Best WhatsApp alternatives that respect your privacy

News that WhatsApp has been sharing large amounts of highly personal data with Facebook since 2016 has led a large number of unhappy users to look for an alternative messaging app that genuinely respects their privacy.

At Proton, we view end-to-end encryption as a core requirement for any messenger app that claims to be secure and private. This means messages are encrypted on your device and can only be decrypted on the device of the intended recipient. 

WhatsApp uses end-to-end encryption, so the actual messages are therefore secure on the platform. But this does nothing to stop Facebook from abusing metadata: information about whom you communicate with, from where, at what time, how often, and from which device.

Open source code is another important indicator that a service is secure. By publishing an app’s code publicly, anyone can examine it to ensure the app is doing what it is supposed to be doing. We believe open source is one of the best indicators that an app can be trusted.

We have therefore limited the following list of best WhatsApp alternatives to open source messaging apps that use end-to-end encryption (E2EE). Please note that apps are not reviewed in any particular order.

Signal

Pro

  • Free
  • Very good encryption
  • Almost no metadata kept
  • Protocol independently audited
  • Seamless to use on Android
  • Disappearing messages
  • E2EE text, voice, and video group chat

Cons

  • Requires a valid phone number to register
  • Hosted on Amazon Web Services (AWS)

The Signal messaging protocol is an end-to-end messaging protocol developed by the Signal Foundation, a non-profit organization founded by cryptographer and privacy activist Moxie Marlinspike. The Signal Protocol is open source, has been professionally audited for security vulnerabilities, and is widely admired for its cryptographic strength. 

Because of the quality of the Signal protocol, it is used by a variety of third-party messaging apps to provide secure end-to-end encryption for messages. These include WhatsApp, Facebook Messenger, and Skype, Unlike WhatsApp and other third-party apps that implement the Signal protocol, however, the Signal app from the Signal Foundation is 100% open source. 

Crucially, in light of recent heightened awareness about WhatsApp’s privacy policies, the Signal app and Signal Foundation keep almost no metadata related to the app’s usage. Only “the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.” This is a claim that has been proven in court.

The app itself has not been audited, however, and some security concerns exist around Signal’s reliance on Intel Software Guard Extensions (SGX). In theory, this could result in users’ metadata and data(but not messages) being compromised at the server level. This is a particular concern because Signal uses AWS to host its infrastructure, which is subject to legal demand from the US government.

Unlike WhatsApp, Signal is designed to replace your phone’s regular SMS messenger app on Android (not iOS). Texts exchanged to other Signal users are end-to-end encrypted, but texts to non-Signal users are not. Signal will warn you when messages are sent unencrypted. 

This makes Signal very transparent in use, but the fact that users must register with a valid phone number in order to match contacts is also the main source of criticism the app receives. It should be noted, though, that contacts are stored locally only and cannot be accessed by Signal Foundation.

In addition to messages, Signal supports disappearing messages, E2EE group voice chats, and now group video chats between up to eight users. Signal is a non-profit organization that relies on donations to operate.

Telegram

Pros

  • Free
  • Channels for broadcasting messages
  • Bots for managing groups
  • Sync across multiple devices (not E2EE)
  • Polls, stickers, sharing live location, identity management
  • E2EE 1-1 text, voice, and video chat

Cons

  • Encryption concerns
  • Only Secret Chats are E2EE 
  • Group chats (text or voice) are not E2EE
  • Collects lots of metadata
  • No group video chats
  • Requires a valid phone number to register
  • Headquartered in the UAE, which is not known for human rights or privacy from the government (despite having some strong privacy laws)

With over 500 million users, Telegram is a very popular WhatsApp alternative. A big part of this popularity is the widespread perception that Telegram is highly secure, a perception only heightened by a number of governments, notably Indonesia, Russia, and Iran, trying to block or ban the app.

There are, however, some big caveats regarding the security that Telegram offers its users. Regular default “Cloud-based messages,” that can be accessed on any of a user’s devices, are encrypted in transit and when stored on Telegram’s servers, but they are not end-to-end encrypted. Only client-to-client “secret chats” are end-to-end encrypted. Secret Chats are not available for groups or channels.

The open source in-house MTProto encryption used to secure communications in Telegram (whether E2EE or otherwise) has come under criticism from security experts, although the new version (MTProto 2.0) has been formally verified to be cryptographically sound. The Telegram API and all Telegram apps are open source, but its server-side backend is not. 

Another issue is that Telegram may collect a great deal of metadata from users: “We may collect metadata such as your IP address, devices and Telegram apps you’ve used, history of username changes, etc.”

On the other hand, Telegram has built its own secure cloud infrastructure, distributed across the globe. The encryption keys used to secure the Telegram Cloud are split in pieces and never stored in the same place as the information they protect.

Security considerations aside, a key feature that contributes to Telegram’s popularity (especially in repressive countries such as Iran, where it enjoys over 40 million users despite government attempts to regulate the use of the service) is support for “channels.” Users can create and post to channels that any number of other users can subscribe to. 

Public channels can be created using an alias and a URL that anyone can subscribe to, making Telegram a powerful tool for organizing resistance and disseminating information in repressive countries. 

Other features that help make Telegram popular include polls, stickers, sharing live locations in chats, and an online authorization and identity management system for those who need to prove their identity. A bots feature assists with managing groups and channels. 

It also features One-to-one voice and video chats that are fully end-to-end encrypted, although group voice chats are not. Group video calls are not supported.

Telegram is funded by public donations (notably from its own founder, Pavel Durov), although it is possible in-app monetization features will be introduced in the future.

Threema

Pros

  • No phone number or email required to sign up
  • Almost no metadata kept
  • Independently audited 
  • Swiss-based with own servers
  • GDPR compliant
  • E2EE group text and voice chat
  • Group polling and distribution lists (Android only)

Cons

  • Not free
  • Relatively small userbase
  • No group video calls

Like Proton, Threema is based in Switzerland, a country with very strong data privacy laws and independent from the United States and European Union. It also owns its own server infrastructure located in Switzerland. 

All Threema’s apps use the open source NaCl cryptography library for end-to-encryption of all communications, and all have been recently audited (in 2020) by security professionals. 

An email address or phone number is not required to register an account, and it is possible to purchase Threema for Android anonymously using Bitcoin. Threema claims this allows you to text and make calls anonymously, and it goes to lengths to ensure that a minimum amount of metadata is collected. 

