Secure messaging services have seen a rise in popularity over the past couple of years, with many claiming to have an increased focus on preserving privacy. This is thanks to the introduction of end-to-end encryption via Signal Protocol, but not all messengers that include it are built equally. There is still plenty to choose from, however, and here's where to start.
Popular services such as WhatsApp and Skype proudly boast that they use the Signal Protocol, but being proprietary technology and, therefore, closed source, it is impossible to check how it has been implemented. In some cases, it isn't even universal. Facebook enjoys stating that it includes the protocol's end-to-end encryption but this is only true with its ‘Secret Conversations' feature.
While Facebook CEO Mark Zuckerberg is going above and beyond to reinvent the social network as a privacy advocate, none of these companies are known for their focus on user privacy. They all continue to be pressured by government entities to develop "backdoors" into their applications, giving authorities unfettered access to user information without the need for a warrant.
There is nothing to say that these demands haven't already been met or won't be met in the future, but there are alternative secure services you can use that exist right now. If you want to be sure that claims of end-to-end encryption are true, simply choose one of the best private and secure messengers currently available:
- Signal - A truly secure messaging/SMS client, supporting full E2E encryption.
- Wire - Wire supports Android, iOS, Windows, macOS and Linux through its web application.
- Ricochet - Ricochet is a cross-platform messaging service with anonymity at its core.
- Element.io - Element is a secure, Open-source alternative to products like Slack.
- Tox - Tox is a P2P secure messenger service that runs on multiple platforms.
5 Best Secure and Private Messenger apps
After robust testing and research, our experts have found the five most secure messaging apps out there. All of these apps have excellent features and also provide a high level of encryption.
Signal supports Android, iPhone, Windows, macOS, Debian-based Linux. On the desktop, communication is only possible with other Signal users (not via insecure regular SMS to non-users). Signal is the name of both an app and a secure messaging protocol developed by legendry entrepreneur, cryptographer, and privacy activist Moxie Marlinspike. The open-source Signal protocol has been incorporated into a large number of third party products, many of which, such as Facebook Messenger, WhatsApp, and Skype, are themselves closed source. The Signal app is the pure expression of Signal. It is fully open-source and has been formally audited for security vulnerabilities. And unlike closed source implementations of the protocol, the only metadata information retained by the Signal app or its developers is "the date and time a user registered with Signal and the last date of a user's connectivity to the Signal service". This is a claim which has been proven in court. All text messages, voice, and video calls are protected using an amalgamation of the Extended Triple Diffie-Hellman (X3DH) key agreement protocol, Double Ratchet algorithm, and pre-keys. Signal uses Curve25519, AES-256, and HMAC-SHA256 as cryptographic primitives. Signal is widely regarded as the most secure e2ee messaging protocol ever invented. Although it is available through the Play Store, Google-phobic Android users can download a Google Play Services-free APK version of the app via the official Signal website. Another feather in Signal's cap is its ease of use. Signal replaces your phone's regular SMS client. Text messages to and from non-Signal contacts are sent using regular SMS text messaging and are not secure. But messages sent to other Signal users are encrypted using the Signal protocol. You can also initiate secure voice and video conversations with other Signal users. This ease of use, however, is also where Signal receives most criticism. Because it is designed to replace your regular SMS client, Signal requires that you register with a valid phone number which it uses to match up contacts. Signal, however, cannot see your contacts, and your contact list cannot be accessed by anyone other than you. The truly paranoid can sign-up using a disposable "burner" phone or SIM card, since once registered the Signal app does not need to run on the phone it was registered with. Please see our full Signal Review for an in-depth look at this important messaging app. Wire is an Open-source secure messaging client with tiers for paid users and corporate users, with a focus on security rather than privacy. Wire is an open-source E2EE messaging, voice, and video chat platform developed by Swiss-based Wire Swiss GmbH. It is particularly noted for its strong group chat and video conferencing support, and for its very snazzy user interface. Supporters prefer Wire over Signal mainly because it does not require a phone number to register. You can opt to provide your phone number so that other users can easily find you, but you can use a (potentially disposable) email address instead, and identify yourself with a username of your choosing. On the other hand, Wire collects far more metadata than Signal does in order to ensure smooth syncing across platforms – notably plaintext logs of users a customer has contacted. This is a legitimate trade-off between security and convenience, but it does mean that people should carefully access their threat model before using Wire. Messages in Wire are encrypted using Proteus, which is an early iteration of what went on to become the Signal protocol. Like Signal, it uses OTR with a Double-Ratchet algorithm (ChaCha20, HMAC-SHA256, Elliptical curve Diffie-Hellman key exchange, and HKDF in key generation). As is always the case with browser-based JavaScript cryptography, there is a danger of the server pushing compromised and malicious code when using Wire in your browser. This is not a problem when using a dedicated app. Early criticisms of Proteus damaged public confidence in Wire. But these have been addressed, and the conclusions to a series of independent audits of Wire products are highly reassuring. Although open-source, Wire is a commercial product. It is free for personal use, but paid enterprise plans are also available. Ricochet is a messaging platform built on the Tor secure network, offering impressive levels of user security and anonymity. If you need true anonymity on the internet, then Tor, as always, is your best bet. Ricochet is a cross-platform (desktop only) messenger which allows anonymous communication with contacts via a Tor Hidden service. This