Signed-off-by: Jonah Aragon <jonah@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>
19 KiB
meta_title | title | icon | description | cover |
---|---|---|---|---|
The Best Private Instant Messengers - Privacy Guides | Real-Time Communication | material/chat-processing | Other instant messengers make all of your private conversations available to the company that runs them. | real-time-communication.webp |
Protects against the following threat(s):
- :material-bug-outline: Passive Attacks{ .pg-orange }
- :material-server-network: Service Providers{ .pg-teal }
- :material-eye-outline: Mass Surveillance{ .pg-blue }
- :material-account-cash: Surveillance Capitalism{ .pg-brown }
These are our recommendations for encrypted real-time communication.
Types of Communication Networks :material-arrow-right-drop-circle:
Encrypted Messengers
These messengers are great for securing your sensitive communications.
Signal
Signal is a mobile app developed by Signal Messenger LLC. The app provides instant messaging and calls secured with the Signal Protocol, an extremely secure encryption protocol which supports forward secrecy1 and post-compromise security.2
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title=Documentation} :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title=Contribute }
Signal requires your phone number for registration, however you should create a username to hide your phone number from your contacts:
- In Signal, open the app's settings and tap your account profile at the top.
- Tap Username and choose Continue on the "Set up your Signal username" screen.
- Enter a username. Your username will always be paired with a unique set of digits to keep your username unique and prevent people from guessing it, for example if you enter "John" your username might end up being
@john.35
. By default, only 2 digits are paired with your username when you create it, but you can add more digits until you reach the username length limit (32 characters). - Go back to the main app settings page and select Privacy.
- Select Phone Number
- Change the Who Can See My Number setting to: Nobody
You can optionally change the Who Can Find Me By Number setting to Nobody as well, if you want to prevent people who already have your phone number from discovering your Signal account/username.
Contact lists on Signal are encrypted using your Signal PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts you chat with. Signal supports private groups, where the server has no record of your group memberships, group titles, group avatars, or group attributes. Signal has minimal metadata when Sealed Sender is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server. Sealed Sender is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam.
The protocol was independently audited in 2016. The specification for the Signal protocol can be found in their documentation.
We have some additional tips on configuring and hardening your Signal installation:
Signal Configuration and Hardening :material-arrow-right-drop-circle:
Molly (Android)
If you use Android and your threat model requires protecting against :material-target-account: Targeted Attacks{ .pg-red } you may consider using this alternative app, which features a number of security and usability improvements, to access the Signal network.
Molly is an alternative Signal client for Android which allows you to encrypt the local database with a passphrase at rest, to have unused RAM data securely shredded, to route your connection via Tor, and more. It also has usability improvements including scheduled backups, automatic locking, and the ability to use your Android phone as a linked device instead of the primary device for a Signal account.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation"} :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }
Molly is updated every two weeks to include the latest features and bug fixes from Signal. The exception is security issues, which are patched as soon as possible. That said, you should be aware that there might be a slight delay compared to upstream, which may affect actions such as migrating from Signal to Molly.
Note that you are trusting multiple parties by using Molly, as you now need to trust the Signal team and the Molly team to deliver safe and timely updates.
There is a version of Molly called Molly-FOSS which removes proprietary code like the Google services used by both Signal and Molly, at the expense of some features like battery-saving push notifications via Google Play Services.
There is also a version called Molly-UP which is based on Molly-FOSS and adds support for push notifications with UnifiedPush, an open source alternative to the push notifications provided by Google Play Services, but it requires running a separate program called Mollysocket to function. Mollysocket can either be self-hosted on a separate computer or server (VPS), or alternatively a public Mollysocket instance can be used (step-by-step tutorial, in German).
All three versions of Molly provide the same security improvements.
Molly and Molly-FOSS support reproducible builds, meaning it's possible to confirm that the compiled APKs match the source code.
