Best Instant Messengers
There are many messengers of various security levels. Let's analyse them and find the best one. There are various criteria we have to consider, as well as usecases, which vary from person to person.
SimpleX
- Uses E2EE (End to End Encryption)
- Open Source (AGPLv3)
- Federated/Decentralised
- Private -> Doesn't need a unique identified (eg phone number) to register
- F-Droid
- Linux version
- Can use TOR
SimpleX is the most private and secure messenger that exists currently. Contrary to the other messengers, it doesn't use unique identifiers (eg users/id etc) which could be used to track the user and even identify the user.
Conclusion: Most Recommended
Signal
- Uses E2EE
- X: Partially Closed Source (push notifications, updating, and other proprietary Google code)
- X: Centralizado
- X: Not private
- X: Uses Google services/communicates with Google HQ
- X: Insecure: No F-droid version, only google play or 'apk'
Signal is a messenger that has recently risen in popularity, and some cybersecurity "geniuses" promote Signal as a private and secure messenger. However, it is completely the opposite. The only redeeming factor is it's use of E2EE. Signal is partially closed-source, as it uses Google services, and communicates with Google (and NSA) HQ to recieve push messages. Signal is not found on F-Droid. Instead, you are forced to use Google Playstore, and the 'apk' they provide also contains proprietary code from Google. Signal uses centralized servers, and requires a phone number (commonly tied to a real life identity) to register. Even within the app, it hides Captchas etc. Signal has cooperated with US spy agencies and law enforcement, providing them with phone numbers.
Conclusion: NOT recommended.
Alternatives to Signal, in the case that you need to communicate with a signal user:
Molly: Molly is a Signal fork which fixes some problems:
- Molly has a F-Droid repo
- Removes proprietary Google code
- Includes additional security features
- Includes additional privacy features: Can be used with Unified Push to not be phoning Google HQ every couple of minutes
Conclusion: Much better than Signal, but still promotes (and uses) Signal's network, and requires a phone number to register.
Telegram
- E2EE*
- Open Source (GPLv2)
- F-Droid
- Very popular: it's likely that your friends are also on Telegram
- Has lots of public channels; has aspects/functions like social media
- X: Centralised
- X: Not private: requires a phone number
- X: E2EE not enabled by default.
Telegram is a very popular messenger used around the earth. Some cybersecurity "geniuses" fabricated/invented imaginary problems, but they are probably the same "geniuses" that recommend proprietary, insecure, and non-private messengers like Signal so... Well, when starting a conversation, if you click on "Create secret chat" then Telegram is More private and secure than Signal. Contrary to Signal, Telegram is on F-Droid, and is open source. Further, it doesn't use Google services for push notifications nor for updating. Also, Telegram is much easier to use (I've had so many bugs with Signal...) and has many public channels where you can find a lot of information.
Conclusion: Recommended, if you use the "secret chat" feature and If you cannot use SimpleX for whatever reason (eg friends only have TG)
Alternatives:
Mercurygram is a fork of Telegram with various privacy and security improvements. It can be used with Unified Push, but sometimes the notifications don't come. It has:
- Security improvements (using newer libraries)
- Privacy features and improvements.
Session/Briar/Matrix/XMPP/Conversations etc
There are many many of these messengers, and even more forks and clients etc etc. In general, in terms of security/privacy they are better than Molly/Mercurygram, but have their problems.
Conclusion: Better to use SimpleX
Discord/Whatsapp/Skype/FB messenger/Insta etc etc
Proprietary code, they are not private nor secure. You can assume that every message is forwarded to google/FB/microsoft/FBI/NSA HQ