The fact that the app is not free is likely to be a pain point for some, but at around US$3 (one-time purchase), it’s unlikely to break the bank for most. This may contribute, however, to one of the biggest downsides with Threema: that its userbase is relatively small. 

The Android app features distribution lists that allow you to send messages to multiple separate recipients. In addition to fully E2EE group text and voice calls, Threema offers a group polling feature. E2EE video calls are supported, but not for groups.

Wickr Me

Pros

  • Free
  • Built for ephemeral messaging
  • Anti-censorship feature
  • E2EE group text and voice chat
  • No phone number or email needed for signup

Cons

  • Apps themselves are not open source 
  • Security audits are not published
  • No video chat (although available on the free Pro version of the app)

There are three Wickr apps, with the free Wickr Me being the version designed for personal use. The lowest tier of the more Slack-like Wickr Pro is also free, although it requires you to verify your identity at start-up.

Wickr Me places ephemeral messaging front and center, with messages disappearing from both the sending and receiving devices after a set period of time (six days by default). Undelivered messages sitting on Wickr servers are also deleted after this time.

You can also set a Burn-On-Read timer to determine how long a message lasts before self-destructing once it has been read. If it is not read then it will self destruct at the end of the message timer length. All metadata is scrubbed once a message is opened or expires (whichever comes first)

Wickr advertises itself as open source software, but there are a couple of major caveats to this claim. The code for the core wickr-crypto-c end-to-end encryption protocol that underpins all Wickr apps is available on Github for anyone to examine, but licencing restrictions mean that it cannot truly be described as open source.

More serious from a security stand-point, though, is that while the core crypto protocol is source-available, the code for the Wickr apps themselves is not. Wickr says that its code has undergone multiple independent security audits, but the full results of these audits are not publicly available.

No phone number or email is needed to register with the service. Up to 10 people can be invited into a room or end-to-end encrypted text or voice group chat. Video conferencing is not available in Wickr Me, although it is supported in the Wickr Pro app (including E2EE group chat with all room members).

Wickr is hosted on public server networks (such as Google and AWS), but has partnered with Psiphon to offer Wickr Open Access, a powerful anti-censorship feature.

Wickr Me is free, but it is funded through Wickr’s premium Pro and Enterprise apps. 

Wire

Pros

  • Free option
  • E2EE text, voice, and video group chats
  • Syncs across up to eight devices
  • Advanced video conferencing features

Cons

  • Quite a lot of metadata logged (and possibly stored in plaintext)
  • Phone number or email address required to register

Wire is another service based in privacy-friendly based in Switzerland. A phone number or an email to register. In order to facilitate syncing across multiple devices, however, Wire keeps quite a lot of metadata. 

For years Wire kept a list of all users a customer has contacted in plaintext on their servers until an account is deleted, and it is unclear if this practice continues. Wire’s privacy white paper, however, makes it clear it logs data such as the participants in a group chat and user-defined folders used for organizing chats. 

The functional benefit of this is that it allows Wire to work across multiple devices in a way most E2EE messenger apps (including Signal) do not. It’s also worth noting that Edward Snowden recommends using Wire (or Signal).

Wire uses the Proteus protocol to provide end-to-end encryption for text messages. Proteus is an early fork from the code that went on to become the Signal Protocol. Proteus, and all Wire apps, have been publicly audited (making Wire the only app we are aware of to have this done).

Voice (up to 25 participants) and video calls (up to 12 participants) are end-to-end encrypted using DTLS with an SRTP handshake.

The app does support advanced video conferencing features that will appeal to business users, though, including screen sharing, screen recording, and advanced meeting scheduling.

Wire is keen to push users toward its premium Pro and Enterprise products, but a free version is available which offers similar features to the Pro app.

Element (was Riot.im)

Pros

  • Free option
  • Server federation
  • “Bridges” for interoperability with other apps
  • E2EE text chat
  • No phone number or email needed for signup

Cons

  • Questions over Matrix server network reliability
  • Not fully audited

All the other messenger apps discussed in this article rely on a centralized server network to function (although, as in the case of using AWS, this can be a highly distributed network).

Element is instead built on the idea of federation. Users can set up their own servers using the Matrix communications protocol or connect to Matrix servers that have been set up by other users. Federation has received the support of Edward Snowden, but remains a controversial idea due to the potentially unreliable ad-hoc peer-to-peer nature of such a network.

Matrix servers are interoperable, so any user of any Matrix client (Element is the most popular of these) can communicate with any other Matrix user. Matrix “bridges” even allow for communication with the users of other popular messaging platforms, such as Signal, Slack, or even WhatsApp.

Matrix (and thus Element) uses the Olm implementation of the Double Ratchet algorithm, with Megolm used for group communications. All Element apps, plus the Matrix protocol itself, are open source, but have not been formally audited. Olm and Megolm, however, have.

An email or phone number is not required to register with Element, although these can be added to make contact matching easier. By default, messages are hosted on a large public server run by Matrix, but you can connect to any Matrix server or set one up yourself in a matter of seconds.

All text chats and 1:1 voice and video calls are end-to-end encrypted. Group voice and video calls ( which also allow screen sharing) leverage Jitsi ( without E2EE support in Element at the present time). The Element app is free, but premium plans are available for Element-managed Matrix servers.

Keybase

Pros

  • Free (funding model is unclear)
  • E2EE text chats with support for public and private channels
  • Can connect to people via their social media profiles with PGP verification
  • Syncs across multiple devices
  • Self-destructing messages
  • Stellar wallet
  • 250 GB free storage per user
  • Encryption is not TOFU

Cons

  • Owned by Zoom
  • A lot of metadata logged (much of it shared on a public blockchain)

Keybase is a free and open source (FOSS) messenger app (servers are not open source) that end-to-end encrypts all texts and files between users. Voice and video calls are not supported directly, but are possible using a (not E2EE) Jitsi bot.

E2EE group chat, with support for private and public “Teams” (i.e., channels) is end-to-end encrypted.

Keybase is notable for allowing you to connect to others using their social media (Twitter, GitHub, Reddit, Hacker News, and Mastodon) identities, which are verified using PGP encryption keys. No phone number or email address is required, and the app will sync across multiple devices. 

The PGP-based end-to-end encryption used by Keybase is solid and underwent a full independent audit in 2019. Interestingly, Keybase is almost unique in not supporting Trust On First Use (TOFU) when connecting to servers. This helps to make it resistant to man-in-the-middle attacks.

