What's in a message

Messaging apps have become something of yet another social and political tool to judge people by recently (“Are you on WhatsApp still?” “You use Parler? OMG”…) But each to their own as we say. We’re here to talk about which ones you can actually use to securely communicate.


while security != Privacy:

print("watch out")

This is by no means a comprehensive review of the following apps, simply a quick overview for anyone looking for a secure and private messaging service. Some may take offence at our views towards some of these services, but we are here to present our opinions on security and privacy only. These are not the same thing. We are not referring to usability, interface, or whether you can add rainbow farts to your photos on it. This is purely from a security and privacy standpoint. There is a more detailed article here if you want more reasoning behind these opinions. These are not listed by rank, which is further down the page.


TELEGRAM

While the general narrative that seems to have stuck in everyone's minds (and Telegram has leveraged as marketing) is that Telegram is apparently“so secure that even the Russian government didn’t succeed in blocking it”– the reality of it is the Russian government didn’t need to block it, since it’s pretty damn easy to hack into anyway.

This has been noted multiple times: here, here, here, here, here, and here, to give but a few examples. The key thing to be aware of is that messaging is not encrypted by default when you first sign up, you must activate it in settings. It also collects a hefty amount of user data when signing up and while using the service, and it's run by the team who founded Vkontakte, a privacy invasive copy of Facebook who also pioneered face recognition on the streets (without user consent), with a very shady and dubious privacy policy.

Verdict:

Privacy = nope.

Security = nope.

Not recommended. In fact stay well clear of this one, and ignore anyone who tells you otherwise.


SIGNAL

From a security standpoint, Signal uses PGP, which is awesome, but sadly it still requires a phone number to sign up, and it can be confusing as to what’s encrypted or not if you set it as default SMS (although experienced users won’t mind). We still recommend this over any of the other apps, except Session, which is miles better on privacy. Signal does have way more feedback on it than Session, so if you’re a little unsure, go with Signal.

Verdict:

Privacy = almost.

Security = very good.

Highly recommended. Your best bet for security, Signal comes in at second place for us behind Session, which is based on the same protocol but is also 100% anonymous.


SESSION

Although still new and not quite fully developed yet, Session is very promising and has an interesting approach using a combination of PGP (based on the Signal protocol), onion routing, and decentralized servers over a blockchain (meaning it should be pretty damn solid when complete). It’s still waiting for a full external security audit and is under heavy development, but the code is open source which is already a good head start in our book. Nonetheless, this is still our favourite from the list, and number one for privacy by far. No phone number, email or anything at all is needed to start using it. Thumbs up from us, and we think this will be hugely popular once fully developed.

Verdict:

Privacy = excellent.

Security = very good.

Our number one recommendation. Private, decentralized, and secure.


Note:

Some people argue that Australia’s encryption laws could hinder this service, but you could argue the same for Signal being in US jurisdiction and under the watchful eye of the NSA etc, so we don’t think this makes any difference at all. Especially since nothing is stored on centralized servers with Session, nor is any metadata kept. It’s precisely because of cretins against privacy that tools like Session are born to counter them in the first place. Session has a (very) detailed paper on legal and technical ways around this. (It would actually also be pretty dumb for the Australian government to undermine some of the best tech to come out of Australia so far, but then again governments like to do dumb things.) Some very early users noted the app was a little buggy, but we have experienced no issues with it, in fact it’s one of the coolest we’ve seen. However, they are still working on voice call and video calls, so it really is only messaging at this point, although we expect the rest to follow soon. As we said, it is very new. We can’t wait for the full audit to come out, and highly recommend this app anyway despite these points.




FACEBOOK MESSENGER

It’s Facebook. Get off there asap. Definitely not secure nor private. Need we say more? In fact why did we even list this one…

Verdict:

Privacy = like a glass toilet cubicle with 360° live feed cameras.

Security = are you kidding?

Delete it.


WHATSAPP

It was great until Facebook Inc bought it. It still remains a pretty secure service, is encrypted by default, and it’s popularity is very high. The upcoming changes in May will break it just like all the other Facebook projects though. It requires a phone number to sign up in any case, so privacy = not good enough for us.