means that there is zero need to trust anybody, and (as with Tox) there are no servers that can be hacked, monitored or censored. Users are identified solely by their screen name (for example: ricochet:hslmfsg47dmcqctb), which is auto-generated when first starting Ricochet. Connections are secured by Tor, which uses a complex encryption scheme. Despite numerous high-level attacks (a few of which have good some limited success), Tor remains highly secure. Please see our Tor Review for more details. Ricochet has been audited, and the results were "reasonably positive", with most of the "areas of improvement" having since been patched (including the one critical vulnerability discovered). As its website makes clear, Ricochet is an experiment, which a fact that users should include in their threat model when deciding whether to use it. But for those who require anonymous zero-trust communication, Ricochet is arguably one of the best options available (and is certainly better than routing Tox through Tor). Ricochet may be a text-only messaging client, but real efforts have been made to provide an attractive and functional user interface. It's a solid choice for privacy, and well worth putting to the test to compare it with the competition. Element is a secure, decentralized messager service/collaboration app with a focus on security using the Matrix network. Element.im, previously known as Riot.im, is an open-source E2EE text, voice, and video platform. What sets it apart from apps such as Signal and Wire is federation, using the Matrix communications protocol. Federation means that instead of connecting to centralized servers run by the platform's operators, users can set up their own servers or connect to any of the many Matrix servers that others have set up. Another strength of Matrix is that it allows communication between users of different messenger software, as long as they all support Matrix. Indeed, Matrix servers can even run "bridges" which allow communication between Matrix users and users of other messaging platforms such as Signal, Slack, IRC XMPP, and even the likes of Facebook Messenger, WhatsApp, and Google Hangouts! This decentralized approach fixes a problem that Edward Snowden identified with his more centralized private messenger recommendations. But while federation as a privacy feature has many fans, the idea remains controversial. As with Wire, you can register using a phone number or email address. You can also add an email address to your account in order to let other users find you more easily, or you can opt to just be identified by your chosen username. The default option is to connect to the large public server run by matrix.org, but you can instead connect to any user-created Matrix server. It is even possible to deploy your own secure chat service in seconds using Modular hosted Matrix servers. Matrix uses the Olm implementation of the Double Ratchet algorithm, with Megolm (an AES-based cryptographic ratchet) for group communications. Cryptographic primitives used include Ed25519 and Curve25519 keys, AES-256-CBC, and HMAC-SHA256, with forward secrecy provided by a Triple Diffie Hellman exchange. Neither Element nor Matrix have been fully audited, although Olm and Megolm have been. Element.im was criticized in the past for its rather basic user interface, but this is no longer true. It still lags the futuristic flashiness of Wire, but Element is a highly capable messenger with functionality often compared to the corporate messaging workhorse, Slack. Tox was created in the aftermath of the Snowden leans, an Open-source project, with a focus on security, privacy and interoperability Tox is a protocol, rather than an actual app or client. A number of open-source apps exist, however, which use the Tox protocol. Tox takes the idea of decentralization even further than Element.im by providing true peer-to-peer (P2P) communications network which operates without any need to route data through centralized servers (federated or not). Users are identified with a Tox ID, but one consequence of being a P2P platform is that Tox contacts can see other contacts IP addresses. The official documentation suggests a workaround for this being to route your Tox connections through Tor, although we can’t see why routing it through a VPN wouldn’t also work (with the proviso that a using a VPN does not provide the anonymity Tor does). If you do route Tox over Tor then the speed limitations of the Tor network mean that communications will, realistically, be text only. Otherwise, most Tox clients support a full range of voice and video chat, file sharing, and group chat features. Tox uses the cryptographic primitives present in the NaCl crypto library, via libsodium. It employs curve25519 for its key exchanges, xsalsa20 for symmetric encryption, and poly1305 for message authentication. These are well-established primitives, but neither the Tox protocol nor any apps based on it have been properly independently audited. Indeed, the Tox website itself clearly states that Tox is still under heavy development, so expect to run into some bugs. 1. Signal
Pros
Cons
Encrypted messages
Easy to use
Privacy-forward
Pricing
Pros
Cons
Metadata collection
Robust message encryption
Independently audited
Pros
Cons
Greater privacy
Independently-audited
Text-only messaging
Pros
Cons
Cross-platform messaging
Lots of customization
Strong encryption
Pros
Cons
Full decentralization
Routing through Tor
No independent audit
Note:
We have deliberately not included Telegram on this list because we do not consider it to be a sufficiently private and secure messenger. Please see our VPNs for Telegram article for more details.
End-to-end encryption
Also called client-side encryption, end-to-end encryption (e2ee) means that your messages (and voice and video chats) are encrypted on your device and can only be accessed by the intended recipient.
In other words, you are not trusting a third party to do the encrypting for you, and who therefore has access to the unencrypted messages. Until recently most messaging app were like this and were fundamentally insecure and non-private.
But as we have already mentioned, this situation has changed dramatically over the last couple of yours or so, to the point that it can almost be assumed that messenger apps use e2ee. If they are doing what their developers say they are.
Open-source
Nobody claims that open-source is perfect, but having code which can be looked at and audited at any time is the only guarantee possible that an app is doing what it supposed to be doing, and only what it is supposed to be doing.
For this reason, we only consider open-source messenger apps to be worthy of consideration in this article.