The app also offers self-destructing messages; bots to automate your Keybase tasks; a Stellar wallet; full PGP support for encrypting and decrypting messages and files; and 250 GB free storage per user.

However, messages are stored on centralized servers (based in the US), which log a worrying amount of personal data. This includes your Team names and memberships, hashed passwords, account activity, your Keybase user ID and your IP address, network activity, and more. Not only is information stored encrypted, but much of it is added (in hashed form) to a public blockchain.

Arguably even more concerning is that Keybase is now owned by Zoom, a company widely criticized for its many privacy and security lapses, and which may be subject to pressure from the Chinese government. The fact that it is not clear how Zoom benefits from offering Keybase for free may also be a reason for concern.

Final thoughts

As a replacement for WhatsApp as a general purpose messenger that genuinely respects your privacy, Signal is an obvious choice, although being hosted on AWS servers remains a concern in light of its reliance on SGX. The security concerns around Telegram make it harder to recommend as a simple messenger, although its “channels” feature remains a powerful tool for organizing resistance in restrictive countries.

Another alternative for secure communication is end-to-end encrypted email. The biggest benefit of ProtonMail is its interoperability: You don’t need to have your recipient using the same messenger service to benefit from end-to-end encryption because, unlike any of the messenger apps discussed here, you can send end-to-end encrypted messages to anyone who has an email address using our Encrypt for non-ProtonMail users feature. The simplest way to benefit from E2EE, though, is to have both ends of the conversation using ProtonMail. Our servers are located in privacy-friendly Switzerland, and as with the messenger services discussed in this article, ProtonMail apps are open source.

The other apps discussed above all offer useful features that will appeal to those who need them, whether it’s anonymous sign-up, business collaboration tools, or server federation. Element/Matrix is a particularly strong choice for privacy enthusiasts, although its niche user base severely hampers its practicality as a WhatsApp replacement.

As you take back your privacy in the digital age, anything you do to move more of your personal data behind strong encryption is an important step toward building an internet that puts people first.

FAQ

What are the dangers of using WhatsApp?

Since 2016, WhatsApp has shared the vast majority of its users’ transactional data and metadata with Facebook. A new privacy statement, which users must agree to by May 15, 2021, or lose access to their accounts, “clarifies” this situation.

Information shared by WhatsApp with Facebook includes your IP address, device ID, operating system, browser details, mobile network information, who you message, how long and how often you interact with them, transaction and payment data, and more.

Is WhatsApp chat private?

Messages in WhatsApp are end-to-end encrypted using the Signal protocol. This means only you and the intended recipient(s) can read your actual messages. So WhatsApp is secure. It does, however, collect a lot of metadata that is damaging to your privacy (see above).

What is the safest messaging app?

Signal is both highly secure and respects your privacy. We discuss it, plus the pros and cons of other good WhatsApp alternatives, in this article. 

How can WhatsApp be free?

WhatsApp is owned by Facebook, which makes a huge amount of money from invading users’ privacy in order to better target you with personalized ads. WhatsApp adds to the data Facebook knows about you by sending a great deal of metadata regarding your use of WhatsApp to Facebook. 

Note that, as Signal and some of the other apps discussed in this article, show, it is possible to offer a free messaging app without invading users’ privacy in this way.


Return to table

Footnotes:

  1. All Telegram apps are open source, but the backend isn’t. This would not really be an issue if all communications were E2EE, but they are not by default (and no group chat is E2EE).
  2. By default, Telegram chats are not end-to-end encrypted. Only client-to-client “secret chats” are. Secret chats are not available for groups or channels.
  3. The 2015 audit of MTProto protocol was not very favorable. MTProto 2.0 has been formally verified to be cryptographically sound.
  4. Wickr says its code has undergone multiple independent security audits, but the full results of these audits are not publicly available.
  5. The Element apps and the Matrix protocol have not been formally audited. However, the Olm and Megolm protocols that underpin Matrix have.
  6. All metadata is scrubbed once a message is opened or expires (whichever comes first).
  7. Contacts can be added using social media profiles and verified using PGP keys.
  8. Wickr has partnered with Psiphon to offer Wickr Open Access, a powerful anti-censorship feature for its servers.
  9. Element and/or Matrix don’t actually own their own servers, but new Matrix servers can be set up within minutes on any server platform (or can be self-hosted). It is therefore almost impossible to shut down or block access to the Matrix platform. 
  10. Wire is based in Switzerland and all users outside the United States are subject to Swiss law. US users, however, are subject to US law.
  11. Matrix is a community-developed open source platform whose federated servers can be hosted anywhere in the world. 
  12. Keybase is owned by Zoom, which may also be subject to pressure from China.

Return to table


Feel free to share your feedback and questions with us via our official social media channels on Twitter and Reddit.

About the Author

Douglas Crawford

Douglas has worked for many years as a technology writer in the cyberprivacy and cybersecurity sector. He is now very pleased to work for a company with a mission that he passionately believes in.

 

Comments are closed.

188 comments on “Best WhatsApp alternatives that respect your privacy

    • looks good but two concerns: not open source and france is from nine eyes, it would be good to analyze.

  • Though much of the information in this post is correct, the part concerning Keybase was not adequately researched, and is more wrong than right.

    * Files and documents sent between users are end-to-end encrypted.
    * There are no Bitcoin or Zcash wallets: only Stellar XLM is supported.
    * Metadata is not stored on a public blockchain: only XLM transaction information is stored on a public blockchain.
    * The fact that zoom bought Keybase is not a security concern. All information is encrypted, and Keybase can not decrypt user information, and this can be verified given that the client is open source software.

  • Should I remove WhatsApp if I don’t have any account on Facebook?
    Thank you to make internet a most safe place.

    • Hi Anonymous. This is your choice to make, but as a WhatsApp user Facebook will collect data on you, even if you don’t have a Facebook account.

  • In the Netherlands the police was able to Hack Telegram. A big drugsnetwork was taken into custody that way. They thought that they where safe from the police using Telegram. Luckily It wasn’t so.

  • Hello,

    how did you come to the conclusion that Telegram’s servers are hosted with Amazon Web Services (AWS)?
    Could you please provide a source for this claim?

    Thank you!

    • Hi Anonymous. It was based on the fact that Russia tried to block Telegram by blocking Amazon services. However, it also blocked Google services, so I’be updated the article to say “Hosted on third party cloud services.”