Verdict:

Privacy = deteriorating fast.

Security = still quite good.

Move away as soon as you can convince your friends and family to do so.


VIBER

We didn’t realize it still existed until compiling this list… sorry. Due to all the competition in recent years it has fallen down the wayside, and most certainly has less development / funding in security. We didn’t really look further, since it asks for a ton of data upon sign up anyway. You can read more here.

Verdict:

Privacy = nope.

Security = nope.

Not recommended.


SKYPE

As with Viber, it’s time has passed and it has almost been fully replaced with Microsoft Teams now, which is Microsoft, so privacy = not much better than Facebook. Be prepared to give you phone number, email, date of birth, and a blood sample while you sign up for Teams once they phase out Skype...

Verdict:

Privacy = nope.

Security = pretty bad.

Not recommended.


GOOGLE MEETS / HANGOUTS / WHATEVER IT'S CALLED NOW

Actually this has pretty decent security, but is not encrypted end to end, and privacy is definitely questionable… Don’t bother.

Verdict:

Privacy = nope.

Security = decent.

Not recommended.


THREEMA

As this is a paid service it differs from the other in this list. It has had mixed reviews, but overall is actually pretty secure. The main downside is trying to get people to use it since it’s a paid service. Good luck with that in this day and age with all the freeloaders. It’s also not a very catchy name… especially for anyone outside the Germanic / Anglophone speaking world.

Verdict:

Privacy = good.

Security = good.

Recommended if you can convince people to use it.

WIRE

A lack of transparency, security issues in the past, and doubts over privacy, have hampered this apps efforts, although it’s a relatively popular app in Europe still. It can’t compete with Signal in terms of encryption, so not one we recommend. It also asks for data when signing up, and logs some use.

Verdict:

Privacy = questionable.

Security = decent.

Not really recommended, although it has improved.


DISCORD

Hugely popular with gamers and tech geeks, but it has been hacked many times or used to propagate malware (here) and is not end to end encrypted. So nope.

Verdict:

Privacy = the FBI will probably send you a friend request.

Security = hell no.

Not recommended for private communications.


CLUBHOUSE

Although not the same as the apps listed above, since it uses audio to transfer messages, it’s become popular fast. Clubhouse has already made an absolute clusterfuck of their security, privacy, and data practices, here, and we’d be surprised if it’s around for long.

Verdict:

Privacy = about as private as a monkey in a glass cage in Beijing zoo.

Security = diabolical.

Not recommended at all.


final verdict

The thing to main takeaway from this is that there is no such thing as the perfect messenger. It all comes down to what you are looking for, some like Telegram because of the social aspect, others like WhatsApp since all their friends are on it, others use Google or Skype because they are familiar with the names. But from a pure security standpoint, you have only two choices: Signal or Session. We love Session and it’s potential to blow everything else out the water, but otherwise Signal is your fail safe.


So here’s our final ranking:


1. Session

2. Signal

(Then there is a huge gap)

3. Threema (if you’re willing to pay)

4. Wire

5. WhatsApp (for now)

6. Telegram (as long as you change some settings)

7. Google Meet

8. Skype

9. Viber

10. Discord

11. Clubhouse

12. FB Messenger


Hopefully this article has given you a brief idea of what's out there, but as always, do your own research and make your own decisions.


And if you don’t need an actual messenger, then look no further than Protonmail. We use Protonmail, Session, and Signal for all our communications, and we value the efforts put in by the developers and their communities to fight for security and privacy. We also look forward to see more services taking advantage of decentralized blockchain tech in the future.


https://protonmail.com/

https://getsession.org/


3 views0 comments

Recent Posts

See All
Contact

Our team is based worldwide and offers 24/7 support for our customers. For non-members, we usually respond within 24 hours.

 

As we are a security company,​​ we take your privacy seriously and only communicate with secure messaging services. Get Session at http://getsession.org or Protonmail at https://protonmail.com for secure anonymous contact.

Session Messenger here

Encrypted Email here

Bitcoin Payment here

© 2019-2021 Sitnam Tech Ltd. London - Taipei - Rotterdam. All rights reserved.