
In general, proprietary applications are likely less private the open source ones so most of the ones below will be proprietary while most of the ones above are open source.
Mobile and desktop
Discord is just utter crap. Don't ever use it and don't @ me about it.
The Discord communications system requires running a nonfree client program. That alone is reason to refuse to use it.
Discord is spyware because it collects all information that passes through its communication platform.
- IP Address
- Device UUID
- User’s e-mail address
- All text messages
- All images
- All VoIP data (voice chat)
- Open rates for e-mail sent by Discord
Discord does not explicitly confirm that it collects this information, but still collects it:
- Logs of all of the other programs that are open on your computer
Discord has exclusively relied on the information that it collects from users to generate investment and income without any user monetization for the first three years of operation (5/13/2015 to 1/23/2017). This means that its main financial incentive is to collect user data, with other sources of income being secondary. Discord managed to sustain 4.2 million concurrent users on its network without any income other than investments.
To be perfectly honest, I really like and use IRC very often. The only reason I don't recommend it here is because it's not very private at all. Anyone can be logging messages, if you're not behind Tor (which is blocked by some servers) or a VPN, anyone can see your IP address, some channels make message history public, etc. With all that said, as long as you're being cautious, I do recommend it. IRC is one of the oldest and most established messaging platforms and has some awesome features. If you're interested, you can join
#nixnet on Freenode or NixNet's own server. ZNC is also an option if you'd like to stay connected but have spotty internet or hop around a lot.
Signal is, quite honestly, a terrible application for both security and privacy. The developers don’t give a shit about Free/Libre software and make Signal rely on Google Play Services and Google Cloud Messaging for a lot of its features. It also has some Google Analytics crap that isn’t truly necessary. Because of all this, it’s not in F-Droid. The developers came up with a solution to make the APK (which they highly recommend you never use unless you’re an incredibly advanced user *dripping with sarcasm*) “autoupdate” - it just downloads the new release and prompts you to install it. The only places you can download it are from their website and Google Play.
Take a look at this issue in Signal’s GitHub repo where the main dev, Moxie, spent three years going on about how great Google is and how they couldn’t live without the pretty little graphs Google’s analytics tools provide: https://github.com/signalapp/Signal-Android/issues/127
This one shows where Moxie killed a fork of Signal that removed its Google dependencies. He goes on and on about how XMPP is dead, how federation is dead and was never truly an option for serious projects, etc. https://github.com/LibreSignal/LibreSignal/issues/37
All I have to say to that is take a look at Matrix. It’s a federating IM protocol that is very quickly gaining popularity among the FLOSS community. Check out the #Matrix entry below for a bit about it.
Note: Despite the resentment I harbour for the project, I did start using it to communicate with a couple of friends. They didn't want to use Briar on Android or were on iOS and didn't want to use the cross-platform apps I prefer. Signal is better than plain SMS.
If you think Skype is secure or private . . . please read this. There is an entire Wikipedia page about Skype security and the second paragraph explicitly states that it’s insecure: > Skype is not considered to be a secure VoIP system as the calls made over the network do not make use of end-to-end encryption, allowing for routine monitoring by Microsoft and by government agencies.
The linked source for that statement is here on the Guardian.
Slack doesn’t have E2E encryption and there’s no way to host it yourself. All the messages you send are stored unencrypted on their servers and you have to trust that they won’t look at them. Wait . . . let’s take a look at their Security Practises . . .
Customer Data is not seen by anyone who should not have access to it.
There’s also an article on Gizmodo entitled What’s Slack Doing With Your Data? where the author corresponds with a spokesperson from Slack and they reveal some concerning things. Read through it and see what you think for yourself. One of the big things I noticed was that, if the “team” owner pays for Pro, they can see the messages in so-called “private” chats as well.
Viber seems very good at first glance but, after looking around a bit, it doesn’t. At the bottom of their Security page, they say:
Viber’s security protocol was based on the “double ratchet” protocol found in Open Whisper Systems Signal application, with our own proprietary implementation and additions.
That last fragment is thrown on as if “proprietary” and “additions” make it better. Any cryptography expert will tell you that rolling your own crypto is far from secure and that’s essentially what they’re doing here. They took an established, good, open source, audited protocol and messed with it, added this, that, and another feature, and they say it’s secure. Because it’s not open source, which is bad in and of itself, no one but them can audit the code. We’re just expected to trust them that the encryption algorithm is secure.
Read more about that issue below.
WeChat is a free (as in beer) software that supports sending voice messages, videos, pictures and texts. Users can have voice conversations with a group of people through a voice chat room, but unlike a group of voice conversations, the messages in this chat room are almost real-time and not recorded (which is impossible). WeChat originated in China and is used by most Chinese people. When the software reaches a certain level of popularity, you will no longer have the option. Of course, WeChat is also heavily regulated. WeChat must be authenticated by your real name or you will not be able to use it fully. WeChat multi-platform login must be completed by scanning a QR code which is very inconvenient. WeChat chat records cannot be backed up in the cloud, cannot be found after deletion, and any chat records are strictly vetted. Large files cannot be transferred between WeChat users. WeChat cannot block certain group chat messages. If someone deletes you on WeChat and you know nothing about it, you end up acting like a fool and leave them on your list. However, it is still very convenient in many ways. In short, when it comes to privacy, WeChat is not a good choice.
Great projects but immature at the moment
Matrix is a federated chat protocol. It’s an open specification so anybody can look at the documentation and implement it. The two most used and developed programs are the Riot client, and the Synapse homeserver.
To start using Matrix, you sign up on one of the homeservers or host your own. You can then chat with anyone in the Matrix network because all the different servers communicate with each other.
Another important feature of Matrix is the focus of bridging with other platforms like IRC, Telegram and Discord. You can even use it to tie all those services together in the same room!
As for clients, take a look at this list.
Untested but potentially good
- Jami (formerly Ring.cx)
Proprietary encryption algorithms
A lot of the above applications use proprietary encryption techniques so, rather than repeating the same info over and over again for each one, I’ve just linked to this to address it all at once.
Even Phillip Zimmerman, the creator of Pretty Good Privacy [PGP/GPG]—one of the most famous, albeit notoriously hard to use encryption programs—has had his own embarrassing run-ins with his crypto.
“When I was in college in the early 70s, I devised what I believed was a brilliant encryption scheme,” he wrote in An Introduction to Cryptography. Years later, he found the scheme he had developed was “presented as a simple homework assignment on how to use elementary cryptanalytic techniques to trivially crack it. So much for my brilliant scheme.”
You can roll your own, but you probably will make a major security mistake if you are not an expert in security/cryptography or have had your scheme analyzed by multiple experts. I’m more willing to bet on an open-source publicly known encryption scheme that’s out there for all to see and analyze. More eyes means more likely that the current version doesn’t have major vulnerabilities, as opposed to something developed in-house by non-experts.
Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can’t break.
Here’s an easy analogy. Imagine trying to make a lock and key. Now imagine you’ve worked at that very art form for 10 years. Even then, if you can open your lock with the specially made key in 20 seconds, some shifty dude out there somewhere can probably open it in 10 with a piece of wire. Pick-resistant locks are harder than hell to make. Break-resistant crypto is even harder if you want it to be practical.