  • thank you for this useful guide, it review the important points to think of, when using a messenger app.

    About your review of threema:
    “but at around US$3 per month”

    it seems the app costs abt 3US$ total, not a monthly fee?

  • Regarding Threema: “around US$3 per month” is wrong as it is a one-time price. They also provide Threema Work, but that is a different offering.

  • Awesome breakdown thanks! I use Signal mainly but also use Telegram for larger groups. Threema looks really good though!

  • Great article, very useful.

    May I just point out that Threema’s price (3$) is a one time purchase and not a monthly fee.

    Keep up the good work! Long live Proton!

  • Why hasn’t GNU Jami been reviewed? GNU Jami is:

    – Free / Libre – fully open source.
    – Anonymous – no personal information needed to create account.
    – Autonomous – Communicate on local network without internet.
    – End-to-end encryption (E2EE) with forward secrecy.
    – Distributed – No servers, works on peer-to-peer tech.
    – Multi-platform – Android, Android TV, io, Windows, Linux, macOS.
    – Supports messaging, audio / video calls, conferncing, and screen sharing.

  • I think it’s good to mention XMPP. It’s not solely built for a chat but support end to end encryption from most apps. Unlike Matrix, User IDs are hidden by default and also can disable saving that data. Lower server source is another benefit. The only downside is it’s centralized, but I think it’s worth considering.

  • What about Session ? getsession.org ? Australia based. It seems that servers are allowed to run/join the network with a certain amount of “loki” money…
    Sources based on Signal

    • Hi Suzanne. You need a smart phone to run any app, including a messenger app. Many of the options above can, however, by used via desktop/laptop client.

      • Telegram can work on a computer (Windows, Linux), and use a flipphone only once for registration via SMS. After that, the flipphone can be thrown away, Telegram will work on the computer.

  • Hi,
    Thank you for your article.

    What about the use of WhatsApp without having a Facebook profile? It’s sure?

  • Hi,
    While going through similar lists I came across this app called Delta Chat, and would love too know if anyone has analysed it.

    It’s basically an elaborate email client, but because it uses email apparently you can contact basically anyone with a smartphone.

    It doesn’t seem to have a voice/ video server, but you can use a 3rd party like Jitsi

    • Hi Qubeley. Well, if you went a secure email service with excellent Android and iOS apps, and which automatically ensurers secure end-to-end encrypted communications between users, there is no better choice than ProtonMail.

  • It’s a bit sad that you have, for a long time now, been biased against Threema. Looking at Signal instead, it falls under US jurisdiction and yet you claim it’s the obvious choice?? No, sir! Threema really is a nice likeable app, I can’t fathom why you won’t encourage using it.

  • Hello,

    what you are likely (I can only guess, since the article you shared as source is unavailable) referring to is Telegram’s attempt to circumvent the block by using domain fronting (https://www.wired.co.uk/article/telegram-in-russia-blocked-web-app-ban-facebook-twitter-google).
    This was possible by routing the traffic _through_ AWS’ and Google’s networks, presumably by making use of their CDN offerings.
    However, both these services removed the possibility to use this technique (https://en.wikipedia.org/wiki/Domain_fronting#Disabling).

    On the other hand, according to their Job openings, Telegram is at least partially maintaining their own hardware, as they are actively hiring Datacenter Engineers (https://telegram.org/jobs#datacenter-engineer).
    Beyound that, Telegram maintains three Autonmous Systems, none of which are directly peering directly with either AWS nor Google:
    https://www.peeringdb.com/org/17179
    https://bgp.he.net/AS62014#_peers
    https://bgp.he.net/AS59930#_peers
    https://bgp.he.net/AS62041#_peers

    All this leads me to the conclusion, that while Telegram may not run their own datacenters, they do at least lease private rack space and maintain their own hardware, which is very much different from using a third party cloud service.

    • Hi Anonymous. Thanks for those links. I have updated the article to remove mention of Telegram using cloud servers.

  • How do I sign up forProtonMail as a whatsapp user I would like to change. Would like more information about your sight. Thank you .

    • Hi Teresa. You can sign up for ProtonMail here, but please be aware that we are a secure email service, not a messenger app. There are important differences in the way email and messenger apps work.

  • ProtonMail

    > The core Element app is free, but premium options are available with additional features

    This is incorrect. Element as a company offers paid managed matrix server hosting, but client itself doesn’t have any premium features. It works the same on any free server.

    • Hi Kateřina. Hmm. Interesting point, but I’d argue that custom domains, the ability to export your data, “The fastest and most robust performance possible,” ability to deactivate federation, single sign-on, and more, do count as additional features.I have updated the text to clarify the situation.

  • Hi, after weeks of wondering, debating, weird information, I found this article enlightening and complete. Now to make a choice. Sad to see whatsapp go, but my lifestyle is more important to me, my buds feel the same. Data is very costly and any which way of saving responsibly, is a win win. Thank you so much

  • Telegram was not blocked due to lack of access to the Iranian government
    The judiciary, a separate body, blocked the finer for personal complaint
    Telegram is only popular for free cloud, otherwise it has no security and a lot of data has been leaked many times
    I think your information is lower than Telegram

    • Hmm … Interesting thought. Can you give examples of data leakage via Telegram? If a user has set a cloud password, then it is almost impossible to hack an account: even if you have access to mobile operators, without knowing the cloud password, you will still not log into your account. Please correct if I am wrong.

  • Thanks for informing us with this
    About your list i have a question.
    Why google Hangouts is not in this list or Skype
    They even need a number for use as account.
    What is the difference between this categories?

    • Hi Ramin. This list excluded any app whose code could not be examined for flaws or other problems. Google Hangouts and Skype are not open source (and Google is as bad for privacy as Facebook).

  • Are you sure the Threema is fully opensource?
    It’s seems that the server side is not.
    “All communication is end-to-end encrypted, and the *app* is open source.”

    • Hi defdefred. This article doesn’t say that Threema is “fully open source.” That said, it uses end-to-end encryption performed by an open source app, so this really should’t matter, as all data is safely encrypted before it reaches the servers.

  • The “Final thoughts” section could benefit from a bit more reasoning of why Signal is the obvious choice for those that are just counting the number of check-marks, and think it comes up short versus Threema or Element.

