Ah, the messaging app. What started years ago with smoke signals and humans messengers has now evolved on an unfathomable scale across almost all of humanity. Humanity, however, is divided by the many platforms used by different people. Whether it’s the blue bubbles of iMessage or the notification sound of Discord, people are split as to which app is the greatest.
Last year, I set out on a quest to determine which messaging app was the best one out there. This wouldn’t end up being the only messaging app I used; various clubs and social groups kept me using apps like Discord and GroupMe to keep in contact with them. I am presenting here the app which I found to be the most private and secure.
In this search, I limited my scope to apps which are:
- Has support for group chats and voice/video calls;
- Private/end-to-end encrypted (E2EE). I don’t have anything to hide, but that doesn’t mean that I want governments or hackers to be able to access my messages;
- Available on non-Apple platforms (sorry iMessage/FaceTime!);
- Doesn’t have a 50/50 chance of getting axed in the next few years (sorry Google Hangout/Chat/Allo/Voice/Messages/whatever it’s called by now!);
- Free. I don’t want people to have to pay in order to send me messages; otherwise, no one will use the platform. I am fine supporting an app financially, but you can’t be required to support them in order to use basic functionality;
- Secure, preferably with proven security;
- Open source client-side. I want to be able to verify that my messages are really being encrypted and that there are no backdoors coded in. As long as my messages are encrypted by my phone before sending, the server won’t be able to read them, even if the server itself is malicious.
While all of the apps I will mention here meet all of these requirements, I ultimately ended up choosing Signal. I prefer Signal, but I still have accounts on these other platforms which I have for specific use cases. I don’t always check them regularly, but I still think they are private enough that I won’t completely abandon them.
Telegram was one of the most popular recommendations I found online. It seems secure, supports group chats and calls with end to end encryption, and has support for announcement channels.
One huge benefit of Telegram is their simple bot API. I was able to get a simple bot up and running in a matter of minutes, which is much faster than my experience with either of the two other platforms.
Another benefit is that their apps’ source code is released online; however, there have never been any formal third-party security audits that I was aware of at the time of publishing.
Finally, they allow third-party developers to create their own apps to access and send messages from instead of forcing everyone to use their app. This is like email. Most platforms (like WhatsApp, iMessage, etc.) only let you send and receive messages from their official app. Telegram lets others develop apps instead of making everyone use their app. It’s like how you can access your emails using Outlook, Apple Mail, Thunderbird, or any other email client.
My main problem with Telegram is that it doesn’t use encryption by default. If I’m looking for a secure messenger, I don’t want to need to remember to enable encryption whenever I connect with someone new. I want E2EE to be the default, not a side thought. This, the lack of any formal third-party audits, and the better alternatives were what caused me to not choose Telegram.
Element is a messenger that I use every so often. It’s more like Discord or Slack than a texting app, but it can still be used to message people.
Element is the name of the chat app, but Element runs on the Matrix protocol. Just like people can text each other, even if one uses an iPhone and one uses an Android, there are quite a few apps you can choose from to access Matrix. Developers have created clients for normal platforms (Mac, Windows, Linux, Android, iOS), but also for the web, the command line, and even for the Nintendo 3DS.
It’s decentralized, which means that there’s no one company in charge of the whole ecosystem. It’s similar to email: if Google shuts off your Gmail address, you can switch to Protonmail or some other provider and maintain contact with your friends. If iMessage kicks you off of their platform, however, there’s nothing you can do (legitimately) to access their services again.
Matrix is more like email. Most people will sign up for an account using the most popular provider, Matrix.org (think Gmail). If you’re technical enough, however, you can find or host a different instance (think Hotmail, AOL, Yahoo Mail, or your own mail server) which can communicate with users on other websites.
The other major pro of Matrix is their bridges. Bridges let you access your messages from other chat apps (like Discord, WhatsApp, GroupMe, iMessage, Telegram, Signal, Slack, and many more) from your Matrix instance and communicate back and forth. Their goal is to act as a central hub where you can access all of your messaging apps on one place. Of course, doing so might violate the other platforms’ Terms of Service and would damage your security on other platforms (rather than needing to hack each of your individual accounts, someone only needs to hack your Matrix account), but it’s an incredible step towards making things easier for the consumer. Right now, you either need a subscription to some third party or your own infrastructure to use them, but with the rise of apps like Beeper (not an endorsement – I haven’t looked much into them myself) which are based on Matrix, you may finally be able to keep up with all your friends in one app rather than needing 100 different apps.
