Titus Stahl

Comparing encrypted messengers November 2016 edition

Nowadays, there are lots of more or less popular encrypted communications apps that are promoted and advertised everywhere, making it hard to choose one that is both easy to use, secure and sufficiently sustainable to warrant long-term commitment. The Electronic Frontier Foundation used to have a quite nice instant messenger scorecard that compared messenger services regarding their privacy properties. As they did not include some interesting projects (but included lots of non-free-software apps that are not an option for me anyway), I made the table below that refers to selection of popular encrypted mobile messaging projects. (Update: This is based on my best understanding of the matter, but I am no technologist and this should not be treated as definitely reliable advice).

Some remarks about the list below that are only of interest to people that care about the technical details:

  • I included only projects which are usable on mobile devices which is the primary access to messaging for most people. For this reason, I did not include Ricochet which has only a desktop version. I also did not include XMPP with Omemo encryption which – although well implemented on Android in Conversations – does not have group chat working in a user-friendly way and, at the moment, seems to have no substantive advantages over Matrix. I also did not include Tox and Ring – two peer-to-peer messengers – because they are both very unfinished and the P2P architecture seems to rule out mobile use for the time being.
  • I treat end-to-end encryption with forward-secrecy as a solved problem. Thus, I do not include messengers like Hangouts or Facebook Chat that have only transport encryption.
  • As this problem is solved, the main issue in selecting a sustainable secure messaging solution is how much power users have versus the provider if that provider changes their mind about security properties. This involves two issues: First, whether client and server are Free Software, i.e. whether users are allowed to fork the code and restore desirable properties. Second, whether the protocol allows for federation, i.e. whether users can set up their own servers without losing their contacts in the network.

Based on these considerations, I recommend: (updated to clarify that Signal is as of yet to be preferred for important information and to emphasize Beta status of Riot and Briar):

  • if you have important information to protect now, experts seem to agree that Signal is the best option,
  • once their encryption is out of Beta and thoroughly reviewed, Riot for everyday mobile and desktop text messaging, as well as for phone and video calls. Riot is based on the Matrix protocol. This provides federation and end-to-end encryption in a completely Free Software ecosystem.
  • When Briar is released and throroughly reviewed, it will be a useful addition for people / situations with high security needs (activism, authoritarian countries, etc.). Briar goes one step further and even abolishes servers that could collect metadata and works over Tor, Direct Wi-Fi and Bluetooth. As this makes things slightly more complicated, it might not be the easiest option for everyday use.


WhatsApp

Threema

Telegram

Signal

Wire

Riot / Matrix

Briar2

Essential properties

Free Software / source code can be checked

No

No

Client only

Yes1

Client only

Yes

Yes

Solid end-to-end encryption protocol

Yes

Yes

Unclear3

Yes

Yes

Beta4

Beta2

Decentralized architecture / provider-independent

No

No

No

No

No

Yes

Yes

Desirable privacy properties

Works without knowing your phone number

No

Yes

Yes

No

Yes

Yes

Yes

You can verify that encryption keys really belong to remote account

Manually

Manually

Manually

Manually

Manually

Manually

Enforced

Metadata protected against government and provider surveillance

No

No

No

No

No

No

Yes

Works on Android devices without Google account?

No

No

Yes

No

Yes

Yes

Yes

Features

Desktop client

Yes

Yes

Yes

Yes

Yes

Yes

Planned

Encrypted phone calls

Yes

No

No

Yes

Yes

Yes

No

Works even when the Internet is shut off

No

No

No

No

No

No

Yes

Extra features

Groups

Groups, File Sharing, Polls

(Non-encrypted) groups, bots

Groups, File Sharing

Groups, Video Chat, File Sharing, Bots

Groups, Video Chat, File Sharing, Integrations with RSS, IRC, Slack, Bots

Decentralized forums, encrypted social networking


1 The Signal client on Android requires the non-free Google Play framework to be installed. The phone call feature also seems to rely on non-Free server components.

2 Briar has not seen a release yet, information is based on the source repository.

3 Telegram’s encryption only works if explicitly chosen and it is widely criticized for being not based on solid cryptography.

4 Riot’s encryption is in Beta and not automatically enabled for all chats (but can be manually enabled). However, it will be enforced in private chat once the Beta phase is concluded.