SimpleX Chat
SimpleX Chat is an instant messenger that doesn't depend on any unique identifiers such as phone numbers or usernames. Its decentralized network makes SimpleX Chat an effective tool against :material-close-outline: Censorship{ .pg-blue-gray }. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title=Documentation} :octicons-code-16:{ .card-link title="Source Code" }
SimpleX Chat was audited by Trail of Bits in October 2022.
SimpleX Chat supports basic group chatting functionality, direct messaging, and editing of messages and markdown. E2EE Audio and Video calls are also supported. Your data can be exported and imported onto another device, as there are no central servers where this is backed up.
Briar
Briar is an encrypted instant messenger that connects to other clients using the Tor Network, making it an effective tool at circumventing :material-close-outline: Censorship{ .pg-blue-gray }. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title=Documentation} :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Donation options are listed on the bottom of the homepage" }
To add a contact on Briar, you must both add each other first. You can either exchange briar://
links or scan a contact’s QR code if they are nearby.
The client software was independently audited, and the anonymous routing protocol uses the Tor network which has also been audited.
Briar has a fully published specification.
Briar supports forward secrecy1 by using the Bramble Handshake and Transport protocol.
Additional Options
Warning
These messengers do not have forward secrecy1, and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of all past communications.
Element
Element is the flagship client for the Matrix protocol, an open standard for secure decentralized real-time communication.
Messages and files shared in private rooms (those which require an invite) are by default E2EE, as are one-to-one voice and video calls.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title=Documentation} :octicons-code-16:{ .card-link title="Source Code" }
Profile pictures, reactions, and nicknames are not encrypted.
Group voice and video calls are not E2EE and use Jitsi, but this is expected to change with Native Group VoIP Signalling. Group calls have no authentication currently, meaning that non-room participants can also join the calls. We recommend that you do not use this feature for private meetings.
The Matrix protocol itself theoretically supports forward secrecy1, however this is not currently supported in Element due to it breaking some aspects of the user experience such as key backups and shared message history.
The protocol was independently audited in 2016. The specification for the Matrix protocol can be found in their documentation. The Olm cryptographic ratchet used by Matrix is an implementation of Signal’s Double Ratchet algorithm.
Session
Session is a decentralized messenger with a focus on private, secure, and anonymous communications. Session offers support for direct messages, group chats, and voice calls.
Session uses the decentralized Oxen Service Node Network to store and route messages. Every encrypted message is routed through three nodes in the Oxen Service Node Network, making it virtually impossible for the nodes to compile meaningful information on those using the network.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title=Documentation} :octicons-code-16:{ .card-link title="Source Code" }
Session allows for E2EE in one-on-one chats or closed groups which allow for up to 100 members. Open groups have no restriction on the number of members, but are open by design.
Session was previously based on Signal Protocol before replacing it with their own in December 2020. Session Protocol does not support forward secrecy.1
Oxen requested an independent audit for Session in March 2020. The audit concluded in April 2021:
The overall security level of this application is good and makes it usable for privacy-concerned people.
Session has a whitepaper describing the technical details of the app and protocol.
Criteria
Please note we are not affiliated with any of the projects we recommend. In addition to our standard criteria, we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
Minimum Requirements
- Has open-source clients.
- Does not require sharing personal identifiers (phone numbers or emails in particular) with contacts.
- Uses E2EE for private messages by default.
- Supports E2EE for all messages.
- Has been independently audited.
Best-Case
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Supports forward secrecy1
- Supports Future Secrecy (Post-Compromise Security)2
- Has open-source servers.
- Decentralized, i.e. federated or P2P.
- Uses E2EE for all messages by default.
- Supports Linux, macOS, Windows, Android, and iOS.
-
Forward secrecy is where keys are rotated very frequently, so that if the current encryption key is compromised, it does not expose past messages as well. ↩︎
-
Future Secrecy (or Post-Compromise Security) is a feature where an attacker is prevented from decrypting future messages after compromising a private key, unless they compromise more session keys in the future as well. This effectively forces the attacker to intercept all communication between parties, since they lose access as soon as a key exchange occurs that is not intercepted. ↩︎