The Best Encrypted Messengers in 2024
I am a firm believer that there are many privacy techniques you should focus on before encrypted messaging because they will offer you much more “bang for your buck,” things like good passwords, two-factor authentication, and even encrypted email. That said, I still believe that encrypted messaging is a critical part of a well-rounded privacy and security strategy. While the vast majority of our day-to-day conversations may be benign, it can still offer a lot of insight into who we are as people – our routines, likes, and personal thoughts. This information – mundane or not – is worth protecting.
Fortunately encrypted messaging has become nearly ubiquitous today due to the rise of services likes WhatsApp or – here in America – due to the large marketshare of iPhones and the resulting use of iMessage. However, I still think that we should always strive to do better when there’s room for improvement and in this case there is a lot of room to improve easily with very little cost. The only challenges facing users in this case would be the time to switch and the effort of convincing others. For those interested in taking on the challenge, here are the best options we currently have for encrypted messaging in 2024.
Avoid
In many cases, I’m a big fan of “if it works for you and you know the limitations, you do you.” I’ll address this more at the end, however there are two particularly popular encrypted messengers that I think should be avoided regardless of who you go with.
Telegram is hugely popular all over the world with over 900 million monthly active users. However, I have a plethora of objective reasons to distrust Telegram and recommend against using it, at least as an encrypted messenger. For starters, messages are not end-to-end encrypted by default, and can only be end-to-end encrypted on mobile devices and in one-to-one conversations. This means no encrypted group messages, no secure messaging from destkop devices, and most messages won’t be encrypted anyways because most people don’t bother changing default settings. Furthermore, Telegram has given a number of provably contradictory statements regarding their handling of user data. If you insist on using Telegram, I encourage you to think of it more as another public social media app than an actual encrypted messenger.
WhatsApp is owned by Meta (formerly Facebook), who is a notorious enemy of privacy and collects obnoxious amounts of data from users. Your content may be secure, but metadata is so revealing that your content isn’t really necessary when you have the types and amounts Meta collects. WhatsApp isn’t the worst option, but there are far better ones.
With that out of the way, the following are services I strongly recommend. They are listed in alphabetical order and not order of recommendation. You can see my criteria for recommending encrypted messengers here.
Session
Most people who have an opinion of Session have a strong one. Fans like that it requires no user data, that the setup is “insultingly easy” (as I’ve described it in the past), and that the onion-routing reduces metadata and censorship potential. Critics don’t like that it’s tied to a cryptocurrency or the lack of perfect forward secrecy. Objective, I believe Session is a great, user-friendly, decentralized option for those who don’t want to hand over any user data, but may fall short in a few areas for those who dislike crypto or demand a higher standard of security.
Signal
Signal is the golden standard for end-to-end encrypted messaging. Signal is world-renowned by experts for having the best security out there, and multiple court orders have proven that Signal retains almost no metadata. The Signal protocol is so secure, it’s often used in other popular messengers like WhatsApp, Facebook Messenger, and Skype. With the recent addition of usernames (which can be changed an unlimited number of times with no wait time between changes) and the fact that they accept Voice-over-IP phone numbers instead of SIM-numbers, Signal offers an incredible amount of privacy and cybersecurity, all while being user-friendly with a smooth signup process and feature-rich interface. The only drawbacks to Signal – in my opinion – are the lack of availability on F-Droid (though you can download an APK directly from their website) and the fact that the service is centralized. That last one has some valid arguments, but it does mean the service can on rare occasions be susceptible to outages, and some people may prefer the political resilience or data-sovereignty aspects of decentralization.
SimpleX
SimpleX is a newcomer on the scene who aims to solve the issue of social mapping – wherein adversaries could theoretically see who you’re talking to and when and use that information to map out your social network. SimpleX aims to do this by a combination of onion routing and lack of user IDs, as well as a decentralized network. All data is stored on the device and no information is required for signup. SimpleX is definitely doing a lot of interesting things, however there are a few drawbacks. For starters, it’s still very early in development and may not have many of the features that make other messengers appealing for the mainstream (like GIF support). For another, since all data is local, users have to ensure they’re keeping good backups. A major personal nitpick I have is that SimpleX is venture-capital funded and they aggressively defend this position as being the only logical business model. We have seen numerous VC-funded apps sell out over the years, and while SimpleX does raise some valid criticisms of other FOSS business models, I wish they would acknowledge the concerns and criticisms and explain how they plan to protect against them rather than dismissing them. Regardless, SimpleX is on the cutting edge of tackling the next generation of privacy issues, and I applaud them for that. They are also available on F-Droid and directly through GitHub as an APK.
Threema
My last suggestion for a solid messenger is Threema. Threema is already a hard sell for many, requiring a one-time cost of €5. That said, if you’re willing to pay, Threema has a lot going for it. It requires no user data to sign up such as a phone number or email address, you can download the app from F-Droid, and you can even mail in cash to make your payment for ultimate privacy. However, like Signal, it’s also centralized. Unlike Signal, it is behind in terms of mainstream features (like GIFs and stickers) and the desktop app must be synced to the phone (and can only be synced with iOS). That said, Threema does meet all our requirements of a messenger and is a solid choice for those willing to put up with fewer features and a one-time payment.
Honorable Mention: Briar
Briar doesn’t really qualify to be fully recommended because it is Android only. However, Briar has one particular feature going for it that really makes it worth a mention anyways: offline functionality. In areas with unreliable cell service (or even short-term situations where the cell network might be unreliable, such as a concert or plane ride) Briar is a powerful tool allowing users to stay connected without a cell network. It can also route your messages through Tor when you do have service, making it great for privacy. Briar is a hard service to beat in terms of privacy and security, but again the platform limitations – and lack of mainstream features like GIFs – make it only right for certain audiences.
“But What About…?”
I can already hear the objections now. “XMPP.” “Matrix.” “Wire.” “Cwtch.” Etc. As I said at the top, I’m a firm believer in “if it works for you and you know the limitations, you do you.” I quite like Matrix, particularly as a large-community platform. XMPP never really appealed to me, but I respect the staying power and total platform independence. I could make similar praise of other services. The short version is that these services don’t meet our criteria for recommending a messenger. XMPP, for example, does not enable end-to-end encryption by default (it doesn’t help that sign up isn’t exactly user-friendly in most cases). Matrix doesn’t offer disappearing messages (which I consider important for digital minimalism and cybersecurity. Even if the user chooses not to enable this feature, it should be an option). Again though, if you have a found a use case for these messengers and they appeal to you and you’re able to get the people you interact with using them, great! I encourage you to do so. Just know what the limitations of them are and where the weak points may be. To be fair, however, this also applies to the messengers listed here. Know what they do well and what they don’t. There are no perfect messengers, but the scene is quite crowded and there are many to pick from. Whatever you go with, I do consider this a good part of your overall privacy and security.
Tech changes fast, so be sure to check TheNewOil.org for the latest recommendations on tools, services, settings, and more. You can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...