    Also note that Signal replaces the phone’s regular SMS messenger app on Android, not on Apple hardware like the iPhone/iPad.

  • >>Hi Kateřina. Hmm. Interesting point, but I’d argue that custom domains, the ability to export your data, “The fastest and most robust performance possible,” ability to deactivate federation, single sign-on, and more, do count as additional features.I have updated the text to clarify the situation.

    All of those features are features of a basic matrix server for anyone who self-hosts, like me. Additional value of Element services is mostly in making it all simple to configure and in managing server and its configuration for clients. (which is good on itself)

  • Why is Conversations.im not mentioned?
    Why do you think Signal is the best while there servers are in the us?
    Why do you say Wire don’t need your phone number or email while 1 of them is required to create an account?

    • Hi Arie. Strong end-to-end encryption and keeping almost no metadata means that it doesn’t really matter where Signal’s servers are located. I’ve updated the are article about Wire. Thank
      you.

  • I don’t know about protonmail but if it’s true so it’s good effort For security

  • How can you prove beyond doubt that Whatsapp’s implementation of OpenWhisper didn’t get tampered with on their side? It’s proprietary software. It cannot be trusted by definition.

    If some low-key Whatsapp ad like reaffirming it is ‘secure’ is to be posted, do back it up too at least.

  • I’ve used Whatsapp for quite some time but with the privacy issue, I rather going somewhere with more privacy. Apps should be privacy-friendly with their users. Good post.

  • While Signal is most certainly secure, the company itself is not known for their honesty, especially with their open-source claims regarding their client applications.
    Unfortunately, the official Signal client for Android relies upon Google’s Play Services, partially for privacy-infringing purposes (such as allowing Google to track the users, indirectly), with the Signal company literally attempting a witch-hunt against all FOSS versions that compile it without said privacy issues.

    That, along with many issues regarding their conduct to their community that they have attempted to silence, means that while Signal’s technology (mainly their encryption scheme) is one of the best options, directly relying upon them for managing user’s data, could potentially be a very bad idea, as while there is no indication that they are directly infringing upon their user’s privacy, there is nothing preventing them from doing so in the future, especially since they are proving that their word is meaningless, by actively going against their word and belittling their own users by forbidding anything that prevents privacy-infringement with their own systems.

    There used to be a one-man effort to build a fork of Telegram’s client that relies upon the Signal encryption scheme rather than MTProto, which could have been very insightful, however I cannot seem to find any traces of it any longer.

  • Well… writing in the list that Telegram ha no E2EE functionality is incorrect. E2EE exists and can be used consciously as needed.

    So, speaking of Telegram, that X circled in red in the summary, under the heading ‘Offers E2EE’ in my opinion must be changed, if you want to be objective on the analysis of the features offered by the various software

    JC

    • Hi Joseph. Yes, Telegram does offer E2EE. No, its not the default. This explained both in the main text and the footnotees for the chart.

      • Hello, Douglas. The fact that Telegram offers E2EE not by default may be a “Pro”, not a “Cons”: 1) the user has a choice, 2) an experienced user can in any case configure the messenger as he needs, and not as offered by default. Isn’t it? Anyway, thank you for the work you’ve done.

  • The table says “fully open source” in the first row but neither Threema Keybase and some other are fully open source. Maybe the footnotes, as use for Telegram, was forgotten for those services ?

    • Hi Mild. That’s a good point. I have renamed the entry on the table “Open source apps.” The reason I have singled Telegram out in the footnotes is because by default messages are stored on its closed source servers non E2EE-encrypted.

  • when will protonmail offer a deltachat client so that we can use our protonmail emails for this much better alternative?

    • Yes it is. And it is not included in the list! Why should just popular networks take over the rest ?!

  • Signal may be a good choice, but I don’t trust Amazon Web Services (AWS) being their server after what they did to Parler.

  • Whatsapp doesn’t share with Facebook… Whatsapp Is owned by Facebook. So they are just interlinking their products.

  • A word about AWS and Signal. Firstly, only the AWS servers in the US are under US jurisdiction. Secondly, as seen in a published response to a FISA court order, the only data available on the servers were the time stamps for user sign-up and use last access. (The servers only connect users.) Thirdly, since AWS has global data centers, it’s possible to re-provision server software if needed. Hosting the servers on AWS is somewhat akin to releasing the DES algorithim to the public (e.g., eliminate security by obscurity): you could read and study the DES algorithm, but it didn’t provide useful information about enciphered text. Since much commercial and government traffic gets processed on AWS (or similar cloud providers) an attack on one may create unintended consequences for an attacker. Likely easier to “black bag” a user than to take on AWS. Every data center, whether owned or rented, has potential problems since it interfaces with the internet and government oversight.

  • Hello, I have noticed a few typos in the article:

    1.in Signal “The app app itself has not been audited, however,” you wrote app twice..

    2.in FAQ “Information shared by WhatApp with Facebook includes” – I guess you meant WhatsApp ?

    I like your article, dont take me wrong but .. I think that these mistakes kind of undermine the professionalism of ProtonMail.

    All humans make mistakes.

    Thank you for writing the article.

    Best Regards,
    Dusan Rus

  • As mentioned in another comment, it has always seemed strange the lack of enthusiastic support for Threema by Proton. The fact that the app is not free is not a serious consideration. It is a ONE-TIME payment, which gives you a lifetime license. Considering Proton charges for premium service on a monthly and annual basis, it seems disingenuous to criticize an app for charging an extremely low one-time fee. To give stronger support to Signal, which does not even offer anonymous sign up, lacks logic. I’ve been using Threema for years. It is a very reliable app, with great features and the most pleasant UI I have seen in messenger apps.

    In an ideal world, Proton and Threema would see the value in collaborating – allowing Protonmail users to communicate with other registered Protonmail users via a linked Threema app. Perhaps the lack of enthusiasm on the part of Proton is from seeing Threema as future competition…

  • Why do you keep saying that Telegram is not very secure? Its protocol has never been broken despite Telegram offering multiple bounties. And MTProto version 2 has been used for years already and as you mentioned it received formal verification which it passed. This kind of journalism is very unfortunate.

  • Nice article. I’m curious your thoughts on Session (getsession.org) I’ve been using it for a while and although still in development it is very promising, as it’s based on the signal protocol, completely anonymous, and bounces messaging over onion routing and blockchain networks. It’s only for messages at this stage, apparently voice and video will be added later once the network grows, and it’s still awaiting a full 3rd party security audit, but so far my thoughts are that it seems a lot more complete in terms of privacy to anything else, but I’d love to hear what you think of it from a security standpoint? For everything else Protonmail is the best ;)

  • A friend said she blocked WhatsApp from having access to her contacts list (and simply types or copies in numbers on the odd occasion she uses Whatsapp. Is that a viable option for limiting (at least) FB/WhatsApp’s ability to benefit from my use of WhastApp? Thanks

  • You might reevaluate Signal. There open source server repository wasn’t update in a year. Nobody really knows what the server does. The started to introduce crypto payments which are totally unnecessary for a messenger app.

  • Thanks for this. I’ve switched to TeleGuard by Swisscows – any thoughts? Proton user since inception…just when you think it does not get any better, you guys make it better. Thanks!

  • You mentioned that WhatsApp collects a lot of metadata even though it has E2E however some of the alternatives also collect metadata. What makes WhatsApp the worst of all of those?
    When it comes to privacy to me it seems like Signal > iMessages > Whatsapp > Telegram and the others.
    Correct me if I am wrong.

  • I believe a missing criteria is that of user ease. I’m involved with a group in Element, it was very challenging to figure out how to get into the group. Perhaps that was a unique experience because it was a private group? I know that my mother, and other non-techies like myself, need easy usability. I would be very interested in knowing how easy each of these apps/websites are to navigate and use.

    Thank you for putting together this list. I have not used WhatsApp in years, I probably need to go back and make sure my profile/account is deleted. I’ve been interested in finding a more secure and private app. A friend of mine recommended Telegram, so I appreciate you covering that program.

  • Status.im
    Best encrypted messaging app :
    Web 3.0 and dapp browser
    Private messaging
    Ethereum and ERC20 token wallet

  • How is WhatsApp less secure than Telegram if WhatsApp is E2E encrypted and Telegram is not?
    As far as privacy and security shouldn’t it be Signal > iMessage > WhatsApp > Telegram? (I don’t know much about the other options mentioned in the article since most people don’t know about them)

  • Although they do not declare, Signal is owned by Twitter, which has been chasing many people to demonstrate on social networks, especially conservatives.
    The following is written on a page about Signal: “Signal is a company with about 30 employees, staunch supporters of cryptography and leftist liberal movements.”
    As a conservative, I would never choose anything that takes people’s freedom.
    I use Telegram! It is infinitely superior to the rest. And I take all necessary measures regarding security. And a lot of the information you wrote here has already been denied.

    And I feel a certain partiality of several technologists in relation to Signal. You made me realize that coming to ProtonMail may not have been a good idea!
    I need someone like Andrew Torba, CEO of Gab.com who puts it below his signature: Jesus is King

  • If you have to purchase an app, and therefore create a transactional paper-trail, that means it is not an “anonymous sign-up”.

  • Great article, thank you. Good to see a lively intelligent debate in the comments too!

  • It doesn’t really matter which Messaging app you use, actually what is more important is what Keyboard app you use, given that is the source of your information….. there are alternatives to Gboard… I would have liked to see a review of those instead of messaging apps.

  • While I appreciate the overview, I find the final thoughts lacking in arguments. Why should Signal be the obvious choice? There are good reasons for and against it, as are for other Apps. Personally, I am using Threema and I still consider it the best choice. While this is not necessarily true for everyone, I was expecting a more balanced conclusion for the PM group.

  • When everyone you know works with WhatsApp, ¿how can you decide for yourself that the most sensible thing to do is to be cut off from communication?

  • I favour Matrix/Element because alongside privacy I also want a chat standard so we can have the same kind of interoperability as we do with email, and an end to disruptive migration. Constantly migrating to new accounts and being tied to specific providers isn’t ideal. Convincing people, especially the privacy ignorant, to keep migrating is a losing battle.

    Element/Matrix is a particularly strong choice for privacy enthusiasts, although its niche user base severely hampers its practicality as as a WhatsApp replacement.

    I disagree with this reasoning. If people won’t recommend it because it’s niche, then aren’t you just cementing that problem? The topic already presumes people are willing to migrate, so why not migrate to the option that entirely resolves the problem of all these chat services being fragmented. Migrate to a standard, focus developer effort on it and never have disruptive migrations ever again if possible.

    If ProtonMail ends up doing any work related to chat, I strongly urge that you focus on interoperable standards (whether Matrix or something else I haven’t heard of). The only downside I can see for Element/Matrix is that a professional audit has not been done yet. I’d rather people focus their efforts on doing that audit and making a solid standard rather than continuing to fragment between a dozen incompatible networks. Every other communication system I use other than chat is completely interoperable. My phone, my email, letters. Why not my chat?

    I suppose I also think that Element has a worse UI than other chat programs I’ve used, but then my solution is again that people ought to focus their effort on better clients instead of spreading themselves thinly across numerous incompatible projects.

    As a long term strategy, supporting and recommending Matrix seems like the most sensible option to me. Unless someone has a better standard.

  • Hey there, great article, just wanted to say thanks to everyone who made protonmail possible, can’t wait for the day you guys release a proton(something) to replace that disgusting app, I’ve been bitching about whatsapp since the day it came out about how insecure and invasive it was but people only seems to care the day they realize how creepy their adds have become.

  • Thanks a lot for this review. I’m however surprised neither Viber nor Skype are part of it. How come?

  • Hi Douglas, I wonder why you didn’t take Jabber/XMPP based texting apps into account (e.g. Xabber)

  • You state a ‘CON’ to be requiring an email or phone to sign up. But that is EXACTLY what Protonmail requires! And you store those details (I know, because when I accidentally used the same email address to set up two Protonmail accounts you told me (the second time) that it had already been used!

    POT …… KETTLE ….. BLACK.

  • Why wasn’t Viber peer reviewed with the other messaging apps? It’s a pretty big following….

  • Why you didn’t made a toc for this article so long to read? It’s impossible to share faqs on watzaap

  • ProtonMail was my gateway drug. I’ve since switched from Windows to Ubuntu, Firefox to Vivaldi (although that was more politically motivated than privacy), and Android to Graphene.

    In terms of blog subject matter I like the “alternatives to” concept.

    Any chance of more of this aimed at things such as desktop OS, phone OS, and browser alternatives?

  • Is there a good desktop messaging client as a alternative to facebook messenger with full encryption?

  • gentlemen – excellent explanation to people who are not ‘savy” in the language of servers, security and protocols

    THANX for the time in generating this information

  • Hi Douglas, thank you for posting the information. I found it very useful. I am sorry to see so many people searching for fault as though it was buried treasure. One would think they made huge gains and advances in life just to “nitpick” a helpful article. I hope your boss appreciates you facing the “Trash Him Wagon’. You held up like a champ!!!

  • Greetings, very interesting article, thank you. I was wondering about the app LINE (mostly used in Asia). News recently reported about a scandal. LINE servers are in South Korea but a company contracted for their maintenance was from mainland China and a leak of users` personal data was reported in the news. Can LINE`s security or privacy be trusted, in your opinion? Thanks!

  • Hi Douglas,

    I don’t understand in Telegram why only chats with 2 users are E2EE, and group chats with more than 2 users (text or voice) are not E2EE.

    Thanks in advance for your reply.

  • Thank u for your message re whatsapp alternatives. I read through it and although I get the gist, I’m going to have to ask someone for help understanding some of it. It’s not because of anything other than my own computer illiteracy. Because of that, I guess, I wasn’t aware that whatsapp is part of Facebook. The info is appreciated.

  • What about Pulse? I know it was recently purchased and is no longer open-source, but all of the choices have their drawbacks.

  • Thanks for this newletter. Much good information contained within. I’m just a private citizen who appreciates the value of privacy. Sadly there are many people who just don’t understand how valuable their privacy is in this age of www and data miners.

  • Session needs to be added. Obvious downside is that it’s not as mature as Signal and still has some glitches (especially when using across several devices).

  • This is a very informative articles. I hope you continue to explain security issues to people like me that are not super nerds. Thank you.

  • A good list but you left out the oldest, & possibly the best: jabber or xmpp messenging protocol.
    Not as easy to setup but very safe.

  • Hello.
    Please Let us know your opinion about session and the use of Loki net.
    Thanks a lot for your job!
    Aguante La privacidad!

  • Great article, thanks.

    I’ve forwarded on to friends and family who are not as conscious about the dangers of Big Tech

  • I have searched for months and cannot find any messaging services that can be used from a private web browser. I don’t want the app on my phone at all. Is there any such service?

  • I noticed some typos.

    “by May 15, 2021, or use access to their accounts”
    “use” -> “lose”

    “The app app itself has not been audited, however”
    “app app” -> “app”

    “40 million users despite government attempts to regulate use of the service”
    “use of” -> “the use of”

    “A bots feature assists managing groups and channels”
    “assists” -> “assists in”

    “It also features One-to-one voice and video chats are fully”
    “are” -> “that are”

    “No video chat (although available on free Pro version of app)”
    “app” -> “the app”

    “Switzerland. A phone number or an email email to register”
    “email email” -> “email”

    “man-in-the middle attacks.”
    “man-in-the middle” -> “man-in-the-middle”

    “hampers its practicality as as a WhatsApp replacement.”
    “as as” -> “as”

  • It is notable that the author chose to ignore two requests to review the BRIAR App.

    Briar is truly Decentralized P2P E2EE and SERVERLESS PLUS it runs all traffic over TOR. It is OS and asks nothing to sign up (no phone or email).

    Yeah it is text only but who cares with all tue great features? Is client-server chained protonmail afraid of people finding out about Briar?

    Yes. Because it is Tesla level free energy that has no business model like Edison. It favors the people not the capitalists.

    Just get Briar from their website (not google) and an Android phone and enjoy TRUE Freedom!

  • Thank you for this service being offered to customers. I appreciate that!
    I already use Telegram and lately they upgraded their system offering to their clients large groups video calls, in a way competing with Zoom, what makes communication more comfortable and the app even more attractive.
    Make a note of it!

  • Wow, thanks for the email, very interesting article, learned so much! but some of the information I already knew, Overall my take on the article is that you can’t hide, and I’m not hiding, but the sher essence of the major corporation just collecting your date for free and selling it is mind blowing. And it’s all legal. WOW.

  • Some further clarification or updates about Keybase seems in order.

    1. The messages are no longer encrypted in PGP fashion. They are now encrypted using NaCl’s secretbox format.
    a. Stored files are similarly encrypted.
    b. The only PGP encryption in Keybase is for “proofs” and messages made messages made via the website itself.
    2. PGP encryption is only used in “proofs”, enabling others to “verify” the proof using known PGP keys without using the Keybase client or website.
    2. The meta data which is added to the history is intentional. While this removes one layer of privacy, its purpose is to allow the finding of other users and for developing networks. In short the communications are private, by design, and the contacts are not, by design. (It would be a bad choice for a resistance movement, for example, while being a good choice for a business, or for business purposes.)
    3. The only linked external accounts added to the signature chain are those for which the user has established a “proof”, which is the user announcing the connection publicly themselves and Keybase is only enabling that announcement.
    4. The only team memberships added to the sigchain data are ones the users select to include in their profile. Any teams they join, or create, without doing so are not add to that data.
    5. The hashed password stored on the server is only the password to login to the service, as for any other server or website. The app itself can even be set to disallow use of the website for changing any of the information in the profile, removing one common vector of attack should the Keybase servers become compromised.
    6. The Keybase servers are not self-owned, rather they are AWS hosted.
    7. Neither an email address, or a phone number is required to sign up, and without both there’s no connection between the Keybase account, and it’s collection of data, and the user’s other accounts except those publicly added by the user.

  • Please collaborate with Threema on a discounted sale price for all Protonmail/VPN paying customers. Then, you will not have to use Threema’s smaller user base as a reason not to recommend it. It is a great app, very functional and a beautiful GUI. It is by far the most anonymous of all the apps.

  • I am old school, so not up with all the technology talk etc. My son introduced me to Proton Mail, and I love it, and I feel safe. I stupidly, made an outlook email account, as I am using Microsoft 365…. since making the outlook email account, I have been hacked 3 times, on Facebook, Gumtree, Messenger, Bank attempts, and more. I looked at the blocked addresses that I have and 3 of them have an outlook email address….
    I want to chat securely, and email securely, and privately. I am happy with Proton Mail. I still cannot work out which messsaging App you think is best.. I really want to know. Also, is there an alternative to using Microsoft ? My other concern is, though my son has closed his Facebook account, it is still there. They do not actually ever close it. I want to close mine and messenger… but if they never really close it – is there a way that I can make sure it is deleted?
    I wish Proton would do messaging app as well, then I would feel safe.