One final pro is that Element/Matrix has bot support. I couldn’t get a Python bot running when I tried, so it wasn’t as easy for me as Telegram. I do have friends who have had great experiences with it, so it’s probably due to my not properly reading the API.
The main reason I didn’t choose Matrix is that it didn’t seem as polished when I was choosing a messaging app. Video call support wasn’t perfect at the time, and ultimately, the last alternative seemed more secure. As far as I was aware at the time, Element (formerly Riot.im) had not received any security audits, leading me to choose the seemingly more secure alternative…
Signal is the main messaging app I chose. The first thing that grabbed my attention was the number of endorsements it has received. Edward Snowden, the former NSA agent who announced the extent of the US government’s spying network, said in 2015 that he uses Signal daily. Mark Zuckerberg, the owner of Facebook and of Signal competitor WhatsApp (which I didn’t consider due to it being owned by Facebook) is signed up for an account on Signal. This doesn’t prove that he uses Signal regularly (he could have signed up for an account before buying out WhatsApp and just never deleted his account), but this could be a sign that he doesn’t trust in his own app’s privacy and that he thinks Signal is the best messaging app. During the protests in the capital January 2021, Elon Musk tweeted out a message simply saying “Use Signal“. Jack Dorsey (CEO of Twitter) and many others in the tech industry have indicated their support of Signal. These aren’t just random people on the internet – these are experts who know their stuff!
Signal is E2EE by default, and all their communications are encrypted, whether it’s a video call or a normal message. They do minimal logging, as shown on their government requests list where they regularly point out that they are unable to comply with various requests. Their app is open source, so you can audit their code yourself to see how secure the app is. They have received a formal security audit (in 2016, updated 2019) to ensure that their app is secure. Finally, Signal has a private method of determining which of your contacts use Signal, so you don’t need to worry about Signal leaking all of your contact info.
I have noticed some downsides to the app, however. For security reasons, they do not back up your message history on the cloud (otherwise, they’d have to give it over in a government request). This means you have to manually transfer your message history from one device to another should you switch, and you can’t switch between iOS and Android. This makes sense from a privacy/security standpoint, but can be annoying from a normal user’s perspective. I’ve noticed a number of these small tradeoffs, exchanging slight annoyances for increased privacy and security. There’s nothing major and most users probably won’t notice, but if you’re a fellow programmer, you’ll probably be able to understand why the founder Moxie made his decisions. Another example is that they don’t allow for third-party apps to connect with Signal. Their source code is open, but their development process is more shrouded and less open than most open source projects. Again, this isn’t as big of an issue for me, but it might annoy specific groups of people (specifically, those who highly value open source or who want the ability to customize everything on their phone). While I wish their development process was more open, I think their security improvements more than make up for this downside.
My main other complaint is that Signal has a smaller attachment size limit than the other two apps, and photos you send your friends will be slightly compressed (with videos even more so).
As a note, however, I have not myself audited Signal’s source code. While I use Signal and I consider myself to be good at computers, I haven’t taken the time to deeply investigate their source code or their app myself.
The Network Effect
The main problem I’ve noticed with messaging apps, however, is the networking effect. Even if you have the perfect messaging app, if no one ever uses the app, it’ll be useless. It can be hard to convince someone to download yet another messaging app when the market is already so flooded with alternatives. Even if you want to communicate using Matrix, if everyone else is already using Telegram or WhatsApp, you may end up having to use those platforms, even if you prefer not to.
As a result, I still actively use platforms like Discord, GroupMe, and normal texts to communicate with others. I realize that these platforms are not as private or secure, so I always check what I message or say on those platforms, but I still use them.
To conclude, Signal is the messaging app I suggest to most users. While I prefer Signal over other platforms, I’ll still message with others when I need to. Matrix and Telegram are two of my other preferred platforms, but Signal stood out among all of the messaging apps I saw to be the best option for everyday use.
Other Relevant XKCD cartoons: