“Encrypted” messaging apps like WhatsApp have largely replaced SMS over the last decade. This is great because SMS was (and still is) horrible for privacy. iMessage improved upon SMS, but their closed ecosystem makes it only available on their devices. For everyone else, privacy concerns persist since WhatsApp’s acquisition by FacebookMeta.
We’ve all had it happen to us. You mention something while texting a friend and suddenly you’re seeing ads for it.🤔That would obviously be impossible if WhatsApp’s messages were truly E2EE. Conspiratory thinking aside, the app’s collection of metadata still poses a privacy risk. To exacerbate matters, you can only backup your WhatsApp conversations to Google Drive. And those backups aren’t encrypted at all.
As for iMessage, despite its more believable E2EE, Apple still collects metadata. While Apple is certainly more trustworthy than Meta, their track record is less than stellar. And ideally, no tech giant should have access to such sensitive information.
Then we have the escalating global crackdown on encryption, seen in both Australia and the UK.👮This trend raises concerns around companies being compelled to create secret government backdoors. That would significantly ramp up mass surveillance while we, the users, are none the wiser.
Private
Signal
Signal has garnered considerable recognition in the privacy community. Its gold-standard encryption brought it praise from figures like Edward Snowden and Elon Musk. Another great advantage for Android users is the ability to use Signal as your default SMS/MMS app. This of course doesn’t encrypt those messages, but it does help unify your communication in one app.
However, Signal has its drawbacks. Likely due to its hardened privacy protocol, it suffers from occasional message delays.🐌It also lacks many features that we’ve grown to take for granted on other messaging apps.
The main criticism of Signal is that it asks for a phone number upon registration, compromising anonymity. While Telegram does the same, neither Signal nor Telegram explicitly promise anonymity. After all, privacy and anonymity are distinct concepts. And the closer we get to full anonymity, the greater the compromises to user experience.
Privacy purists prefer it to Telegram because it’s completely open-source. Instead, Telegram has decided to keep certain elements of their code proprietary.
2022 Update:
Signal has removed the ability to use it as your default SMS app on Android.
Silence
For those who still prefer SMS, or value the ability to text without internet, Silence is the last of a dying breed. It’s a fork of Signal designed specifically for SMS/MMS over cellular networks. In fact, Silence emerged as a response to Signal’s removal of their SMS/MMS functionality.
It’s important to understand that Silence only encrypts message content, not any metadata. Furthermore, this encryption requires both parties to be using the Silence app.
Of course, since iOS doesn’t let you use a third-party SMS app, Silence is only available for Android.
Update 2023:
Unfortunately, Silence appears to have been abandoned.🪦The project’s website is offline, and the most recent version update was four years ago.
Telegram
While Telegram‘s popularity may cause privacy purists to dismiss it, I’m a fan.👍It found a great balance of privacy and user-friendliness. It’s not completely OSS (and lacks default E2EE), but Telegram is still more private than most.
The ability to use Telegram across several devices at the same time is a major advantage. This convenience, however, means that Telegram holds encryption keys.🗝️That’s exactly why it’s not E2EE by default. Because “secret chats” that are E2EE aren’t available cross-device.
Telegram’s “delete for everyone” feature removes messages from servers and recipient devices. Be aware that account deletion doesn’t automatically delete all messages. To me, Telegram’s strong track record and added features go a long way to outweigh this minor drawback. After all, Telegram has long been trusted in actual dictatorships for organizing protests.✊If it’s good enough for them, it’s good enough for me.
In summary, Telegram offers a compelling blend of security, convenience, and functionality. While not perfect, I’ve yet to come across a messaging app that ticks so many boxes and satisfies so many needs.
Anonymous
Session
Session is a newcomer on the block aiming at Signal’s crown. It offers better anonymity by not requiring a phone number or even an email address upon sign up. Security is also hardened using onion routing. That’s the same technology used by the infamous TOR browser.🧅
Furthermore, Session operates using a decentralized model, leveraging the Loki blockchain.⛓️Messages are routed anonymously through other devices using robust encryption.
Upon registration, you receive a random ID and choose a username. Session does not ask you to verify your identity in any way, which ensures complete anonymity.🥷
Session doesn’t even request access to your contacts. Connecting with others requires knowing their session ID or the group chat URL.
While you’re likely to face bugs or missing features, that’s bound to improve over time. Besides, it’s already one of the most private and secure options. The only notable limitation is the 10-member cap on private group chats.
2021 Update:
The Loki foundation has rebranded to Oxen, and the Loki blockchain to Lokinet. Or something. They also released a PoS coin, because who isn’t nowadays.🤷♂️
Threema
Threema is another contender for most private messenger. Due to its ephemeral design, it combines robust features with complete anonymity. Its main drawback is a lack of user-friendliness. It doesn’t ask for a phone number or email address upon sign-up, which is great for anonymity. Sadly this means you can’t use it on more than one device or back up your data. Your only identifier is your Threema ID.
This unique approach might be perfect for those with high security needs. For the average user though, its complexity and limitations make it very inconvenient.