  • so nobody has posted anything to do with the fact that SIGNAL has a backdoor for our favorite and humanitarian intelligence agencies of United States of AmeriKa and ISRAEL.

  • Thanks for your service. I just tell Keybase couldn’t be safe or private because nothing based on a tyranny like communist China could be it.

  • Please stop the nonesense. Whatsapp is not open-source, so any talk about it being end-to-end encrypted is meaningless. When it is not open-sourced, we cannot know the soundness of the E2E encryption, we cannot know if there is no backdoor for tapping which circumvents the encryption, and we cannot even know if it is E2E encrypted at all.
    Countless of reports that are found online and many cases that I know personally where Whatsapp chats were tapped by official law-enforcement agencies.

  • Thank you very much…
    I love it….
    WhatsApp alternatives that respect My privecy
    Thank you

  • On Friday, April 16th, 2021, late afternoon, I was texting another person on Whatsapp. I gave my personal opinion on the COVID-19 vaccines (controversial issue, for sure) and sent him the message. I then took a nap. When I got up, the message I sent him was gone, deleted (I did not delete it, and there was no “You deleted this message” message in the chat box.) It was as if I hadn’t sent anything. This is the first time this has happened to me on Whatsapp. But I am not surprised at all. It is well known that Facebook, which owns Whatsapp, checks and reads Facebook messages (I deactivated my Facebook account ages ago) and now Whatsapp messages. Whatsapp messages are supposed to be end-to-end encrypted; nevertheless, I don’t trust Facebook or Mark Zuckerberg. So, there is no privacy even with Whatsapp messages. These are not old messages that were somehow deleted, but new messages that were deleted a few hours later. How do you explain what happened to me on Whatsapp? So, that’s why I’m leaving Whatsapp and will continue to use Signal, where your opinions will not be censored if Big Tech don’t like it.

  • It states that “messages in WhatsApp are end-to-end encrypted using the Signal protocol. This means only you and the intended recipient(s) can read your actual messages. So WhatsApp is secure.” Then would you know why a new message I sent to another person in WhatsApp would disappear/be deleted a few hours later? I did not delete my message. This is the first time it’s happened to me. Would this be a genuine glitch, or is someone/something actually able to read my e2ee messages?

  • What do you think of the Secret Messenger App? It is the one whose website is isecret.im

    It seems easy to use, but I don’t know anything about the security or who the app is developed by.

  • There is another called Enigma. How is that one?

    I am looking forward to Protonmail coming out with a secure messaging app!

  • What about Jami? It’s open-source, e2ee and free to use and available across devices.

  • None of the presented ones correspond to the quality and safety. The same telegram is the White Horse of the Russian special services. Why do you think they staged a stock sale in Russia. After all, the world community has much more opportunities. Because this is a simple legalization and washing of products according to the Al Capone laundry method. In my opinion, the best way is still to create a personal server based on xmpp jabber using otr pgp. Also, you bypassed such a messenger as surespot. He does not need any registration numbers and have e2e.

    • I forgot to say that when creating secret chats in a telegram, you automatically put a tick “I have something to hide” on your dialogs. This only makes the work of the special services easier.

  • En Suisse on parle également le français ; merci de communiquer également en français sur ce genre de sujet.
    Cordialement.

  • SHALOM SIEMPRE SUOEDE LA GRAN INSEGURIDAD DE WHATSAAP A MI EN LO PERSONAL ESTO MUIY CONTENTO CON PRONRONMAIL OJALA ALGUN DIA REALICEN UNA PLATAFORMA DE MENSAJERIA DE CHATS SHALOM

  • Hello,

    Thank you for these information. I am surprised that you do not mention OLVID a very secured messaging app! It does not collect any DATA and has a system of encryption very strong.

    Please have a look on it!
    Best regards,

  • English is not my native language (as it isn’t yours), but still I can see many mistakes in the text. Your credibility goes lost with every single mistake – and there are many of them!

    And no, ProtonMail is no alternative to WA, just because I’m one of two out of 20 people who know just enough about encryption to use it with email and the other 18 are glad when their computer starts up and shuts down just as it should.

    And as Signal is the only real alternative to WA: how does backup function with it? In WA, the only existing backup is Google Drive.

    And why on earth is Google the only one with a push service? I won’t put Google on my mobile again just for message notification! (WA runs on a seperate mobile phone, the whole household has access to it and of course Micky Mouse is registered on Google).

  • Another alternative to Whatsapp which is E2EE as well is Skred Messenger. Have you heard about it ?
    I’m using it and hope I will be able to fully stop Whatsapp even though the main issue today is that moving all your Whatsapp groups to another app…

  • Hello, why have you not included Olvid, a very interesting technology labelled by the French national cybersecurity authority ?

  • There is an independently audited app not in the list. Namely, Session, this could be the best app for privacy. Built over a P2P network, this app uses advanced methods to defend from Sybil attacks and overcome censorship, surveillance, tracking and metadata exposure.

  • Je suis vraiment intéressé et ravie par cette application c’est une application très important en matière de sécurité et la méthode de confidentialité qui m’a permis d’utiliser ça

  • A very important issue that directs which private messaging tool to use is the question ‘where are my friends working with’. By now, and after a lot of pushing from my side, several of my friends work just like me with Signal. Most people still work with Whatsapp. I don’t know anyone who works with the other awsome tools mentioned in this article. And if no one you know uses a tool, it gets quite lonesome in cyberspace private messaging world.

  • hi

    Telegram description, part “pros”, lines 2 and 3 have the same meaning:
    -Only Secret Chats are E2EE
    -Group chats (text or voice) are not E2EE.

    Signal have 2 not direct pros:
    1. jurisdiction – US. country have a giant problems with human rights for privacy.
    2. main advertiser (Ilon Mask) – tech and financially supported by US government companies. so, he advertise what is good for investors…

    i see by you table that real best options is:
    1. Threema
    2. Element

  • Oh, finally I see Wire owner from U.S, there was news and I asked their team, they give confusing answers, which means hiding truth, and their metadata is a big concern

  • Why wasn’t Session listed here? It is better than many messengers in the market.

  • Amazing article! It’s very weird to see criminals using Telegram to make their business even with the cons from it, Signal is just amazing, i recommended it to my friend and we are loving the privacy offered by the app.